New AOL Instant Messenger Windows Virus - 5,977 Views, 17 Comments
|
Previous Article « New Windows Virus Wipes Out MP3 Files! Is the Nopir-B Worm Aimed at Pirates?
Read Next Article » Severe Security Flaw in Netscape
New AOL Instant Messenger Windows Virus
Follow Anne on
Twitter 
Friend Anne on Facebook
A new virus aimed (no pun intended) at AOL Instant Messenger Windows users has been discovered this week. It will appear to come from one of your buddies, with a message of “hey check this out!”, along with a link to “http://adwordsvideo.com/gallery/pictures.php”. It sure looks like a website link, doesn’t it? But it’s not, it’s a download link, the file which it downloads is called “unknown at hotmail dot com” (sneaky, eh?)
Despite the name of “unknown at hotmail dot com”, this is definitely an .exe (executable) file, and will do all sorts of nasty stuff on your system, including port scanning, installing a file, and adding itself to your startup routine.
Yuk.
And, of course, it attempts to send itself to all of your buddies in your buddy list.
So, if anyone, AIM buddy or not, comes a’knocking with “hey check this out!”, don’t do it.
Was this information helpful? If so, please leave us a review!
|
Previous Article « New Windows Virus Wipes Out MP3 Files! Is the Nopir-B Worm Aimed at Pirates?
Read Next Article » Severe Security Flaw in Netscape
Read more:
» New Windows AIM Virus Invites You to the Pub
» AOL Instant Messenger Mail Now Available - Taking AIM at a New Market
» New Worm Targets Windows and MSN Messengers
For additional similar stories check out our archives on Instant Messengers, Virus & AntiVirus, Windows
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
This one isnt really that hard to remove… I thought my friend was really giving me a legit link, but then he told me it was a virus. So then I thought he sent me the link so I could check out this virus. So I downloaded it and isntalled it. First it tried to add some .exe file to my startup, which I denied using SpyBot’s TeaTimer. Then, this was weird… It disabled CONTROL+ALT+DELETE!!! In order to get that working again, I had to go to START—>RUN—> and type:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD
I then was able to open Task Manager and do and END TASK of that weird .EXE program that was running. I then went and verified that there was nothing else funny in the system startup, (which can be done using SpyBot or MSCONFIG) and found nothing. Finally, I browsed to C:\WINDOWS\SYSTEM32 and deleted that file which was in question. Everything seemed to be gone. Pretty simple virus, but a good job on the virus programmer’s part. (Not that I’m encouraging it or anything, but we don’t wanna piss these programmer of, so that they go and make harder viruses to get rid of, such as this dang AURORA adware that I got… wow—that took forever!…lol)
Hope that helped!
–Andrew Bucklin
–Manager, Technical Services
–MicroHelp, Inc.
Comment by Andrew Bucklin — 4/27/2005 @ 6:32 pm
how do i get rid of this thing? there is now an icon called gallery on my desktop that i cannot delete. i dont know what to do.
Comment by derric — 5/1/2005 @ 11:33 pm
Help! I downloaded this dreaded thing and I can’t find it on my computer. Well, I technically didn’t download it, I just ‘opened’ instead of ’saved’, but it got me anyway and sent it out to my buddies. I tried to rid my computer of it by uninstalling and reinstalling AIM, but nope, it’s still on my computer.
I’ve been trying to search my files on my computer for all of it’s suspected names but so far have turned up empty. My up-to-date McAfee didn’t catch it, nor this other scanner program Stinger.
What should I do??
Thanks
Comment by Becky — 5/19/2005 @ 3:14 pm
you said the you went to C:\WINDOWS\SYSTEM32 and found the file. But what is teh name of the file I should delete?
Comment by steve — 5/31/2005 @ 12:19 pm
Same thing for me Becky, there’s no sign of this bug anywhere yet I’ve still got MSN acting crazy. I’ve tried like every virus scanner, spyware removal tool, and virus protection program around. Still aint found nothing.
Comment by freak — 6/6/2005 @ 5:54 am
you said the you went to C:\WINDOWS\SYSTEM32 and found the file. But what is teh name of the file I should delete?….I am having the same problem. What folder do I delete?
Comment by Lauren — 6/28/2005 @ 11:46 am
hey andrew, whats the name of the weird .EXE program that you ended……..
Comment by mike — 9/22/2005 @ 4:46 pm
Hey someone sent me this vius thing, i optioned to run it (she is a very pretty girl that i know…LoL) so i ran it and it disappeared and nothing happened, everything is normal. i ran AVG antivirus, the free one, and it got rid of a few trojan horses and i scanned it again and it’s picking up some more stuff…is there a delay to this virus, or did i just get lucky?
Comment by Chris — 10/3/2005 @ 9:41 pm
for me it’s called C:/WINDOWS/SYSTEM32/lock1.exe, but i cant seem to find it anywhere to delete….luckily for when i log on my windows securtiy center asks me if i want to run the file, to which i click on the cancel button…my new problem is how to find this file because it doesn’t show up on my program files.
Comment by chris — 10/4/2005 @ 4:14 pm
Is this the same virus or different?, I have been getting multiple messages on AOL Instant Messenger saying I have a picture of us and I wanted to know if I could at it to my Myspace or Facebook? When you click the link to see the picture, I belive it does the same thing as what you all describe and you in return send it to everyone on your buddy list. Same virus with a new form?
Comment by Tory — 3/17/2007 @ 7:56 pm
I got the same thing as comment 10. I dled it, but then realized what i did, didn’t open it, and immediately restored my system. Running virus scan and not seeing anything. What else should I do? Thanks
Comment by Dan — 4/7/2007 @ 5:27 pm
I got the same thing twice this year..usually aim fix by jay loden fises it but not this time what else can i do???? I ran adaware and spy bot and mcaffee still doing it
Comment by angela crowley — 5/16/2007 @ 1:53 pm
I got the same thing twice this year..usually aim fix by jay loden fixes it but not this time what else can i do???? I ran adaware and spy bot and mcaffee still doing it
Comment by angela crowley — 5/16/2007 @ 1:53 pm
yeah i went to system32 but i dont know what im looking for
Comment by angela crowley — 5/16/2007 @ 2:22 pm
i emailed jay loden who is fantastic..he writes on his page that if aim fix doesnt work to do a hijack this log and copy and paste it to him and he will try to remove virus in aim for you so ill keep you posted
Comment by angela crowley — 5/16/2007 @ 5:43 pm
Hey guys i believe its as simple as restoring your computer to an earlier point!
Comment by Greg Stankiewicz — 6/19/2007 @ 10:26 am
hey my sister got it.. how do i get rid of it from her screename??
Comment by angie — 8/13/2007 @ 7:04 pm