Msn Virus

mclaren_2

Did you know you can catch viruses on MSN Messenger?

Nowadays even your Nan knows not to open unwanted email attachments, in case a virus’s attached. Yet many don’t know it's possible to spread viruses through instant messaging programmes such as MSN Messenger.

These viruses use a familiar identity in an attempt to trick you into clicking on their attachments. If you do it goes into your address book send itself to your mates.

There's currently a very prevalent one spreading around, so its important to be very careful at the moment.

How to stay virus free

The main things to remember are: never accept an attachment before you’ve had a conversation with your friend so know it’s legit; and, as always, make sure your anti virus software is updated. To help, MoneySaver Toxteth_OGrady has kindly created a list of Free Virus Checkers.



Back to the original post........................

theres a virus going about MSN, that is spreading throughout MSN system.

What happens is, you will get a message from who you think is one of your contacts from your msn list, their display pic will show (last one) and their name will come up, and it will say

check out this pic of you on myspace! h*tp://p1392.pic-myspace.info

From this, the average person will click on the link, and it will ask if you wish to download the exe file. Now, as an image, it will not be an exe file, unless it has spyware or some sort of advertising inside the image... anyway, when you click the link, it will ask you to save or open..... do NOT do any of those. If you save it, it will automaticly open up in the background of your pc, and if you open it it will do the same... it will open in the background, and spread through out your MSN contacts. Also, it will install tonnes of spyware on your pc, and will make your CPU go through the roof.

It is quite annoying and can be destructive.

the virus is part of the following families

BackDoor.Oscar, BehavesLike:Win32.IRC-Backdoor, IM-Worm.Win32.Opanki.ab, Trj/Agent.AQB, W32.Allim, W32/Opanki.ab, W32/Opanki.AB-net, W32/Opanki.I, W32/Opanki.worm.gen, W32/Opanki-AB, W32/Suspicious_M.gen, Win32/Opanki.AW, Worm.Opanki.Ab, Worm/IM.Opanki.AB, Worm/Opanki.EP

If you know about these things, you will know how destructive it can be with backdoors open so hackers can easily gain access.

The URL that it asks you to click has changed several times, but is of similer look.

do check, as it looks like it can duplicate.

If you have clicked on teh link, then what to do is click on Ctrl + alt + delete and look in processes and look for strange file names such as ijsvvugwsg.exe and end it.

Last but not least, if you DO have this virus on your pc - you have to, to save the spread of it, log out of MSN, log off the internet, and do a complete scan of your computer with a virus scanner. Why log off? simple - if you are not connected, nor is the virus, it isnt talking back to the "maker" so therfor wont know what to do next... and once you have caught it, you will be safe......

Can i add in Go to your C drive (start, my computer, c drive) and look for a file called myspac. it will have the msn logo - this is the one that you need to delete 1st.

is it possible a mod can pin this as it is important - thanks

Quincy_3

Yeah been about for atleast a week now http://www.sysinternals.com/Forum/forum_posts.asp?TID=6364&get=last

mclaren_2

Quincy wrote:

Yeah been about for atleast a week now http://www.sysinternals.com/Forum/forum_posts.asp?TID=6364&get=last

its just started to hot up again - they failed the 1st time as it didnt get sent to as many people they wanted it, because the host closed the account it was in but now they have started to go wild and it is now putting in backdoor holes, so it can attack again and again and have changed the URL several times of the location of the virus

MSN have also been contacted, and at the monent, microsoft are still to put out a press statment to this....

Fran

mclaren wrote:

....is it possible a mod can pin this as it is important - thanks

Hi mclaren,

Sorry, we can't stick any more threads at the moment, we've already got a few and important threads come up all the time.

Browntoa

ALL the majors already have this detected and on their list
Backdoor.Win32.Agent.jn (Kaspersky Lab) is also known as: W32/Oscarbot (McAfee), W32.Allim (Symantec), BackDoor.Oscar (Doctor Web), W32/Oscabot-B (Sophos), Backdoor:Win32/Oscarbot.A (RAV), WORM_OPANKI.B (Trend Micro), TR/Dldr.Agent.JN.1 (H+BEDV), Worm/Opanki.D (Grisoft), Win32.Worm.Opanki.B (SOFTWIN), W32/Opanki.C.worm (Panda), Win32/Oscarbot.A (Eset) Detection addedApr 30 2005 23:34 GMTUpdate releasedMay 01 2005 00:59 GMTBehaviorBackdoor
Currently there is no description available for this program.

if your Antivirus is up to date then you should be ok

Spikey_2

OMG :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek:

Anton_3

My daughter picked up this virus and it was found by our antivirus software. However, I could not find out any further information about what it does from the AVG or Sophos websites! Since reading the info posted by everyone, I have now passed the info onto the person who passed the virus onto us and also to anyone we might have inadvertently infected.

Thanks once again

Anton