[Last Call] Learn how to a build a cloud-first strategyRegister Now


MSN party_jpg.zip virus help

Posted on 2007-11-30
Medium Priority
Last Modified: 2013-11-22
Last night my computer was infected with the party_jpg.zip virus via MSN messenger. My computer has been running scans and I have downloaded MSNCleaner by InfoSpyware, but the virus files have not been deleted. I don't understand how to or if I can find the file manually to delete it. I read a similar question, ID 22988522, but I am lost. PLEASE help. Thank you!!!
Question by:em_8802
  • 5
  • 4
LVL 21

Expert Comment

ID: 20386043
I would try an online scanner, see if that gets rid of the virus:

Trendmicro is a good one.
LVL 20

Accepted Solution

IndiGenus earned 2000 total points
ID: 20386288
I happened to be in on the post you mentioned. Combofix got it I believe. Or at least part of it.

Download and Run ComboFix (by sUBs)


Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log. Upload to the following link and post the link to it back here.


Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 20386501
sorry, that was the combofix log.
i don't know where to go from here...
LVL 20

Expert Comment

ID: 20386530
Nothing to be sorry about....you did good. We will need to delete some files. First I would like you to run another tool and upload that log while I go through the combo log.

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open, so please upload the contents to http://www.ee-stuff.com.
LVL 20

Expert Comment

ID: 20386726
Well looks like SDFix got most of it anyway. One file I'm not sure on though...


I would recommend you go to http://virusscan.jotti.org, click on Browse, and upload the file for analysis:
NOTE: You may need to enable hidden files and folders to see it.

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for us to see.

If Jotti is too busy you can try these.


Author Comment

ID: 20386749
Last file scanned at least one scanner reported something about: msnchk.exe (MD5: 8130c891d2ecb11be934f2681ac73845, size: 3377 bytes), detected by:
Scanner  Malware name  
A-Squared  X  
AntiVir  X  
ArcaVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
CPsecure  X  
Dr.Web  X  
F-Prot Antivirus  X  
F-Secure Anti-Virus  X  
Fortinet  X  
Ikarus  Suspect code-parts  
Kaspersky Anti-Virus  X  
NOD32  X  
Norman Virus Control  X  
Panda Antivirus  Trj/Agent.HEH  
Rising Antivirus  X  
Sophos Antivirus  X  
VirusBuster  X  
VBA32  X  
LVL 20

Expert Comment

ID: 20386786
Honestly not sure about that file yet? Wondering if it's part of MSN Cleaner that you ran.

Question, how is it running now? What are you running for an Antivirus, Norton?

Panda ActiveScan also claims to find and heal this. If you still have issues I would recommend trying it.


Author Comment

ID: 20389479
My computer has Symantec Antivirus running.
But my msn seems to be all back to normal now. Thank you so much for your help and patience!

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
If you are like me and like multiple layers of protection, read on!
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question