msn suprise - dslreports.com

WetWilly @sympatico.ca	reply to DevilFrank Re: msn suprise It appears I have also, recieved stuff like this from a contact, I knew right away, that links that are sent over msn randomly are usually viruses. I think you have one of the Kelvir versions virus.. I suggest reformatting if ANY of you have visited that website. And remember, UNLESS you ask for a link, don't click one. And for the person who made this thread, you have a virus.
	to forum · permalink · 2005-04-18 15:35:16 ·
DevilFrank join:2003-07-13	reply to Lefty See here also: »www.symantec.com/avcenter/venc/d···r.t.html -- Regards from Germany. Please excuse my stumbling English
	to forum · permalink · · 2005-04-15 01:43:59 ·
Lefty join:2004-01-17 1 edit	reply to unimind One of my contacts has this same exact problem. Her msn keeps sending, "Its You!" "http://*************/pictures.php?email=*************.com" Update: The download link is from T35 hosting. I emailed the president asking him to cancel "jackofspades" that is the user that is hosting the virus.
	to forum · permalink · · 2005-04-14 21:40:09 ·
jabarnut Light Years Away Premium,MVM join:2005-01-22 Galaxy M31	reply to unimind Heheh....This is one very interesting thread to say the least! Wonder what ever happened to unimind ??? -- I had a life once.....now I have a Computer and a Modem.
	to forum · permalink · · 2005-04-14 20:53:55 ·
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·Vonage ·AT&T Southeast ·Cingular Wireless ·AT&T CallVantage	reply to novaflare said by novaflare : Hmm i guess i know where to go if i decide to test a new anti spyware app heh I was thinking the same thing. In fact, I bookmarked it for future testing purposes. -- We can never have enough of nature. We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
	to forum · permalink · · 2005-04-14 20:04:20 ·
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·Vonage ·AT&T Southeast ·Cingular Wireless ·AT&T CallVantage	reply to amysheehan I suspect that most AV providers will have updated their def files by now for the new Kelvir variants. F-Prot did not detect it last night, but the updates today caught it with no problems (including the copy from last night which was still in my browser cache). -- We can never have enough of nature. We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
	to forum · permalink · · 2005-04-14 20:02:14 ·
novaflare The Dragon Was Here Premium join:2002-01-24 Barberton, OH	reply to bpm3k Hmm i guess i know where to go if i decide to test a new anti spyware app heh
	to forum · permalink · · 2005-04-14 19:55:53 ·
amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA ·RoadRunner Cable	reply to bpm3k said by bpm3k : I went to the malignancy website and let it have its way with my computer. WOW! I hope the LU just released has got this covered [ in part - at least] »NAV IU & LU -- 14 April 2005
	to forum · permalink · · 2005-04-14 19:51:15 ·
bpm3k join:2004-08-15 Simi Valley, CA	reply to Schouw I went to the malignancy website and let it have its way with my computer. It was fully updates xp sp2 install. Only protection it had turned on was spybot immunize and a NAT firewall. The computer was clean before i went to the website. Here is the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 11:44:03 PM, on 04/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Toolbar\TBPSSvc.exe C:\Program Files\Belkin Bulldog Plus\upsd.exe C:\Program Files\Common Files\WinTools\WToolsS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Media Access\MediaAccK.exe C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe C:\Program Files\Internet Optimizer\optimize.exe C:\PROGRA~1\Toolbar\TBPS.exe C:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\vjwrsyo.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\system32\imgtuf.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\WINDOWS\system32\gah95on6.exe C:\PROGRA~1\Toolbar\PIB.exe C:\Program Files\Media Access\MediaAccess.exe C:\program files\zango\zango.exe C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe C:\WINDOWS\system32\spas.exe c:\PROGRA~1\Toolbar\radio.exe C:\WINDOWS\system32\l?gonui.exe C:\WINDOWS\system32\mnmadhlp.exe C:\Program Files\Belkin Bulldog Plus\MUPS.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Documents and Settings\billy\Desktop\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = »searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.websearch.com/ie.aspx?tb_id=50245 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.oemji.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.oemji.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = »www.websearch.com/ie.aspx?tb_id=50245 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »www.websearch.com/ie.aspx?tb_id=50245 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »www.oemji.com/side_search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F3 - REG:win.ini: load=C:\Program Files\WAFFLEz\mlg1.exe O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteins32.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [uchHPF88E] C:\WINDOWS\vjwrsyo.exe O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\billy\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded O4 - HKLM\..\Run: [v33V38i] imgtuf.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe O4 - HKLM\..\Run: [LFM] C:\PROGRA~1\LeapFrogMessenger\LeapFrogMessenger.exe O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot O4 - HKCU\..\Run: [Ettm] C:\WINDOWS\system32\spas.exe O4 - HKCU\..\Run: [Elatiieo] C:\WINDOWS\system32\l?gonui.exe O4 - HKCU\..\Run: [e0s9RUG8S] mnmadhlp.exe O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: v3cab - »searchmiracle.com/cab/2.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - »static.windupdates.com/cab/CDT/i···-c46.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···00464234 O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - »www.xxxtoolbar.com/ist/softwares···dult.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - »www.mt-download.com/MediaTickets···fid=3965 O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
	to forum · permalink · · 2005-04-14 19:46:03 ·
Schouw Premium join:2003-05-29 Netherlands	reply to unimind The file downloaded is an sfx archive. It contains a new Kelvir variant, IM-Worm.Win32.Kelvir.k and Backdoor.Win32.Rbot.gen. -- Not speaking for Kaspersky Lab
	to forum · permalink · · 2005-04-14 04:50:07 ·
bpm3k join:2004-08-15 Simi Valley, CA	reply to dadkins I downloaded the file from the OP. Then i went to the main malignancy website on my test computer. And WOW, it does bad things. I will post a hijackthis log soon. Here is jotti results: AntiVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found BehavesLike:Win32.IRC-Backdoor (probable variant) ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found Backdoor.Win32.Rbot.gen mks_vir Found Trojan.Rbot.Lv NOD32 Found nothing Norman Virus Control Found nothing VBA32 Found nothing Here is virus total results: Antivirus Version Update Result AntiVir 6.30.0.7 04.13.2005 no virus found AVG 718 04.13.2005 no virus found BitDefender 7.0 04.13.2005 BehavesLike:Win32.IRC-Backdoor ClamAV devel-20050307 04.14.2005 no virus found DrWeb 4.32b 04.14.2005 no virus found eTrust-Iris 7.1.194.0 04.14.2005 Win32/Kelvir.G!SFX!Worm eTrust-Vet 11.7.0.0 04.13.2005 no virus found Fortinet 2.51 04.14.2005 no virus found F-Prot 3.16a 04.13.2005 no virus found Ikarus 2.32 04.13.2005 no virus found Kaspersky 4.0.2.24 04.14.2005 Backdoor.Win32.Rbot.gen McAfee 4468 04.13.2005 W32/Kelvir.worm.gen NOD32v2 1.1060 04.14.2005 no virus found Norman 5.70.10 04.12.2005 no virus found Panda 8.02.00 04.13.2005 no virus found Sybari 7.5.1314 04.14.2005 Win32/Kelvir.G!SFX!Worm Symantec 8.0 04.14.2005 no virus found
	to forum · permalink · · 2005-04-14 02:06:55 ·
dadkins Can you do Blu? Premium,MVM join:2003-09-26 Hercules, CA ·Comcast	reply to unimind No worries friend! It WOULD be a good idea to follow the instructions here: »Security »I think my computer is infected or hijacked. What should I do? Just to be sure that nothing made it in.
	to forum · permalink · · 2005-04-14 00:01:16 ·
spooler0 Premium join:2004-11-17	reply to unimind Re: msn suprise said by unimind : "Also, is it possible that the link itself may have triggered msn to send another link to a seperate contact once it was recieved from the first contact?" You might want to download and run an A2 anti-trojan scan (A-squared). Also try the Avast program used by Dadkins and consider the 30 free trial of TDS-3 and Trojan Hunter. Let us know what you find. Lots of interest here. Mr. B is rarely wrong.
	to forum · permalink · · 2005-04-13 23:32:59 ·
NetFixer Freedom is NOT Free Premium join:2004-06-24 Murfreesboro, TN ·Vonage ·AT&T Southeast ·Cingular Wireless ·AT&T CallVantage	reply to unimind The domain malignancy.us is appropriately named. Whois shows it to be a cloaked registration (the true owners identification is not available), and the url you provided attempts to automatically download an executable file. I can only think of one reason for either a cloaked domain registration or for attempting to automatically download an executable file to a web site visitor. Need I say more? -- We can never have enough of nature. We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
	to forum · permalink · · 2005-04-13 23:27:53 ·
B Premium,MVM join:2000-10-28	reply to unimind said by unimind : As I said in my first post, I have run spyware checks and norton runs 24-7. I can't find any spyware or viruses so I doubt it is due to that. I have edited my post to say I'll run a hijack this log tomorrow. My main interest is how this link appeared, i.e. is there a programme which is involved. By "programme" may I assume you mean the malware that you don't think you have? Are you really under the impression that Norton or any antivirus program will prevent virus and other malware infections? If so, you are operating under false assumptions. The software does a decent job of detecting known threats. But NONE of them catches everything, and NONE of them can detect all new threats, or attacks geared specifically to you. I don't know what your problem is; it could be something as simple as HTML or Javascript redirects. But please follow up on some of the advice given in this thread. We have ALL taken your post seriously, and dismissing well-intentioned advice doesn't serve your cause well. Good luck. -- B -- In a realm outside causality and function
	to forum · permalink · · 2005-04-13 23:23:15 ·
garys_2k join:2004-05-07 Farmington, MI ·Future Nine Corpor.. ·Vonage	reply to unimind said by unimind : dadkins: Thanks for your post. I'll have a look into that more tomorrow. Appreciate the fact that you have obviously taken some time to look at the matter in hand and I would like to thank you for the time that you have taken. I will look further into this when I get up tomorrow. Richard. Good idea. Start by following ALL of the steps in the link I posted. If you don't your thread will be locked. Good night.
	to forum · permalink · · 2005-04-13 23:15:40 ·
unimind join:2002-04-29 england clubs:	reply to dadkins dadkins: Thanks for your post. I'll have a look into that more tomorrow. Appreciate the fact that you have obviously taken some time to look at the matter in hand and I would like to thank you for the time that you have taken. I will look further into this when I get up tomorrow. Richard.
	to forum · permalink · · 2005-04-13 23:14:23 ·
garys_2k join:2004-05-07 Farmington, MI ·Future Nine Corpor.. ·Vonage	reply to unimind What are you asking? You say you got a message from someone with a link to a porn site. OK. You also say you seem to have somehow sent that same link to another person. If you didn't do this, are you asking how that went out without your help? My suggestion is that perhaps your system has been compromised and that's how that took place. If I missed your point, I guess even after rereading your original post four times I still can't figure out what you want. Send that dos file to one of the online checkers (in the link you dismissed), I'll bet Kaspersky will ID the bad guy in it.
	to forum · permalink · · 2005-04-13 23:13:23 ·
unimind join:2002-04-29 england clubs:	reply to unimind As I said in my first post, I have run spyware checks and norton runs 24-7. I can't find any spyware or viruses so I doubt it is due to that. I have edited my post to say I'll run a hijack this log tomorrow. My main interest is how this link appeared, i.e. is there a programme which is involved. I haven't installed anything new at all over the last few days and my internet use has been just looking at news and emails for the last couple of days so nothing new has been installed or downloaded over the last 48 hours or so. Also, is it possible that the link itself may have triggered msn to send another link to a seperate contact once it was recieved from the first contact? I'm off to bed now. Thank you for the replies I have recieved and as stated, I'll post a hijack this log as soon as possible. If anyone has any information with regards to the site involved then I would be most grateful. Richard.
	to forum · permalink · · 2005-04-13 23:10:21 ·


Tuesday, 01-Dec 08:26:08	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF