msn suprise in Security

msn suprise in Security http://www.dslreports.com/forum/r13164886 en Thu, 10 Dec 2009 04:22:04 EDT Thu, 10 Dec 2009 04:22:04 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13200840 anon : It appears I have also, recieved stuff like this from a contact, I knew right away, that links that are sent over msn randomly are usually viruses. I think you have one of the Kelvir versions virus.. I suggest reformatting if ANY of you have visited that website. And remember, UNLESS you ask for a link, don't click one. And for the person who made this thread, you have a virus.]]> http://www.dslreports.com/forum/remark,13200840 Mon, 18 Apr 2005 15:35:16 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13175334 DevilFrank : See here also:
»www.symantec.com/avcenter/venc/d···r.t.html
--
Regards from Germany. Please excuse my stumbling English]]> http://www.dslreports.com/forum/remark,13175334 Fri, 15 Apr 2005 01:43:59 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13173605 Lefty : One of my contacts has this same exact problem. Her msn keeps sending,

"Its You!"

"http://***************/pictures.php?email=***************.com"

Update: The download link is from T35 hosting. I emailed the president asking him to cancel "jackofspades" that is the user that is hosting the virus.]]> http://www.dslreports.com/forum/remark,13173605 Thu, 14 Apr 2005 21:40:09 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13173171 jabarnut : Heheh....This is one very interesting thread to say the least!

Wonder what ever happened to unimind

??? :o :hmm:
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,13173171 Thu, 14 Apr 2005 20:53:55 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13172655 NetFixer :

said by novaflare

:

Hmm i guess i know where to go if i decide to test a new anti spyware app heh

I was thinking the same thing. In fact, I bookmarked it for future testing purposes.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. ]]> http://www.dslreports.com/forum/remark,13172655 Thu, 14 Apr 2005 20:04:20 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13172628 NetFixer : I suspect that most AV providers will have updated their def files by now for the new Kelvir variants. F-Prot did not detect it last night, but the updates today caught it with no problems (including the copy from last night which was still in my browser cache).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. ]]> http://www.dslreports.com/forum/remark,13172628 Thu, 14 Apr 2005 20:02:14 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13172551 novaflare : Hmm i guess i know where to go if i decide to test a new anti spyware app heh]]> http://www.dslreports.com/forum/remark,13172551 Thu, 14 Apr 2005 19:55:53 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13172509 amysheehan :

said by bpm3k

:

I went to the malignancy website and let it have its way with my computer.

WOW!
I hope the LU just released has got this covered [ in part - at least]
»NAV IU & LU -- 14 April 2005

;)]]> http://www.dslreports.com/forum/remark,13172509 Thu, 14 Apr 2005 19:51:15 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13172457 bpm3k : I went to the malignancy website and let it have its way with my computer. It was fully updates xp sp2 install. Only protection it had turned on was spybot immunize and a NAT firewall. The computer was clean before i went to the website. Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:44:03 PM, on 04/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\vjwrsyo.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\system32\imgtuf.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\gah95on6.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\program files\zango\zango.exe
C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
C:\WINDOWS\system32\spas.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\WINDOWS\system32\l?gonui.exe
C:\WINDOWS\system32\mnmadhlp.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\billy\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = »searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.websearch.com/ie.aspx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.oemji.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.oemji.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = »www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »www.websearch.com/ie.aspx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »www.oemji.com/side_search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\Program Files\WAFFLEz\mlg1.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteins32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [uchHPF88E] C:\WINDOWS\vjwrsyo.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\billy\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [v33V38i] imgtuf.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [LFM] C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKCU\..\Run: [Ettm] C:\WINDOWS\system32\spas.exe
O4 - HKCU\..\Run: [Elatiieo] C:\WINDOWS\system32\l?gonui.exe
O4 - HKCU\..\Run: [e0s9RUG8S] mnmadhlp.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - »searchmiracle.com/cab/2.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - »static.windupdates.com/cab/CDT/i···-c46.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···00464234
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - »www.xxxtoolbar.com/ist/softwares···dult.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - »www.mt-download.com/MediaTickets···fid=3965
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe]]> http://www.dslreports.com/forum/remark,13172457 Thu, 14 Apr 2005 19:46:03 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13166642 Schouw : The file downloaded is an sfx archive.

It contains a new Kelvir variant, IM-Worm.Win32.Kelvir.k and Backdoor.Win32.Rbot.gen.
--
Not speaking for Kaspersky Lab]]> http://www.dslreports.com/forum/remark,13166642 Thu, 14 Apr 2005 04:50:07 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13166327 bpm3k : I downloaded the file from the OP. Then i went to the main malignancy website on my test computer. And WOW, it does bad things. I will post a hijackthis log soon.
Here is jotti results:

AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found BehavesLike:Win32.IRC-Backdoor (probable variant)
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Rbot.gen
mks_vir Found Trojan.Rbot.Lv
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

Here is virus total results:
Antivirus Version Update Result
AntiVir 6.30.0.7 04.13.2005 no virus found
AVG 718 04.13.2005 no virus found
BitDefender 7.0 04.13.2005 BehavesLike:Win32.IRC-Backdoor
ClamAV devel-20050307 04.14.2005 no virus found
DrWeb 4.32b 04.14.2005 no virus found
eTrust-Iris 7.1.194.0 04.14.2005 Win32/Kelvir.G!SFX!Worm
eTrust-Vet 11.7.0.0 04.13.2005 no virus found
Fortinet 2.51 04.14.2005 no virus found
F-Prot 3.16a 04.13.2005 no virus found
Ikarus 2.32 04.13.2005 no virus found
Kaspersky 4.0.2.24 04.14.2005 Backdoor.Win32.Rbot.gen
McAfee 4468 04.13.2005 W32/Kelvir.worm.gen
NOD32v2 1.1060 04.14.2005 no virus found
Norman 5.70.10 04.12.2005 no virus found
Panda 8.02.00 04.13.2005 no virus found
Sybari 7.5.1314 04.14.2005 Win32/Kelvir.G!SFX!Worm
Symantec 8.0 04.14.2005 no virus found]]> http://www.dslreports.com/forum/remark,13166327 Thu, 14 Apr 2005 02:06:55 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165671 dadkins : No worries friend!

It WOULD be a good idea to follow the instructions here: »Security »I think my computer is infected or hijacked. What should I do? Just to be sure that nothing made it in.]]> http://www.dslreports.com/forum/remark,13165671 Thu, 14 Apr 2005 00:01:16 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165420 spooler0 :

said by unimind

:

"Also, is it possible that the link itself may have triggered msn to send another link to a seperate contact once it was recieved from the first contact?"

You might want to download and run an A2 anti-trojan scan (A-squared). Also try the Avast program used by Dadkins and consider the 30 free trial of TDS-3 and Trojan Hunter.

Let us know what you find. Lots of interest here.

Mr. B is rarely wrong.]]> http://www.dslreports.com/forum/remark,13165420 Wed, 13 Apr 2005 23:32:59 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165370 NetFixer : The domain malignancy.us is appropriately named.

Whois shows it to be a cloaked registration (the true owners identification is not available), and the url you provided attempts to automatically download an executable file.

I can only think of one reason for either a cloaked domain registration or for attempting to automatically download an executable file to a web site visitor. Need I say more?
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. ]]> http://www.dslreports.com/forum/remark,13165370 Wed, 13 Apr 2005 23:27:53 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165335 B :

said by unimind

:

As I said in my first post, I have run spyware checks and norton runs 24-7. I can't find any spyware or viruses so I doubt it is due to that. I have edited my post to say I'll run a hijack this log tomorrow.

My main interest is how this link appeared, i.e. is there a programme which is involved.

By "programme" may I assume you mean the malware that you don't think you have?

Are you really under the impression that Norton or any antivirus program will prevent virus and other malware infections? If so, you are operating under false assumptions. The software does a decent job of detecting known threats. But NONE of them catches everything, and NONE of them can detect all new threats, or attacks geared specifically to you.

I don't know what your problem is; it could be something as simple as HTML or Javascript redirects. But please follow up on some of the advice given in this thread. We have ALL taken your post seriously, and dismissing well-intentioned advice doesn't serve your cause well. Good luck.

-- B
--
In a realm outside causality and function]]> http://www.dslreports.com/forum/remark,13165335 Wed, 13 Apr 2005 23:23:15 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165279 garys_2k :

said by unimind

:

dadkins:

Thanks for your post. I'll have a look into that more tomorrow. Appreciate the fact that you have obviously taken some time to look at the matter in hand and I would like to thank you for the time that you have taken. I will look further into this when I get up tomorrow.

Richard.

Good idea. Start by following ALL of the steps in the link I posted. If you don't your thread will be locked. Good night.]]> http://www.dslreports.com/forum/remark,13165279 Wed, 13 Apr 2005 23:15:40 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165266 unimind : dadkins:

Thanks for your post. I'll have a look into that more tomorrow. Appreciate the fact that you have obviously taken some time to look at the matter in hand and I would like to thank you for the time that you have taken. I will look further into this when I get up tomorrow.

Richard.]]> http://www.dslreports.com/forum/remark,13165266 Wed, 13 Apr 2005 23:14:23 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165261 garys_2k : What are you asking? You say you got a message from someone with a link to a porn site. OK. You also say you seem to have somehow sent that same link to another person. If you didn't do this, are you asking how that went out without your help? My suggestion is that perhaps your system has been compromised and that's how that took place.

If I missed your point, I guess even after rereading your original post four times I still can't figure out what you want. Send that dos file to one of the online checkers (in the link you dismissed), I'll bet Kaspersky will ID the bad guy in it.]]> http://www.dslreports.com/forum/remark,13165261 Wed, 13 Apr 2005 23:13:23 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165222 unimind : As I said in my first post, I have run spyware checks and norton runs 24-7. I can't find any spyware or viruses so I doubt it is due to that. I have edited my post to say I'll run a hijack this log tomorrow.

My main interest is how this link appeared, i.e. is there a programme which is involved. I haven't installed anything new at all over the last few days and my internet use has been just looking at news and emails for the last couple of days so nothing new has been installed or downloaded over the last 48 hours or so.

Also, is it possible that the link itself may have triggered msn to send another link to a seperate contact once it was recieved from the first contact?

I'm off to bed now. Thank you for the replies I have recieved and as stated, I'll post a hijack this log as soon as possible. If anyone has any information with regards to the site involved then I would be most grateful.

Richard. ]]> http://www.dslreports.com/forum/remark,13165222 Wed, 13 Apr 2005 23:10:21 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165141 B :

said by unimind

:

I've run anti spyware checks etc. I DON'T think than my system is infected or hijacked.

Funny; I do.

Your instant messaging program is sending out specially coded links to your contacts, all by itself, and you don't think you're infected with anything?

-- B
--
In a realm outside causality and function]]> http://www.dslreports.com/forum/remark,13165141 Wed, 13 Apr 2005 23:01:37 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165134 dadkins : That would be IstBar! Nasty little POS!

]]> http://www.dslreports.com/forum/remark,13165134 Wed, 13 Apr 2005 23:01:05 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165089 unimind : I've run anti spyware checks etc. I DON'T think than my system is infected or hijacked.

Does anyone have any information about the mentioned site which might be of interest?

Edit

As it's late (4am) I'm going to bed now. I look forward to any suggestions, but I'll run a hijack this log tomorrow just incase it drags up anything. I doubt it is a problem due to being hijacked etc, as I was sent the link by a single contact and it was sent to a single (but different) contact.) But then, to be honest, I'm puzzled as I have not seen anything like this before, and I would like to make sure it doesn't happen again.

I'm more curious as to the nature of the link, as I would quite like to be able to ensure my contacts computer is ok. (It is a family computer which I don't have immediate access to) so I would really appreciate any information as to where this link might have come from, and why it has been automatically sent on by msn messenger)]]> http://www.dslreports.com/forum/remark,13165089 Wed, 13 Apr 2005 22:57:03 EDT Re: msn suprise http://www.dslreports.com/forum/remark,13165064 garys_2k : Follow these instructions:

»Security »I think my computer is infected or hijacked. What should I do?]]> http://www.dslreports.com/forum/remark,13165064 Wed, 13 Apr 2005 22:54:48 EDT msn suprise http://www.dslreports.com/forum/remark,13164886 unimind : I've just got in from a night out, and I noticed that one of my contacts has sent me an message with the following link:

The link .... Link Removed --WCB!

When I shut that down, I noticed that my own msn messenger has also sent a link to one of my contacts with the same link detail, but containing their own msn email address.

Out of interest, I saved the file that the link was pointed to and it was an msDOS file, which i then scanned with a fully updated copy of Norton anti-virus 2005. It showed up clean in the virus check.

From that, I went back to the original link. Loading up the page Link Removed --WCB!

just opened up a page which to cut a short story even further, suggested I install some spyware.

I did a search on this forum (which i thought would be the most appropriate place) and found no link to this website. I would be interested if any other member has either a link to this site, or further any information with regards to what this site trying to do.

I am currently running windows xp, with sp2. I also have the newly released version of msn 7. I have performed a full scan using ad-aware (with the latest updates) which came up clean, so i doubt that this is due to spyware.

If anyone has any ideas as to how this problem came about I would be very thankful, also, any further questions regarding network setup, computer setup or software setup which may help with regards to this problem are welcome.

Thanks for any help.

Richard.

ps, I haven't posted the link which was sent from my own msn as I would prefer to keep my contacts email privite. I have also put in some ** because I don't want to create a link to the site incase anyone clicks it and ends up with spyware on my behalf. ]]> http://www.dslreports.com/forum/remark,13164886 Wed, 13 Apr 2005 22:36:09 EDT