Does anyone know what’s wrong with MSN Messenger?
Apparently it has been passing out virus files recently.
P.S. Do not download any .exe files from your friends on MSN Messenger. No Matter who it is!!!
Remove the .PIF files, probably stored locally on your C:\drive. Also remove sexy.jpg. Also remove MSNUS.exe located in I think C:\winnt\system folder.
That should do it. Run your antivirus and antispyware programs.
BTW, shouldn’t the antivirus-antispy stuff be a sticky faq somewhere about this? Mods?
I did a search and didn’t find any of those files, so I guess my computer’s fine. Thanks!
Just don’t run any files that are being send to you without request via MSN and you should be fine.
I would not be so sure that Trillian or any other MSN Client is save.
This virus also installs a BOT program ( Agobot.AJC) and converts your PC into a slave to perform DoS attacks and such.
I am not sure if those files cover everything. The Bot might be still running on your computer, so check for unwanted network traffic.
I’m running Trilian and had an infection attempt yesterday. Trillian popped up a message that one of my contacts was trying to send a .pif file to me. I said no, and that was the end of it.
Not only ‘Don’t run’, but not receive any files of EXE, COM, BAT, DLL, VBS, WSH…Maybe just only receive image.
Trillian is nice substitute, but I choose the other ‘Giam’. Support Linux and Windows both. It’s Open Source software. Oh! it Support MSN and Yahoo, too.
My ZoneAlarm just found Java.ByteVerify!exploit (actually if ound 3 of them) and Java.Shinwow.l (only 1 of these)
concerning all of them, it says ‘Unable to repair, use archiving software to delete the infected file.’
When I click for more info on each virus the Java.ByteVerify!exploit ones say:
Trouble is I can see the Java Plug-in Control Panel in 2, only a Java icon. Is that it? If so I have another problem in that it is all in Chinese.
For the Java.Shinwow.l , when i click on more info there is no advice on how to get rid of the problem.
Does anybody have any suggestions?[/quote]
Do not install the third party MSN extensions which also Microsoft advertises. My wife had it done and got browser-redirections and pop-up ads on the screen even while not surfing. Spybot could not find it. Her admin reinstalled the computer…
(HiJackThis showed something, but it takes time to figure out)
According to another forum administrator the ‘sober worm’ is going about, here is a link for a simple removing tool for trojans and backdoors … from Mcafee
Win32/Delf.DH-Trojaner
Clicko on a bad website and IE has a Trojan installed.
Info:
microsoft.com/technet/securi … 11302.mspx
an unpatched security leak of IE, even if system has XP SP2 and is fully patched. It affects Windows 2000 also.
The internet storm center offers a test routine to check, if you are vulnerable. Presently, 40% of all PCs seems to be vulnerable. Click on the link and check if you see a red “you are vulnerable” on top of the page:
isc.sans.org/ (Test for vulnerability, English)
How to solve: Use other Browser (Firefox and stuff) or switch off Active scripting inside your IE settings (internet options), some websites may stop working then. With the other browsers, they usually still work fine.
Must say, that Sober thing in the pseudo-FBI warning e-mail gave me quite a start . . . but it seems it’s not all bad:
Sober worm prompts net perv confession
Malware outs malfeasance
By John Leyden
Published Tuesday 20th December 2005 13:52 GMT
[quote]A child porn suspect turned himself in to the police after mistaking an email generated by a prolific internet worm for an official notice he was under investigation.
The unnamed 20-year-old German man mistook a message produced by the Sober-Z worm for an email from Germany’s Bundeskriminalamt (Federal Crime Office) supposedly telling him his visits to illegal websites had been logged. He went to police in the city of Paderborn who charged the man after reportedly recovering images of child abuse from his computer.[/quote]
HG
HGC, that is too funny!
TC, thanks for the heads-up. Here are a couple more articles on it:
and
It appears experts are recommending urgent installation of a patch which is not from Microsoft. CNN’s article says it’s available here.
I’m a bit daft when it comes to such matters, so I’m wondering what our more tech-savvy Forumosans think of this.
The tech-savvy Forumosans use Linux. 
I don’t see what the news is here - yes, it’s an extremely dangerous vulnerability which could mess up millions of Windows PCs and cost billions of dollars, just like so many times before. And Microsoft doesn’t have a patch yet.
Same old, same old. 
Just use the unofficial patch for now.
Ok, thanks. Done. So far so good.
Ok, thanks. Done. So far so good.[/quote]
How do we know that site is for real and we are not just going to download a worm or something.?
MS patch due out on the 10th.
The folks in Redmond are right on top of things…as usual…/wise crack.