This virus infects a user computer, and auto-send it to other computers through MSN messenger. I heard that there are a few kinds of similar trojan attack my friends' computer. The trojan which infects my computer save its file as .zip files in C:\WINDOWS Anyone can help??? Thanks!
If you know more about this virus, please tell me what does it do to my computer.
Pls: ASAP
2007-09-27 01:15:25 · 7 answers · asked by Anonymous in Computers & Internet ➔ Security
Download and install AVG Free from Grisoft, it blocks all kind of trojan viruses
http://free.grisoft.com/doc/2/
This link will help you remove that virus
http://www.cisrt.org/enblog/read.php?165&part=2
2007-09-27 01:23:25 · answer #1 · answered by medina1107 3 · 1⤊ 1⤋
i merely have been given rid of this virus final nighttime. i attempted each and every thing from cyber defender (does no longer artwork, they are asserting that's loose and it will discover the trojan, however the only thank you to "do away with" it is to purchase their product) malwarebytes, (did no longer artwork stored getting 'errors 404'.) And different ridiculous web content on an identical time as in laptop's secure mode. What I had to do ultimately worked, all you may do is: a million.) Restart your laptop press f 8, as quickly because it starts up, click 'secure mode with networking.' (in case you have XP, you've gotten in certainty an identical factor in case you have domicile windows 7 or vista yet merely in distinctive wording.) 2.) click start up all courses, upload-ons, equipment strategies, equipment fix. Then as quickly as equipment fix is up, it is going to coach a calender. merely p.c.. a date interior the calender that the laptop replaced into working superb and click "fix". Now, in case you have downloaded something after that date, you will would desire to re-set up or re-obtain because it is going back to its previous state. Then as quickly as you have executed an entire equipment fix, run a test to your finished laptop to work out in case your real antivirus application will p.c.. up something. This has been the only factor that has worked for me, desire you success. : ]
2016-10-09 22:10:40 · answer #2 · answered by ? 4 · 0⤊ 0⤋
I don't believe this file is a virus or a trojan because a .zip file is a file created by a compression program and once it's zipped is does nothing until it's unzipped. Don't unzip it.
2007-09-27 01:25:50 · answer #3 · answered by Michael S 7 · 0⤊ 2⤋
This is the new MSN worm.
Read this:
http://www.cisrt.org/enblog/read.php?165&part=2
File name: IMG-XXXX.zip(img0794-www.photoupload.com)
Size: 74,752 bytes
MD5 hash: 5946bfe3c7782acd72642a37b5a6386a
Detection: Backdoor.Win32.IRCBot.ahm (Kaspersky)
Details:
(1) Drops files:
%Windows%\system\explorer.exe
%Windows%\IMG-XXXX.zip (XXXX is random digitals such as IMG-0356.zip, IMG-7755.zip, IMG-7960.zip, IMG-8530.zip)
(2) Adds registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Windows Explorer Key" = "%Windows%\system\explorer.exe"
(3) Modifies the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
"%Windows%\system\explorer.exe" = "%Windows%\system\explorer.exe:*:Enabled:Windows Sharing"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
"WaitToKillServiceTimeout" = "7000"
(4) Sends out "IMG-XXXX.zip" and the following messages:
English version:
Check out my nice photo album. :D
wanna see the pics from my vacation? :>
Nice new photos of me and my friends and stuff and when i was young lol...
lol remember when you used to have your hair like this
My friend took nice photos of me.
you Should see em loL!
hey i'm going to add this picture of us to my weblog
Here are my private pictures for you
http://www.lfpm.org/forum/showthread.php?p=615157
2007-09-27 01:43:08 · answer #4 · answered by Sly_Old_Mole 7 · 1⤊ 0⤋
here's the simplest way to remove it. choose a free antispyware here: http://www.2-spyware.com/compare2.php and run a scan. and then delete everything the scan finds.
2007-09-27 02:11:39 · answer #5 · answered by Anonymous · 0⤊ 0⤋
This is a new variant of MSN Worm that began spreading via MSN Messenger. It sends out the .zip file "IMG-XXXX.zip" (XXXX is random digitals), such as IMG-0356.zip, IMG-7755.zip, IMG-7960.zip, IMG-8530.zip, and such. In the .zip file, it contains a .com file "img0794-www.photoupload.com". Be careful please.
The details about this variant:
File name: IMG-XXXX.zip(img0794-www.photoupload.com)
Size: 74,752 bytes
MD5 hash: 5946bfe3c7782acd72642a37b5a6386a
Detection: Backdoor.Win32.IRCBot.ahm (Kaspersky)
Details:
(1) Drops files:
%Windows%\system\explorer.exe
%Windows%\IMG-XXXX.zip (XXXX is random digitals such as IMG-0356.zip, IMG-7755.zip, IMG-7960.zip, IMG-8530.zip)
(2) Adds registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Windows Explorer Key" = "%Windows%\system\explorer.exe"
(3) Modifies the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
"%Windows%\system\explorer.exe" = "%Windows%\system\explorer.exe:*:Enabled:Windows Sharing"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
"WaitToKillServiceTimeout" = "7000"
(4) Sends out "IMG-XXXX.zip" and the following messages:
English version:
Check out my nice photo album. :D
wanna see the pics from my vacation?
Nice new photos of me and my friends and stuff and when i was young lol...
lol remember when you used to have your hair like this
My friend took nice photos of me.
you Should see em loL!
hey i'm going to add this picture of us to my weblog
Here are my private pictures for you
-----------------------------------------------------------------
Here are step by step instructions on removal:
Step 1:
Delete registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Windows Explorer Key" = "%Windows%\system\explorer.exe"
Step 2:
Restart Windows
Step 3:
delete virus files:
%Windows%\system\explorer.exe
%Windows%\IMG-XXXX.zip (XXXX is random digitals such as IMG-0356.zip, IMG-7755.zip, IMG-7960.zip, IMG-8530.zip)
Step 4:
Remove "Windows Sharing" from exceptions tab of Windows Firewall
Step 5:
Set registry data:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
"WaitToKillServiceTimeout"="20000"
Restart Windows again and you should be rid of it.
2007-09-27 01:52:51 · answer #6 · answered by John Silver 6 · 0⤊ 0⤋
use "Spybot - Search and Destroy".
also, you can delete all .zip files from your computer and delete all Temporary internet files.
2007-09-27 01:23:34 · answer #7 · answered by Anonymous · 0⤊ 1⤋