aim.exe virus?

G

Guest

i was signed on AIM and talked to some friends. after about 3 minutes of not
typing a message suddenly my computer put up an away message that said I Love
You and put up a link to a site. i forget which site it was. anyway, i tried
to solve it by opening up my Task Manager and looking for a suspicious
proccess running. but it closed with a second of opening it every time i
tried. then i went to Start > Run > msconfig. that too closed right away. i
tried regedit also and that closed just as fast. i ran some adware programs
and that didn't solve it. i downloaded an antivirus program and that didn't
do it either. how do i beat this virus/spyware/adware if i can't open up the
tools that i need to get rid of it?
 
D

David H. Lipman

Please go to one or more of the below online scanners and perform a scan of your platform
then report back your results.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Dave





| i was signed on AIM and talked to some friends. after about 3 minutes of not
| typing a message suddenly my computer put up an away message that said I Love
| You and put up a link to a site. i forget which site it was. anyway, i tried
| to solve it by opening up my Task Manager and looking for a suspicious
| proccess running. but it closed with a second of opening it every time i
| tried. then i went to Start > Run > msconfig. that too closed right away. i
| tried regedit also and that closed just as fast. i ran some adware programs
| and that didn't solve it. i downloaded an antivirus program and that didn't
| do it either. how do i beat this virus/spyware/adware if i can't open up the
| tools that i need to get rid of it?
 
G

Guest

DON'T CLICK THIS LINK!

myscreenname: LOVE YOU http://www.fals.net/love !!!!

DON'T CLICK THIS LINK!

it leads to a page that offers a download of a file in the format .scr which
is a screensaver but could also be a virus
 
D

David H. Lipman

It "IS" an infector, an Internet worm.

McAfee declares this as "W32/Sdbot.worm.gen.i" --
http://vil.nai.com/vil/content/v_100454.htm
And you were wrong to have posted the URL without obfuscating it such that readers would not
get you to the site if clicked upon.
That was a mistake, please don't repeat it.

The following is the solution to this infector...

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot the PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of the affected platform and clean/delete
any
infectors found
4) Restart the affected PC and perform a "final" Full Scan of the platform
5) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 200 ~ 400MB),
6) Reboot the PC.
7) Create a new Restore point

Dave





| DON'T CLICK THIS LINK!
|
| myscreenname: LOVE YOU http://www.fals.net/love !!!!
|
| DON'T CLICK THIS LINK!
|
| it leads to a page that offers a download of a file in the format .scr which
| is a screensaver but could also be a virus
 
A

Amir Facade

Uh, Dave,
You left the link active on the bottom of your reply.
Practice what you preach dude.
Amir
 
D

David H. Lipman

Amir:

Thank you for pointing that out. I did mean to remove it. That's what you get for hitting
the send button too soon and w/o proof reading.
My apologies to all...

Dave




| Uh, Dave,
| You left the link active on the bottom of your reply.
| Practice what you preach dude.
| Amir
|
|
|
| | > It "IS" an infector, an Internet worm.
| >
| > McAfee declares this as "W32/Sdbot.worm.gen.i" --
| > http://vil.nai.com/vil/content/v_100454.htm
| > And you were wrong to have posted the URL without obfuscating it such that
| readers would not
| > get you to the site if clicked upon.
| > That was a mistake, please don't repeat it.
| >
| > The following is the solution to this infector...
| >
| > Obtain McAfee's virus and worm removal tool, Stinger:
| http://vil.nai.com/vil/stinger/
| >
| > 1) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 2) Reboot the PC into Safe Mode
| > 3) Using McAfee Stinger, perform a Full Scan of the affected platform
| and clean/delete
| > any
| > infectors found
| > 4) Restart the affected PC and perform a "final" Full Scan of the
| platform
| > 5) Re-enable System Restore and re-apply any System Restore
| preferences,
| > (e.g. HD space to use suggested 200 ~ 400MB),
| > 6) Reboot the PC.
| > 7) Create a new Restore point
| >
| > Dave
| >
| >
| >
| >
| >
| > | > | DON'T CLICK THIS LINK!
| > |
| > | myscreenname: LOVE YOU no link here!!!!
| >
| > | DON'T CLICK THIS LINK!
| > |
| > | it leads to a page that offers a download of a file in the format .scr
| which
| > | is a screensaver but could also be a virus
| >
| >
|
|
 
G

Guest

McAfee:

C:\...\Dummy.class-2d83e136-3a5299d2.class Exploit-ByteVerify
C:\...\Dummy.class-59bbb340-6cb79a37.class Exploit-ByteVerify
C:\...\archive.jar-6b722b07-7cc6af7a.zip Exploit-ByteVerify
C:\...\archive.jar-6b722b07-7cc6af7a.zip Exploit-ByteVerify
C:\...\archive.jar-6b722b07-7cc6af7a.zip Exploit-ByteVerify
C:\...\archive.jar-6b722b07-7cc6af7a.zip JV/ZaaK
C:\Documents and Settings\...\allfiles.exe MultiDropper-Z
C:\id=zzy&opt=hhj&rw=468&rh=60&cv=210&uid=79647... Exploit-CodeBase.gen
C:\Documents and Settings\...\7-17[1].exe AdClicker-AO
C:\Documents and Settings\...\wmp[1].htm Exploit-MhtRedir.gen
C:\Documents and Settings\...\7-15[1].exe AdClicker-AO
C:\Documents and Settings\...\wmp[1].htm Exploit-MhtRedir.gen
C:\Documents and Settings\...\si1[1].htm Exploit-MhtRedir.gen



Panda:

Scanned Yes 208899 18
Infected - 12 0
Suspicious - 0 0
Disinfected - 12 0
 
G

Guest

sry about posting the link

that was the worm that McAfee declared. Task Manager, MsConfig, and RegEdit
all working fine. thanks for the help.
 
G

GateKeeper

I downloaded and scanned the file. My Norton Antivirus 2004 did not
detect a threat in the "loveyou.scr" file. I have submitted the file to
Symantec.
 
G

GateKeeper

Update: Symantec replied that the file is infected with "W32.IRCBot."
They sent me a link to a "RapidRelease definitions" file, which did
indeed detect and remove the Trojan. The file is not repairable.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with opening msconfig and regedit 2
Unable to open task mgr regedit msconfig 4
weird virus that i cant seem to remove 3
Urgent! Virus Attack 18
New startup error 10
Help - windows 10 initializing and rebooting 1
Virus/ Adware??? 1
Windows cannot find "logon.exe" 26

Top