locked
Windows live Messenger sending out virus

    Question

  • I mistakenly clicked on a zip file that was suppose to bea picture yesterday from a friend and when I went to run it, there was know picture. Insstead it keeps sending out the same file to everyone on my friends list.

    I ran avg and its not a virus. It seems like its only effecting window live messenger. Can anyone help me solve this problem.

    Thursday, March 29, 2007 10:49 PM

Answers

  • well it's been a week now and still no good. every two days norton system works keeps finding a virus called "infostealer" (great!) funny thing is in the past year that i've had norton it's only ever found about 4 now it's one every two days thats why i'm sure theres more to it than just what i keep finding on the search that spybot, avg and norton do if they do find anything i search the pc for key words and if there are matches and it's ok to do it, i delet them but spybot seems to find things gets rid of them and then there back again for the next scan. also what i did notice is task manager was running dexplore.exe which had the cpu running at 100% had never seen it there before and google searches said it to be an addition to something?? anyway i got rid of that too. i'm now taking out IE 7 seeing that this is what is being used with the pop ups. can i ask if it happens this way to others i only get the popups when i open mozilla and go on the internet this is the browser i always use nothing els and also i keep getting a box saying working of line well thats funny i'm on broadband and surfing through mozilla at that time?!

    what i can't work out is that all the big antivirus and spywear just doesn't seem to be shifting it or anything at that matter i would class this as high because it really is causing alot of havoc with pc's it has to be something running hidden somewhere. i to am watching this thread hopefully we will all get help as it seems to be affecting so many people.
     
    Thursday, April 19, 2007 9:26 PM
  • I can't get rid of this thing! UGH!

     

    So far, over the last week, this is what I have done (bear in mind that ALL definitions ARE up to date);

     

    McAfee Internet Security (2007 retail)

    AVG (free spyware and virus)

    SpyBot

    CCleaner

    PandaScan

    Windows OneCare Scanner

     

    In amongst all this, I have also attempted;

     

    System restore

    Uninstalling WLM countless times

    Clearing registry of all obvious keys related to WLM and MSN messenger, login id's and any other relevent info.

    Registry Mechanic

    ASO System Optimizer (retail) just about every app that comes along with this nice little tool.

    ATF Clearner

    IMP Fix

    Silent Runners

    Hijack This

    MSCONFIG!!

    I have also tried various combinations in safe mode.  I thought I had it beat with the Windows OneCare scanner, but was told that I was still sending out messages, some with attachments, some without.

     

    I know, I could just reformat, however I'm trying to avoid this.  I also know of a few other people who have been having the same trouble with this worm that do not have the skills to reformat their computers, and I frankly do not have time to make house calls right now.

     

    Is there something else that I am missing?  Has anyone had success with something else I have not tried?


    Thanks for the advice! 

     

     

     

    • Proposed as answer by itnube Thursday, April 09, 2009 7:48 AM
    • Unproposed as answer by djartsincModerator Tuesday, August 04, 2009 6:35 PM
    • Marked as answer by djartsincModerator Tuesday, August 04, 2009 6:35 PM
    Wednesday, November 14, 2007 4:18 AM

All replies

  • Your PC is prolly infected with "Ratemynuts Virus". You better run anti-spyware again.
    • Proposed as answer by latinanthony Tuesday, September 21, 2010 4:16 AM
    Friday, March 30, 2007 8:18 PM
  •  Derrick R wrote:

    I mistakenly clicked on a zip file that was suppose to bea picture yesterday from a friend and when I went to run it, there was know picture. Insstead it keeps sending out the same file to everyone on my friends list.

    I ran avg and its not a virus. It seems like its only effecting window live messenger. Can anyone help me solve this problem.



    I think this virus has just surfaced in the world like maybe a day or two ago.

    I just saw my first invitation to accept the file yesterday. Luckily I didn't know who that person was, so I didn't accept it.

    I dont think any spyware program has any remedy for this yet.
    Saturday, March 31, 2007 3:24 AM
  • Can you forward us the file or the text of the message? We can block it from spreading on the server.
    Tuesday, April 03, 2007 4:22 PM
  • I have recieved the same virus, the that goes around to all my friends it's a zip file that says photo album ...... i was stupid enough to open it..... now i cant even use windows live messenger ... any tips on how to get it up and running again .....  i use messenger for work so i hope there is a fix for this virus...... if u need anymore info feel free to email me ...

     

     

    Saturday, April 07, 2007 6:45 AM
  • Uh this virus is taking the micky, i have it too, any help would be appreciated ive reinstalled several timea and ran several anitvirus programs and nothings shifting it, if its not sorted im gonna have to re format -_-
    Sunday, April 08, 2007 3:44 PM
  • What I had to do was roll back the date. It was fixed once i did that, but my avg antivirus wont load.
    Sunday, April 08, 2007 3:51 PM
  • HOw do u roll back your date ?

     

    Monday, April 09, 2007 8:16 PM
  • please i could do with advise aswell.

    i stupudly clinked the link from my bros. it was wel weird i a happend to be set as appear offline and for about 10 minutes my bros signing in box keeped popping up saying he was signing in at least 6 times i keeped thinking what on earth?? then i recieved instant message from him saying  "is that you on this photo?" with a link below to stupidpicture.info (taken away letters so no link) before i clicked it i thought hand on how does he know i'm appering to be off line?? and still send a message ?

    well thats why i'm stupid all the signs where there but i still clincked the link and now well where do i start !!!my msger was getting bigger then little screen signing in signing out and trying to contact another famliy member who is always appearing off line thats when i knew what mistake i'd done now EI keeps opening up with odd sites  norton say's i now only have 1% disk space left WTF ..my pc has just gone mental i use norton system works this picked up a trojan about 20 minutes after i clicked the link a worm attempt and since then nothing i down loaded avg  that got 17 viruses??? spybot S&D  gets loads of stuff but nothing seems to be fixing my pc.

    i've taken windows messenger off as it was trying to send it too everyone on my contact list i would love find out whats going on and try to fix it

    please help
    Sunday, April 15, 2007 8:45 PM
  • The message along with the URL recived on 17th April 2007:

     

    is that you on this photo http://www.hotandcute.net/photo6.php

     

    The link downloads a file photo6.com

     

     

    Tuesday, April 17, 2007 8:52 PM
  • yeh thats the stupid thing that i clicked on.. and now my windows live messenger is stuffed
    everytime i sign in it sends that same message to everyone on my contact list.. grrr its so annoying.. now i cant chat
    how do i get rid of this forever???
    please help!!
    Wednesday, April 18, 2007 3:17 AM
  • I also have this problem with that virus, now I can't sing in with MSN, sends it to everyone... My Antivirus doesn't seem to recognize the file as a virus - I downloaded the file with Firefox, didn't execute it...but still, it damaged my PC. Don't know how to get rid of it, it always seems to come back o__o Help...? Tongue Tied (That was SO stupid of me ><)
    Wednesday, April 18, 2007 10:08 PM
  • Will be watching this site for a solution to this problem!  There are about 6 of us who all have the same darned thing.  I'm pretty sure I got rid of the trojan virus using vundofix. However, my main problem now is all the popup *** that keeps happening. I have had the most success with spybot locating and deleting the files. It found 8 files in the first scan. I ran it again and then it found 2 files. I am currently running a 3rd scan to see if it comes up more files again. I knew I would have to scan again after I tried to run pandasoftware.com online scan to check my system and I got 2 popups again.
    Thursday, April 19, 2007 1:09 AM

  • Yeah i have/had the exact same problem.

    What i did was do the usual scans. They located the Trojans but didnt stop the pop ups and lack of ability to sign in.
    It also prevented me from downloading files.

    So I deleted IE (which i never use as Firefox is vastly better) and don't seem to have a problem with the computer, but i'll see if i can use MSN.

    The pop up problem always arose in an IE window so its sorted that but i'm not sure the virus is totally gone. I can now download too and am reinstalling a new version of MSN.

    MSN is back up and running for me. No problems I don't think.
    Thursday, April 19, 2007 1:29 PM
  • well it's been a week now and still no good. every two days norton system works keeps finding a virus called "infostealer" (great!) funny thing is in the past year that i've had norton it's only ever found about 4 now it's one every two days thats why i'm sure theres more to it than just what i keep finding on the search that spybot, avg and norton do if they do find anything i search the pc for key words and if there are matches and it's ok to do it, i delet them but spybot seems to find things gets rid of them and then there back again for the next scan. also what i did notice is task manager was running dexplore.exe which had the cpu running at 100% had never seen it there before and google searches said it to be an addition to something?? anyway i got rid of that too. i'm now taking out IE 7 seeing that this is what is being used with the pop ups. can i ask if it happens this way to others i only get the popups when i open mozilla and go on the internet this is the browser i always use nothing els and also i keep getting a box saying working of line well thats funny i'm on broadband and surfing through mozilla at that time?!

    what i can't work out is that all the big antivirus and spywear just doesn't seem to be shifting it or anything at that matter i would class this as high because it really is causing alot of havoc with pc's it has to be something running hidden somewhere. i to am watching this thread hopefully we will all get help as it seems to be affecting so many people.
     
    Thursday, April 19, 2007 9:26 PM
  • have had exactly this ame ....'cuteandhot' virus as you guys...... crashed everything..... cut a long story short... eventually downloaded a freebie virus killer called AVAST.... found it ... and seems to have sorted it out... then I dowmloaded MSN messenger again over the top of existing damaged one...took ages whilst it repaired it, and all seems to be well now.... good luck guys
    Thursday, April 19, 2007 11:35 PM
  •  chappers45 wrote:
    have had exactly this ame ....'cuteandhot' virus as you guys...... crashed everything..... cut a long story short... eventually downloaded a freebie virus killer called AVAST.... found it ... and seems to have sorted it out... then I dowmloaded MSN messenger again over the top of existing damaged one...took ages whilst it repaired it, and all seems to be well now.... good luck guys
    .

     

    The bug was called WIN32....and it found 3 of them , plus all the other stuff......and I also have ADware/ Lavasoft loaded too, and they didnt seem to conflict....

    Friday, April 20, 2007 12:07 AM
  • I had to eradicate this particularly nasty infection from two PCs at work.  I posted a brief write-up on how to do it without doing a system restore - you'll need a copy of 'HijackThis!' and your Windows XP installer CD, or other way to access your HD without booting the OS on it.  The post is on my blog - http://briancantin.blogspot.com/2007/04/when-you-manage-group-of-pcs-in.html

     

    I hope this helps.

    Friday, April 20, 2007 4:00 PM
  • hi there another way to get rid of this is to unistall windows live messenger and then look all ova ur comp for 2 files by the name of 'net' and 'oo' these are both trojans.
    Monday, April 23, 2007 7:50 AM
  •  

    I thought I'd shifted the problem by reinstalling MSN/ deleting IE.

     

    But the 3 viruses I had on the comp weren't going away. So i ended up reformatting my comp, which i'd been meaning to do for a while actually and needless to say no problems now.

    Monday, April 23, 2007 1:22 PM
  • well i'm virus free and running well.

    only due the fact that system restore was my only opion i feel and well now i'm running top speed and no virus at last also using messenger live no probs.
    Friday, April 27, 2007 10:01 AM
  • Checked any other sites? ~!> Ad-aware <!~  Normally I wouldn't suggest ad aware to anyone, but it actually does clean the "virus"... trust me I went crazy at three am when I realized that some moron (aka a sibling)  had accepted and extracted the stupid file on my laptop. I went through all my files one by one, searched through the registry, checked my startup files. Yes I went nuts, but I did some looking around... ad aware removes a "cookie" called "tracecookie"... trust me I looked everywhere deleted all the cookies, all the temp files, ect... I didn't find it. I don't know exactly where ad aware found it didn't bother looking. But MSN works now, all cool no more virus I'm happy. Hope this helps someone.
    Tuesday, September 11, 2007 8:29 AM
  • have you tried useing a program called The Cleaner its a trojan snifer if its on your comp it will find it and delete it  the program is a paid one but you can use the trial   for now and figure how to get it to work for ya later after trial

    Thursday, September 27, 2007 12:00 AM
  • This happened to my friends on msn as well, luckily they didn't click on the link that is sent, but the thing is that they say that they were getting those messages from me. No one has ever sent me those messages to me personally and i've never caught the virus on my computer, but for some reason my friends have been getting them from me. I've been running scan after scan after scan since last night to see if i might have caught the virus on my computer and I can't find a single thing. I use avast version 4.7 antivirus and windows defender as my antispyware program. Can some please, PLEASE help me. I want to be able to use MSN again without this problem happening...

    Friday, September 28, 2007 9:10 PM
  • Basically the same thing happened to me...what I did was I used avast and I use lavasoft and spybot...I went into control panel and repaired msn...but right RIGHT now....my msn went berserk!...So ill do full tests and reinstall msn...and if its still there Ill reformat!
    Gluck!
    Monday, October 29, 2007 5:40 AM
  •  

    yeah i have exactly the same virus on my computer!

    i really get pissed off!

    have u got any idea to solve this problem??

    Monday, October 29, 2007 12:25 PM
  • Another guy already told you how he got rid of it.  Avast!  While I have not gotten this virus myself, I do use Avast and have found and removed virus that other anti-viruses such as AVG would not even get.  I have also used free trials of some other pay anti-viruses and they don't seem to run as well as Avast! does for me.  Sorry I don't mean to sound like a spokesman for it, but I just find it is good for locating and deleting those pain in a butt viruses.  It also has great on access protection.  Please be away though that it will not work with Zonealarm. For some odd reason it seems to not get along with it.  There is another great firewall you can use with it though.  Comodo Firewall Pro.  It is free and to me, seems to work better the Zonealarm anyways.
    Tuesday, October 30, 2007 5:31 AM
  • I cant belive that there is no fix for this!!!  I have the exact same problem. Everytime I open MSN messnger live, it sends out a message to all my contacts asking them if they want to see a photo of me or something of that nature.

     

    I cannot clean this damn thing. I have scanned my pc with McAfee, AVAST, Stinger, ADware removal, Spybot, Xblock. I have restored my pc to a previous date, unistalled and re-installed MSN. Still no luck.

     

    My only other solution would be to re-format my hd which I dont want to do. If I am forced to reformat my hd because of this, I am never using MSN messneger any more. It does not seem very secure.

     

    Thanks,

     

    CoronaBoy

    Wednesday, November 07, 2007 4:43 PM
  • Most virus programs will find and eradicate this threat now, and even SpyBot seems to be able to find it - make sure your definitions are up to date.  Failing that, see my previous post which gives a link to detailed instructions on my website on how to do this manually.
    Wednesday, November 07, 2007 6:46 PM
  • Thank you. I will try this tonight.. But the thing is the link that this sending is not a link to a URL. Its an actual zip file with .com file in it.

    Will your fix work for this as well?

    Thanks.
    Wednesday, November 07, 2007 10:16 PM
  • I just had this exact virus.  It drove me crazy for a week trying to get rid of it.  I tried avg, avast, etc and nothing picked it up.  Then I noticed on the windows live toolbar, under pc health, windows onecare scanner, i downloaded it, scanned the computer and viola it found and fixed the problem. I hope this works for you!

     

    Thursday, November 08, 2007 1:58 AM
  • I can't get rid of this thing! UGH!

     

    So far, over the last week, this is what I have done (bear in mind that ALL definitions ARE up to date);

     

    McAfee Internet Security (2007 retail)

    AVG (free spyware and virus)

    SpyBot

    CCleaner

    PandaScan

    Windows OneCare Scanner

     

    In amongst all this, I have also attempted;

     

    System restore

    Uninstalling WLM countless times

    Clearing registry of all obvious keys related to WLM and MSN messenger, login id's and any other relevent info.

    Registry Mechanic

    ASO System Optimizer (retail) just about every app that comes along with this nice little tool.

    ATF Clearner

    IMP Fix

    Silent Runners

    Hijack This

    MSCONFIG!!

    I have also tried various combinations in safe mode.  I thought I had it beat with the Windows OneCare scanner, but was told that I was still sending out messages, some with attachments, some without.

     

    I know, I could just reformat, however I'm trying to avoid this.  I also know of a few other people who have been having the same trouble with this worm that do not have the skills to reformat their computers, and I frankly do not have time to make house calls right now.

     

    Is there something else that I am missing?  Has anyone had success with something else I have not tried?


    Thanks for the advice! 

     

     

     

    • Proposed as answer by itnube Thursday, April 09, 2009 7:48 AM
    • Unproposed as answer by djartsincModerator Tuesday, August 04, 2009 6:35 PM
    • Marked as answer by djartsincModerator Tuesday, August 04, 2009 6:35 PM
    Wednesday, November 14, 2007 4:18 AM
  •  Anonymous571333 wrote:

    I have recieved the same virus, the that goes around to all my friends it's a zip file that says photo album ...... i was stupid enough to open it..... now i cant even use windows live messenger ... any tips on how to get it up and running again .....  i use messenger for work so i hope there is a fix for this virus...... if u need anymore info feel free to email me ...



    I don't know if anyone can do this, but can your MSN e-mail be sent through another e-mail provider on the off-chance that the other e-mail provider doesn't get the virus?  I know you can have another e-mail provider and have incoming e-mails from your other e-mail account sent to them.


    I personally don't have the virus, but I'll run scan just in case.

    Friday, November 16, 2007 4:51 PM
  • Im having the same problem. I clicked on that zip file and every sinced ive been getting those IM and its sending the same zip file to person on my list. How do i get rid of it. I ran lavasoft adaware and norton and it deleted some stuff. ive changed my password and still the same thing, so innoying.help

    Saturday, November 17, 2007 12:43 AM
  • There is a solution to this annoying virus.

    I've also encountered it and very difficult to get rid of.

    The only current Anti-virus system to remedy this MSN Prank is to use Kaspersky Anti-virus (This is cause it's the only Anti-virus with the updates) (Just get the trial if you can't buy it).

    The virus is detected as [Riskware: Hidden data sending] at the location of Windows Live Messenger. The system attempts to neutralize the infected object, Windows Live Messenger. Attempt will succeed at the end of neutralization.
    Though there is'nt any information about the virus at Kasperskys "viruslist.com"

    I hope this will help people to successfully remove the annoying virus. Certainly worked for me!
    Happy I'Ming!
    Saturday, November 17, 2007 3:39 AM
  • Use Microsofts Live Care Scanner.. I almost pullmed my hair outta my head.. I couldnt do it until someone posted this link.. Trust me it work..nothing else worked for me. Run the protection scan: http://onecare.live.com/site/en-us/center/howsafe.htm


    Good Luck.

    CoronaBoy
    Saturday, November 17, 2007 3:47 AM
  • When I tried that I wasted over like 3 hours and after that still unchanged.
    Saturday, November 17, 2007 3:50 AM
  • I have mcafee antivirus /firewall installed i ran that and it found something and deleted that. then i also ran some spyware and it removed it. it worked for awhile and then i got the message again through IM. So what should i do? uninstall mcafee and run kaspersky and other spyware. help.

    The messages that im getting are different now, its about some picture

    Tuesday, November 20, 2007 7:13 PM
  • Ugh i hate this virus it seems like whatever i do it seem to always be there now i opened the .rar file thinking they were pictures and then my computer got a virus now whenever i turn it on it goes to the Windows XP loading screen then it restarts and restarts over and over again well i gave up on that computer and decided to use my laptop well i installed Messenger and TODAY i got a copy of the virus AGAIN. I dodnt open it this time and then the person whom i was talking to said that i also sent her viruses through Messenger Even when i have a completly new laptop (the first infected machine was a Desktop) It seems to follow your account and not your computer or something.

    ***** Says:
    Hey wanna see pics of my vacation?

    Eddie says:
    No GO AWAY

    ***** says:
    (the file was attached here)

    Eddie says:
    You too?!

    ***** Says:
    Hey you send me these also its not my fault they send by themselves
    Wednesday, November 28, 2007 4:05 AM
  • Hi, maybe you should try downloading AntiVir, which is a free personal antivirum with on access scanner. U can get it frm this link http://www.free-av.com/

    It works for me!!
    Thursday, November 29, 2007 3:09 PM
  • Sorry, just saw your reply - I hope you where able to sort things out. I cannot say for sure if my fix would work for that virus or not, as I've not encountered that variant - if indeed it's the same virus, or perhaps it is another one altogether. My fix only works on a virus which hooks into the OS as I described, and the only one I've directly seen do that is the one that sends a link, not a .zip.
    Thursday, December 06, 2007 8:20 PM
  • Okay do you guys notice that after you clean the virus or whatever it was, do you notice your computer slow and freezing? Any ideas?

     

    Friday, December 07, 2007 2:32 AM
  • Go to mycomputer and change your system restore settings. Turn off your system restore this stops the virus backing itself up. then run SpyBot its free to download and delete the virus then trun your system restore back on.
    Sunday, December 16, 2007 8:55 PM
  • i have the same problem for about a week now contacted winows this was there ans

    computer viruses can be passed between computers through e-mail messages, on floppy disks, and through messaging programs like Windows Live Messenger.  Many computer viruses exist in .exe files that you can download to your computer via a file link in your Windows Live Messenger conversation window.  If someone sends you a file through Windows Live Messenger, you are prompted to determine whether you want to download the file.  A computer virus is released only if you double-click the file link or download the file.  Many viruses are designed to be sent through contacts in your contact list. Before you open an attachment, always ask your contact whether he or she sent you the file. If your contact denies that he or she sent you the file, do not accept the file or click it.  Delete the file immediately. 

     

    The Win32/Pushbot.T is a worm that spreads via Windows Live Messenger.  For more information about preventing this worm and to recover from this malicious software see the following web site: http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369118

     

    Monday, December 31, 2007 1:29 PM
  •  

    man, i have the same virus, but i cant get rid of it and now WLM doesent open , the virus has competely screwed my computer
    Friday, January 11, 2008 7:09 AM
  • Recieved a suspicious file-send today from a friend (who I've since found out didn't send it to me).

     

    The file is called picture_578_JPeG.zip

     

    I suspect it's related to the issue here - it's far too suspicious to be a "nothing" so am reporting it here.

     

    He says that several of his contacts have asked what the file is that he's sending, but he doesn't know whether any of them opened it, or were he might have picked a virus up from.

     

    I recommended that he message all his contacts telling them not to open it if it comes through. Beyone that - any recommendations? How do we ensure that his sytem is clean?

     

    Feel free to contact me off-forum - you MS guys should be able to get my email address from this post right?

     

    Thanks

     

     

    George

    Wednesday, January 23, 2008 8:08 PM
  • My computer hasnt been the same since then, It locks up and freezes up, I cant even use it. Im going to wipe it and reinstall windows. It sucks.

    Thursday, January 24, 2008 12:42 AM
  • i got the same virus

    i ran my email scanner because it was sending out emails to remote email accounts and different ip addresses so i assumed it was a keylogger

     

    i used the log file to find out what program was causing it and it was named yhmkhercc.exe i searched for it and found it as a exe file and as a prefetch file so i deleted both

     

    then i restarted the computer and now its fine

     

    see if that fixs it

    Wednesday, January 30, 2008 2:27 AM
  • Well, in 4 days, I've known 5 friends to get infected with this peice of ***.

     

    So far, I've run NAV, AVG, SpyBot, and AdAware.  They all seem to find and remove certain aspects of this problem.  It's not just localized to WLM.  I actually had to uninstall WLM, run all of my scans, then reinstall.  That cleared the WLM problem, but the popups and slow web connection are still there.

     

    I'm running OneCare right now, to see if it'll fix the remainder of my problems.  The URL redirector is the most annoying.  It seems to be 3-4 different threats packaged into one.  Smitfraud is one of them.  Probably the reason it's packaged in a .com format.

     

    If I have any luck getting my system completely clean, I'll let you know.

    Wednesday, February 06, 2008 9:34 PM
  • All,

     

    So what's the verdict on this?  Is there a solution for this or not?

     

    Thanks -Nipster

    Thursday, February 07, 2008 4:06 AM
  • Doesn't look like any of the Microsoft guys have jumped in with any bright ideas.

     

    My friend couldn't shake it in the end - he tried a couple of things and a couple of different AV packages but last week decided to do a system rebuild using the manufacturers disk and started his PC from scratch.

     

    So yeah. No massive help from me I'm afraid - sorry!

     

    G

    Thursday, February 07, 2008 11:27 PM
  •  

    I am new at this but was reading and it seems like an old virus or trojan is making the rounds again now in 2008.  We are getting: 

    (Emily...cleanin says:

    Hey it's really looks like you ? Smile http://msnpic.ms.funpic.de/viewimage.php?=    )

     

    then my email address shows after the "=" sign.  I clicked on it thinking she sent me pics.  Everything froze, I rebooted and a window came up asking if I wanted to run wkssvc.exe  I clicked no and started doing research.  Info I found says that's a trojan which allows others access to my computer.  I'm not sure if it came in the message, but it's never popped up before. I did scans and there were a couple things.. cleaned them out, but I'm still getting messages from people with the same message.  It seems to go through their contact list forwarding it in the message box with the same message attached to individual email addresses.

     

    If there is any other info on this I'd appreciate reading about it.

    Saturday, February 09, 2008 5:47 PM
  • sorry I haven't read all these but a friend once told me to add a fake email address to my contact list using all zeros as the name in the address.  Something about a virus not recognizing it or whatever.  I don't even know if it works, but might be worth a try.  The other thing is, if it's an "infostealer" couldn't the virus resend itself using your address?
    Saturday, February 09, 2008 5:56 PM
  • I've had a friend who got infected today, So I Downloaded the .... ".com" file and infected myself, since I have a modified version of WLM so it didn't do much on my end, so I investigated it, I used Virustotal.com lol, which uses engines of a wide variety of virus scanners, and did alittle more digging, within the process list there was a new file, It pointed to "C:/Windows/wkssvc.exe", upon scanning it with my AV, it came up "Generic.Sdbot" aka PUA.Packed.Themida which my other AV picked up, this process originated from the file that the virus downloaded, form the *.de site.

     

    So, I assume all you have to do to get rid of it is kill the process "wkssvc.exe" and delete "C:/Windows/wkssvc.exe"

    and you should be fine, if it the same version and has not metamorphisized.

     

    ~Alex

    Saturday, February 09, 2008 8:33 PM
  • Here is how a friend fixed it.


      run  this  program
    http://onecare.live.com/site/en-us/center/howsafe.htm

    then  it left some files that couldn't be reparied or deleted

    then I shut everything off   searched running processes for that file and deleted it

    then went to systems 32 and deleted it there and tossed it out of teh trash can too
    Tuesday, February 19, 2008 7:03 PM
  •  

    so today i was stupid and opened a file that a friend sent me saying it was a pic of me so i clicked it to see what it was now everytime i sign into msn its sending a thing to all my contacts i have tryed everything to remove it can anyone help?

     

    Tuesday, February 19, 2008 11:20 PM
  • I got a message from a friend the other day about a picture that she had supposably found, my virus scan checks everything before I open it but becuase this viruse is new enough it's not picking it up.  I spent many hours last night reading forums about it and running scans from anti-virus, adware, spybot and nothing was catching all of it.  I came upon this website below and downloaded the virus scan from there.  With in the first few minutes of scanning it had found a virus.  I'm greatful to catch it before it crashes my computer but it has already started doing funny things and it's really slowed my computer down and I've only had it for a few days.

     

    http://onecare.live.com/site/en-us/center/howsafe.htm

     

    GOOD LUCK!

    Wednesday, February 20, 2008 2:37 PM
  •  

    try downloading a programme called ccleaner from here: http://www.ccleaner.com/

    run it then download spybot search and destory form here http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html again run it, restart the computer and the virus should be gone just to ensure run ccleaner again. hope this helps, worked for me and my friends

    Tuesday, February 26, 2008 7:56 PM
  •  hashleym wrote:

    I got a message from a friend the other day about a picture that she had supposably found, my virus scan checks everything before I open it but becuase this viruse is new enough it's not picking it up.  I spent many hours last night reading forums about it and running scans from anti-virus, adware, spybot and nothing was catching all of it.  I came upon this website below and downloaded the virus scan from there.  With in the first few minutes of scanning it had found a virus.  I'm greatful to catch it before it crashes my computer but it has already started doing funny things and it's really slowed my computer down and I've only had it for a few days.

     

    http://onecare.live.com/site/en-us/center/howsafe.htm

     

    GOOD LUCK!



    Trust me. This worked for me! I'm so happy. I was trying for over a month to get rid of this thing. OneCare is the BOSS!! My computer hadnt started doing anything funny, jus sending out that annoying msg to my MSN contacts, and now they've stopped.
    Wednesday, March 05, 2008 8:44 PM
  •  

    Hey I just got hit with what I think is a new strain of this virus....hadn't heard of anything coming through IM before so wasn't careful enough....got a message from a friend saying, and I quote, "Hey, this looks alot like you   Http:/msnimages.987mb.com/viewime.ph?=(my email address) .  Now, being the smart guy that I am, I opened the link and was immediately hit with the virus.  It hasn't done a whole lot to my computer yet as I just got it a few hours ago, but my McAfee isn't picking it up, and it is spamming my friends with the same message.  Any help guys?
    Thursday, March 13, 2008 8:52 AM
  • hi i did all virus scans susggested to no avail but i did a system restore of 5 days and so far its worked xxxxx

    Monday, March 24, 2008 6:00 PM
  • Hey Derrick: I've got the same problem. It started yesterday afternoon and, as you, I tried opening the "pic" because it came from an old friend of mine who's overseas and whom I know has pictures of me with his family. Anyhow, What I've done for the time being is eliminated my Messenger and have asked for help from my virus detector support team. As soon as I get an answer I'll post it on this site. Hopefully this will help.

    Thursday, March 27, 2008 3:06 PM
  • TO ALL THOSE WHO HAVE THIS PROBLEM

     

    Read all this before doing anything - i know its a bit messy but if u can use a computer then u should be able to understand what i have to say Smile

     

    firstly dont click on the link Smile

     

    if u have thats no biggy

     

    download and install Nod32 Antivirus 2.7 Trial from http://www.nod32.com.au/download/trial.html (if u like it - dont crack it - BUY IT)

    this has been rated#1 antivirus for 7 years by PC USER and i stand by it Smile

     

    after install reboot and then go through all of the settings..... basically u want everything switched on except for "show all files" and " convert all email to txt" ( there are some drop dopwn menus and alot of tick boxes..... basically u want everything switched on Smile )

     

    make sure u have the latest update file. Then make sure u have the latest update file. Seriously it wont work otherwise

     

    reboot into SAFE MODE (just in case)

     

    exit messenger

     

    press ctrl-alt-del and go through the processes and kill anything that even looks like messenger (msn, live, whatever)

     

    browse through "computer" (or "my computer" fo those not using vista) c:\

     

    right click program files - click nod32 antiirus system. THIS WILL START A SCAN.    YOU NEED TO PRESS STOP!!!! go through the setup and tick everything except list all files and then go through the actions tab and set it to clean and if it cant clean then delete Smile (if this isnt there in the right click menu then u need to reboot or u didnt tick the "enable context menu" tickbox during setup .... thats your bad)

     

    if the scan should find the virus running in memory, then messenger is still running and u havnt killed it.

     

    Nod32 should find and delete the file that is infected and any others u might have Smile the infected file should be in program files\live messenger or \msn or \messenger or whatever... thats why i suggest scanning the program files directory.

     

    this worked for me and about 20 of my friends and about 30 of my customers

     

    and if you want run spybot 1.5.2 http://www.safer-networking.org/en/download/index.html over it (with the latest update file) to remove any excess spyware that u might have picked up

     

    good luck and if anyone finds an easier way of gettin rid of it safetly let me know Smile

     

     

     

     

    Tuesday, April 01, 2008 6:34 AM
  • Hey, Yesterday I received a link from one of my friend in my friends list while he was offline and the link was saying something like http://<Friend'sfirstname>.<LastName>.localpics.com when I clicked on that it took me to some weird page and was asking me to sign in for some gifts website.  I closed that window but since then it is randomly sending that link to my IM buddies with and address of my <first name>.<last name>.localpics.com .  Please suggest a remedy for it.

     

    Thanks,

    Avnish 

     

    Friday, April 04, 2008 4:22 PM
  •  Live user wrote:

    Hey, Yesterday I received a link from one of my friend in my friends list while he was offline and the link was saying something like http://<Friend'sfirstname>.<LastName>.localpics.com when I clicked on that it took me to some weird page and was asking me to sign in for some gifts website.  I closed that window but since then it is randomly sending that link to my IM buddies with and address of my <first name>.<last name>.localpics.com .  Please suggest a remedy for it.

     

    Thanks,

    Avnish 

     



    why not you change your password and monitor it for few days? please let me know if it works or not. thanks.
    Friday, April 18, 2008 5:48 AM
  • Get NOD32
    If you like it buy it dont crack it NOD32 will fix all your problems

    Friday, May 02, 2008 10:52 AM
  • I'm not sure but the virus or whatever I have seems to be the same as what everyone here is talking about but mines a little "different".  I think I  got the virus from one of my friends that I haven't talked to in years. and it started off with her sending me a message that was in some different language that I'm pretty sure she doesn't speak (from what I know). Then every 5, 10, or sometimes 20 minutes (it really depended sometimes) it sent me those messages in that weird language and really got annoying 2 me at first. so i ended up blocking her because I thought she mabey thought I spoke that langauge or something and it REALLY was annoying me. then later on after that all my friends kept on telling me how I was sending them these weird messages in that weird language again and i was just like WHAT!?!? (later on it also started showing that i had sent whoever was on at the time a link for some picture that i never sent) So then I looked at the history of what I sent and it had those different language messages again and it keeps sending it to them even when I'm offline. So i decided to take msn messenger off my computer and run these virus scans (the virus scans don't seem to pick up anything) but people keep telling me it still sends those messages.

    that's pretty much my situation and i'm in need of lots of help. It's really been annoying me like crazy and would appreciate if anyone knew what i should do about my msn messenger. I've also looked everywhere about this virus and i can't find any information on it.

    thanks! (and hopefully this made some sense.)

    ~ricekakeluver

    the photo might be called foto-09. i'm not sure because I just found it on my computer under like received files. and an example of one of those weird messages said something like this:
    "jajaja esto esta buenisimo, hay que ser bien pendejo para hacer eso"
    my friend sent a pic. of one of the weird messages she said I "supposedly" sent her.

    oh yeah i think the virus has been affecting my internet to. "possibly." i'm not really sure..... but my internet started working and then sometimes didn't work at all. (and it kept on going online then offline for a couple of weeks but is currently fine now. although the mouse does freeze up sometimes. which i then just press control+alt+delete and the mouse starts moving) i'm not sure if it's just my internet being lame or is it because of the virus I got.

    (dang i wrote a lot. well i hope someone helps me find out the problem because my parents don't seem to really care and if i tell them i have a virus they'll probaly kill me. so i was hoping someone could help solve this problem) Stick out tongue
    Wednesday, June 11, 2008 7:25 AM
  • It is a new version of some malware doing it's rounds [], so far not even all big AV companies detects it .

    I am not completely sure but I've read that some similar types steals your MSN password, hence it can send constantly.

    So reinstalling MSNM and changing pwd might work... (good idea to change pwd online using a non-infected computer).
    Thursday, June 12, 2008 7:07 PM
  • This is what I would do and reccomend others to do if I had this problem.

     

     

    1.       Firstly – Turn off your System Restore and Back up your most critically important documents to your USB drive. Turning off the System Restore makes yourself a little bit vulnerable to a rare crash, but it removes the one place that viruses and Trojans can hide. Trojans hiding in your system restore can never be removed by even the best antivirus programs as this part of disk is hidden from the operating system itself. To turn off System Restore, right click My Computer and select Properties. There will be a tab which has the functions for System Restore\System Protection – just un-tick the box to turn it off. You may get a message about restarting your computer.

    2.       Second – Since MSN is the problem application and some of the files it uses has been possibly replaced by malware...this program should be uninstalled for a virus removal scan to be fully successful. The scan can have problems removing files which are still in use by the system. Uninstall MSN Live Messenger through Control PanelàAdd\Remove Programs. Be sure to remove all versions of Messenger on your computer if you see any others. At the end, reboot your computer to reset any open files. Remember to record what your Windows Live ID and Password is for future reference.

    3.       Third – Update your computer and run your current virus scanners; you should update your virus scanner too. Get rid of anything they find, go for the Delete option where possible

     

    If you don’t like your virus scanner, try the online one below.

     

    Below is Microsoft’s version of an online Virus scanner/remover. It’s been working okay since it’s now directly in their interests to stop the *** which plagues their systems and applications...especially with Advertisements on MSN, they lose advertising revenue every time someone stops using MSN....so power to MS for making this public and free, its a win-win situation.

     

    http://onecare.live.com/site/en-us/center/howsafe.htm

     

    ***If for any reason some of the “found” files cannot be deleted – record what they are – this is important! Reboot your computer into Safe Mode (Keep pressing F8 as your reboot your computer) and search and delete those files. Empty them from the recycle bin too. Get rid of them all – this is the virus!

     

    4.     Fourth – When your virus scans come up clear its time to delete any suspicious registry entries. Click on Start->Run and type regedit and hit enter. This will open Registry Editor, it’s just kinda like Windows Explorer. Browse to Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and delete anything in there that looks suss (I sometimes just delete it all). This is a list of the processes on your computer that automatically run when you log on...a common place for virus autostart entries. Also do the same for Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run . Delete all suspicious items that you don’t want to automatically start up. Reboot your computer afterwards. You may notice that it starts up a bit faster than before.

    5.     Fifth – Log on to Microsoft Passport.net (https://accountservices.passport.net/ppnetworkhome.srf?vv=550&lc=3081 ) and change your Windows Live password. Pick a easy to remember good password like a non-dictionary word combined with a number.

    6.     Sixth – Download a fresh copy of Windows Live Messenger

    7.     Seventh - Install Windows Live Messenger....but when you are installing !CHANGE the default install location! Just change the name, like I think it says Windows Live...just change it to MSN Live....just change it from what its original name is. What this does is if there is a hidden registry backdoors which were unable to be detected by the virus scan (because it’s not a virus), it will make the registry backdoor obsolete and unusable because you changed the default name to something else, so now the backdoor doesn’t apply to your new installation of MSN

    8.     Eighth – Log in and hopefully the problem is gone! What will most likely happen is that once you log on, the attacker will try to send you the virus again through the backdoor that the virus put on your computer. But since we closed off the backdoor by changing the name and getting rid of the Trojan, his attempt should fail.

     

    Hope this helps people with a bit more specific info for the noobs.

    Tuesday, July 22, 2008 7:29 AM
  • I just got that same file too. I declined it, but i was wondering what kind of virus it was.

    Wednesday, August 13, 2008 3:45 AM
  • My neighbour had the Windows Live Messenger worm as well.  She used the Windows Live Onecare scanner, and the problem is now fixed.  It said it could not delete one file (c:\windows\image.zip) that was a problem file, so I deleted it for her.  It also said that 4 files could not be cleaned or deleted.  The were in ...\_restore\..., which meant they were system restore points, so we just ignored this.

     

    The scanner is at http://onecare.live.com/site/en-ca/center/howsafe.htm, and information about the worm is at http://www.microsoft.com/security/portal/Entry.aspx?ThreatId=-2147369118.

    Saturday, September 13, 2008 9:10 PM
  • Its not hard to remove....just run MSCONFIG look for anything sus..untick it and its gone......
    Good Night (dont forget to restart)
    Friday, October 17, 2008 9:17 PM
  • I've had a similar problem, except the message being sent is about asking to upload a picture to Facebook. I can't see the message being sent to all my contacts, I have to have them copy and paste it to me. It also seems that the file being sent changes each time it's sent to a contact... Here's what they're being sent:

    Beauty Comes With Dark Thoughts says:
    it alright if i upload this picture of us to facebook?
    josiah says (9:54 PM):
    You have successfully received C:\Users\owner\Documents\My Received Files\img04_w9-JPG.zip from izzy.
    Beauty Comes With Dark Thoughts says:
    it alright if i upload this picture of us to facebook?
    Beauty Comes With Dark Thoughts sends:
     
        Open(Alt+P)
     
      You have successfully received C:\Documents and Settings\Xan\My Documents\My Received Files\img83-b1-jpeg.zip from Beauty Comes With Dark Thoughts.

    I've deleted Windows Live Messenger off the computer.
    Can someone help?
    Saturday, November 01, 2008 9:20 AM
  • try changing your hotmail account login password. this eventually works for me.
    But no harm giving a try.
    Thursday, April 09, 2009 7:49 AM
  • hey i keep getting a similar virus sent but its not a picture. its like a link to a site that is suposed to have a page of a contact, but when i clicked on it once, it started sending a similar thing around to everyone on my contact list. also its not the same site everytime.
    Thursday, June 11, 2009 10:00 PM
  • I have only just had the same problem and decided to look into it which is how ive ended up here. It was called 'checkoutthisfunnypic.rar' i knew there was a little something going off with it being a '.rar' file but still - i opened it and 60 command prompt windows came up one after the other from now on my computer is being extremely slow.
    Monday, August 31, 2009 6:06 PM
  • aha, my brother has done that and hes blaming it on me but i read his convo and this boy sent it him and he accepted, stupid boy :L i know how to get rid of it because i am god! all you need to do is go back in time to the date where you didnt have it. eg - if you got given it yesterday go baclk yesterday ande the time before you got it :) love you all ROCKON! <3
    Friday, August 13, 2010 10:36 AM
  • Its easy just change your password . I did it 3 times in the last week.  I am  not getting virus mails neither my contacts.  what happed was that somw how your password was stolen when you open those zip mails , once they got your password your account was used to send infected mails and  by changing your password they can not get into your account again!! just easy like that!! please tell all your friends about this solution.

    • Proposed as answer by latinanthony Tuesday, September 21, 2010 4:19 AM
    Tuesday, September 21, 2010 4:09 AM
  • Its easy just change your password . I did it 3 times in the last week.  I am  not getting virus mails neither my contacts.  what happed was that somw how your password was stolen when you open those zip mails , once they got your password your account was used to send infected mails and  by changing your password they can not get into your account again!! just easy like that!! please tell all your friends about this solution.
    Tuesday, September 21, 2010 4:21 AM
  • this is the steps:

    1st: run any antivirus to clean the PC.

    2nd: download "MSN Virus Remover" or "Instant messenger cleaner" just type those name on google, and download. (make sure to have at list Framework 2.0 on your pc).

    3rd: turn off the system restore and turn back on.

    Thats it...

    Goog luck guys

    www.willstech1.com

    Wednesday, November 17, 2010 10:02 PM
  • If you are using Windows 7, click the Start icon on your taskbar. Then in the Search field type "System Restore". Click on "System Restore" under programs. If you installed or uninstalled a program before you got the virus (e.g. iTunes), there would usually be a restore point there. In Vista you can do the same. In Windows XP, click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. If you don't have a restore point, I recommend downloading the F-Secure Rescue CD and either burning it to a CD or using a USB drive which will boot up and do a thorough scan of your PC. If it finds any malicious code, it will make it harmless and then you can try and do another scan with your anti-virus software. To download the F-Secure rescue ISO file, go to http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/ and put it on a USB flash drive or CD then boot up (if it doesn't boot up then look in your PC/ laptop manual or online for BIOS instructions. 

     

    Good luck!

    ~Max

    Saturday, April 23, 2011 12:21 PM
  • Make sure you remove the link so nobody clicks on it!
    Saturday, April 23, 2011 12:23 PM