Help with Suspected Virus

[viper]

Hi Guys,

Just received a msg on my MSN Messenger window from one of my contacts with a link leading to msnmessenger profiles with my name and asking if it was me. I clicked on the link and a dos application downloaded.

Now I cannot find the file which got downloaded to my default download folder from where I doubleclicked it.

Within a minute I got a Windows file error message on my screen(XP SP2) asking me to restore my original files as they have been replaced by some other files. I tried running a Norton Antivirus scan but even my NAV is acting up saying that I should register and activate my product which was already activated and valid till Dec 2006.

Please help what should I do.

Viper

[2L8uLoose]

Viper,
Sometimes Norton does not catch the virus.. try using a WORMKILLER app or something..here's the link.
http://www.freedownloadscenter.com/B...killer-xp.html
Hope it helps!
Cheers

[aZa]

Heya Viper

1. Never download / accept / click on links from unknown ppl
2. Check the authenticity of the url and extention etc.
3. Norton sucks
4. be uptodate with MS patches
5. Get NoD32

if ur faithful norton has been pwn3d then try downloading Stinger from mcafee its a small standalone viruss scanner for latest threats. if u have a firewall then u would know which application is connecting to the net or just use tcpview and check them out.


cheers

[viper]

Guys,

I just reinstalled my Windows and the funny thing is I did not log onto MSN. But this window popped up and someone buzzed me. User Called "I will get my revenge Pete".

Am scared since I have a lot of data and no back up. He lp

[abhibh]

Hi,

If you have original windows i will suggest you 2 things that will keep you safe each and everytime.

1. Windows one Care Live. You can get it online for free at http://www.windowsonecare.com/purchase/default.aspx . install the beta for free will take around 15 - 30 mins on 256k connection. Its online installation. You should atleast have 256 MB RAM unshared.

2. Windows Defender. http://www.microsoft.com/athome/secu...e/default.mspx .
Its a spyware remover from misrosoft for free for its customers.

I have been using Onecare form past 3 months and not a single problem. Its very light and good. And windows defemder i have been using for past 1 month and it simply rocks. Dont even let you know about any spyware that hits yer computer.

P.S. I have 1 Gb ram and used to use norton and Mcaffe. Norton was so heavy and mcafee was so buggy at times. Used NOD but was not uptomark. Though Kaspersky was good but used to update defination everyday

Cheers.

[abhibh]

Hi,

Are yo on lan. If yes then one can netsend you these messgaes easily if they know yer computername. But if you are not on lan then it must be a Trojan.
http://windowsupdate.microsoft.com/ Go here and update yer windows and i m sure problem will go away. Do rememerb to install windows onecare and defender.

[freakrz]

you reinstalled windows and still got infected.did you format your hard drive.or just upgraded on the existing system.

ok..first check all the processes that are running in the background.
hit CTRL + ALT + DEL and check for the processes.it will be helpful to give you a clear idea if you could provide the process names running.

Do this in safemode..you can enter safemode by pressing F8 just after you start your p.c and before the starting windows screen pops up..

check your start up.to do that --> click start menu --> run --> type msconfig
-->enter..->a window will be displayed in that check the start up .remove all the unnecessary stuff.all that you dont want to start when windows starts up..like winamp,yahoo messenger,msn etc..you can start up after you start windows..they dont require to be in the start up.

since you have stated msn messenger,through which ur being threatend..i would like to suggest you to disable the messenger service.that would protect you to a certain extent.till you clean up the system.

step 1 : Right click on My Computer
Click Manage
Click on Services & Applications
Click on Services
Step 2: On the right side of the same window scroll down .you will find "messenger"
Double Click that --> a window pops open
stop the service
in the start up type --> select "Disabled"

If you have a service named messenger sharing...Follow the same steps as above..and disable it.

now get a firewall, something like zone alarm or outpost,which is available free online.install it..and just watch the logs..i know this is getting complicated..but do that only if you want to find who 's bothering you..well i could give you more details..if you want to..just p.m me..

AVG is a better antivirus and its available free online...you can download it here...

http://free.grisoft.com/doc/2/lng/us/tpl/v5

if you could give me some more details about the virus or what ever errors you r encountring..i could give you more detail about the cleaning procedure...

[viper]

Hi Guys,

What I have figured out is that it is a Trojan. Got detected by a older version of Panda anti virus. Norton i snot getting completely uninstalled and all antivirus programs are not working. it says expired. The virus is in System win32/hosts or something like that.

Viper

[viper]

Hi Guys,

Have finally identified the problem. It is a FakeMSN8Beta virus which from one file has multiplied into 90 files in 20 mins.

It is located in C:\WINDOWS\System32\taskkill.com
and C:\WINDOWS\System32\netstat.com.

AM now formatting my comp to prevent any further problems as my whole comp is acting up.

Viper