Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 963
  • Last Modified:

MSN Virus/Trojan

Okay I have this nasty shit of a virus I picked up yesterday. Appears to be some sort of key logger I think, though it is impossible to find anything on it.

It creates a link to your MSN contacts similar to the following.

http ://somedomain.com/?user=yourname&image=DSC00245.JPG

somedomain is something like imageshotz.com, snapshotz.com, imagecamz.com etc etc
The username is the msn name of ht receiving person, and the image is always DSC00245.JPG

This is seriously a real pain and anyone that has solved it I would be over the moon to hear from you, hence the full 500 points for this sucker if I can get is solved.
0
mateinone
Asked:
mateinone
  • 4
  • 3
  • 2
  • +4
2 Solutions
 
Christopher MartinezCommented:
From what ive seen of this, it will go away on its own as long as you dont follow the link. Seems to be a phishing scheme looking for you msn un/pw to 'log in' and view this pic someone sent ya that hit my company pretty hard for a few days then kinda died away.  Usually this is from a contacts PC that compromised his/her security and mass sending to all of their contacts. Do your contacts complain about receiving anything from you? Or is this coming from only one particular contact?
0
 
mateinoneAuthor Commented:
Nah what is amazing (and I mean truly amazing) is that I clicked the link as it was from my sister and I had just logged on, did not even think.. I mean I have known about and seen these for years, just cannot believe I was dumb enough to click on it..

So.. yeah I am infected, I am not sure how it will just "go away" that is not really handy because if there is a key logger of any sort then I am compromised. I have infected about 5 friends in the last 12 hours, despite mailing them all to let them know not to go near this.
0
 
TG_TechCommented:
What application are you usng for Anti-Virus?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TG_TechCommented:
For the time being ...

Take it off the network,

Reboot in safe mode

Run a scan - include your boot sector.

0
 
TG_TechCommented:
You have the name of the infection???
0
 
sherenianCommented:
Download the "MalwareBytes" program.  It is a free program which you can obtain from Download.Com.  Just a scan and then delete whatever it finds.  This should rid your PC of any malicious software infections.
0
 
rpggamergirlCommented:
First change your MSN account login/password to rule out one of those fake MSN viruses that also send links to your contacts.
 
Then if the problem persists, run Combofix as alradu suggested. Run it in normal mode NOT safe mode unless the pc only boots in safe mode.


Here's a shorter instructions if you don't want to install the recovery console.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

(If it doesn't run re-download but rename before saving to your desktop)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
0
 
mateinoneAuthor Commented:
Okay here is the result from combofix


log.txt
0
 
mateinoneAuthor Commented:
btw I use Norton's Anti Virus for the question where that was asked. I have ran Malwarebytes, it deleted to reg entries, but they were just relational to security updates.
0
 
iamshakedCommented:
combofix log looks clean. hmm
0
 
ccampbell15Commented:
If Mbam & combo are both clean I'm not sure you have anything to worry about. Check the following file:

C:\Windows\System32\drivers\etc\hosts


Below is the one from one of my workstations. Look to see if there are any entries below
127.0.0.1       localhost
::1             localhost

If so delete them.

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost
0
 
rpggamergirlCommented:
How's the pc going?
Is your MSN still sending link to your contacts?

Have you also changed your MSN password?

If the problem persists, also scan the system with Kaspersky and show us teh log.
http://www.kaspersky.com/virusscanner
   
0
 
Christopher MartinezCommented:
If you put your username/pw in then this scheme did what i was supposed to do and got your password. Im pretty sure it does not infect your PC with anything, thats not its main purpose. They just want your credentials. Is your computer acting off or are you just receiving these IM's from your contacts with the domains you listed above?
0
 
mateinoneAuthor Commented:
Hi guys/girls
Sorry was off for a couple of days, the solutions here really helped and whilst it was a phishing scam, the computer is now far more secure thanks to the suggestions here, great work, thanks a million.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now