FirefoxRocks 0 Report post Posted May 13, 2007 (edited) Have you ever gotten a message from your friends that say something like this:its you on this photo http://forums.xisto.com/no_longer_exists/I have received that from at least 3 people. Without knowing what it was (and the surprise from the domain name with the message ), I clicked on the link and Firefox prompted me to download a file. It was a COM file so I thought that was strange. I rechecked the URL it was a PHP web page, so I assumed it was telling me to download the photo, so I opened it in Firefox.Windows Live OneCare prompted me that Windows Live Messenger was about to run (with something that said updated program or something similar). I found that strange so therefore I clicked on Block this Program.So after my next reboot, Windows Live OneCare said that it still blocked Windows Live Messenger. I assumed it was now safe to run Windows Live Messenger now, so I clicked the option to allow, closed Windows Live OneCare and opened Windows Live Messenger. Boy was I wrong! The virus started opening up windows of both online and offline people and started sending that message to them. It opened and closed windows so much that it was impossible to use ALT+TAB, ALT+F4 or even bring up Task Manager.I unplugged the cable from my Internet modem and Windows Live Messenger disconnected. I quit the program then looked on Firefox to see if there was any instructions to remove this. The only results that come up were;Yahoo! Answers - Weird Virus (no one got the answer there)TechGuy Forums - Security (it was suggested to use HijackThis, but it didn't help)So the virus isn't even in the definitions yet but it is spreading among buddies quite quickly. For the domain name, uglyhuman.net, McAfee SiteAdvisor has no rating for it. It would definitely be red for sure.The virus isn't a running process, I couldn't find it in Task Manager or Process Log. However (not sure if the virus caused this), my explorer.exe process ended abruptly and had to restart a few times. Now I am stuck in Ubuntu (Linux) on a Live CD and OpenOffice.org really slowly (I need Microsoft Word). Anyone have suggestions to get rid of the virus? It isn't a running/startup process, it operates within Windows Live Messenger. Do I need to reinstall Windows XP? Edited July 6, 2007 by pyost It's safer not to have the full link (see edit history) Share this post Link to post Share on other sites
mvs.en 0 Report post Posted May 13, 2007 I wish I had something constructive to say...I don't mean to sound rude, but I wasn't stupid enough to fall for it. XDI apologize for the implication regarding your intelligence there.AnywayPeople have been sending me that thing for months now...I never click or open things from anyone on MSN unless they've told me they were sending it or I question them about it when it comes out of no where (This pretty much eliminates the whole... Automated MSN Messages to transmit viruses)That, and the first person who sent it to me was someone I hadn't talked to in like a year anda half so them suddenly popping up with this link was... Well, I've seen viruses like it before so I wasn't quite that clueless.I dunno, I wish there was something I could say to help, but I have very, very little experience with any sort of virus... I don't think I've had any noticeable viruses on mycomputer in years... Which is strange, since I'm on windows and have every possible security measure turned off.Ah wellI'll tell you if I find anything out about the virus/how to repair it and stuff. Share this post Link to post Share on other sites
FirefoxRocks 0 Report post Posted May 13, 2007 Turns out that the virus did damage explorer.exe. It won't even start in safe mode. I still can use the computer, just without the taskbar and desktop. I run stuff through Task Manager. I can start a lot there, but it is annoying.Dell told me to reinstall Windows XP (I don't have system restore points), which I am doing. My files are now done backing up. But please do contribute more information about this virus, I would like to know more about it. Share this post Link to post Share on other sites
pyost 0 Report post Posted May 13, 2007 Strangely, I haven't received this message yet. I say "strangely" because it is common practice to get "Click this link" messages. To make matters worse, minutes after getting it from one contact, it is highly probable that you'll receive it a few more times It's sad how people aren't cautious enough, especially Internet users.Thankfully, English is not my mother tongue, so receiving these messages always makes me suspicious Share this post Link to post Share on other sites
mvs.en 0 Report post Posted May 13, 2007 Strangely, I haven't received this message yet. I say "strangely" because it is common practice to get "Click this link" messages. To make matters worse, minutes after getting it from one contact, it is highly probable that you'll receive it a few more times It's sad how people aren't cautious enough, especially Internet users.Thankfully, English is not my mother tongue, so receiving these messages always makes me suspicious YeahEnglish is my only tongue but... It's still pretty easy to tell if it's a virus or not...If you're like me at all, after talknig to people a little while you can pretty much get to know their typing style...My typing style is usually pretty recognizeable, I put crazy spacing between/in the middle of my sentences to indicate pauses...Like...Enter-hitting-spaces...I also have a strang attraction to ellipsises <__<Anyway... I just thought I'd add that,it's easy to tell something isn't right when you get a message from someone that you can right away tell isn't really them who typed it...And what's this?THere's a link with the message to boot! Share this post Link to post Share on other sites
Grafitti 0 Report post Posted May 14, 2007 (edited) Plus, aren't COM, EXE, and PIF the most common types of virus files? That should set off a red flag whenever you see one. Have you tried using something like ERD commander to access windows? You can run a system file repair.... and then deleting MSN, run a regcleaner and get rid of anything you find from MSN Messenger. It might be a running/startup process, because you say that your explorer.exe crashed several times. or did you open MSN and then it started crashing?Edit: On this forum they seem to have successfully gotten rid of it: https://www.bleepingcomputer.com/forums/t/91879/maleware-problems/ Edited May 14, 2007 by Grafitti (see edit history) Share this post Link to post Share on other sites
ethergeek 0 Report post Posted May 14, 2007 I love reading about viruses...it reminds me of how happy I am that I run Linux. Share this post Link to post Share on other sites
kgd2006 0 Report post Posted May 14, 2007 I rarely use msn as my communication tool of choice because it seems lately that microsoft is the target of most of the attacks. Although other programs that I occasionally use is AIM is also a target of virus attacks, I just do the common sense thing that was mentioned in posts above, which is question the file that is being sent so that you would get bit by the internet spider. If your friend questions it himself then cleary its a virus trying to trick you into clicking and downloading some spyware or keylogger onto your computer system. The internet may be the very source of good information and a haven for many people, but it is also a burden of hell when there are people out there that is trying to use the internet for there own evil purposes. But if you are pretty cautious and well informed of the type of virus attacks that are going on out there you are very unlikely to get bit by them. The ones that usually and occasionally get attacked are those that are not so computer literate so to say. That would be the source of the contagious infection of viruses, those that dont know what just popped on their screen and is curious to find out what it is. If people are more well informed of what type of viruses are out there viruses would not be much of a problem other than a nuisance on the internet, but there is always a very curious person to fall for their traps. Im saying this in the general sense, because I know that viruses now are harder to detect and can be very very sneaky when it comes to attacking your system. But if you avoid areas such as porn sites, p2p, or any places that you normally wouldnt go to that isnt official, you should be more than safe. Share this post Link to post Share on other sites
hazemmostafa 0 Report post Posted May 14, 2007 Hello everyone ,I am not involved in virus and exploits analysis or so , I was hardly tring to understand the trojans and how they work and never complete this course although my teacher is one of the world famous experts in the field her nickname is fruitloop and she is irc oper / server admin you may check her website http://forums.xisto.com/no_longer_exists/ ...I hear that most of the good hackers are now up to hacking unix source code and they are very proud about that so only you mention windows in front of them and they will start laughing and say it is for script kiddies and not for us I was very happy hearing this and thought windows is going to more safe for at least a couple of years ..Which is like a dream to windows users . Frankly I am a windows user sience windows 95 and every time microsoft introduce a newer version to the computer world I find some expert talking about the holes and security issues in this new version , then these tweaker programs show explaining how they can close ports and fix security problems to windows user - Also hide/show resycle bin Dont now why ? - now some guys said norton is not good and processor consumer go get kaspersky or avg or nod whateverSo all linux users are safe with no -as windows - software available and ugly command write /bin/user/*** ( who's bin ? )and all windows users are not safe forever no matter how nice/easy xp/vista looks . Share this post Link to post Share on other sites
FirefoxRocks 0 Report post Posted May 16, 2007 The virus created 2 files in my user account stuff, golgi.exe and ra*.exe. I thought EXE and PIF were the dangerous executables, but I didn't know what COM was, I assumed it was Component Object Model which is used by Internet Explorer to display stuff (I think), and the site was IE-compatible.I find it strange that the virus has been around for so long and that no anti-virus company has any information about it. Share this post Link to post Share on other sites
toby 0 Report post Posted May 16, 2007 I had one picture which without prompting a dl did something and sent the url to everyone on my contact list, online or not.... Not too pleased about sending my friends that, not the 350+ windows... Share this post Link to post Share on other sites
Grafitti 0 Report post Posted May 19, 2007 Once you've gotten rid of it, do let us know how you did it. Share this post Link to post Share on other sites
Nintendo 0 Report post Posted May 19, 2007 i got exactly the same msg from one of my friends, luckily i didnt dl the filecos it was a COM, i asked him about it and he said he nvr said anything Share this post Link to post Share on other sites
FirefoxRocks 0 Report post Posted May 19, 2007 My friends got rid of it by reinstalling Windows Live Messenger. Unfortunately, my explorer.exe was damaged by the virus and I had to reinstall Windows XP (gave me a chance to install Ubuntu! ) Share this post Link to post Share on other sites
Chesso 0 Report post Posted May 21, 2007 I skipped a lot of replies, so please excuse me if my question might have been answered.Anyway, so does this affect Windows Live Only? Because I haven't recieved any of these messages and a lot of people I know refuse to use it as well.Then again, most of the people on my list are web developers, software programmers and such, so there not exactly dumb with a PC lol. Share this post Link to post Share on other sites