virus

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Ok i use aol instant messenging and someone told me to go to this site in the
instant message. then all of sudden it gives me a virus. the virus says "this
girl is crazy! go look at here -
http://home.earthlink.net/~puggy12/webcam.exe". now everytime i talk to
someone this pops up. does anyone here know how to get this virus off the
comp please help?
 
From: "Johny0711" <[email protected]>

| Ok i use aol instant messenging and someone told me to go to this site in the
| instant message. then all of sudden it gives me a virus. the virus says "this
| girl is crazy! go look at here -
| http://home.earthlink.net/~puggy12/webcam.exe". now everytime i talk to
| someone this pops up. does anyone here know how to get this virus off the
| comp please help?
| --
| John

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

It was irresponsible of you to post a URL, without obfuscating the URL first, of what can
install a virus !

In this case it is not a virus but it is a Trojan Downloader which Kaspersky calls
"Trojan-Downloader.Win32.IstBar.nf "

Use the Kaspersky module in the below tool.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.


* * * Please report back your results * * *
 
Johny0711 said:
Ok i use aol instant messenging and someone told me to go to this site
in the instant message. then all of sudden it gives me a virus. the
virus says "this girl is crazy! go look at here - (url snipped)
now everytime i talk
to someone this pops up. does anyone here know how to get this virus
off the comp please help?
Click to expand...

Update the definitions on your antivirus and scan in Safe Mode. If you
do not have a current version av (one that is not earlier than 2004)
with an active subscription and updated definitions, start scanning
with either Sysclean or Dave Lipman's Multi-AV (links below). Then get,
install, and update a full-featured av and do a thorough scan in Safe
Mode.

It would be wise to continue your clean-up by scanning for non-viral
malware after you get the virus removed. Instructions for that are also
at the link below.

http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://www.ik-cs.com/multi-av.htm

If the instructions seem too difficult - and there is no shame in
admitting this - take the machine to a professional computer repair
shop (not your local version of BigStoreUSA).

Learn how to practice "Safe Hex":
http://www.claymania.com/safe-hex.html

Malke
 
From: "Malke" <[email protected]>

| Johny0711 wrote:
||
| Update the definitions on your antivirus and scan in Safe Mode. If you
| do not have a current version av (one that is not earlier than 2004)
| with an active subscription and updated definitions, start scanning
| with either Sysclean or Dave Lipman's Multi-AV (links below). Then get,
| install, and update a full-featured av and do a thorough scan in Safe
| Mode.
|
| It would be wise to continue your clean-up by scanning for non-viral
| malware after you get the virus removed. Instructions for that are also
| at the link below.
|
| http://www.elephantboycomputers.com/page2.html#Removing_Malware
| http://www.ik-cs.com/multi-av.htm
|
| If the instructions seem too difficult - and there is no shame in
| admitting this - take the machine to a professional computer repair
| shop (not your local version of BigStoreUSA).
|
| Learn how to practice "Safe Hex":
| http://www.claymania.com/safe-hex.html
|
| Malke

The following are the only AV vendors that recognize this trojan

Kaspersky 4.0.2.24 11.21.2005 Trojan-Downloader.Win32.IstBar.nf
NOD32v2 1.1296 11.21.2005 probably unknown NewHeur_PE virus
VBA32 3.10.5 11.21.2005 Trojan-Downloader.Win32.IstBar.nf

It was subsequently submitted to all AV vendors for their applications.
 
David H. Lipman wrote:

The following are the only AV vendors that recognize this trojan

Kaspersky 4.0.2.24 11.21.2005 Trojan-Downloader.Win32.IstBar.nf
NOD32v2 1.1296 11.21.2005 probably unknown NewHeur_PE virus
VBA32 3.10.5 11.21.2005 Trojan-Downloader.Win32.IstBar.nf

It was subsequently submitted to all AV vendors for their
applications.
Click to expand...

Thanks, Dave!

Malke
 
I have done everything you guys have told me. but the thing is still there it
wont go away. is there anyother way i can get rid of it. again the virus or
torgan says this "omg... this doesn't look right at all!!
http://home.earthlink.net/~puggy12/IMS.exe" when ever i talk to someone on
aol instant messenging please help!
 
From: "Johny0711" <[email protected]>

| I have done everything you guys have told me. but the thing is still there it
| wont go away. is there anyother way i can get rid of it. again the virus or
| torgan says this "omg... this doesn't look right at all!!
| hxxp://home.earthlink.net/~puggy12/IMS.exe" when ever i talk to someone on
| aol instant messenging please help!

You did it again !

It is irresponsible of you to keep posting URLs, without obfuscating the URL first, of what
can install a virus ! Now anybody can click on that URL and they too can be infected !

In this case IME.EXE is the same as WEBCAM.EXE.

This is from my McAfee log...
D:\temp\IE6\Temporary Internet Files\Content.IE5\WCZFECUD\IMS[1].exe\IMS[1].EXE
W32/Kelvir.worm.fu


Start with the McAfee module in the below tool and then use the Kasperski module. Both
recognoze this infector !
After you download the needed files and scan in Normal Mode, scan the computer again in Safe
Mode.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.


* * * Please report back your results * * *
 
From: "David H. Lipman" <[email protected]>

I add to that, use the Sophos Module !

AntiVir 6.32.0.6 11.22.2005 TR/Drop.IstBar.NF.2
Avira 6.32.0.6 11.22.2005 TR/Drop.IstBar.NF.2
BitDefender 7.2 11.22.2005 Win32.Worm.Webby.A
DrWeb 4.33 11.22.2005 Trojan.Isbar.388
eTrust-Iris 7.1.194.0 11.23.2005 Win32/Multidropper.167147!Trojan
Fortinet 2.48.0.0 11.23.2005 W32/Istbar.NF-dldr
Kaspersky 4.0.2.24 11.23.2005 Trojan-Downloader.Win32.IstBar.nf
McAfee 4634 11.22.2005 W32/Kelvir.worm.fu
NOD32v2 1.1297 11.22.2005 probably unknown NewHeur_PE virus
Sophos 3.99.0 11.23.2005 W32/Yimp-B
VBA32 3.10.5 11.22.2005 Trojan-Downloader.Win32.IstBar.nf
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AIM.EXE 1
Virus checker 7
Anti Virus 2009 9
Pain in the a@se dll 5
XP Cleaner virus 2
Cannot access registry, msconfig, or task manager 1
Help Please!hard drive clean up pop up 4
HEADACHE!-- fatal errors?!? 1

Back
Top