Msn Latest Virus *take note*
-
From Trend Micro
Like the earlier BROPIA variants, this memory-resident worm spreads copies of itself via MSN messenger, a popular instant messaging application, using attractive file names.
This worm arrives as a Win32 .EXE file. Upon execution, this non-encrypted, memory-resident worm drops another file which Trend Micro detects as WORM_RBOT.AOR.
The dropped file can have the filename WINIS.EXE. Its attributes are set to hidden, system and read-only. After dropping, WORM_BROPIA.S executes this file.
It drops a JPEG picture file in the root folder, which is usually C:\. It opens the image with Internet Explorer (IE). The following is a sample of the dropped image file:
http://www.trendmicro.com/vinfo/images/WORM_BROPIA_S_img1.gif
It also sets the attributes of this dropped file to read-only, hidden and system to avoid easy detection. After dropping, it executes this file and terminates itself.
The worm propagates using MSN Messenger, a popular chat program. It sends its copy to all contacts found in the MSN Messenger application.
It arrives via MSN Messenger with a message that contains the following details:(message)(link)
Since it's being detected as an Rbot, it will be deemed as dangerous.
======================================================
(message) can be any of the following:
• CHECK THIS LOL!
• CUSTOM
• Huge Turd hahaah! :-P
• LOOK! :-O
• nice! :-P
• ownage!
• paris hilton got hacked!!
(link) can be any of the following:
• http://members.chello.nl/a.sinnema1/FUNNY-SHIT!.pif
• http://members.chello.nl/a.sinnema1/scary.pif
• http://members.chello.nl/a.sinnema1/sexy-bitch.pif
• http://members.chello.nl/h.keuth/massive-turd.pif
• http://members.chello.nl/h.keuth/paris-hilton.pif
• http://members.chello.nl/h.keuth/w00t!.pif
Rbot is a backdoor trojan, meaning it will open your computer to attacks by hackers. The recommended solution is to reformat, to prevent loss of sensitive information.
Also, it is to save you from getting you into trouble with laws. This trojan can connect you to some dubious websites and launch attacks against websites, known as DDoS, which is illegal. -
some fixes i found....[all not tested]
http://answers.yahoo.com/question/index?qid=20070326031642AA2Uj82&show=7
http://www.computing.net/security/wwwboard/forum/20642.html -
Screenshot:
-
Now it even psycho you to accept the file!
-
what's aMsn?Originally posted by ndmmxiaomayi:Nice virus.
Even alternative MSN programs also tio.
Me using aMSN.
-
Originally posted by ndmmxiaomayi:Now it even psycho you to accept the file!
viruses are getting smarter and smarter these days -
MSN Messenger alternative.Originally posted by kenn3th:what's aMsn?
It's in the free/open-sourced programs sticky. -
Yeah... damn virus. I really thought it's my friend's photo album.Originally posted by kenn3th: viruses are getting smarter and smarter these days
Sucks.
-
i was almost fooled, but luckily, another person Im me the same msg and that's how i knew about itOriginally posted by ndmmxiaomayi:Yeah... damn virus. I really thought it's my friend's photo album.
Sucks. -
photo album where got so small size one..Originally posted by ndmmxiaomayi:Yeah... damn virus. I really thought it's my friend's photo album.
Sucks.
24kbs sia.
one photo usually 500kb liao. -
No idea. The file I received was 24kb.Originally posted by Ito_^:photo album where got so small size one..
24kbs sia.
one photo usually 500kb liao.
And remember, it's zipped up. So it will be small. -
how to remove?... reformat? or spy ware speach can remove?
-
As I've said, if you really accept the file, the recommended solution is reformat, as it's a backdoor.
If you want to try to solve, I probably have to look at some files. -
Whoa i keaned jus now
but my msn always dc these days..dono why
and it dc-ed rite after the message appeared
-
Immediately I sign in, I tio.Originally posted by lpx88:Whoa i keaned jus now
but my msn always dc these days..dono why
and it dc-ed rite after the message appeared -
so far so good.. my contacts nv prompt me
-
mayi..if gt a frenz prompt me tis..l close the conversation..safe bo ah? l even block that frenz cuz l noe is a virus
-
Yes, you are safe.
There's no need to block, just tell him/her nicely.
Also, don't accept attachments unless you are sure that it's being sent out by that person, not by the virus. -
orh okies =) haha, l block cuz l very scareOriginally posted by ndmmxiaomayi:Yes, you are safe.
There's no need to block, just tell him/her nicely.
Also, don't accept attachments unless you are sure that it's being sent out by that person, not by the virus.
then what can l tell my frenz who tio to do?
Avg can get rid of it mah? -
If you have his/her number, SMS or call him/her. I tried MSNing my friend who was infected, but no effects.Originally posted by xShevchenkox:orh okies =) haha, l block cuz l very scare
then what can l tell my frenz who tio to do?
Avg can get rid of it mah?
I don't think AVG can get rid of it. -
thx for informing us of this virus. there were already two ppl on my msn contact list who kena this virus tonite...luckily i din accept the photo album file transfer or i also kena...
-
wa seh i just reformat
-
So fast finish?
-
yah new com..sibei heng.. if old com u muz really liao
