Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    HAMLESS Ninjabear's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    2,522

    Default Something is hijacking Windows Live messenger

    My friend is having a problem where if i sign onto his windows live messenger 8.5 it would send a weblink to every online contact .The web link directs people to a file called jpeg.exe

    If I shut down Windows Live messenger the virus seems to load windows live messenger every 15 mins and I can see it from the taskbar for about 5 seconds before it disappears.

    If I talk to someone the chat window would flick constantly and the only way to exit the window is to end the process

    I have scanned the computer with nod32 and spybot both haven't found anything.

    Does anybody have any ideas what to do?
    Corsair Carbide Series® 500R,Intel i5 2500k,P8Z77V-Pro, 12GB DDR-1333MHZ ram, Asus DVD writer, Radeon Sapphire r9 270X 3GB , Windows 8 -64 Bit

  2. #2
    Madre Dios!!! beeswax34's Avatar
    Join Date
    Aug 2006
    Location
    Central Auckland
    Posts
    5,133

    Default Re: Something is hijacking Windows Live messenger

    Try completely removing Windows Live Messenger, scanning your computer with NOD32, Spybot and give it a scan with CCleaner as well. Restart your computer and then install it again and see what happens.

    If that fails then you'll need to run a HijackThis scan and let Speedy tell you what is the exact problem.
    All the technology and software in the universe is useless when the end user has the IQ of a sack of hammers.

  3. #3
    Madre Dios!!! beeswax34's Avatar
    Join Date
    Aug 2006
    Location
    Central Auckland
    Posts
    5,133

    Default Re: Something is hijacking Windows Live messenger

    There is also this from Sept 13, 2007:

    Worm whose spread is done via instant messaging clients from Microsoft (Windows Live Messenger, MSN Messenger and Windows Messenger) to the entire list of contacts.

    El idioma del mensaje enviado varía según el lenguaje establecido para el equipo, con texto del estilo de los siguientes: “oye voy a poner esa foto de nosotros en mi myspace :->” o “jaja recuerda cuando tuviste el pelo asi”. The language of the message sent varies depending on the language set for the team, with the style of the text: "I will hear from us put this picture in my myspace: ->" or "jaja remember when you had hair well."
    Junto al mensaje llega un fichero de nombre ‘IMG-0012.zip’ (o similar). Along with the message arrives a file named 'IMG-0012.zip' (or similar).

    Abre una puerta trasera en el sistema que permite a un atacante remoto, entre otras acciones, listar/detener procesos, robar información del sistema y descargar/ejecutar código malicioso. It opens a backdoor in the system that allows a remote attacker, among other things, lists / stop processes, steal system information and download / execute malicious code.

    Solucion: Solution:

    1. Si utiliza Windows Me o XP, y sabe cuándo se produjo la infección, puede usar la característica de ‘Restauración del Sistema’ para eliminar el virus volviendo a un punto de restauración anterior a la infección. 1. If you are running Windows Me or XP, and knows when the infection occurred, can use the feature 'Restoration System' to eliminate the virus back to a restore point prior to infection. (Tenga en cuenta que se desharán los cambios de configuración de Windows y se eliminarán todos los archivos ejecutables que haya creado o descargado desde la fecha del punto de restauración). (Note that desharán configuration changes in Windows and remove all executable files you created or downloaded from the date of the restore point). Ayuda para utilizar la opción de Restauración en Windows XP. Help use the Restore in Windows XP.

    Si esto no es posible o no funciona es recomendable desactivar temporalmente la Restauración del Sistema antes de eliminar el virus por otros medios, ya que podría haberse creado una copia de seguridad del virus. If this is not possible or does not work you should temporarily disable the Restoration System before removing the virus by other means, since it could have created a backup of the virus. Si necesita ayuda vea desactivar restauración del sistema en Windows Me o en Windows XP. If you need help see off System Restore in Windows Me or Windows XP.

    2. Con un antivirus actualizado, localice todas las copias del virus en el disco duro de su PC. 2. With an updated antivirus, locate all copies of the virus on the hard drive of your PC. Si no dispone de antivirus, visite nuestra página de Antivirus gratuitos. If you do not have antivirus visit our Antivirus free. Repare o borre el fichero infectado. Repair or delete the infected file.
    Si el antivirus no puede reparar la infección o borrar los ficheros, puede ser debido a que el fichero está en uso por estar el virus en ejecución (residente en memoria). If the virus can not repair or delete infected files, it may be because the file is in use by the virus to be running (in memory).
    Nota: A Menudo los antivirus informan de que ‘no puede reparar un fichero’ en el caso de gusanos o troyanos debido a que no hay nada que reparar, simplemente hay que borrar el fichero. Note: Menudo antivirus report that 'it is unable to repair a file' in the case of worms or Trojans because there's nothing to repair, simply delete the file.

    3. En el caso de que no se pueda eliminar el fichero del virus, debe terminar manualmente el proceso en ejecución del virus. 3. In the case of failure to remove the file of the virus, should complete the process manually running of the virus. Abra el Administrador de tareas (presione Control+Mayúsculas+Esc). Open Task Manager (press Control-Shift-Esc). En Windows 98/Me seleccione el nombre del proceso y deténgalo. In Windows 98/Me select the name of the process and stop the server. En Windows 2000/XP, en la pestaña ‘Procesos’ haga clic derecho en el proceso y seleccione ‘Terminar Proceso’. In Windows 2000/XP, in the 'Processes' right-click on the process and select' Finish Process'. A continuación vuelva a intentar el borrado o reparación del fichero. Then try erasing or repair the file. Para más información consulte Eliminar librerías .DLL o .EXE. For more information, see Remove bookstores. DLL or. EXE.

    4. A continuación hay que editar el registro para deshacer los cambios realizados por el virus. 4. Below is to edit the registry to undo the changes made by the virus. Si necesita información sobre cómo editar el registro puede ver esta guía de edición del registro o este vídeo de ayuda que ilustra el proceso. If you need information about how to edit the registry can see this guide edition of this video recording or help to illustrate the process. Sea extremadamente cuidadoso al manipular el registro. Be very careful when handling the registration. Si modifica ciertas claves de manera incorrecta puede dejar el sistema inutilizable. Changing certain keys incorrectly can make the system unusable.

    Para evitar que este código malicioso sea ejecutado automáticamente cada vez que el sistema es reiniciado, elimine de la siguiente clave del registro de Windows, el valor indicado: To prevent this malicious code to be executed automatically each time the system is restarted, remove the following registry key Windows, the value indicated:
    Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run Key: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
    Valor: “Windows Lsass Services” = “%Windir%\system\lsass.exe” Value: "Windows Lsass Services" = "% Windir% \ system \ lsass.exe"

    Para elimina el gusano de la lista de aplicaciones autorizadas por el cortafuegos de Windows, elimine el valor indicado de la siguiente clave del registro de Windows: To remove the worm from the list of approved applications for the Windows firewall, remove the value of the following registry key Windows:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters
    \FirewallPolicy\StandardProfile\AuthorizedApplicat ions\List \ FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List
    Valor: “Predeterminado” = “- valor no establecido -” Value: "Default" = "- value not established -"

    Elimine el valor indicado de la siguiente clave del registro de Windows: Remove the value of the following registry key Windows:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Shell Extensions
    Valor: “MSNPRC” = “[- ruta_al_ejecutable_del_gusano -]” Value: "MSNPRC" = "[- ruta_al_ejecutable_del_gusano -]"

    Reinicie su ordenador y explore todo el disco duro con un antivirus para asegurarse de la eliminación del virus. Restart your computer and browse the entire hard disk with a virus to ensure the elimination of the virus. Si desactivó la restauración del sistema, recuerde volver a activarla. If deactivated System Restore, remember to re-activate it.

    Fuente: Alerta-Virus Source:-Virus Alert
    All the technology and software in the universe is useless when the end user has the IQ of a sack of hammers.

  4. #4
    Madre Dios!!! beeswax34's Avatar
    Join Date
    Aug 2006
    Location
    Central Auckland
    Posts
    5,133

    Default Re: Something is hijacking Windows Live messenger

    You could also try this, not sure how good it is cos I've never used it:

    http://72.14.203.104/translate_c?hl=...3Doff%26sa%3DG
    MSNCleaner v1.4.8
    All the technology and software in the universe is useless when the end user has the IQ of a sack of hammers.

  5. #5
    HAMLESS Ninjabear's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    2,522

    Default Re: Something is hijacking Windows Live messenger

    Hmm

    Doesnt seem to be causing any problems now which is kinda weird
    Corsair Carbide Series® 500R,Intel i5 2500k,P8Z77V-Pro, 12GB DDR-1333MHZ ram, Asus DVD writer, Radeon Sapphire r9 270X 3GB , Windows 8 -64 Bit

  6. #6
    Madre Dios!!! beeswax34's Avatar
    Join Date
    Aug 2006
    Location
    Central Auckland
    Posts
    5,133

    Default Re: Something is hijacking Windows Live messenger

    I just realized that my 2nd post was completely in Spanish (damn you, Google Translator!! and doing this at 4am ) so here's the link to the translated page:

    http://tinyurl.com/2l4lmt
    All the technology and software in the universe is useless when the end user has the IQ of a sack of hammers.

  7. #7
    Junior Member
    Join Date
    Jan 2008
    Posts
    5

    Default Re: Something is hijacking Windows Live messenger

    I think the best way to do is to have a firewall and also run your anti virus after un install windows messenger.

  8. #8
    HAMLESS Ninjabear's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    2,522

    Default Re: Something is hijacking Windows Live messenger

    I decided to format the computer as Nod32 the latest version 3.0.0621 and counterspy,spybot still cant detect the virus
    It must be a worm

    Thanks for the help guys

    I had been insulted a bit from using Windows live messenger because the virus was spamming the web link to all my online contacts but after explaining to them they were like um ok...

    I have written down the link and it directs you to a jpeg.exe

    I downloaded the file and use nod32 to scan that file but didnt detect anything

    If you guys are interested to see if your antivirus are up to date and just curious if it can catch that virus you can PS me and I'll give you the link.
    Corsair Carbide Series® 500R,Intel i5 2500k,P8Z77V-Pro, 12GB DDR-1333MHZ ram, Asus DVD writer, Radeon Sapphire r9 270X 3GB , Windows 8 -64 Bit

  9. #9
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Something is hijacking Windows Live messenger

    I dont think people want a file from a malicious / suspicious link.

    You didnt run this file again did you?

    Its probably this worm

    Trojan remover will probably remove it. Its in its database.
    Last edited by Speedy Gonzales; 13-01-2008 at 06:40 PM.

  10. #10
    HAMLESS Ninjabear's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    2,522

    Default Re: Something is hijacking Windows Live messenger

    Yeah I had a look at that too when i was searching thru google

    Its similar and it tried to send a file called haha.exe to one of my contact

    but

    the other thing it tried to do was sending spam messages to my online contact which was http:/// ...... jpeg.exe with haha at the end of the link

    If it was that virus you meantioned and it dates back to 2001 surely nod32 would have detected it .My friend's pc was running the latest definition updates
    Corsair Carbide Series® 500R,Intel i5 2500k,P8Z77V-Pro, 12GB DDR-1333MHZ ram, Asus DVD writer, Radeon Sapphire r9 270X 3GB , Windows 8 -64 Bit

Similar Threads

  1. Windows Live Messenger Help
    By Craig Mellor in forum PressF1
    Replies: 2
    Last Post: 06-09-2008, 09:40 PM
  2. Windows Live Messenger/MSN
    By aidanmaz in forum PressF1
    Replies: 8
    Last Post: 17-06-2008, 12:47 PM
  3. Windows Live Messenger
    By bk T in forum PressF1
    Replies: 3
    Last Post: 17-02-2008, 10:48 AM
  4. Windows Live Messenger problem
    By Wardog in forum PressF1
    Replies: 18
    Last Post: 25-04-2007, 02:48 PM
  5. Windows Live Messenger and Yahoo Messenger
    By jackyht2002 in forum PressF1
    Replies: 2
    Last Post: 16-07-2006, 10:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •