anyone heard of this msn virus?

[ac]

A friend has a virus which sends random virus files to people when he logs
into msn. he also cant view any virus disinfecting related websites either.

Anyone can shed any light?
thanks

 

[Ian JP Kenefick]

A friend has a virus which sends random virus files to people when he logs
into msn. he also cant view any virus disinfecting related websites either.

Anyone can shed any light?
thanks

Well - there are two main ones right now...

[1]
Fatso.A
IM-Worm.Sumom.a
IM-Worm.Win32.Sumom.a
Serflog
Sumom.A
W32.Serflog.A
W32/Assiral.C.worm
W32/Crog.worm
W32/Fatso.A.worm
W32/Sumom-A
Win32.Bropia.U
Win32.Sumom.A
Win32.Worm.Sumom.A
WORM_FATSO.A

[2]
Bropia.A
IM-Worm.Win32.VB.a
W32.Bropia
W32/Bropia-A
W32/Bropia.A.worm
W32/Bropia.worm
W32/Bropia.worm.gen
Win32.Bropia.A
WORM_BROPIA.A

Google is your friend....
--

Regards, |Windows XP Professional SP2
Ian Kenefick |NOD32 Antivirus system [resident]
http://www.ik-cs.com |AVP 3.5 - [On Demand]
no snake oil here! |Sygate Personal Firewall 5 professional
|Forte Agent 2
|Eudora 6.2 (Paid)

 

[ac]

A friend has a virus which sends random virus files to people when he logs
into msn. he also cant view any virus disinfecting related websites
either.

Anyone can shed any light?
thanks

Well - there are two main ones right now...

[1]
Fatso.A
IM-Worm.Sumom.a
IM-Worm.Win32.Sumom.a
Serflog
Sumom.A
W32.Serflog.A
W32/Assiral.C.worm
W32/Crog.worm
W32/Fatso.A.worm
W32/Sumom-A
Win32.Bropia.U
Win32.Sumom.A
Win32.Worm.Sumom.A
WORM_FATSO.A

[2]
Bropia.A
IM-Worm.Win32.VB.a
W32.Bropia
W32/Bropia-A
W32/Bropia.A.worm
W32/Bropia.worm
W32/Bropia.worm.gen
Win32.Bropia.A
WORM_BROPIA.A

Google is your friend....
--

Regards, |Windows XP Professional SP2
Ian Kenefick |NOD32 Antivirus system [resident]
http://www.ik-cs.com |AVP 3.5 - [On Demand]
no snake oil here! |Sygate Personal Firewall 5 professional
|Forte Agent 2
|Eudora 6.2 (Paid)

Thanks.. I've worked out, it's the W32/Bropia.worm.n .... To be honest,
mcafee and norton site's are not that helpful. I just want a tool which we
can download and delete the little bugger! currently scanning with the
'Stinger' tool, hopefully that will detect and delete it.

let me know any more advice.
thank again.

 

[Ian JP Kenefick]

A friend has a virus which sends random virus files to people when he logs
into msn. he also cant view any virus disinfecting related websites
either.

Anyone can shed any light?
thanks

Well - there are two main ones right now...

[1]
Fatso.A
IM-Worm.Sumom.a
IM-Worm.Win32.Sumom.a
Serflog
Sumom.A
W32.Serflog.A
W32/Assiral.C.worm
W32/Crog.worm
W32/Fatso.A.worm
W32/Sumom-A
Win32.Bropia.U
Win32.Sumom.A
Win32.Worm.Sumom.A
WORM_FATSO.A

[2]
Bropia.A
IM-Worm.Win32.VB.a
W32.Bropia
W32/Bropia-A
W32/Bropia.A.worm
W32/Bropia.worm
W32/Bropia.worm.gen
Win32.Bropia.A
WORM_BROPIA.A

Google is your friend....
--

Regards, |Windows XP Professional SP2
Ian Kenefick |NOD32 Antivirus system [resident]
http://www.ik-cs.com |AVP 3.5 - [On Demand]
no snake oil here! |Sygate Personal Firewall 5 professional
|Forte Agent 2
|Eudora 6.2 (Paid)

Thanks.. I've worked out, it's the W32/Bropia.worm.n .... To be honest,
mcafee and norton site's are not that helpful. I just want a tool which we
can download and delete the little bugger! currently scanning with the
'Stinger' tool, hopefully that will detect and delete it.

let me know any more advice.
thank again.

Go to my website - to the 'Got a virus?' section and follow 'Procedure
a'

This detects all known variants.
--

Regards, |Windows XP Professional SP2
Ian Kenefick |NOD32 Antivirus system [resident]
http://www.ik-cs.com |AVP 3.5 - [On Demand]
no snake oil here! |Sygate Personal Firewall 5 professional
|Forte Agent 2
|Eudora 6.2 (Paid)

 

[David H. Lipman]

From: "ac" <[email protected]>

| A friend has a virus which sends random virus files to people when he logs
| into msn. he also cant view any virus disinfecting related websites either.
|
| Anyone can shed any light?
| thanks
|


Besides what Ian provided you, it could be the Kelvir worm.



Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt484.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *

 

[Ian JP Kenefick]

Besides what Ian provided you, it could be the Kelvir worm.

Yikes! You're right. Forgot about that!

P.S. See new 'Got a virus?' seciton on my website.

--

Regards, |Windows XP Professional SP2
Ian Kenefick |NOD32 Antivirus system [resident]
http://www.ik-cs.com |AVP 3.5 - [On Demand]
no snake oil here! |Sygate Personal Firewall 5 professional
|Forte Agent 2
|Eudora 6.2 (Paid)

 

[David H. Lipman]

From: "Ian JP Kenefick" <[email protected]>

| On Thu, 10 Mar 2005 19:07:48 GMT, "David H. Lipman"
|
| Yikes! You're right. Forgot about that!
|
| P.S. See new 'Got a virus?' seciton on my website.
|
| --
|
| Regards, |Windows XP Professional SP2
| Ian Kenefick |NOD32 Antivirus system [resident]
| http://www.ik-cs.com |AVP 3.5 - [On Demand]
| no snake oil here! |Sygate Personal Firewall 5 professional
| |Forte Agent 2
| |Eudora 6.2 (Paid)

It's difficult to keep up with all these infectors. You get to know some of tnem and their
effects, then you learn some more, then you forget the information you learned on previously
learned ones !

That's why a HATE when someone gices you clues of viral/malware activity and your supposed
to come up with a name to fit the effects. G-d there are ~119,000, 10's of thousands in the
wild. Who can keep this all in their head ?

 

[kurt wismer]

David H. Lipman wrote:
[snip]

It's difficult to keep up with all these infectors. You get to know some of tnem and their
effects, then you learn some more, then you forget the information you learned on previously
learned ones !

That's why a HATE when someone gices you clues of viral/malware activity and your supposed
to come up with a name to fit the effects. G-d there are ~119,000, 10's of thousands in the
wild. Who can keep this all in their head ?

so i take it then you're not up for a little "name that virus"...

 

[Ian JP Kenefick]

David H. Lipman wrote:
[snip]

It's difficult to keep up with all these infectors. You get to know some of tnem and their
effects, then you learn some more, then you forget the information you learned on previously
learned ones !

That's why a HATE when someone gices you clues of viral/malware activity and your supposed
to come up with a name to fit the effects. G-d there are ~119,000, 10's of thousands in the
wild. Who can keep this all in their head ?

so i take it then you're not up for a little "name that virus"...

ha ha - a geeky kind of humor - I like it.
--

Regards, |Windows XP Professional SP2
Ian Kenefick |NOD32 Antivirus system [resident]
http://www.ik-cs.com |AVP 3.5 - [On Demand]
no snake oil here! |Sygate Personal Firewall 5 professional
|Forte Agent 2
|Eudora 6.2 (Paid)

 

[David H. Lipman]

From: "kurt wismer" <[email protected]>


|
| so i take it then you're not up for a little "name that virus"...
|
| --
| "we are the revenants
| and we will rise up from the dead
| we become the living
| we've come back to reclaim our stolen breath"


Dave --- ROFLOL ---

 

[Conor]

Thanks.. I've worked out, it's the W32/Bropia.worm.n .... To be honest,
mcafee and norton site's are not that helpful. I just want a tool which we
can download and delete the little bugger! currently scanning with the
'Stinger' tool, hopefully that will detect and delete it.

Stick Linux on. Only a complete ****ing moron would get that worm as it
requires user intervention. What other links sent from random people
does he also open?

 

[ac]

Stick Linux on. Only a complete ****ing moron would get that worm as it
requires user intervention. What other links sent from random people
does he also open?


--
Conor

An imperfect plan executed violently is far superior to a perfect plan.
-- George Patton

Easy tiger! Wooh woah.. no need to personally insult him. Jesus, people make
mistakes.

Besides, I think he got it by accepting a file from someone legit on his
contacts list. That's what this worm does. When the infected person logs on
msn, it attempts to send affected files to friends on their list. Therefore,
their friend who is on the receiving end has no reason to doubt the file as
they think it's coming from their legit friend.

 

[Roger Wilco]

Easy tiger! Wooh woah.. no need to personally insult him. Jesus, people make
mistakes.

Just ignore his recruiting, he just doesn't want to be the only moron
using Linux.

Besides, I think he got it by accepting a file from someone legit on his
contacts list. That's what this worm does. When the infected person logs on
msn, it attempts to send affected files to friends on their list. Therefore,
their friend who is on the receiving end has no reason to doubt the file as
they think it's coming from their legit friend.

It is a myth that these things only come from strangers - most spread
from friend to friend (contact to contact).

 

[Conor]

Just ignore his recruiting, he just doesn't want to be the only moron
using Linux.

I don;t use Linux dumbass. If you looked at my headers, you'd have
worked that out.

 

[kurt wismer]

David H. Lipman wrote:
[snip]

It's difficult to keep up with all these infectors. You get to know some of tnem and their
effects, then you learn some more, then you forget the information you learned on previously
learned ones !

That's why a HATE when someone gices you clues of viral/malware activity and your supposed
to come up with a name to fit the effects. G-d there are ~119,000, 10's of thousands in the
wild. Who can keep this all in their head ?

so i take it then you're not up for a little "name that virus"...

ha ha - a geeky kind of humor - I like it.

"name that virus" is a game that used to be played in alt.comp.virus
ages ago... i can't take credit for the idea or the name - if i had to
blame someone, i'd blame dr. solly... but that would just be a guess...

 

[Roger Wilco]

I don;t use Linux dumbass. If you looked at my headers, you'd have
worked that out.

I do use Linux and reading my headers provides no clues to that fact.
Your headers don't prove that you don't use Linux any more than mine
show that I do.