I had my AIM profile hijacked when I clicked thru to a link labeled

New Years 2003 Partayy

This link is actually buddyphoto.net

Now my IM profile displayes the same message:
(New Years 2003 Partayy)

I am unable to delete it w/Spybot....any suggestions?

On Mon, 22 Dec 2003 11:16:30 -0800, Bluecaper <(E-Mail Removed)> wrote:

> This link is actually buddyphoto.net
> Now my IM profile displayes the same message:
> (New Years 2003 Partayy)
> I am unable to delete it w/Spybot....any suggestions?

buddyphoto.net does not resolve, so I can't obtain a copy
of whatever your system was infected with.

I'd go to http://mjc1.com/mirror/hjt/
and follow the instructions there to download and use
hijackthis.

Regards, Dave Hodgins
--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specfically for
use in usenet. Feel free to use it yourself.)

Thanks...that solved the problem.
Merry Christmas to you and yours.

"David W. Hodgins" <(E-Mail Removed)> wrote in message
newspr0lsapriqz8bjc@nntp...
> On Mon, 22 Dec 2003 11:16:30 -0800, Bluecaper <(E-Mail Removed)>
wrote:
>
> > This link is actually buddyphoto.net
> > Now my IM profile displayes the same message:
> > (New Years 2003 Partayy)
> > I am unable to delete it w/Spybot....any suggestions?
>
> buddyphoto.net does not resolve, so I can't obtain a copy
> of whatever your system was infected with.
>
> I'd go to http://mjc1.com/mirror/hjt/
> and follow the instructions there to download and use
> hijackthis.
>
> Regards, Dave Hodgins
> --
> Change nomail.afraid.org to rogers.com to reply by email.
> (nomail.afraid.org has been set up specfically for
> use in usenet. Feel free to use it yourself.)

On Tue, 23 Dec 2003 10:06:01 -0800, Bluecaper <(E-Mail Removed)> wrote:

> Thanks...that solved the problem.
> Merry Christmas to you and yours.

Glad you got it fixed.

Merry Christmas to you and the rest here.

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specfically for
use in usenet. Feel free to use it yourself.)

"Bluecaper" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> I had my AIM profile hijacked when I clicked thru to a link labeled
>
> New Years 2003 Partayy
>
> This link is actually buddyphoto.net
>
> Now my IM profile displayes the same message:
> (New Years 2003 Partayy)
>
> I am unable to delete it w/Spybot....any suggestions?



I have the same problem. After I complete the scan using Hijack This,
I am unable to determine what item(s) to remove. Has anyone else had
problems with this? My Norton antivirus identifies it as a trojan
virus but after I delete the virus the message still appears in my IM
"edit profile" dialogue.

Ed Comitz

On 31 Dec 2003 07:59:52 -0800, Ed Comitz <(E-Mail Removed)> wrote:

> "Bluecaper" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
>> I had my AIM profile hijacked when I clicked thru to a link labeled
>> New Years 2003 Partayy
>> This link is actually buddyphoto.net
>> Now my IM profile displayes the same message:
>> (New Years 2003 Partayy)
>> I am unable to delete it w/Spybot....any suggestions?
>
> I have the same problem. After I complete the scan using Hijack This,
> I am unable to determine what item(s) to remove. Has anyone else had
> problems with this? My Norton antivirus identifies it as a trojan
> virus but after I delete the virus the message still appears in my IM
> "edit profile" dialogue.

Try http://www.jayloden.com/CamFix.htm
and http://www.spychecker.com/program/cwshredder.html

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specfically for
use in usenet. Feel free to use it yourself.)

"Bluecaper" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> I had my AIM profile hijacked when I clicked thru to a link labeled
>
> New Years 2003 Partayy
>
> This link is actually buddyphoto.net
>
> Now my IM profile displayes the same message:
> (New Years 2003 Partayy)
>
> I am unable to delete it w/Spybot....any suggestions?

delete C:\windows\av.exe

It's a trojan horse. As soon as you delete it, your profile will be restored.

"Bluecaper" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> I had my AIM profile hijacked when I clicked thru to a link labeled
>
> New Years 2003 Partayy
>
> This link is actually buddyphoto.net
>
> Now my IM profile displayes the same message:
> (New Years 2003 Partayy)
>
> I am unable to delete it w/Spybot....any suggestions?

Oh, could you post the link on this post? I want to show it to the
geeks over at AOL. It somehow uses AIM to download a trojan. I want it
fixed in the next AIM.

On 5 Jan 2004 13:56:11 -0800, (E-Mail Removed) (McApplBee) wrote in
alt.comp.anti-virus:

>Oh, could you post the link on this post? I want to show it to the
>geeks over at AOL. It somehow uses AIM to download a trojan. I want it
>fixed in the next AIM.

It downloaded the trojan from the WEB because you clicked on the link
- that doesn't have a heck of a lot to do with AIM. At best they
might be able to keep it from altering the profile. If you had had
all your browser updates and VB Scripting disabled on your computer,
none of it would have happened at all.

As far as it being fixed in the next AIM, you need
http://www.aim.com/help_faq/report.adp?aolp=
scroll down to the 11/20/2003 entry - it appears they've been clued in
for a while now.

BTW, according to Symantec, this trojan also steals AIM passwords from
the registry - and if your AIM name is the same as your AOL name, the
passwords are identical if you haven't changed the AIM one. *Change
all AIM and AOL passwords*.
http://securityresponse.symantec.com...an.sinkin.html

Carol

"David W. Hodgins" <(E-Mail Removed)> wrote in message news:<opr018cepuqz8bjc@nntp>...
> On 31 Dec 2003 07:59:52 -0800, Ed Comitz <(E-Mail Removed)> wrote:
>
> > "Bluecaper" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> >> I had my AIM profile hijacked when I clicked thru to a link labeled
> >> New Years 2003 Partayy
> >> This link is actually buddyphoto.net
> >> Now my IM profile displayes the same message:
> >> (New Years 2003 Partayy)
> >> I am unable to delete it w/Spybot....any suggestions?
> >
> > I have the same problem. After I complete the scan using Hijack This,
> > I am unable to determine what item(s) to remove. Has anyone else had
> > problems with this? My Norton antivirus identifies it as a trojan
> > virus but after I delete the virus the message still appears in my IM
> > "edit profile" dialogue.
>
> Try http://www.jayloden.com/CamFix.htm
> and http://www.spychecker.com/program/cwshredder.html
>
> Regards, Dave Hodgins


I had this same problem - and I used the jayloaden.com site to fix the
problem. I followed the directions exactly, only to have the problem
keep coming back anyway. What these instructions fail to tell you is
the very last thing you do is do delete your AIM profile for your
username. You do that by clicking on your username on the login
screen and just hit delete. When you re-log back in, you may have to
re-type your profile etc, but that's a small price to pay to have this
damn thing gone.

As a rule of thumb, download and run weekly: adaware and spybot - get
them from download.com.