New AOL Instant Messenger Windows Virus

The Internet Patrol - Patrolling the Internet for You

A new virus aimed (no pun intended) at AOL Instant Messenger Windows users has been discovered this week. It will appear to come from one of your buddies, with a message of “hey check this out!”, along with a link to “http://adwordsvideo.com/gallery/pictures.php”. It sure looks like a website link, doesn’t it? But it’s not, it’s a download link, the file which it downloads is called “unknown@hotmail.com” (sneaky, eh?)

Despite the name of “unknown@hotmail.com”, this is definitely an .exe (executable) file, and will do all sorts of nasty stuff on your system, including port scanning, installing a file, and adding itself to your startup routine.


Yuk.

And, of course, it attempts to send itself to all of your buddies in your buddy list.

So, if anyone, AIM buddy or not, comes a’knocking with “hey check this out!”, don’t do it.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

17 thoughts on “New AOL Instant Messenger Windows Virus

  1. i emailed jay loden who is fantastic..he writes on his page that if aim fix doesnt work to do a hijack this log and copy and paste it to him and he will try to remove virus in aim for you so ill keep you posted

  2. I got the same thing twice this year..usually aim fix by jay loden fixes it but not this time what else can i do???? I ran adaware and spy bot and mcaffee still doing it

  3. I got the same thing twice this year..usually aim fix by jay loden fises it but not this time what else can i do???? I ran adaware and spy bot and mcaffee still doing it

  4. I got the same thing as comment 10. I dled it, but then realized what i did, didn’t open it, and immediately restored my system. Running virus scan and not seeing anything. What else should I do? Thanks

  5. Is this the same virus or different?, I have been getting multiple messages on AOL Instant Messenger saying I have a picture of us and I wanted to know if I could at it to my Myspace or Facebook? When you click the link to see the picture, I belive it does the same thing as what you all describe and you in return send it to everyone on your buddy list. Same virus with a new form?

  6. for me it’s called C:/WINDOWS/SYSTEM32/lock1.exe, but i cant seem to find it anywhere to delete….luckily for when i log on my windows securtiy center asks me if i want to run the file, to which i click on the cancel button…my new problem is how to find this file because it doesn’t show up on my program files.

  7. Hey someone sent me this vius thing, i optioned to run it (she is a very pretty girl that i know…LoL) so i ran it and it disappeared and nothing happened, everything is normal. i ran AVG antivirus, the free one, and it got rid of a few trojan horses and i scanned it again and it’s picking up some more stuff…is there a delay to this virus, or did i just get lucky?

  8. you said the you went to C:\WINDOWS\SYSTEM32 and found the file. But what is teh name of the file I should delete?….I am having the same problem. What folder do I delete?

  9. Same thing for me Becky, there’s no sign of this bug anywhere yet I’ve still got MSN acting crazy. I’ve tried like every virus scanner, spyware removal tool, and virus protection program around. Still aint found nothing.

  10. you said the you went to C:\WINDOWS\SYSTEM32 and found the file. But what is teh name of the file I should delete?

  11. Help! I downloaded this dreaded thing and I can’t find it on my computer. Well, I technically didn’t download it, I just ‘opened’ instead of ‘saved’, but it got me anyway and sent it out to my buddies. I tried to rid my computer of it by uninstalling and reinstalling AIM, but nope, it’s still on my computer.
    I’ve been trying to search my files on my computer for all of it’s suspected names but so far have turned up empty. My up-to-date McAfee didn’t catch it, nor this other scanner program Stinger.
    What should I do??

    Thanks

  12. how do i get rid of this thing? there is now an icon called gallery on my desktop that i cannot delete. i dont know what to do.

  13. This one isnt really that hard to remove… I thought my friend was really giving me a legit link, but then he told me it was a virus. So then I thought he sent me the link so I could check out this virus. So I downloaded it and isntalled it. First it tried to add some .exe file to my startup, which I denied using SpyBot’s TeaTimer. Then, this was weird… It disabled CONTROL+ALT+DELETE!!! In order to get that working again, I had to go to START—>RUN—> and type:

    REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD

    I then was able to open Task Manager and do and END TASK of that weird .EXE program that was running. I then went and verified that there was nothing else funny in the system startup, (which can be done using SpyBot or MSCONFIG) and found nothing. Finally, I browsed to C:WINDOWSSYSTEM32 and deleted that file which was in question. Everything seemed to be gone. Pretty simple virus, but a good job on the virus programmer’s part. (Not that I’m encouraging it or anything, but we don’t wanna piss these programmer of, so that they go and make harder viruses to get rid of, such as this dang AURORA adware that I got… wow—that took forever!…lol)

    Hope that helped!

    –Andrew Bucklin
    –Manager, Technical Services
    –MicroHelp, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.