Home » Microsoft TechnologiesRSS

Windows live Messenger sending out virus

I mistakenly clicked on a zip file that was suppose to bea picture yesterday from a friend and when I went to run it, there was know picture. Insstead it keeps sending out the same file to everyone on my friends list.

I ran avg and its not a virus. It seems like its only effecting window live messenger. Can anyone help me solve this problem.

 

76 Answers Found

 

Answer 1

Your PC is prolly infected with "Ratemynuts Virus". You better run anti-spyware again.
 

Answer 2

Derrick R wrote:

I mistakenly clicked  on a zip  file that was suppose  to bea  picture yesterday from a friend  and when I went to run it, there was know picture. Insstead it keeps sending  out the same file  to everyone on my friends list.

I ran avg and its not a virus. It seems like its only effecting window live  messenger. Can anyone help me solve this problem.



I think this virus  has just surfaced in the world like maybe a day or two ago.

I just saw my first invitation to accept the file yesterday. Luckily I didn't know who that person was, so I didn't accept it.

I dont think any spyware program has any remedy for this yet.
 

Answer 3

Can you forward us the file  or the text of the message? We can block it from spreading on the server.
 

Answer 4

I have recieved the same virus, the that goes around to all my friends it's a zip  file that says photo album ...... i was stupid enough to open it..... now i cant even use windows  live messenger  ... any tips on how to get it up and running again .....  i use messenger for work so i hope there is a fix for this virus...... if u need anymore info feel free to email me ...

 

Answer 5

Uh this virus  is taking the micky, i have it too, any help would be appreciated ive reinstalled several timea and ran several anitvirus programs and nothings shifting it, if its not sorted im gonna have to re format -_-
 

Answer 6

What I had to do was roll back the date. It was fixed once i did that, but my avg antivirus wont load.
 

Answer 7

HOw do u roll back your date ?

 

Answer 8

please i could do with advise aswell.

i stupudly clinked the link from my bros. it was wel weird i a happend to be set as appear offline and for about 10 minutes my bros signing in box keeped popping up saying he was signing in at least 6 times i keeped thinking what on earth?? then i recieved instant message from him saying  "is that you on this photo?" with a link below to stupidpicture.info (taken away letters so no link) before i clicked  it i thought hand on how does he know i'm appering to be off line?? and still send a message ?

well thats why i'm stupid all the signs where there but i still clincked the link and now well where do i start !!!my msger was getting bigger then little screen signing in signing out and trying to contact another famliy member who is always appearing off line thats when i knew what mistake i'd done now EI keeps opening up with odd sites  norton say's i now only have 1% disk space left WTF ..my pc has just gone mental i use norton system works this picked up a trojan about 20 minutes after i clicked the link a worm attempt and since then nothing i down loaded avg  that got 17 viruses??? spybot S&D  gets loads of stuff but nothing seems to be fixing my pc.

i've taken windows  messenger off as it was trying to send it too everyone on my contact list i would love find out whats going on and try to fix it

please help
 

Answer 9

The message along with the URL recived on 17th April 2007:

is that you on this photo http://www.hotandcute.net/photo6.php

The link downloads a file  photo6.com

 

Answer 10

yeh thats the stupid thing that i clicked  on.. and now my windows  live messenger  is stuffed
everytime i sign in it sends that same message to everyone on my contact list.. grrr its so annoying.. now i cant chat
how do i get rid of this forever???
please help!!
 

Answer 11

I also have this problem with that virus, now I can't sing in with MSN, sends it to everyone... My Antivirus doesn't seem to recognize the file  as a virus  - I downloaded the file with Firefox, didn't execute it...but still, it damaged my PC. Don't know how to get rid of it, it always seems to come back o__o Help...? Tongue Tied (That was SO stupid of me ><)
 

Answer 12

Will be watching this site for a solution to this problem!  There are about 6 of us who all have the same darned thing.  I'm pretty sure I got rid of the trojan virus  using vundofix. However, my main problem now is all the popup *** that keeps happening. I have had the most success with spybot locating and deleting the files. It found 8 files in the first scan. I ran it again and then it found 2 files. I am currently running a 3rd scan to see if it comes up more files again. I knew I would have to scan again after I tried to run pandasoftware.com online scan to check my system and I got 2 popups again.
 

Answer 13


Yeah i have/had the exact same problem.

What i did was do the usual scans. They located the Trojans but didnt stop the pop ups and lack of ability to sign in.
It also prevented me from downloading files.

So I deleted IE (which i never use as Firefox is vastly better) and don't seem to have a problem with the computer, but i'll see if i can use MSN.

The pop up problem always arose in an IE window so its sorted that but i'm not sure the virus  is totally gone. I can now download too and am reinstalling a new version of MSN.

MSN is back up and running for me. No problems I don't think.
 

Answer 14

well it's been a week now and still no good. every two days norton system works keeps finding a virus  called "infostealer" (great!) funny thing is in the past year that i've had norton it's only ever found about 4 now it's one every two days thats why i'm sure theres more to it than just what i keep finding on the search that spybot, avg and norton do if they do find anything i search the pc for key words and if there are matches and it's ok to do it, i delet them but spybot seems to find things gets rid of them and then there back again for the next scan. also what i did notice is task manager was running dexplore.exe which had the cpu running at 100% had never seen it there before and google searches said it to be an addition to something?? anyway i got rid of that too. i'm now taking out IE 7 seeing that this is what is being used with the pop ups. can i ask if it happens this way to others i only get the popups when i open mozilla and go on the internet this is the browser i always use nothing els and also i keep getting a box saying working of line well thats funny i'm on broadband and surfing through mozilla at that time?!

what i can't work out is that all the big antivirus and spywear just doesn't seem to be shifting it or anything at that matter i would class this as high because it really is causing alot of havoc with pc's it has to be something running hidden somewhere. i to am watching this thread hopefully we will all get help as it seems to be affecting so many people.

 

Answer 15

have had exactly this ame ....'cuteandhot' virus  as you guys...... crashed everything..... cut a long story short... eventually downloaded a freebie virus killer called AVAST.... found it ... and seems to have sorted it out... then I dowmloaded MSN messenger  again over the top of existing damaged one...took ages whilst it repaired it, and all seems to be well now.... good luck guys
 

Answer 16

chappers45 wrote:
have had exactly this ame ....'cuteandhot' virus  as you guys...... crashed everything..... cut a long story short... eventually downloaded a freebie virus killer called AVAST.... found it ... and seems to have sorted it out... then I dowmloaded MSN messenger  again over the top of existing damaged one...took ages whilst it repaired it, and all seems to be well now.... good luck guys
.

The bug was called WIN32....and it found 3 of them , plus all the other stuff......and I also have ADware/ Lavasoft loaded too, and they didnt seem to conflict....

 

Answer 17

I had to eradicate this particularly nasty infection from two PCs at work.  I posted a brief write-up on how to do it without doing a system restore - you'll need a copy of 'HijackThis!' and your Windows XP installer CD, or other way to access your HD without booting the OS on it.  The post is on my blog - http://briancantin.blogspot.com/2007/04/when-you-manage-group-of-pcs-in.html

I hope this helps.

 

Answer 18

hi there another way to get rid of this is to unistall windows  live messenger  and then look all ova ur comp for 2 files by the name of 'net' and 'oo' these are both trojans.
 

Answer 19

I thought I'd shifted the problem by reinstalling MSN/ deleting IE.

But the 3 viruses I had on the comp weren't going away. So i ended up reformatting my comp, which i'd been meaning to do for a while actually and needless to say no problems now.

 

Answer 20

well i'm virus  free and running well.

only due the fact that system restore was my only opion i feel and well now i'm running top speed and no virus at last also using messenger live  no probs.
 

Answer 21

Checked any other sites? ~!> Ad-aware <!~  Normally I wouldn't suggest ad aware to anyone, but it actually does clean the "virus"... trust me I went crazy at three am when I realized that some moron (aka a sibling)  had accepted and extracted the stupid file  on my laptop. I went through all my files one by one, searched through the registry, checked my startup files. Yes I went nuts, but I did some looking around... ad aware removes a "cookie" called "tracecookie"... trust me I looked everywhere deleted all the cookies, all the temp files, ect... I didn't find it. I don't know exactly where ad aware found it didn't bother looking. But MSN works now, all cool no more virus  I'm happy. Hope this helps someone.
 

Answer 22

have you tried useing a program called The Cleaner its a trojan snifer if its on your comp it will find it and delete it  the program is a paid one but you can use the trial   for now and figure how to get it to work for ya later after trial

 

Answer 23

This happened to my friends on msn as well, luckily they didn't click on the link that is sent, but the thing is that they say that they were getting those messages from me. No one has ever sent me those messages to me personally and i've never caught the virus  on my computer, but for some reason my friends have been getting them from me. I've been running scan after scan after scan since last night to see if i might have caught the virus on my computer and I can't find a single thing. I use avast version 4.7 antivirus and windows  defender as my antispyware program. Can some please, PLEASE help me. I want to be able to use MSN again without this problem happening...

 

Answer 24

Basically the same thing happened to me...what I did was I used avast and I use lavasoft and spybot...I went into control panel and repaired msn...but right RIGHT now....my msn went berserk!...So ill do full tests and reinstall msn...and if its still there Ill reformat!
Gluck!
 

Answer 25

yeah i have exactly the same virus  on my computer!

i really get pissed off!

have u got any idea to solve this problem??

 

Answer 26

Another guy already told you how he got rid of it.  Avast!  While I have not gotten this virus  myself, I do use Avast and have found and removed virus that other anti-viruses such as AVG would not even get.  I have also used free trials of some other pay anti-viruses and they don't seem to run as well as Avast! does for me.  Sorry I don't mean to sound like a spokesman for it, but I just find it is good for locating and deleting those pain in a butt viruses.  It also has great on access protection.  Please be away though that it will not work with Zonealarm. For some odd reason it seems to not get along with it.  There is another great firewall you can use with it though.  Comodo Firewall Pro.  It is free and to me, seems to work better the Zonealarm anyways.
 

Answer 27

I cant belive that there is no fix for this!!!  I have the exact same problem. Everytime I open MSN messnger live, it sends out a message to all my contacts asking them if they want to see a photo of me or something of that nature.

I cannot clean this damn thing. I have scanned my pc with McAfee, AVAST, Stinger, ADware removal, Spybot, Xblock. I have restored my pc to a previous date, unistalled and re-installed MSN. Still no luck.

My only other solution would be to re-format my hd which I dont want to do. If I am forced to reformat my hd because of this, I am never using MSN messneger any more. It does not seem very secure.

Thanks,

CoronaBoy

 

Answer 28

Most virus  programs will find and eradicate this threat now, and even SpyBot seems to be able to find it - make sure your definitions are up to date.  Failing that, see my previous post which gives a link to detailed instructions on my website on how to do this manually.
 

Answer 29

Thank you. I will try this tonight.. But the thing is the link that this sending  is not a link to a URL. Its an actual zip  file with .com file  in it.

Will your fix work for this as well?

Thanks.
 

Answer 30

I just had this exact virus.  It drove me crazy for a week trying to get rid of it.  I tried avg, avast, etc and nothing picked it up.  Then I noticed on the windows  live toolbar, under pc health, windows onecare scanner, i downloaded it, scanned the computer and viola it found and fixed the problem. I hope this works for you!

 

Answer 31

I can't get rid of this thing! UGH!

So far, over the last week, this is what I have done (bear in mind that ALL definitions ARE up to date);

McAfee Internet Security (2007 retail)

AVG (free spyware and virus)

SpyBot

CCleaner

PandaScan

Windows OneCare Scanner

In amongst all this, I have also attempted;

System restore

Uninstalling WLM countless times

Clearing registry of all obvious keys related to WLM and MSN messenger, login id's and any other relevent info.

Registry Mechanic

ASO System Optimizer (retail) just about every app that comes along with this nice little tool.

ATF Clearner

IMP Fix

Silent Runners

Hijack This

MSCONFIG!!

I have also tried various combinations in safe mode.  I thought I had it beat with the Windows OneCare scanner, but was told that I was still sending  out messages, some with attachments, some without.

I know, I could just reformat, however I'm trying to avoid this.  I also know of a few other people who have been having the same trouble with this worm that do not have the skills to reformat their computers, and I frankly do not have time to make house calls right now.

Is there something else that I am missing?  Has anyone had success with something else I have not tried?


Thanks for the advice! 

 

Answer 32

Anonymous571333 wrote:

I have recieved the same virus, the that goes around to all my friends it's a zip  file that says photo album ...... i was stupid enough to open it..... now i cant even use windows  live messenger  ... any tips on how to get it up and running again .....  i use messenger for work so i hope there is a fix for this virus...... if u need anymore info feel free to email me ...



I don't know if anyone can do this, but can your MSN e-mail be sent through another e-mail provider on the off-chance that the other e-mail provider doesn't get the virus?  I know you can have another e-mail provider and have incoming e-mails from your other e-mail account sent to them.


I personally don't have the virus, but I'll run scan just in case.

 

Answer 33

Im having the same problem. I clicked  on that zip  file and every sinced ive been getting those IM and its sending  the same zip file  to person on my list. How do i get rid of it. I ran lavasoft adaware and norton and it deleted some stuff. ive changed my password and still the same thing, so innoying.help

 

Answer 34

There is a solution to this annoying virus.

I've also encountered it and very difficult to get rid of.

The only current Anti-virus system to remedy this MSN Prank is to use Kaspersky Anti-virus (This is cause it's the only Anti-virus with the updates) (Just get the trial if you can't buy it).

The virus  is detected as [Riskware: Hidden data sending] at the location of Windows Live Messenger. The system attempts to neutralize the infected object, Windows Live Messenger. Attempt will succeed at the end of neutralization.
Though there is'nt any information about the virus at Kasperskys "viruslist.com"

I hope this will help people to successfully remove the annoying virus. Certainly worked for me!
Happy I'Ming!
 

Answer 35

Use Microsofts live  Care Scanner.. I almost pullmed my hair outta my head.. I couldnt do it until someone posted this link.. Trust me it work..nothing else worked for me. Run the protection scan: http://onecare.live.com/site/en-us/center/howsafe.htm


Good Luck.

CoronaBoy
 

Answer 36

When I tried that I wasted over like 3 hours and after that still unchanged.
 

Answer 37

I have mcafee antivirus /firewall installed i ran that and it found something and deleted that. then i also ran some spyware and it removed it. it worked for awhile and then i got the message again through IM. So what should i do? uninstall mcafee and run kaspersky and other spyware. help.

The messages that im getting are different now, its about some picture

 

Answer 38

Ugh i hate this virus  it seems like whatever i do it seem to always be there now i opened the .rar file  thinking they were pictures and then my computer got a virus now whenever i turn it on it goes to the windows  XP loading screen then it restarts and restarts over and over again well i gave up on that computer and decided to use my laptop well i installed Messenger and TODAY i got a copy of the virus AGAIN. I dodnt open it this time and then the person whom i was talking to said that i also sent her viruses through Messenger Even when i have a completly new laptop (the first infected machine was a Desktop) It seems to follow your account and not your computer or something.

***** Says:
Hey wanna see pics of my vacation?

Eddie says:
No GO AWAY

***** says:
(the file was attached here)

Eddie says:
You too?!

***** Says:
Hey you send me these also its not my fault they send by themselves
 

Answer 39

Hi, maybe you should try downloading AntiVir, which is a free personal antivirum with on access scanner. U can get it frm this link http://www.free-av.com/

It works for me!!
 

Answer 40

Sorry, just saw your reply - I hope you where able to sort things out. I cannot say for sure if my fix would work for that virus  or not, as I've not encountered that variant - if indeed it's the same virus, or perhaps it is another one altogether. My fix only works on a virus which hooks into the OS as I described, and the only one I've directly seen do that is the one that sends a link, not a .zip.
 

Answer 41

Okay do you guys notice that after you clean the virus  or whatever it was, do you notice your computer slow and freezing? Any ideas?

 

Answer 42

Go to mycomputer and change your system restore settings. Turn off your system restore this stops the virus  backing itself up. then run SpyBot its free to download and delete the virus then trun your system restore back on.
 

Answer 43

i have the same problem for about a week now contacted winows this was there ans

computer viruses can be passed between computers through e-mail messages, on floppy disks, and through messaging programs like Windows Live Messenger.Many computer viruses exist in .exe files that you can download to your computer via a file  link in your Windows Live Messenger conversation window.If someone sends you a file through Windows Live Messenger, you are prompted to determine whether you want to download the file.A computer virus  is released only if you double-click the file link or download the file.Many viruses are designed to be sent through contacts in your contact list. Before you open an attachment, always ask your contact whether he or she sent you the file. If your contact denies that he or she sent you the file, do not accept the file or click it.Delete the file immediately.

The Win32/Pushbot.T is a worm that spreads via Windows Live Messenger.For more information about preventing this worm and to recover from this malicious software see the following web site: http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369118

 

Answer 44

man, i have the same virus, but i cant get rid of it and now WLM doesent open , the virus  has competely screwed my computer
 

Answer 45

Recieved a suspicious file-send today from a friend  (who I've since found out didn't send it to me).

The file  is called picture_578_JPeG.zip

I suspect it's related to the issue here - it's far too suspicious to be a "nothing" so am reporting it here.

He says that several of his contacts have asked what the file is that he's sending, but he doesn't know whether any of them opened it, or were he might have picked a virus  up from.

I recommended that he message all his contacts telling them not to open it if it comes through. Beyone that - any recommendations? How do we ensure that his sytem is clean?

Feel free to contact me off-forum - you MS guys should be able to get my email address from this post right?

Thanks

George

 

Answer 46

My computer hasnt been the same since then, It locks up and freezes up, I cant even use it. Im going to wipe it and reinstall windows. It sucks.

 

Answer 47

i got the same virus

i ran my email scanner because it was sending  out emails to remote email accounts and different ip addresses so i assumed it was a keylogger

i used the log file  to find out what program was causing it and it was named yhmkhercc.exe i searched for it and found it as a exe file and as a prefetch file so i deleted both

then i restarted the computer and now its fine

see if that fixs it

 

Answer 48

Well, in 4 days, I've known 5 friends to get infected with this peice of ***.

So far, I've run NAV, AVG, SpyBot, and AdAware.  They all seem to find and remove certain aspects of this problem.  It's not just localized to WLM.  I actually had to uninstall WLM, run all of my scans, then reinstall.  That cleared the WLM problem, but the popups and slow web connection are still there.

I'm running OneCare right now, to see if it'll fix the remainder of my problems.  The URL redirector is the most annoying.  It seems to be 3-4 different threats packaged into one.  Smitfraud is one of them.  Probably the reason it's packaged in a .com format.

If I have any luck getting my system completely clean, I'll let you know.

 

Answer 49

All,

So what's the verdict on this?  Is there a solution for this or not?

Thanks -Nipster

 

Answer 50

Doesn't look like any of the Microsoft guys have jumped in with any bright ideas.

My friend  couldn't shake it in the end - he tried a couple of things and a couple of different AV packages but last week decided to do a system rebuild using the manufacturers disk and started his PC from scratch.

So yeah. No massive help from me I'm afraid - sorry!

G

 

Answer 51

I am new at this but was reading and it seems like an old virus  or trojan is making the rounds again now in 2008.  We are getting: 

(Emily...cleanin says:

Hey it's really looks like you ? Smilehttp://msnpic.ms.funpic.de/viewimage.php?=    )

then my email address shows after the "=" sign.  I clicked  on it thinking she sent me pics.  Everything froze, I rebooted and a window came up asking if I wanted to run wkssvc.exe  I clicked no and started doing research.  Info I found says that's a trojan which allows others access to my computer.  I'm not sure if it came in the message, but it's never popped up before. I did scans and there were a couple things.. cleaned them out, but I'm still getting messages from people with the same message.  It seems to go through their contact list forwarding it in the message box with the same message attached to individual email addresses.

If there is any other info on this I'd appreciate reading about it.

 

Answer 52

sorry I haven't read all these but a friend  once told me to add a fake email address to my contact list using all zeros as the name in the address.  Something about a virus not recognizing it or whatever.  I don't even know if it works, but might be worth a try.  The other thing is, if it's an "infostealer" couldn't the virus  resend itself using your address?
 

Answer 53

I've had a friend  who got infected today, So I Downloaded the .... ".com" file  and infected myself, since I have a modified version of WLM so it didn't do much on my end, so I investigated it, I used Virustotal.com lol, which uses engines of a wide variety of virus  scanners, and did alittle more digging, within the process list there was a new file, It pointed to "C:/Windows/wkssvc.exe", upon scanning it with my AV, it came up "Generic.Sdbot" aka PUA.Packed.Themida which my other AV picked up, this process originated from the file that the virus downloaded, form the *.de site.

So, I assume all you have to do to get rid of it is kill the process "wkssvc.exe" and delete "C:/Windows/wkssvc.exe"

and you should be fine, if it the same version and has not metamorphisized.

~Alex

 

Answer 54

Here is how a friend  fixed it.


  run  this  program
http://onecare.live.com/site/en-us/center/howsafe.htm

then  it left some files that couldn't be reparied or deleted

then I shut everything off   searched running processes for that file  and deleted it

then went to systems 32 and deleted it there and tossed it out of teh trash can too
 

Answer 55

so today i was stupid and opened a file  that a friend  sent me saying it was a pic of me so i clicked  it to see what it was now everytime i sign into msn its sending  a thing to all my contacts i have tryed everything to remove it can anyone help?

 

Answer 56

I got a message from a friend  the other day about a picture that she had supposably found, my virus  scan checks everything before I open it but becuase this viruse is new enough it's not picking it up.  I spent many hours last night reading forums about it and running scans from anti-virus, adware, spybot and nothing was catching all of it.  I came upon this website below and downloaded the virus scan from there.  With in the first few minutes of scanning it had found a virus.  I'm greatful to catch it before it crashes my computer but it has already started doing funny things and it's really slowed my computer down and I've only had it for a few days.

http://onecare.live.com/site/en-us/center/howsafe.htm

GOOD LUCK!

 

Answer 57

try downloading a programme called ccleaner from here: http://www.ccleaner.com/

run it then download spybot search and destory form here http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html again run it, restart the computer and the virus  should be gone just to ensure run ccleaner again. hope this helps, worked for me and my friends

 

Answer 58

hashleym wrote:

I got a message from a friend  the other day about a picture that she had supposably found, my virus  scan checks everything before I open it but becuase this viruse is new enough it's not picking it up.  I spent many hours last night reading forums about it and running scans from anti-virus, adware, spybot and nothing was catching all of it.  I came upon this website below and downloaded the virus scan from there.  With in the first few minutes of scanning it had found a virus.  I'm greatful to catch it before it crashes my computer but it has already started doing funny things and it's really slowed my computer down and I've only had it for a few days.

http://onecare.live.com/site/en-us/center/howsafe.htm

GOOD LUCK!



Trust me. This worked for me! I'm so happy. I was trying for over a month to get rid of this thing. OneCare is the BOSS!! My computer hadnt started doing anything funny, jus sending  out that annoying msg to my MSN contacts, and now they've stopped.
 

Answer 59

Hey I just got hit with what I think is a new strain of this virus....hadn't heard of anything coming through IM before so wasn't careful enough....got a message from a friend  saying, and I quote, "Hey, this looks alot like you   Http:/msnimages.987mb.com/viewime.ph?=(my email address) .  Now, being the smart guy that I am, I opened the link and was immediately hit with the virus.  It hasn't done a whole lot to my computer yet as I just got it a few hours ago, but my McAfee isn't picking it up, and it is spamming my friends with the same message.  Any help guys?
 

Answer 60

hi i did all virus  scans susggested to no avail but i did a system restore of 5 days and so far its worked xxxxx

 

Answer 61

Hey Derrick: I've got the same problem. It started yesterday afternoon and, as you, I tried opening the "pic" because it came from an old friend  of mine who's overseas and whom I know has pictures of me with his family. Anyhow, What I've done for the time being is eliminated my Messenger and have asked for help from my virus  detector support team. As soon as I get an answer I'll post it on this site. Hopefully this will help.

 

Answer 62

TO ALL THOSE WHO HAVE THIS PROBLEM

Read all this before doing anything - i know its a bit messy but if u can use a computer then u should be able to understand what i have to say Smile

firstly dont click on the link Smile

if u have thats no biggy

download and install Nod32 Antivirus 2.7 Trial from http://www.nod32.com.au/download/trial.html (if u like it - dont crack it - BUY IT)

this has been rated#1 antivirus for 7 years by PC USER and i stand by it Smile

after install reboot and then go through all of the settings..... basically u want everything switched on except for "show all files" and " convert all email to txt" ( there are some drop dopwn menus and alot of tick boxes..... basically u want everything switched on Smile )

make sure u have the latest update file. Then make sure u have the latest update file. Seriously it wont work otherwise

reboot into SAFE MODE (just in case)

exit messenger  

press ctrl-alt-del and go through the processes and kill anything that even looks like messenger (msn, live, whatever)

browse through "computer" (or "my computer" fo those not using vista) c:\

right click program files - click nod32 antiirus system. THIS WILL START A SCAN.    YOU NEED TO PRESS STOP!!!! go through the setup and tick everything except list all files and then go through the actions tab and set it to clean and if it cant clean then delete Smile (if this isnt there in the right click menu then u need to reboot or u didnt tick the "enable context menu" tickbox during setup .... thats your bad)

if the scan should find the virus  running in memory, then messenger is still running and u havnt killed it.

Nod32 should find and delete the file  that is infected and any others u might have Smile the infected file should be in program files\live messenger or \msn or \messenger or whatever... thats why i suggest scanning the program files directory.

this worked for me and about 20 of my friends and about 30 of my customers

and if you want run spybot 1.5.2 http://www.safer-networking.org/en/download/index.html over it (with the latest update file) to remove any excess spyware that u might have picked up

good luck and if anyone finds an easier way of gettin rid of it safetly let me know Smile

 

Answer 63

Hey, Yesterday I received a link from one of my friend  in my friends list while he was offline and the link was saying something like http://<Friend'sfirstname>.<LastName>.localpics.com when I clicked  on that it took me to some weird page and was asking me to sign in for some gifts website.  I closed that window but since then it is randomly sending  that link to my IM buddies with and address of my <first name>.<last name>.localpics.com .  Please suggest a remedy for it.

Thanks,

Avnish 

 

Answer 64

Live user wrote:

Hey, Yesterday I received a link from one of my friend  in my friends list while he was offline and the link was saying something like http://<Friend'sfirstname>.<LastName>.localpics.com when I clicked  on that it took me to some weird page and was asking me to sign in for some gifts website.  I closed that window but since then it is randomly sending  that link to my IM buddies with and address of my <first name>.<last name>.localpics.com .  Please suggest a remedy for it.

Thanks,

Avnish 



why not you change your password and monitor it for few days? please let me know if it works or not. thanks.
 

Answer 65

Get NOD32
If you like it buy it dont crack it NOD32 will fix all your problems

 

Answer 66

I'm not sure but the virus  or whatever I have seems to be the same as what everyone here is talking about but mines a little "different".  I think I  got the virus from one of my friends that I haven't talked to in years. and it started off with her sending  me a message that was in some different language that I'm pretty sure she doesn't speak (from what I know). Then every 5, 10, or sometimes 20 minutes (it really depended sometimes) it sent me those messages in that weird language and really got annoying 2 me at first. so i ended up blocking her because I thought she mabey thought I spoke that langauge or something and it REALLY was annoying me. then later on after that all my friends kept on telling me how I was sending them these weird messages in that weird language again and i was just like WHAT!?!? (later on it also started showing that i had sent whoever was on at the time a link for some picture that i never sent) So then I looked at the history of what I sent and it had those different language messages again and it keeps sending it to them even when I'm offline. So i decided to take msn messenger  off my computer and run these virus scans (the virus scans don't seem to pick up anything) but people keep telling me it still sends those messages.

that's pretty much my situation and i'm in need of lots of help. It's really been annoying me like crazy and would appreciate if anyone knew what i should do about my msn messenger. I've also looked everywhere about this virus and i can't find any information on it.

thanks! (and hopefully this made some sense.)

~ricekakeluver

the photo might be called foto-09. i'm not sure because I just found it on my computer under like received files. and an example of one of those weird messages said something like this:
"jajaja esto esta buenisimo, hay que ser bien pendejo para hacer eso"
my friend  sent a pic. of one of the weird messages she said I "supposedly" sent her.

oh yeah i think the virus has been affecting my internet to. "possibly." i'm not really sure..... but my internet started working and then sometimes didn't work at all. (and it kept on going online then offline for a couple of weeks but is currently fine now. although the mouse does freeze up sometimes. which i then just press control+alt+delete and the mouse starts moving) i'm not sure if it's just my internet being lame or is it because of the virus I got.

(dang i wrote a lot. well i hope someone helps me find out the problem because my parents don't seem to really care and if i tell them i have a virus they'll probaly kill me. so i was hoping someone could help solve this problem) Stick out tongue
 

Answer 67

It is a new version of some malware doing it's rounds [], so far not even all big AV companies detects it .

I am not completely sure but I've read that some similar types steals your MSN password, hence it can send constantly.

So reinstalling MSNM and changing pwd might work... (good idea to change pwd online using a non-infected computer).
 

Answer 68

This is what I would do and reccomend others to do if I had this problem.

1.Firstly – Turn off your System Restore and Back up your most critically important documents to your USB drive. Turning off the System Restore makes yourself a little bit vulnerable to a rare crash, but it removes the one place that viruses and Trojans can hide. Trojans hiding in your system restore can never be removed by even the best antivirus programs as this part of disk is hidden from the operating system itself. To turn off System Restore, right click My Computer and select Properties. There will be a tab which has the functions for System Restore\System Protection – just un-tick the box to turn it off. You may get a message about restarting your computer.

2.Second – Since MSN is the problem application and some of the files it uses has been possibly replaced by malware...this program should be uninstalled for a virus  removal scan to be fully successful. The scan can have problems removing files which are still in use by the system. Uninstall MSN live  Messenger through Control PanelàAdd\Remove Programs. Be sure to remove all versions of Messenger on your computer if you see any others. At the end, reboot your computer to reset any open files. Remember to record what your windows  Live ID and Password is for future reference.

3.Third – Update your computer and run your current virus scanners; you should update your virus scanner too. Get rid of anything they find, go for the Delete option where possible

If you don’t like your virus scanner, try the online one below.

Below is Microsoft’s version of an online Virus scanner/remover. It’s been working okay since it’s now directly in their interests to stop the *** which plagues their systems and applications...especially with Advertisements on MSN, they lose advertising revenue every time someone stops using MSN....so power to MS for making this public and free, its a win-win situation.

http://onecare.live.com/site/en-us/center/howsafe.htm

***If for any reason some of the “found” files cannot be deleted – record what they are – this is important! Reboot your computer into Safe Mode (Keep pressing F8 as your reboot your computer) and search and delete those files. Empty them from the recycle bin too. Get rid of them all – this is the virus!

4.Fourth – When your virus scans come up clear its time to delete any suspicious registry entries. Click on Start->Run and type regedit and hit enter. This will open Registry Editor, it’s just kinda like Windows Explorer. Browse to Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and delete anything in there that looks suss (I sometimes just delete it all). This is a list of the processes on your computer that automatically run when you log on...a common place for virus autostart entries. Also do the same for Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run . Delete all suspicious items that you don’t want to automatically start up. Reboot your computer afterwards. You may notice that it starts up a bit faster than before.

5.Fifth – Log on to Microsoft Passport.net (https://accountservices.passport.net/ppnetworkhome.srf?vv=550&lc=3081 ) and change your Windows Live password. Pick a easy to remember good password like a non-dictionary word combined with a number.

6.Sixth – Download a fresh copy of Windows Live Messenger

7.Seventh - Install Windows Live Messenger....but when you are installing !CHANGE the default install location! Just change the name, like I think it says Windows Live...just change it to MSN Live....just change it from what its original name is. What this does is if there is a hidden registry backdoors which were unable to be detected by the virus scan (because it’s not a virus), it will make the registry backdoor obsolete and unusable because you changed the default name to something else, so now the backdoor doesn’t apply to your new installation of MSN

8.Eighth – Log in and hopefully the problem is gone! What will most likely happen is that once you log on, the attacker will try to send you the virus again through the backdoor that the virus put on your computer. But since we closed off the backdoor by changing the name and getting rid of the Trojan, his attempt should fail.

Hope this helps people with a bit more specific info for the noobs.

 

Answer 69

I just got that same file  too. I declined it, but i was wondering what kind of virus  it was.

 

Answer 70

My neighbour had the windows  Live messenger  worm as well.  She used the Windows live  Onecare scanner, and the problem is now fixed.  It said it could not delete one file  (c:\windows\image.zip) that was a problem file, so I deleted it for her.  It also said that 4 files could not be cleaned or deleted.  The were in ...\_restore\..., which meant they were system restore points, so we just ignored this.

The scanner is at http://onecare.live.com/site/en-ca/center/howsafe.htm, and information about the worm is at http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369118.

 

Answer 71

Its not hard to remove....just run MSCONFIG look for anything sus..untick it and its gone......
Good Night (dont forget to restart)
 

Answer 72

I've had a similar problem, except the message being sent is about asking to upload a picture to Facebook. I can't see the message being sent to all my contacts, I have to have them copy and paste it to me. It also seems that the file  being sent changes each time it's sent to a contact... Here's what they're being sent:

Beauty Comes With Dark Thoughts says:
it alright if i upload this picture of us to facebook?
josiah says (9:54 PM):
You have successfully received C:\Users\owner\Documents\My Received Files\img04_w9-JPG.zip from izzy.
Beauty Comes With Dark Thoughts says:
it alright if i upload this picture of us to facebook?
Beauty Comes With Dark Thoughts sends:

    Open(Alt+P)

  You have successfully received C:\Documents and Settings\Xan\My Documents\My Received Files\img83-b1-jpeg.zip from Beauty Comes With Dark Thoughts.

I've deleted Windows Live Messenger off the computer.
Can someone help?
 

Answer 73

try changing your hotmail account login password. this eventually works for me.
But no harm giving a try.
 

Answer 74

hey i keep getting a similar virus  sent but its not a picture. its like a link to a site that is suposed to have a page of a contact, but when i clicked  on it once, it started sending  a similar thing around to everyone on my contact list. also its not the same site everytime.
 

Answer 75

I have only just had the same problem and decided to look into it which is how ive ended up here. It was called 'checkoutthisfunnypic.rar' i knew there was a little something going off with it being a '.rar' file  but still - i opened it and 60 command prompt windows  came up one after the other from now on my computer is being extremely slow.
 

Answer 76

aha, my brother has done that and hes blaming it on me but i read his convo and this boy sent it him and he accepted, stupid boy :L i know how to get rid of it because i am god! all you need to do is go back in time to the date where you didnt have it. eg - if you got given it yesterday go baclk yesterday ande the time before you got it :) love you all ROCKON! <3
 
 
 

<< Previous      Next >>


Microsoft   |   Windows   |   Visual Studio   |   Follow us on Twitter