Virus being transmitted through MSN messinger

Discussion in 'Off-Topic Chat' started by WoodenFlugel, Mar 6, 2005.

  1. WoodenFlugel

    WoodenFlugel Moderator Staff Member

    OK folks a heads-up - I got this sent to me through on of my msn messinger contacts...

    The message seems to be always the same...

    [Whoever] says:
    omg this is funny!

    Whatever you do DON'T CLICK IT!!!! It appears to be a virus which then very kindly opens up the contacts in your contact list and sends the same message through to them.

    Very clever. And nasty.
    Last edited: Mar 6, 2005
  2. HBB

    HBB Active Member

    perhaps you should remove the link from the message just incase someone clicks it?

    (i.e. make the link inactive)
  3. WoodenFlugel

    WoodenFlugel Moderator Staff Member

    Oooops.....thanks for warning me Ben - sorted. :oops:
  4. Lisa

    Lisa Member

    Do you know what it actually does apart from sending the message to everyone on your messenger list?
    It seems to be spreading fast coz I keep getting that message from lots of people on my messenger list!!
  5. sevenhelz

    sevenhelz Active Member

    it doesn't seem to do anything else, according to several of my friends... of course if your computer starts slowing down it might be worth rebooting and/or viruschecking.

    and the ultimate solution? use gaim instead.
  6. WoodenFlugel

    WoodenFlugel Moderator Staff Member

    My virus checker (AVG) picked up a virus last night when I got the message. I don't know what virus it was - I just told it to sort it out as I was in the middle of doing something and keen to regain control of my PC!

    Overnight I did a full system scan and that was clear of any viruses so it seems to be OK now. But the best thing is not to open the link in the first place. Hence me posting it up here as a warning.
  7. WhatSharp?

    WhatSharp? Active Member

    Oh it does do something, it infects your system with popups and spyware :mad: as I found out to my cost when poor Mrs WhatSharp? clicked on what seemed to be an inoccuous message from a friend :mad: after removing the spyware my machine is now totally shagged and refuses to run XP. All this the night before I have to go away for a couple of days working :ranting2: Now it looks like I have the long arduous job of recovering email and re-installing XP.
  8. NeilW

    NeilW Member

    [edit] Now I know more about this beastie :)

    I opted for going and asking an expert in the " Virus Lab" on the other side of the building... They've been looking at it yesterday and today and he said "oh yes!"

    It appears to be one of the w32/kelvir family. See:
    (there may well be others too sooner or later) Click on the appropriate tab...

    It looks most like w32/Kelvir-B from the wording of the message.

    However, the site referenced is now "down", we're presuming the ISP have closed it...

    Disinfection instructions are here:
    (You can probably use "other" AV programs to clear the mess up in a similar way, but check that the signatures are up-to-date enough to be able to detect this particular malware)

    (You shouldn't have to rinstall XP to clear up a trojan, whatsharp (or put it this way, I've never heard of one that requires it!) - however, it sounds like something has trashed something that needs to be recovered (will it boot in Safe Mode?) possibly from the recovery console....)

    Actually, probably the best advice to all is update your antivirus descriptions before going on MSN next - most of the major vendors should be detecting it by now.

    Last edited: Mar 7, 2005
  9. dyl

    dyl Active Member

    Thanks for that Neil. Didn't quite catch the end of your message though. What was it you said again? Oh yes:

  10. Craigsav83

    Craigsav83 Active Member

    Can anyone recommend a virus scan? oh and something that will get rid of popups/spyware - every time i log into my e-mail it comes up with a random search engine thinngie. Its driving me barmy at the moment. :mad::ranting2: :evil:
  11. sparkling_quavers

    sparkling_quavers Active Member

    use firefox with the ad-block extension
  12. HBB

    HBB Active Member

    Just a note, if you clicked it and didn't save it to disk or open it you'll still be infected. Run a virus checker immediately!
  13. dyl

    dyl Active Member

    Not much use if you've already been infected, which it sounds like Craig has.

    I use Spybot Search & Destroy and Ad-Aware (as well as my anti virus of course).
  14. WoodenFlugel

    WoodenFlugel Moderator Staff Member

    Yup Spybot and Ad-Aware are both great for getting rid of that nasty spyware - and free too. If your after a decent virus checker and your too tight to buy one, like me try AVG Anti-Virus which is also free.

    Your friends are wrong, frankly...although my AV software detected it and seemedto fix the problem I've just done another system scan with the update that downloaded today and it found another virus and running Ad-Aware found numerous spyware nasties too. Not a good thing to have floating about.

    It's already been said but once more won't hurt:

    Before using msn messinger (or anything similar I guess) make sure your Anti-Virus software is the very latest revision.
  15. yonhee

    yonhee Active Member

    aaaaaaaaaaargh i saved it but ive deleted it but i closed the pop up thing that said if your computer is slowing down thing cos i didnt read it properly aaaaaargh my bros gonna kill me argh. Damn virus grrrrrrrr. what am I meant to do? Oh *reads thread* ok.
  16. HBB

    HBB Active Member

    Another strain I think:

    haha look at us
    http: //
    Last edited by a moderator: Mar 7, 2005
  17. WoodenFlugel

    WoodenFlugel Moderator Staff Member

    Hey Ben - how about removing the hyperlink on that text.....;) :p

    EDIT: Too late I've done it for you...
    Last edited: Mar 7, 2005
  18. yonhee

    yonhee Active Member

    Your are joking I clicked on it! AAAAAAAAAARRRRRRRGGGGGGGHHHHHHHHH!!!!!!!!
    I didnt save it and it wouldnt open but I dunno.
  19. HBB

    HBB Active Member

    I didn't know how to remove it so I actually reset the link so instead of opening the virus it went to, but thanks for removing it ;)
  20. NeilW

    NeilW Member

    Thanks Ben,

    I've just grabbed the download and have forewarded it to the office for their verdict, but it looks like this could be the first shots of a new spate of variations. It is indeed "not yet detected" on my machine, anyway - which IS up to date.

    Analysing them is what they are paid for - I expect that its signature detection will appear in the next few hours from most of the AV vendors.... :)