Please read the complete article before following the steps given.
Once again more MSN Messenger Viruses are spreading around the Internet. This time the virus sends the following message to all your contacts:
cute.pif - W32.Kelvir.A
omg this is funny!
[Followed by a link to download the cute.pif from jose.rivera4.home.att.net]
The user then downloads the file which sends the link to all of their contacts and then downloads a W32.Spybot worm onto the infected machine.
If your are lucky the program will just run on your machine, send to your contacts and end without downloading the Worm.
The first thing you should do therefore is delete the downloaded cute.pif making sure you do not run it again! Then check to see if a Worm has been downloaded as well.
1) Press Ctrl+Alt+Delete and look for hotkeysvc. If it’s there select it and press “End Task”.
2) Use the Windows Find feature to look for a file called “hotkeysvc.exe”. Which if their should be in the %System% directory. If you find the file delete it.
3) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.
4) Click on the tab at the top right that says ‘Startup’.
5) Look for, and if it exists, untick the box next to “hotkeysvc.exe” or similar name.
The http://jose.rivera4.home.att.net/cute.pif has now been fully removed!
IM-Names virus
1) Close Messenger.
2) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.
3) Click on the tab at the top right that says ‘Startup’.
4) Untick the box next to ‘IM-Names’. (If you cannot find it skip this task)
5) Click ‘ok’ and when it asks if you want to restart your computer say no.
6) Press ‘Ctr’ + ‘Alt’ + ‘Del’. Find the process that says ‘IM-Names’ and click End Task.
The virus has now been deactivated!
To remove it fully follow these instructions:
1) Search your computer for all files called “IM-Names” (without quotes)
2) Delete all files that it finds.
3) Empty your Recycle Bin.
The virus has now been fully removed!
PIC1234(1)(1)(1)(1)(1).exe
To remove the virus is simple to do. Simply follow these instructions:
1) Close Messenger. This will simply stop any of your contacts getting the virus.
2) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.
3) Click on the tab at the top right that says ‘Startup’.
4) Untick the box next to ‘MSN Messenger’.
5) Click ‘ok’ and when it asks if you want to restart your computer say no.
6) Press ‘Ctr’ + ‘Alt’ + ‘Del’. Find the file that says ‘MsgSpread‘ and click End Task.
The virus has now been deactivated!
To remove it fully follow these instructions:
1) Go to the Desktop and open My Documents.
2) Double click on Messenger Service Received Files’. If you don’t see a folder called that then go to ‘My Computer’ double left click on ’C’ then ‘Program Files’ and finally ‘Messenger Service Received Files’.
3) You should now see a file called ‘PIC1234(1)(1)(1)(1)(1)(1)(1)(1).exe’.
4) Click on it ONCE and left click and select ’Delete’. This should delete the file.
5) Empty your Recycle Bin.
The virus has now been fully removed!
Choke.exe aka I-Worm.Choke
Even if the user accepts the download he or she will not be infected. The user must download and run the files they received. The file name can differ every time. It can be ‘ShootPresidentBUSH.exe’, ‘Choke.exe’ or ‘%The user name%.exe’ where the user name is a nickname from dalist.txt.
To remove the virus is simple to do. Simply follow these instructions:
1) Press Ctrl+Alt+Delete and select Choke.exe, and press “End Task”.
2) Close Messenger. This will simply stop any of your contacts getting the virus.
3) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.
4) Click on the tab at the top right that says ‘Startup’.
5) Untick the box next to “Choke.exe” or similar name.
The virus has now been deactivated!
To remove it fully follow these instructions:
1) Go to ‘Start’, then ‘Find’ or ‘Search’ and enter “Choke.exe”, then press OK.
2) Click on the file and press ‘Delete’.
3) Empty your recycle bin.
The virus has now been fully removed!
W32.Aplore@mm
W32.Aplore@mm is a MSN Messenger Virus which spreads by sending links to an infected web page. When a user is infected with this virus they send a message do their online contacts. The message may be as follows where ZZZ is the contacts name, the A’s represent an IP address and the B’s represent a port number.
ZZZ says: this is cool, http://AAA.AAA.AA.AA:BBBB
OR ZZZ says: btw, download this, http://AA.AA.AAA.AAA:BBBB
To remove the virus is simple to do. Simply follow these instructions:
1) Close Messenger. This will simply stop any more of your contacts getting the virus.
2) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.
3) Click on the tab at the top right that says ‘Startup’.
4) Untick the box next to “Explorer”.
5) Restart you Computer.
The virus has now been deactivated!
W32.Annoying.Worm
The delightful author of this worm, who comes “in piece” (pity it’s not “in pieces”), has even included a readme.txt file with uninstall instructions:
How to remove the Annoying.Worm:
1) Click Start, select Run. The Run dialog box pops up.
2) Type: msconfig The System Configuration Utility pops up.
3) Click the Startup tab at the top. In the list, find MsgSprd, Messenger, or pic1324, uncheck, press Apply, then press Ok.
4) Restart your computer Or press Ctrl - Alt - Del, select MsgSprd from the list, then press End Task.
You may freely delete the files or the ‘C:\Messenger1324′ directory.
You may need to uninstall/reinstall Messenger after removing this one from your system.
As you may have passed the MSN Messenger virus on to some of your contacts it is suggested you warn your friends about the MSN Messenger Virus.
Many of these viruses will continue to resend themselves to your contacts and then their contacts, so the vicious circle continues. If you are infected you are in a position to do something about it.
In future if someone tries to send you a file on MSN Messenger and it ends with ‘.exe’ do NOT download it unless you are really sure you know what it is. Ask the person that is sending you it what it is!
Ensure that your pc is fully up-to-date with the latest patches, also ensure that your anti-virus protection is regularly updated.
If you use a file shredder it is better than using the recycle bin to empty files.
I also recommend using CCleaner (formerly CrapCleaner) to rid your system of unwanted garbage that collects on a daily basis.
No comments:
Post a Comment