Jump to content
xisto Community
FirefoxRocks

New Virus? Uglyhuman Msn Virus A worm that isnt in the virus definitions yet?

By FirefoxRocks, in Security issues & Exploits

Recommended Posts

FirefoxRocks    0

FirefoxRocks
Posted (edited)

Have you ever gotten a message from your friends that say something like this:

its you on this photo http://forums.xisto.com/no_longer_exists/

I have received that from at least 3 people. Without knowing what it was (and the surprise from the domain name with the message :)), I clicked on the link and Firefox prompted me to download a file. It was a COM file so I thought that was strange. I rechecked the URL it was a PHP web page, so I assumed it was telling me to download the photo, so I opened it in Firefox.

Windows Live OneCare prompted me that Windows Live Messenger was about to run (with something that said updated program or something similar). I found that strange so therefore I clicked on Block this Program.

So after my next reboot, Windows Live OneCare said that it still blocked Windows Live Messenger. I assumed it was now safe to run Windows Live Messenger now, so I clicked the option to allow, closed Windows Live OneCare and opened Windows Live Messenger. Boy was I wrong! The virus started opening up windows of both online and offline people and started sending that message to them. It opened and closed windows so much that it was impossible to use ALT+TAB, ALT+F4 or even bring up Task Manager.

I unplugged the cable from my Internet modem and Windows Live Messenger disconnected. I quit the program then looked on Firefox to see if there was any instructions to remove this. The only results that come up were;

Yahoo! Answers - Weird Virus (no one got the answer there)
TechGuy Forums - Security (it was suggested to use HijackThis, but it didn't help)

So the virus isn't even in the definitions yet but it is spreading among buddies quite quickly. For the domain name, uglyhuman.net, McAfee SiteAdvisor has no rating for it. It would definitely be red for sure.

The virus isn't a running process, I couldn't find it in Task Manager or Process Log. However (not sure if the virus caused this), my explorer.exe process ended abruptly and had to restart a few times. Now I am stuck in Ubuntu (Linux) on a Live CD and OpenOffice.org really slowly (I need Microsoft Word). Anyone have suggestions to get rid of the virus? It isn't a running/startup process, it operates within Windows Live Messenger. Do I need to reinstall Windows XP? B)

Edited by pyost
It's safer not to have the full link (see edit history)

Share this post

Link to post
Share on other sites

mvs.en    0

mvs.en
Posted

I wish I had something constructive to say...I don't mean to sound rude, but I wasn't stupid enough to fall for it. XDI apologize for the implication regarding your intelligence there.AnywayPeople have been sending me that thing for months now...I never click or open things from anyone on MSN unless they've told me they were sending it or I question them about it when it comes out of no where (This pretty much eliminates the whole... Automated MSN Messages to transmit viruses)That, and the first person who sent it to me was someone I hadn't talked to in like a year anda half so them suddenly popping up with this link was... Well, I've seen viruses like it before so I wasn't quite that clueless.I dunno, I wish there was something I could say to help, but I have very, very little experience with any sort of virus... I don't think I've had any noticeable viruses on mycomputer in years... Which is strange, since I'm on windows and have every possible security measure turned off.Ah wellI'll tell you if I find anything out about the virus/how to repair it and stuff.

Share this post

Link to post
Share on other sites

FirefoxRocks    0

FirefoxRocks
Posted

Turns out that the virus did damage explorer.exe. It won't even start in safe mode. I still can use the computer, just without the taskbar and desktop. I run stuff through Task Manager. I can start a lot there, but it is annoying.Dell told me to reinstall Windows XP (I don't have system restore points), which I am doing. My files are now done backing up. But please do contribute more information about this virus, I would like to know more about it.

Share this post

Link to post
Share on other sites

pyost    0

pyost
Posted

Strangely, I haven't received this message yet. I say "strangely" because it is common practice to get "Click this link" messages. To make matters worse, minutes after getting it from one contact, it is highly probable that you'll receive it a few more times B) It's sad how people aren't cautious enough, especially Internet users.Thankfully, English is not my mother tongue, so receiving these messages always makes me suspicious :)

Share this post

Link to post
Share on other sites

mvs.en    0

mvs.en
Posted

Strangely, I haven't received this message yet. I say "strangely" because it is common practice to get "Click this link" messages. To make matters worse, minutes after getting it from one contact, it is highly probable that you'll receive it a few more times B) It's sad how people aren't cautious enough, especially Internet users.
Thankfully, English is not my mother tongue, so receiving these messages always makes me suspicious :)

Yeah
English is my only tongue but... It's still pretty easy to tell if it's a virus or not...

If you're like me at all, after talknig to people a little while you can pretty much get to know their typing style...
My typing style is usually pretty recognizeable, I put crazy spacing between/in the middle of my sentences to indicate pauses...
Like...
Enter-hitting-spaces...

I also have a strang attraction to ellipsises <__<

Anyway... I just thought I'd add that,
it's easy to tell something isn't right when you get a message from someone that you can right away tell isn't really them who typed it...
And what's this?
THere's a link with the message to boot!

Share this post

Link to post
Share on other sites

Grafitti    0

Grafitti
Posted (edited)

Plus, aren't COM, EXE, and PIF the most common types of virus files? That should set off a red flag whenever you see one. Have you tried using something like ERD commander to access windows? You can run a system file repair.... and then deleting MSN, run a regcleaner and get rid of anything you find from MSN Messenger. It might be a running/startup process, because you say that your explorer.exe crashed several times. or did you open MSN and then it started crashing?

Edit: On this forum they seem to have successfully gotten rid of it: https://www.bleepingcomputer.com/forums/t/91879/maleware-problems/

Edited by Grafitti (see edit history)

Share this post

Link to post
Share on other sites

kgd2006    0

kgd2006
Posted

I rarely use msn as my communication tool of choice because it seems lately that microsoft is the target of most of the attacks. Although other programs that I occasionally use is AIM is also a target of virus attacks, I just do the common sense thing that was mentioned in posts above, which is question the file that is being sent so that you would get bit by the internet spider. If your friend questions it himself then cleary its a virus trying to trick you into clicking and downloading some spyware or keylogger onto your computer system. The internet may be the very source of good information and a haven for many people, but it is also a burden of hell when there are people out there that is trying to use the internet for there own evil purposes. But if you are pretty cautious and well informed of the type of virus attacks that are going on out there you are very unlikely to get bit by them. The ones that usually and occasionally get attacked are those that are not so computer literate so to say. That would be the source of the contagious infection of viruses, those that dont know what just popped on their screen and is curious to find out what it is. If people are more well informed of what type of viruses are out there viruses would not be much of a problem other than a nuisance on the internet, but there is always a very curious person to fall for their traps. Im saying this in the general sense, because I know that viruses now are harder to detect and can be very very sneaky when it comes to attacking your system. But if you avoid areas such as porn sites, p2p, or any places that you normally wouldnt go to that isnt official, you should be more than safe.

Share this post

Link to post
Share on other sites

hazemmostafa    0

hazemmostafa
Posted

Hello everyone ,

I am not involved in virus and exploits analysis or

so , I was hardly tring to understand the trojans and

how they work and never complete this course although

my teacher is one of the world famous experts in the

field her nickname is fruitloop and she is irc oper /

server admin you may check her website

http://forums.xisto.com/no_longer_exists/ ...
I hear that most of the good hackers are now up to

hacking unix source code and they are very proud

about that so only you mention windows in front of

them and they will start laughing and say it is for

script kiddies and not for us
I was very happy hearing this and thought windows is

going to more safe for at least a couple of years ..
Which is like a dream to windows users .
Frankly I am a windows user sience windows 95 and

every time microsoft introduce a newer version to the

computer world I find some expert talking about the

holes and security issues in this new version , then

these tweaker programs show explaining how they can

close ports and fix security problems to windows user

- Also hide/show resycle bin Dont now why ? B) -
now some guys said norton is not good and processor

consumer go get kaspersky or avg or nod whatever
So all linux users are safe with no -as windows -

software available and ugly command write

/bin/user/*** ( who's bin ? )
and all windows users are not safe forever no matter

how nice/easy xp/vista looks .

Share this post

Link to post
Share on other sites

FirefoxRocks    0

FirefoxRocks
Posted

The virus created 2 files in my user account stuff, golgi.exe and ra*.exe. I thought EXE and PIF were the dangerous executables, but I didn't know what COM was, I assumed it was Component Object Model which is used by Internet Explorer to display stuff (I think), and the site was IE-compatible.I find it strange that the virus has been around for so long and that no anti-virus company has any information about it.

Share this post

Link to post
Share on other sites

toby    0

toby
Posted

I had one picture which without prompting a dl did something and sent the url to everyone on my contact list, online or not.... Not too pleased about sending my friends that, not the 350+ windows...

Share this post

Link to post
Share on other sites

FirefoxRocks    0

FirefoxRocks
Posted

My friends got rid of it by reinstalling Windows Live Messenger. Unfortunately, my explorer.exe was damaged by the virus and I had to reinstall Windows XP (gave me a chance to install Ubuntu! B))

Share this post

Link to post
Share on other sites

Chesso    0

Chesso
Posted

I skipped a lot of replies, so please excuse me if my question might have been answered.Anyway, so does this affect Windows Live Only? Because I haven't recieved any of these messages and a lot of people I know refuse to use it as well.Then again, most of the people on my list are web developers, software programmers and such, so there not exactly dumb with a PC lol.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept