Home » Microsoft Technologies

Windows live Messenger sending out virus

I mistakenly clicked on a zip file that was suppose to bea picture yesterday from a friend and when I went to run it, there was know picture. Insstead it keeps sending out the same file to everyone on my friends list.

I ran avg and its not a virus. It seems like its only effecting window live messenger. Can anyone help me solve this problem.


76 Answers Found


Answer 1

Your PC is prolly infected with "Ratemynuts Virus". You better run anti-spyware again.

Answer 2

Derrick R wrote:

I mistakenly clicked  on a zip  file that was suppose  to bea  picture yesterday from a friend  and when I went to run it, there was know picture. Insstead it keeps sending  out the same file  to everyone on my friends list.

I ran avg and its not a virus. It seems like its only effecting window live  messenger. Can anyone help me solve this problem.

I think this virus  has just surfaced in the world like maybe a day or two ago.

I just saw my first invitation to accept the file yesterday. Luckily I didn't know who that person was, so I didn't accept it.

I dont think any spyware program has any remedy for this yet.

Answer 3

Can you forward us the file  or the text of the message? We can block it from spreading on the server.

Answer 4

I have recieved the same virus, the that goes around to all my friends it's a zip  file that says photo album ...... i was stupid enough to open it..... now i cant even use windows  live messenger  ... any tips on how to get it up and running again .....  i use messenger for work so i hope there is a fix for this virus...... if u need anymore info feel free to email me ...


Answer 5

Uh this virus  is taking the micky, i have it too, any help would be appreciated ive reinstalled several timea and ran several anitvirus programs and nothings shifting it, if its not sorted im gonna have to re format -_-

Answer 6

What I had to do was roll back the date. It was fixed once i did that, but my avg antivirus wont load.

Answer 7

HOw do u roll back your date ?


Answer 8

please i could do with advise aswell.

i stupudly clinked the link from my bros. it was wel weird i a happend to be set as appear offline and for about 10 minutes my bros signing in box keeped popping up saying he was signing in at least 6 times i keeped thinking what on earth?? then i recieved instant message from him saying  "is that you on this photo?" with a link below to stupidpicture.info (taken away letters so no link) before i clicked  it i thought hand on how does he know i'm appering to be off line?? and still send a message ?

well thats why i'm stupid all the signs where there but i still clincked the link and now well where do i start !!!my msger was getting bigger then little screen signing in signing out and trying to contact another famliy member who is always appearing off line thats when i knew what mistake i'd done now EI keeps opening up with odd sites  norton say's i now only have 1% disk space left WTF ..my pc has just gone mental i use norton system works this picked up a trojan about 20 minutes after i clicked the link a worm attempt and since then nothing i down loaded avg  that got 17 viruses??? spybot S&D  gets loads of stuff but nothing seems to be fixing my pc.

i've taken windows  messenger off as it was trying to send it too everyone on my contact list i would love find out whats going on and try to fix it

please help

Answer 9

The message along with the URL recived on 17th April 2007:

is that you on this photo http://www.hotandcute.net/photo6.php

The link downloads a file  photo6.com


Answer 10

yeh thats the stupid thing that i clicked  on.. and now my windows  live messenger  is stuffed
everytime i sign in it sends that same message to everyone on my contact list.. grrr its so annoying.. now i cant chat
how do i get rid of this forever???
please help!!

Answer 11

I also have this problem with that virus, now I can't sing in with MSN, sends it to everyone... My Antivirus doesn't seem to recognize the file  as a virus  - I downloaded the file with Firefox, didn't execute it...but still, it damaged my PC. Don't know how to get rid of it, it always seems to come back o__o Help...? Tongue Tied (That was SO stupid of me ><)

Answer 12

Will be watching this site for a solution to this problem!  There are about 6 of us who all have the same darned thing.  I'm pretty sure I got rid of the trojan virus  using vundofix. However, my main problem now is all the popup *** that keeps happening. I have had the most success with spybot locating and deleting the files. It found 8 files in the first scan. I ran it again and then it found 2 files. I am currently running a 3rd scan to see if it comes up more files again. I knew I would have to scan again after I tried to run pandasoftware.com online scan to check my system and I got 2 popups again.

Answer 13

Yeah i have/had the exact same problem.

What i did was do the usual scans. They located the Trojans but didnt stop the pop ups and lack of ability to sign in.
It also prevented me from downloading files.

So I deleted IE (which i never use as Firefox is vastly better) and don't seem to have a problem with the computer, but i'll see if i can use MSN.

The pop up problem always arose in an IE window so its sorted that but i'm not sure the virus  is totally gone. I can now download too and am reinstalling a new version of MSN.

MSN is back up and running for me. No problems I don't think.

Answer 14

well it's been a week now and still no good. every two days norton system works keeps finding a virus  called "infostealer" (great!) funny thing is in the past year that i've had norton it's only ever found about 4 now it's one every two days thats why i'm sure theres more to it than just what i keep finding on the search that spybot, avg and norton do if they do find anything i search the pc for key words and if there are matches and it's ok to do it, i delet them but spybot seems to find things gets rid of them and then there back again for the next scan. also what i did notice is task manager was running dexplore.exe which had the cpu running at 100% had never seen it there before and google searches said it to be an addition to something?? anyway i got rid of that too. i'm now taking out IE 7 seeing that this is what is being used with the pop ups. can i ask if it happens this way to others i only get the popups when i open mozilla and go on the internet this is the browser i always use nothing els and also i keep getting a box saying working of line well thats funny i'm on broadband and surfing through mozilla at that time?!

what i can't work out is that all the big antivirus and spywear just doesn't seem to be shifting it or anything at that matter i would class this as high because it really is causing alot of havoc with pc's it has to be something running hidden somewhere. i to am watching this thread hopefully we will all get help as it seems to be affecting so many people.


Answer 15

have had exactly this ame ....'cuteandhot' virus  as you guys...... crashed everything..... cut a long story short... eventually downloaded a freebie virus killer called AVAST.... found it ... and seems to have sorted it out... then I dowmloaded MSN messenger  again over the top of existing damaged one...took ages whilst it repaired it, and all seems to be well now.... good luck guys

Answer 16

chappers45 wrote:
have had exactly this ame ....'cuteandhot' virus  as you guys...... crashed everything..... cut a long story short... eventually downloaded a freebie virus killer called AVAST.... found it ... and seems to have sorted it out... then I dowmloaded MSN messenger  again over the top of existing damaged one...took ages whilst it repaired it, and all seems to be well now.... good luck guys

The bug was called WIN32....and it found 3 of them , plus all the other stuff......and I also have ADware/ Lavasoft loaded too, and they didnt seem to conflict....


Answer 17

I had to eradicate this particularly nasty infection from two PCs at work.  I posted a brief write-up on how to do it without doing a system restore - you'll need a copy of 'HijackThis!' and your Windows XP installer CD, or other way to access your HD without booting the OS on it.  The post is on my blog - http://briancantin.blogspot.com/2007/04/when-you-manage-group-of-pcs-in.html

I hope this helps.


Answer 18

hi there another way to get rid of this is to unistall windows  live messenger  and then look all ova ur comp for 2 files by the name of 'net' and 'oo' these are both trojans.

Answer 19

I thought I'd shifted the problem by reinstalling MSN/ deleting IE.

But the 3 viruses I had on the comp weren't going away. So i ended up reformatting my comp, which i'd been meaning to do for a while actually and needless to say no problems now.


Answer 20

well i'm virus  free and running well.

only due the fact that system restore was my only opion i feel and well now i'm running top speed and no virus at last also using messenger live  no probs.

Answer 21

Checked any other sites? ~!> Ad-aware <!~  Normally I wouldn't suggest ad aware to anyone, but it actually does clean the "virus"... trust me I went crazy at three am when I realized that some moron (aka a sibling)  had accepted and extracted the stupid file  on my laptop. I went through all my files one by one, searched through the registry, checked my startup files. Yes I went nuts, but I did some looking around... ad aware removes a "cookie" called "tracecookie"... trust me I looked everywhere deleted all the cookies, all the temp files, ect... I didn't find it. I don't know exactly where ad aware found it didn't bother looking. But MSN works now, all cool no more virus  I'm happy. Hope this helps someone.

Answer 22

have you tried useing a program called The Cleaner its a trojan snifer if its on your comp it will find it and delete it  the program is a paid one but you can use the trial   for now and figure how to get it to work for ya later after trial


Answer 23

This happened to my friends on msn as well, luckily they didn't click on the link that is sent, but the thing is that they say that they were getting those messages from me. No one has ever sent me those messages to me personally and i've never caught the virus  on my computer, but for some reason my friends have been getting them from me. I've been running scan after scan after scan since last night to see if i might have caught the virus on my computer and I can't find a single thing. I use avast version 4.7 antivirus and windows  defender as my antispyware program. Can some please, PLEASE help me. I want to be able to use MSN again without this problem happening...


Answer 24

Basically the same thing happened to me...what I did was I used avast and I use lavasoft and spybot...I went into control panel and repaired msn...but right RIGHT now....my msn went berserk!...So ill do full tests and reinstall msn...and if its still there Ill reformat!

Answer 25

yeah i have exactly the same virus  on my computer!

i really get pissed off!

have u got any idea to solve this problem??


Answer 26

Another guy already told you how he got rid of it.  Avast!  While I have not gotten this virus  myself, I do use Avast and have found and removed virus that other anti-viruses such as AVG would not even get.  I have also used free trials of some other pay anti-viruses and they don't seem to run as well as Avast! does for me.  Sorry I don't mean to sound like a spokesman for it, but I just find it is good for locating and deleting those pain in a butt viruses.  It also has great on access protection.  Please be away though that it will not work with Zonealarm. For some odd reason it seems to not get along with it.  There is another great firewall you can use with it though.  Comodo Firewall Pro.  It is free and to me, seems to work better the Zonealarm anyways.

Answer 27

I cant belive that there is no fix for this!!!  I have the exact same problem. Everytime I open MSN messnger live, it sends out a message to all my contacts asking them if they want to see a photo of me or something of that nature.

I cannot clean this damn thing. I have scanned my pc with McAfee, AVAST, Stinger, ADware removal, Spybot, Xblock. I have restored my pc to a previous date, unistalled and re-installed MSN. Still no luck.

My only other solution would be to re-format my hd which I dont want to do. If I am forced to reformat my hd because of this, I am never using MSN messneger any more. It does not seem very secure.




Answer 28

Most virus  programs will find and eradicate this threat now, and even SpyBot seems to be able to find it - make sure your definitions are up to date.  Failing that, see my previous post which gives a link to detailed instructions on my website on how to do this manually.

Answer 29

Thank you. I will try this tonight.. But the thing is the link that this sending  is not a link to a URL. Its an actual zip  file with .com file  in it.

Will your fix work for this as well?


Answer 30

I just had this exact virus.  It drove me crazy for a week trying to get rid of it.  I tried avg, avast, etc and nothing picked it up.  Then I noticed on the windows  live toolbar, under pc health, windows onecare scanner, i downloaded it, scanned the computer and viola it found and fixed the problem. I hope this works for you!


Answer 31

I can't get rid of this thing! UGH!

So far, over the last week, this is what I have done (bear in mind that ALL definitions ARE up to date);

McAfee Internet Security (2007 retail)

AVG (free spyware and virus)




Windows OneCare Scanner

In amongst all this, I have also attempted;

System restore

Uninstalling WLM countless times

Clearing registry of all obvious keys related to WLM and MSN messenger, login id's and any other relevent info.

Registry Mechanic

ASO System Optimizer (retail) just about every app that comes along with this nice little tool.

ATF Clearner


Silent Runners

Hijack This


I have also tried various combinations in safe mode.  I thought I had it beat with the Windows OneCare scanner, but was told that I was still sending  out messages, some with attachments, some without.

I know, I could just reformat, however I'm trying to avoid this.  I also know of a few other people who have been having the same trouble with this worm that do not have the skills to reformat their computers, and I frankly do not have time to make house calls right now.

Is there something else that I am missing?  Has anyone had success with something else I have not tried?

Thanks for the advice! 


Answer 32

Anonymous571333 wrote:

I have recieved the same virus, the that goes around to all my friends it's a zip  file that says photo album ...... i was stupid enough to open it..... now i cant even use windows  live messenger  ... any tips on how to get it up and running again .....  i use messenger for work so i hope there is a fix for this virus...... if u need anymore info feel free to email me ...

I don't know if anyone can do this, but can your MSN e-mail be sent through another e-mail provider on the off-chance that the other e-mail provider doesn't get the virus?  I know you can have another e-mail provider and have incoming e-mails from your other e-mail account sent to them.

I personally don't have the virus, but I'll run scan just in case.


Answer 33

Im having the same problem. I clicked  on that zip  file and every sinced ive been getting those IM and its sending  the same zip file  to person on my list. How do i get rid of it. I ran lavasoft adaware and norton and it deleted some stuff. ive changed my password and still the same thing, so innoying.help


Answer 34

There is a solution to this annoying virus.

I've also encountered it and very difficult to get rid of.

The only current Anti-virus system to remedy this MSN Prank is to use Kaspersky Anti-virus (This is cause it's the only Anti-virus with the updates) (Just get the trial if you can't buy it).

The virus  is detected as [Riskware: Hidden data sending] at the location of Windows Live Messenger. The system attempts to neutralize the infected object, Windows Live Messenger. Attempt will succeed at the end of neutralization.
Though there is'nt any information about the virus at Kasperskys "viruslist.com"

I hope this will help people to successfully remove the annoying virus. Certainly worked for me!
Happy I'Ming!

Answer 35

Use Microsofts live  Care Scanner.. I almost pullmed my hair outta my head.. I couldnt do it until someone posted this link.. Trust me it work..nothing else worked for me. Run the protection scan: http://onecare.live.com/site/en-us/center/howsafe.htm

Good Luck.


Answer 36

When I tried that I wasted over like 3 hours and after that still unchanged.

Answer 37

I have mcafee antivirus /firewall installed i ran that and it found something and deleted that. then i also ran some spyware and it removed it. it worked for awhile and then i got the message again through IM. So what should i do? uninstall mcafee and run kaspersky and other spyware. help.

The messages that im getting are different now, its about some picture


Answer 38

Ugh i hate this virus  it seems like whatever i do it seem to always be there now i opened the .rar file  thinking they were pictures and then my computer got a virus now whenever i turn it on it goes to the windows  XP loading screen then it restarts and restarts over and over again well i gave up on that computer and decided to use my laptop well i installed Messenger and TODAY i got a copy of the virus AGAIN. I dodnt open it this time and then the person whom i was talking to said that i also sent her viruses through Messenger Even when i have a completly new laptop (the first infected machine was a Desktop) It seems to follow your account and not your computer or something.

***** Says:
Hey wanna see pics of my vacation?

Eddie says:

***** says:
(the file was attached here)

Eddie says:
You too?!

***** Says:
Hey you send me these also its not my fault they send by themselves

Answer 39

Hi, maybe you should try downloading AntiVir, which is a free personal antivirum with on access scanner. U can get it frm this link http://www.free-av.com/

It works for me!!

Answer 40

Sorry, just saw your reply - I hope you where able to sort things out. I cannot say for sure if my fix would work for that virus  or not, as I've not encountered that variant - if indeed it's the same virus, or perhaps it is another one altogether. My fix only works on a virus which hooks into the OS as I described, and the only one I've directly seen do that is the one that sends a link, not a .zip.

Answer 41

Okay do you guys notice that after you clean the virus  or whatever it was, do you notice your computer slow and freezing? Any ideas?


Answer 42

Go to mycomputer and change your system restore settings. Turn off your system restore this stops the virus  backing itself up. then run SpyBot its free to download and delete the virus then trun your system restore back on.

Answer 43

i have the same problem for about a week now contacted winows this was there ans

computer viruses can be passed between computers through e-mail messages, on floppy disks, and through messaging programs like Windows Live Messenger.Many computer viruses exist in .exe files that you can download to your computer via a file  link in your Windows Live Messenger conversation window.If someone sends you a file through Windows Live Messenger, you are prompted to determine whether you want to download the file.A computer virus  is released only if you double-click the file link or download the file.Many viruses are designed to be sent through contacts in your contact list. Before you open an attachment, always ask your contact whether he or she sent you the file. If your contact denies that he or she sent you the file, do not accept the file or click it.Delete the file immediately.

The Win32/Pushbot.T is a worm that spreads via Windows Live Messenger.For more information about preventing this worm and to recover from this malicious software see the following web site: http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369118


Answer 44

man, i have the same virus, but i cant get rid of it and now WLM doesent open , the virus  has competely screwed my computer

Answer 45

Recieved a suspicious file-send today from a friend  (who I've since found out didn't send it to me).

The file  is called picture_578_JPeG.zip

I suspect it's related to the issue here - it's far too suspicious to be a "nothing" so am reporting it here.

He says that several of his contacts have asked what the file is that he's sending, but he doesn't know whether any of them opened it, or were he might have picked a virus  up from.

I recommended that he message all his contacts telling them not to open it if it comes through. Beyone that - any recommendations? How do we ensure that his sytem is clean?

Feel free to contact me off-forum - you MS guys should be able to get my email address from this post right?




Answer 46

My computer hasnt been the same since then, It locks up and freezes up, I cant even use it. Im going to wipe it and reinstall windows. It sucks.


Answer 47

i got the same virus

i ran my email scanner because it was sending  out emails to remote email accounts and different ip addresses so i assumed it was a keylogger

i used the log file  to find out what program was causing it and it was named yhmkhercc.exe i searched for it and found it as a exe file and as a prefetch file so i deleted both

then i restarted the computer and now its fine

see if that fixs it


Answer 48

Well, in 4 days, I've known 5 friends to get infected with this peice of ***.

So far, I've run NAV, AVG, SpyBot, and AdAware.  They all seem to find and remove certain aspects of this problem.  It's not just localized to WLM.  I actually had to uninstall WLM, run all of my scans, then reinstall.  That cleared the WLM problem, but the popups and slow web connection are still there.

I'm running OneCare right now, to see if it'll fix the remainder of my problems.  The URL redirector is the most annoying.  It seems to be 3-4 different threats packaged into one.  Smitfraud is one of them.  Probably the reason it's packaged in a .com format.

If I have any luck getting my system completely clean, I'll let you know.


Answer 49


So what's the verdict on this?  Is there a solution for this or not?

Thanks -Nipster


Answer 50

Doesn't look like any of the Microsoft guys have jumped in with any bright ideas.

My friend  couldn't shake it in the end - he tried a couple of things and a couple of different AV packages but last week decided to do a system rebuild using the manufacturers disk and started his PC from scratch.

So yeah. No massive help from me I'm afraid - sorry!



Answer 51

I am new at this but was reading and it seems like an old virus  or trojan is making the rounds again now in 2008.  We are getting: 

(Emily...cleanin says:

Hey it's really looks like you ? Smilehttp://msnpic.ms.funpic.de/viewimage.php?=    )

then my email address shows after the "=" sign.  I clicked  on it thinking she sent me pics.  Everything froze, I rebooted and a window came up asking if I wanted to run wkssvc.exe  I clicked no and started doing research.  Info I found says that's a trojan which allows others access to my computer.  I'm not sure if it came in the message, but it's never popped up before. I did scans and there were a couple things.. cleaned them out, but I'm still getting messages from people with the same message.  It seems to go through their contact list forwarding it in the message box with the same message attached to individual email addresses.

If there is any other info on this I'd appreciate reading about it.


Answer 52

sorry I haven't read all these but a friend  once told me to add a fake email address to my contact list using all zeros as the name in the address.  Something about a virus not recognizing it or whatever.  I don't even know if it works, but might be worth a try.  The other thing is, if it's an "infostealer" couldn't the virus  resend itself using your address?

Answer 53

I've had a friend  who got infected today, So I Downloaded the .... ".com" file  and infected myself, since I have a modified version of WLM so it didn't do much on my end, so I investigated it, I used Virustotal.com lol, which uses engines of a wide variety of virus  scanners, and did alittle more digging, within the process list there was a new file, It pointed to "C:/Windows/wkssvc.exe", upon scanning it with my AV, it came up "Generic.Sdbot" aka PUA.Packed.Themida which my other AV picked up, this process originated from the file that the virus downloaded, form the *.de site.

So, I assume all you have to do to get rid of it is kill the process "wkssvc.exe" and delete "C:/Windows/wkssvc.exe"

and you should be fine, if it the same version and has not metamorphisized.



Answer 54

Here is how a friend  fixed it.

  run  this  program

then  it left some files that couldn't be reparied or deleted

then I shut everything off   searched running processes for that file  and deleted it

then went to systems 32 and deleted it there and tossed it out of teh trash can too

Answer 55

so today i was stupid and opened a file  that a friend  sent me saying it was a pic of me so i clicked  it to see what it was now everytime i sign into msn its sending  a thing to all my contacts i have tryed everything to remove it can anyone help?


Answer 56

I got a message from a friend  the other day about a picture that she had supposably found, my virus  scan checks everything before I open it but becuase this viruse is new enough it's not picking it up.  I spent many hours last night reading forums about it and running scans from anti-virus, adware, spybot and nothing was catching all of it.  I came upon this website below and downloaded the virus scan from there.  With in the first few minutes of scanning it had found a virus.  I'm greatful to catch it before it crashes my computer but it has already started doing funny things and it's really slowed my computer down and I've only had it for a few days.




Answer 57

try downloading a programme called ccleaner from here: http://www.ccleaner.com/

run it then download spybot search and destory form here http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html again run it, restart the computer and the virus  should be gone just to ensure run ccleaner again. hope this helps, worked for me and my friends


Answer 58

hashleym wrote:

I got a message from a friend  the other day about a picture that she had supposably found, my virus  scan checks everything before I open it but becuase this viruse is new enough it's not picking it up.  I spent many hours last night reading forums about it and running scans from anti-virus, adware, spybot and nothing was catching all of it.  I came upon this website below and downloaded the virus scan from there.  With in the first few minutes of scanning it had found a virus.  I'm greatful to catch it before it crashes my computer but it has already started doing funny things and it's really slowed my computer down and I've only had it for a few days.



Trust me. This worked for me! I'm so happy. I was trying for over a month to get rid of this thing. OneCare is the BOSS!! My computer hadnt started doing anything funny, jus sending  out that annoying msg to my MSN contacts, and now they've stopped.

Answer 59

Hey I just got hit with what I think is a new strain of this virus....hadn't heard of anything coming through IM before so wasn't careful enough....got a message from a friend  saying, and I quote, "Hey, this looks alot like you   Http:/msnimages.987mb.com/viewime.ph?=(my email address) .  Now, being the smart guy that I am, I opened the link and was immediately hit with the virus.  It hasn't done a whole lot to my computer yet as I just got it a few hours ago, but my McAfee isn't picking it up, and it is spamming my friends with the same message.  Any help guys?

Answer 60

hi i did all virus  scans susggested to no avail but i did a system restore of 5 days and so far its worked xxxxx


Answer 61

Hey Derrick: I've got the same problem. It started yesterday afternoon and, as you, I tried opening the "pic" because it came from an old friend  of mine who's overseas and whom I know has pictures of me with his family. Anyhow, What I've done for the time being is eliminated my Messenger and have asked for help from my virus  detector support team. As soon as I get an answer I'll post it on this site. Hopefully this will help.


Answer 62


Read all this before doing anything - i know its a bit messy but if u can use a computer then u should be able to understand what i have to say Smile

firstly dont click on the link Smile

if u have thats no biggy

download and install Nod32 Antivirus 2.7 Trial from http://www.nod32.com.au/download/trial.html (if u like it - dont crack it - BUY IT)

this has been rated#1 antivirus for 7 years by PC USER and i stand by it Smile

after install reboot and then go through all of the settings..... basically u want everything switched on except for "show all files" and " convert all email to txt" ( there are some drop dopwn menus and alot of tick boxes..... basically u want everything switched on Smile )

make sure u have the latest update file. Then make sure u have the latest update file. Seriously it wont work otherwise

reboot into SAFE MODE (just in case)

exit messenger  

press ctrl-alt-del and go through the processes and kill anything that even looks like messenger (msn, live, whatever)

browse through "computer" (or "my computer" fo those not using vista) c:\

right click program files - click nod32 antiirus system. THIS WILL START A SCAN.    YOU NEED TO PRESS STOP!!!! go through the setup and tick everything except list all files and then go through the actions tab and set it to clean and if it cant clean then delete Smile (if this isnt there in the right click menu then u need to reboot or u didnt tick the "enable context menu" tickbox during setup .... thats your bad)

if the scan should find the virus  running in memory, then messenger is still running and u havnt killed it.

Nod32 should find and delete the file  that is infected and any others u might have Smile the infected file should be in program files\live messenger or \msn or \messenger or whatever... thats why i suggest scanning the program files directory.

this worked for me and about 20 of my friends and about 30 of my customers

and if you want run spybot 1.5.2 http://www.safer-networking.org/en/download/index.html over it (with the latest update file) to remove any excess spyware that u might have picked up

good luck and if anyone finds an easier way of gettin rid of it safetly let me know Smile


Answer 63

Hey, Yesterday I received a link from one of my friend  in my friends list while he was offline and the link was saying something like http://<Friend'sfirstname>.<LastName>.localpics.com when I clicked  on that it took me to some weird page and was asking me to sign in for some gifts website.  I closed that window but since then it is randomly sending  that link to my IM buddies with and address of my <first name>.<last name>.localpics.com .  Please suggest a remedy for it.




Answer 64

Live user wrote:

Hey, Yesterday I received a link from one of my friend  in my friends list while he was offline and the link was saying something like http://<Friend'sfirstname>.<LastName>.localpics.com when I clicked  on that it took me to some weird page and was asking me to sign in for some gifts website.  I closed that window but since then it is randomly sending  that link to my IM buddies with and address of my <first name>.<last name>.localpics.com .  Please suggest a remedy for it.



why not you change your password and monitor it for few days? please let me know if it works or not. thanks.

Answer 65

Get NOD32
If you like it buy it dont crack it NOD32 will fix all your problems


Answer 66

I'm not sure but the virus  or whatever I have seems to be the same as what everyone here is talking about but mines a little "different".  I think I  got the virus from one of my friends that I haven't talked to in years. and it started off with her sending  me a message that was in some different language that I'm pretty sure she doesn't speak (from what I know). Then every 5, 10, or sometimes 20 minutes (it really depended sometimes) it sent me those messages in that weird language and really got annoying 2 me at first. so i ended up blocking her because I thought she mabey thought I spoke that langauge or something and it REALLY was annoying me. then later on after that all my friends kept on telling me how I was sending them these weird messages in that weird language again and i was just like WHAT!?!? (later on it also started showing that i had sent whoever was on at the time a link for some picture that i never sent) So then I looked at the history of what I sent and it had those different language messages again and it keeps sending it to them even when I'm offline. So i decided to take msn messenger  off my computer and run these virus scans (the virus scans don't seem to pick up anything) but people keep telling me it still sends those messages.

that's pretty much my situation and i'm in need of lots of help. It's really been annoying me like crazy and would appreciate if anyone knew what i should do about my msn messenger. I've also looked everywhere about this virus and i can't find any information on it.

thanks! (and hopefully this made some sense.)


the photo might be called foto-09. i'm not sure because I just found it on my computer under like received files. and an example of one of those weird messages said something like this:
"jajaja esto esta buenisimo, hay que ser bien pendejo para hacer eso"
my friend  sent a pic. of one of the weird messages she said I "supposedly" sent her.

oh yeah i think the virus has been affecting my internet to. "possibly." i'm not really sure..... but my internet started working and then sometimes didn't work at all. (and it kept on going online then offline for a couple of weeks but is currently fine now. although the mouse does freeze up sometimes. which i then just press control+alt+delete and the mouse starts moving) i'm not sure if it's just my internet being lame or is it because of the virus I got.

(dang i wrote a lot. well i hope someone helps me find out the problem because my parents don't seem to really care and if i tell them i have a virus they'll probaly kill me. so i was hoping someone could help solve this problem) Stick out tongue

Answer 67

It is a new version of some malware doing it's rounds [], so far not even all big AV companies detects it .

I am not completely sure but I've read that some similar types steals your MSN password, hence it can send constantly.

So reinstalling MSNM and changing pwd might work... (good idea to change pwd online using a non-infected computer).

Answer 68

This is what I would do and reccomend others to do if I had this problem.

1.Firstly – Turn off your System Restore and Back up your most critically important documents to your USB drive. Turning off the System Restore makes yourself a little bit vulnerable to a rare crash, but it removes the one place that viruses and Trojans can hide. Trojans hiding in your system restore can never be removed by even the best antivirus programs as this part of disk is hidden from the operating system itself. To turn off System Restore, right click My Computer and select Properties. There will be a tab which has the functions for System Restore\System Protection – just un-tick the box to turn it off. You may get a message about restarting your computer.

2.Second – Since MSN is the problem application and some of the files it uses has been possibly replaced by malware...this program should be uninstalled for a virus  removal scan to be fully successful. The scan can have problems removing files which are still in use by the system. Uninstall MSN live  Messenger through Control PanelàAdd\Remove Programs. Be sure to remove all versions of Messenger on your computer if you see any others. At the end, reboot your computer to reset any open files. Remember to record what your windows  Live ID and Password is for future reference.

3.Third – Update your computer and run your current virus scanners; you should update your virus scanner too. Get rid of anything they find, go for the Delete option where possible

If you don’t like your virus scanner, try the online one below.

Below is Microsoft’s version of an online Virus scanner/remover. It’s been working okay since it’s now directly in their interests to stop the *** which plagues their systems and applications...especially with Advertisements on MSN, they lose advertising revenue every time someone stops using MSN....so power to MS for making this public and free, its a win-win situation.


***If for any reason some of the “found” files cannot be deleted – record what they are – this is important! Reboot your computer into Safe Mode (Keep pressing F8 as your reboot your computer) and search and delete those files. Empty them from the recycle bin too. Get rid of them all – this is the virus!

4.Fourth – When your virus scans come up clear its time to delete any suspicious registry entries. Click on Start->Run and type regedit and hit enter. This will open Registry Editor, it’s just kinda like Windows Explorer. Browse to Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and delete anything in there that looks suss (I sometimes just delete it all). This is a list of the processes on your computer that automatically run when you log on...a common place for virus autostart entries. Also do the same for Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run . Delete all suspicious items that you don’t want to automatically start up. Reboot your computer afterwards. You may notice that it starts up a bit faster than before.

5.Fifth – Log on to Microsoft Passport.net (https://accountservices.passport.net/ppnetworkhome.srf?vv=550&lc=3081 ) and change your Windows Live password. Pick a easy to remember good password like a non-dictionary word combined with a number.

6.Sixth – Download a fresh copy of Windows Live Messenger

7.Seventh - Install Windows Live Messenger....but when you are installing !CHANGE the default install location! Just change the name, like I think it says Windows Live...just change it to MSN Live....just change it from what its original name is. What this does is if there is a hidden registry backdoors which were unable to be detected by the virus scan (because it’s not a virus), it will make the registry backdoor obsolete and unusable because you changed the default name to something else, so now the backdoor doesn’t apply to your new installation of MSN

8.Eighth – Log in and hopefully the problem is gone! What will most likely happen is that once you log on, the attacker will try to send you the virus again through the backdoor that the virus put on your computer. But since we closed off the backdoor by changing the name and getting rid of the Trojan, his attempt should fail.

Hope this helps people with a bit more specific info for the noobs.


Answer 69

I just got that same file  too. I declined it, but i was wondering what kind of virus  it was.


Answer 70

My neighbour had the windows  Live messenger  worm as well.  She used the Windows live  Onecare scanner, and the problem is now fixed.  It said it could not delete one file  (c:\windows\image.zip) that was a problem file, so I deleted it for her.  It also said that 4 files could not be cleaned or deleted.  The were in ...\_restore\..., which meant they were system restore points, so we just ignored this.

The scanner is at http://onecare.live.com/site/en-ca/center/howsafe.htm, and information about the worm is at http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369118.


Answer 71

Its not hard to remove....just run MSCONFIG look for anything sus..untick it and its gone......
Good Night (dont forget to restart)

Answer 72

I've had a similar problem, except the message being sent is about asking to upload a picture to Facebook. I can't see the message being sent to all my contacts, I have to have them copy and paste it to me. It also seems that the file  being sent changes each time it's sent to a contact... Here's what they're being sent:

Beauty Comes With Dark Thoughts says:
it alright if i upload this picture of us to facebook?
josiah says (9:54 PM):
You have successfully received C:\Users\owner\Documents\My Received Files\img04_w9-JPG.zip from izzy.
Beauty Comes With Dark Thoughts says:
it alright if i upload this picture of us to facebook?
Beauty Comes With Dark Thoughts sends:


  You have successfully received C:\Documents and Settings\Xan\My Documents\My Received Files\img83-b1-jpeg.zip from Beauty Comes With Dark Thoughts.

I've deleted Windows Live Messenger off the computer.
Can someone help?

Answer 73

try changing your hotmail account login password. this eventually works for me.
But no harm giving a try.

Answer 74

hey i keep getting a similar virus  sent but its not a picture. its like a link to a site that is suposed to have a page of a contact, but when i clicked  on it once, it started sending  a similar thing around to everyone on my contact list. also its not the same site everytime.

Answer 75

I have only just had the same problem and decided to look into it which is how ive ended up here. It was called 'checkoutthisfunnypic.rar' i knew there was a little something going off with it being a '.rar' file  but still - i opened it and 60 command prompt windows  came up one after the other from now on my computer is being extremely slow.

Answer 76

aha, my brother has done that and hes blaming it on me but i read his convo and this boy sent it him and he accepted, stupid boy :L i know how to get rid of it because i am god! all you need to do is go back in time to the date where you didnt have it. eg - if you got given it yesterday go baclk yesterday ande the time before you got it :) love you all ROCKON! <3


We are aware of a current issue with the Windows Live Presence API and the Windows Live Messenger IM Control.  Thanks to everyone who has reported the issue.

Two things have been impacted:

Users appearing offline in the Presence API or in the IM Control even if they are online The ability of new users to choose their setting for the Presence API and IM Control
As of right now, (1) should no longer be impacting users.

(2) is still ongoing, but should only affect users that never signed in to Messenger prior to the end of last week.  If you are observing this for users that previously had the setting defined, please let us know by responding in this topic.  We are actively working on resolving this issue.

We apologize for any inconvenience this may have caused you.



So Windows Update tells me there is a new version of Windows Live Essentials (which includes messenger).  I install the update, reboot, and now when I click on Windows Live Messenger nothing happens at all??  Doesn't load, nothing, nada, zip??

Without having to wipe my entire PC and re-install Vista x64 from scratch, anyone have a solution to what used to be a function Windows Messenger?

I've encountered this problem on three computers now.  All of them Vista x64 PC's with UAC turned off -- that's about the only common thread I've been able to find.

When I run Task Manager, I see 4 Msnmsgr.exe running (this is Windows Live Messenger)???

I've opened up Event Viewer and see two errors just after Windows Update completed (reported successful).  These are the two errors but I don't think they are related to Windows Live Messenger problems:

Log Name:      Application
Source:        Microsoft-Windows-Perflib
Date:          1/7/2011 8:04:28 AM
Event ID:      1010
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RobVista
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Perflib" Guid="{13B197BD-7CEE-4B4E-8DD0-59314CE374CE}" EventSourceName="Perflib" />
    <EventID Qualifiers="49152">1010</EventID>
    <TimeCreated SystemTime="2011-01-07T16:04:28.000Z" />
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Security />
    <EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="Perflib">

Log Name:      Application
Source:        Microsoft-Windows-Perflib
Date:          1/7/2011 8:04:28 AM
Event ID:      1008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RobVista
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Perflib" Guid="{13B197BD-7CEE-4B4E-8DD0-59314CE374CE}" EventSourceName="Perflib" />
    <EventID Qualifiers="49152">1008</EventID>
    <TimeCreated SystemTime="2011-01-07T16:04:28.000Z" />
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Security />
    <EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="Perflib">


I have MSN Messenger 7.0 (because my computer only has Windows ME) and my sister has Windows Live Messenger.  We can chat on line but we can not use the audio portion to hear each other speak.  We could use the audio when we both had MSN Messenger but now that she upgraded to Windows Live we can no longer connect the audio portion.  Does anyone know why?

Welcome to Windows Live Messenger Connect Beta!

 We are pleased to announce Messenger Connect that enables websites and rich-client applications to enhance the social appeal of their experience by "connecting" to Windows Live.


Messenger Connect  is a collection of APIs and controls that allow you to build applications so people can communicate, and share with their Messenger friends. Applications build with Messenger Connect provide seamless social experience that combines your content with popular Windows Live features such as chatting with friends, sharing status updates and activity streams.


Invitation Only Beta

At this time participation in the beta program is by invitation-only. You will need to request to participate in the beta. Learn more about this here.


Want to Explore Messenger Connect?

Follow these steps to begin exploring Messenger Connect:

1.       Submit your request to participate in Messenger Connect Beta.

2.       Explore Messenger Connect. The following resources are available for you to begin exploring Messenger Connect.

o    Interactive SDKProvides interactive experience for you to explore Messenger Connect functionality without writing a single line of code.

o    Windows Live REST Explorer. An interactive application called the Windows Live REST Explorer allows you to interact with the Windows Live resource model by performing create, read, update, and delete operations on resources. This application can be useful for testing and becoming familiar with the Windows Live resource model.

o    Developer Centerwith links to forums, blogs, documentation and information to join the beta program.

o    DocumentationProvides getting started step by step guide, how to samples and reference documentation for the Messenger Connect REST API Service, Messenger Connect JavaScript and the .NET libraries.

3.       Download the Windows Live SDK.After you receive invitation to participate in the Beta, download this SDK that provides you the libraries and resources to begin developing applications.


Send feedback

If you have a question or feedback, please use this forum.


Thank you,

Messenger Connect Team

I have had this cam installed for a couple years and it worked fine, then an electrical storm cut the power to the house. After system was brought back up, I can no longer use it as a webcam with Live Messenger. The cam works fine with Yahoo Messenger. I have downloaded and re-installed both Live Messenger and upgraded to the version above and downloaded and installed the latest version of the cam software. The only way I see that I can't use as webcam is the menu pick shows "Get a Webcam" each time, View Webcam doesn't even show up. I can find nothing else wrong nor do I receive any error messages from any other programs.

XP sp 2 updated to current software (no I haven't done sp 3 yet), HP desktop AMD Athlon processor.

Thanks for any assistance you all can provide.  


Hi, I have been having some important live messenger conversations thinking that all of my conversations have been archived and saved in the "mydocuments/savedreceived " folder as usual. But, when I looked for them they are not there and when I checked my options in windows live I noticed for some reason I unchecked the option to save my conversations, grrrrrr.

I know this is a silly question, but please tell me there is a way to get access to these archived conversations even though I did not have that option checked. Is there a way to acess them? Please help?


i am using the latest version of Window live messenger .I am integrating it in a web application
But its scripts are giving conflict with ASP script manager.i am getting following exception

1) Microsoft JScript runtime error: Sys.ArgumentTypeException: Object of type 'Sys._Application' cannot be converted to type 'Sys._Application'.
Parameter name: instance

then 2)
Microsoft JScript runtime error: Object doesn't support this property or method
For this line:Sys.Application.activateElement(this.$4) on Microsoft.live.ui.messanger.tags.js

Please help to resolve this exceptions.



I cant get the user id when trying to integrated window live messenger web toolkit.

After log in to window live messenger, I cant received any user id from messenger.

Please help to solve this problem.


I was using my application to integrated with window live messenger.

But I cant capture any user id from window live messenger when user log in to msn messenger.

Please help on this issue. Thanks you very much.



The http://www.wlmessenger.net/api/3.7/Microsoft.Ajax.Core.js download link to enable javascript intellisence is now working :-(

Best Regard



tall skiny+inbetween



I'm currently having a problem with Windows Live Messenger and my webcam.

At the moment, My cam is running fine when I use it with people, they can see me fine and I can see them fine.
But for one particular person, We send the invitations, We accept, but then it hangs when it says Webcam loading..But then after that, It just says Webcam Session Has Ended.

And that's it.
No error codes, No messages. Nothing.

Has anyone else got this problem, and has anyone been able to fix it?



Hello there,

Well my windows live messenger just keeps on disconnecting and reconnecting by itself, which is quite annoying when you're using audio or webcam... The thing is that I get no error message, it just disconnects me, period. My internet is fully functionnal and I haven't noticed anything weird with it. My firewall has no problems either, in fact everything is the same as it was before this problem started. I ran several virus scans without any results, reinstalled messenger several times, even tried with the standard and older windows messenger, which disconnected too, but a lot less frequently. I would like to get some help about this, if such a problem can be solved.

Thanks in advance!

Hi , i'm having trouble with windows live messenger and each time it says " your connection with windows live messenger has been lost , Reconnecting in 30 seconds " . I having this more or less every 2 mins . I've tried all kind of versions of WLM but in vain ! But when i use my dialup it's fine and connection is never lost . For instance , i'm using dsl 256kbps using a livebox in which there is a built-in router . I've disable antivirus and firewall , but nothing happens . What must i do to solve this problem ?

Hi guys,

I was wondering if someone could instruct me or point me towards some documentation that would allow me to create a simple Windows Live Messenger Alert.

I am starting to look into the Windows Live Alerts SDK: http://msdn.microsoft.com/en-us/library/bb259769.aspx but I am unsure as to whether my situation is complex enough to be worth using the SDK.

If I create an RSS feed that I update myself then i guess I could simply follow the following instructions: http://signup.alerts.live.com/brochure/index.jsp

Also, just to check, a user can sign up to an alert from a tab right?



I can't seem to get windows live messenger to open. Everything was working as usual until it randomly stopped responded and I was forced to end task. After ending task it will no longer open at all, i click on the icon and nothing happens, it isn't running in the task list either. I've uninstalled and reinstalled many times, nothing seems to comes up. Internet is working fine, firewalls are turned off, it just doesn't seem to ever open the program to allow me to sign in.

I recently upgraded to Windows Live Messenger Beta but everytime i use it a box comes up at the saying that windows live messenger has disconected with buttons say connect now or cancel and if you press connect now when it connects it says the same again so i can't use msn to connect with my friends.  Please help.

I'v looked around the internet and everywhere i see it says its to do with the McAfee site advisor, i DO NOT have mcafee. Yet im getting this problem and im also unable to go into audio and video setup in the options/tools bit. Other peoples webcams work for me, i can see them. And i tried mine on Skype and it works. I'v re-installed Live Messenger many times and even downloaded different versions to install. But the Show Webcam button is never working for me... please help, and thanks in advance!

Also, im using Windows 7. If thats any help.

i installed windows live essential Beta yesterday , but it didn't work so 
i uninstall it by the instruction in this link : 

after i delete the registry files that shown in the link , 
still it didn't work . 
so i tried 2 different softwares to remove the software 
finally i uninstall it after that i removed it by Handy Uninstaller 
i removed every thing with the name windows live 
but still there is problem , because i can't install windows live messenger again , whenever i install it after it reach 100% it goes back and it's showing me the information in this two pictures in this links : 


P.S\ my operation system is windows7 ultimate .. 

what should i DO ? 

can any body help me ? 

I have the following problem:

I want my messenger to remind my sign-in information (account and password) I select the options at the sign in screen but whenever I restart my pc and try again it doesn't remember them.

I am using Windows Live Messenger Version 2009 (14.0.8064.206).

Thanks for your help.

<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure