msn virus - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

msn virus

hayton2k3 Avatar
banned9y, 4w agoPosted 9 years, 4 weeks ago
anyone know how to get rid of a msn virus which sends automatically through all your contacts?
i have had this virus for approx 2 weeks and it sends when my GF is online but not when im online with the same computer

it sends a zip file called IMAGE20.ZIP inside has a ms dos shell and when it sends it words come up like HAVE YOU SEEN MY NEW PICTURES BEFORE I PUT THEM ON MY SPACE
DO YOU LIKE MY NEW HAIR COLOUR

also when it sends to people you cannot use msn so have to log off
i have been searching for a while for msn viruses and theres some help but none for the one i have

no virus scanner picks it up i have avg norton and spy eraser which has not found it and its not running in task manager as far as i am aware
Other Links From MSN:
hayton2k3 Avatar
banned9y, 4w agoPosted 9 years, 4 weeks ago
Options

All Comments

(17) Jump to unreadPost a comment
Comments/page:
#1
Have you tried going to >start >search >all files & folders >IMAGE20.ZIP? To see if it can locate the file on your pc? Then you just need to delete it :)
banned#2
sadiebabes
Have you tried going to >start >search >all files & folders >IMAGE20.ZIP? To see if it can locate the file on your pc? Then you just need to delete it :)

done that the shell has been opened and problies changed name so could be called anything now
#3
See, this is why I don't let other people use my computer. It seems fairly sensible to me that if someone sends me an IM with wording that is totally out of character and wants to send me a file, it's not to be opened. With other people, that sensibility seems strangely absent. It's odd. Am I weird for not happily clicking every popup I see and opening every file that gets randomly sent to me by MSN the very second I or the sender log in with absolutely no introduction from the sender? Maybe I am.

But no matter. A person on a forum who says he is good with computers advises this, and who am I to argue?

http://www.gaiaonline.com/forum/computers-technology/help-i-think-my-msn-messenger-has-been-hacked/t.32052765/

well i'm not a guinus but theres just a glitch every computer has one and ur computer must have that for a glitch. lik i said i' not a guinius but i am good with computers so yes just a normal everyday glitch it'll b normal soon i guess



Alternatively, try the standard fare of, under Safe Mode, run a fully updated virus scanner, Spybot S&D, clearing out your Startup list (start > run > msconfig), uninstall MSN Messenger, delete the Messenger folder from 'C:\program files', run CCleaner, reinstall MSN, and try not to be so gullible in future. If that does not work, it's probably a safe bet that it's running as a process. What processes do you actually have running in Task Manager?
#4
Maybe uninstall msn and reinstall it then?
#5
There seems to be some info on how to remove it on page 2 of this but I'm no expert

http://www.cisrt.org/enblog/read.php?184&guid=1
#6
After a quick Google search: http://www.cisrt.org/enblog/read.php?184&guid=1 sound familiar? Follow the instructions given in the "details" links to remove the worm.

Hope that helps.
#7
barneydog
There seems to be some info on how to remove it on page 2 of this but I'm no expert

http://www.cisrt.org/enblog/read.php?184&guid=1

Beat me too it :thumbsup:
banned#8
megalomaniac
After a quick Google search: http://www.cisrt.org/enblog/read.php?184&guid=1 sound familiar? Follow the instructions given in the "details" links to remove the worm.

Hope that helps.

i found it on that site it was the bottom one,i ended the process but now i need to delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
from the registry any ideas on that?as its not actually in the registry when i have checked
#9
Proximo
lol I love it when all the chavs and idiots who use msn get stuff like this and whine about it or get that message

"find out who has blocked you with __________"


I just wish it was only the idiots that got affected. Instead, it's you, me, and the whole internet when these tards install whatever to turn their system into another zombie on a botnet to be used to do another DDoS attack, or a spam relay, or they have their logins swiped from Firefox and their bank accounts emptied, costing me another 0.0001% of my interest rate, filling my inbox with yet more spam, and downing websites that I use.

Sigh.
#10
Go to Start > run > type "regedit" and hit enter. Then navigate on the left hand side to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run (just like you would in Windows Explorer), click the right mouse button on the appropriate key and hit delete, just make sure you get the correct one, you can seriously ****** up your machine in regedit if you delete the wrong thing!!!

If you still can't find it hit crtl+f to do a search and type the name of the key, again make sure you get the right one before deleting.

hth :thumbsup:

EDIT: also you may need to look in your g/f's registry settings as some are per user, HKEY_LOCAL_MACHINE are machine wide settings, HKEY_CURRENT_USER are specific for the user currently logged in etc. see here for more detail: http://en.wikipedia.org/wiki/Windows_Registry
#11
This specialist forum may be of use - so easy to damage your computer if you don't address these issues methodically...

http://www.vista-xp.co.uk/forums/
banned#12
i have disabled it fully but cant find the files i need to delete

this is the files i need to delete even search wont find them
%temp%\image20.zip
%system%\abgsvc.exe
banned#13
dxx
I just wish it was only the idiots that got affected. Instead, it's you, me, and the whole internet when these tards install whatever to turn their system into another zombie on a botnet to be used to do another DDoS attack, or a spam relay, or they have their logins swiped from Firefox and their bank accounts emptied, costing me another 0.0001% of my interest rate, filling my inbox with yet more spam, and downing websites that I use.

Sigh.


nah uh!

It only affects people who go to these silly sites that claim things like they can tell you who has blocked you, or if you download the spyware, or enter your details onto a phishing site, a cautious person should have nothing to worry about, I certainly have never been effected by this.
#14
hayton2k3
i have disabled it fully but cant find the files i need to delete

this is the files i need to delete even search wont find them
%temp%\image20.zip
%system%\abgsvc.exe


Go to Start > run > type cmd and hit enter.

In the command prompt that opens type dir %temp% and hit enter, this will list the location and contents of the %temp% directory. Repeat for dir %system% and see if you can see the offending files in the list.

You may need to use dir /ah %temp% and dir /ah %system% to show hidden files in those directories.

If you can't see the files in the lists then repeat when logged in as your g/f, as again there may be per user settings at work here.

Once found and their location confirmed, to delete the files type: del "c:\path\filename.filetype" (in your case probably del %temp%\IMAGE20.ZIP and del %system%\abgsvc.exe)

EDIT: %temp% and %system% are system variables pointing to directories, they are like shortcuts in a manner of speaking and can be used in place of typing out the full directory path.
#15
Proximo
nah uh!

It only affects people who go to these silly sites that claim things like they can tell you who has blocked you, or if you download the spyware, or enter your details onto a phishing site, a cautious person should have nothing to worry about, I certainly have never been effected by this.


When the time comes for your infestation I hope that you will post again on this site. No-one is immune from these attacks and those who use the internet least are often the most vulnerable.
#16
Download a program called HiJack This!

http://www.spywareinfo.com/~merijn/programs.php

Run the program and either post the report here (I know their are a few guys here who can help) or even better post it on a specialist site where there are dozens of people who can help.

try:

http://spywarewarrior.com/index.php

or

http://forums.spywareinfo.com/index.php?act=idx
#17
Proximo
nah uh!

It only affects people who go to these silly sites that claim things like they can tell you who has blocked you, or if you download the spyware, or enter your details onto a phishing site, a cautious person should have nothing to worry about, I certainly have never been effected by this.


Agree

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!