Phatkav
|
Need Help With MSN VirusThis virus has been pissing me right now.
Lately every time I go to MSN, some people get send a message from that generally talk about a picture. then it send them a file called "Photo.zip" for them to download.
Anyone has a clue how to fix it?
|
Falkien
|
Format your computer
|
Falkien
|
don't you have Norton Security
|
Badie05
|
WORM_BUGBEAR.FDetails:
Arrival and Installation
This memory-resident worm arrives on a system via email. Upon execution, it creates randomly named files in the Windows system directory, which usually ends with the following extension names:
* EXE
* TMP - a zipped copy of itself
* NLS
* DAT
It also drops three randomly named .DLL files in the same folder. One of the files is a keylogger and the other two are log files.
Autostart Techniques
This malware then creates the following registry entries so that it runs every time Windows restarts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
CurrentVersion\Run
Malware filename = <malware file name>.exe
Email Propagation
This worm propagates via email with the following details:
To: <obtained email address>
From: <spoofed email address>
Subject: <any of the following>
·!!! WARNING !!!
·[Fwd: look] 
·Announcement
·bad news
·empty account
·fantastic
·Friendly
·Fwd:
·good news!
·Greetings!
·Greets!
·Hello!
·Hi!
·history screen
·hmm..
·I cannot forget
·I love you!
·I need photo!!!
·Interesting...
·Introduction
·Is that your pa
·Just a reminder
·look
·Lost & Found
·Love
·Me nude
·New Contests
·new reading
·News
·Old photos
·Payment notices
·photo
·photos
·Please Help...
·Re:
·Report
·Sex pictures
·sexy
·Stats
·Today Only
·update
·various
·Warning!
·wow!
·You are fat!
·Your Gift
Message body: <any of the following>
·Pease open an attachment to see the message.
·Please see Attachment
·please,read the attach file.
·see attachment
·See the attached file
·See the attached file for more info
·Take a look to the attachment
Attachment: <Any of the following>
·a000032.zip
·girls.zip
·image.zip
·love.zip
·message.zip
·music.zip
·myphoto.zip
·news.zip
·photo.zip
·pic.zip
·readme.zip
·song.zip
·video.zip
·you.zip
Below is the list of .ZIP files with their archived file names:
·a000032.zip -> a000032.jpg<several spaces>.scr
·girls.zip -> girls.jpg<several spaces>.scr
·image.zip -> image.jpg<several spaces>.scr
·love.zip -> love.jpg<several spaces>.scr
·message.zip -> message.txt<several spaces>.scr
·music.zip -> music.mp3<several spaces>.scr
·myphoto.zip -> myphoto.jpg<several spaces>.scr
·news.zip -> news.doc<several spaces>.scr
·photo.zip -> photo.jpg<several spaces>.scr
·pic.zip -> pic.jpg<several spaces>.scr
·readme.zip -> readme.txt<several spaces>.scr
·song.zip -> song.wav<several spaces>.scr
·video.zip -> video.avi<several spaces>.scr
·you.zip -> you.jpg<several spaces>.scr
It gathers target recipients from the Outlook inbox and files with the following extensions:
* ASP
* DBX
* EML
* HTM
* MBX
* MMF
* NCH
* ODS
* SHT
* TBB
* TXT
It also use the said list of email addresses to spoof the From field.
|
Phatkav
|
So how do I get rid of it?
|
Badie05
|
Use an antivirus program or just quarantine it or reinstall MSN Messenger 8.5 Beta with Live Plus +...Protects you from Illecict files like this!
|
Phatkav
|
I will try uninstalling.
It won't get rid of my contacts right?
God, I feel so stupid.
|
Badie05
|
Nope...Just export your contacts to make life easier....But most probably you won't need to.
|
|
|
