Virus spread by MSN that shuts down and prevents defences

Post Reply New Topic

I've seen a few computers with this nasty trojan that appears to be spread by msn.

MSN will automatically send links to the virus to random people on an infected pc's contact list.

Now for the nasty.

The virus prevents antivirus and some spyware programs from running and then blocks access to antivirus software company websites. The virus also blocks the registry editor from running.
I have attempted to remove a couple of these from computers and have had no luck. I managed to get as far as using an emergency regedit downloaded from the net but can't seem to find the bad keys. This virus seems to get through most norton and mcafee firewalls/scans.

Does anyone else have experience with this ugly thing or know how to completey get rid of it?
This is the only time I have ever been stumped by a virus but I have to admit, it's ingenious.

PS.. system restore doesn't do sh*t either.

If you're running Windows XP/Windows 2000

You can boot up into safe mode, you can accomplish by pressing F8 after the system goes through the boot process.

Select "safe mde with networking"

Then see if you can access Norton or Mcafee

If this doesn't work or you're running Windows 98 or have a dial up connection try the following:

Go to Mozilla's website download firefox. You could also try Opera or netscape.

This should hopefully be able to get around the virus.

Then see what you can find out on their site.

Another thing you could is some of the freeware antivirus programs they have available such as AVG or Antvirri. Sometimes they have better updates then Norton or Mcafee.

you can find these on download.com

You could also find some could spyware programs such as Ad Aware, spybot search and destroy, or Spyware Doctor (The best spyware progam i've ever used was Spyware doctor but it's shareware, PM me if you need certain info )

If worse comes to worse you may have reinstall the opreating system. If you need help with this let me know.

If you need help with anything else please let me know.

Hope this helps.

Hee.

I know Ad Aware won't kill it.

Jman,
I want to reinstall the operating system. I have a four year old Dell running Windows XP. When I use the disk that came with the computer, it says it can not install because the system on the computer is newer. I guess I'd like to unistall whatever is there and then use the disk. I'm a computer idiot. How do I do this?

BeeBee

I need people who have experienced this virus. It blocks any antivirus company name imaginable on every browser. System restore and safe mode are useless in this case. I was wondering if anyone knew where to look in the registry for bad keys. That is pretty much the only way to get rid of it. Then run scans when the key that blocks antivirus sites from working has been eliminated. The only thing I can find that works is McAfee Stinger and all the anti spyware progs work. This is NOT spyware by any means. I'm thinking the only way is to get the people to save their stuff on disc or FTP and then start over again.

Breakthrough...kind of.

By typing in Symantecs IP instead of their address I can access the site. I'm guessing the virus is blocking names only then so that is good. There's not very many people out there that know anything about this thing :O ..... Guess i'm on the frontline of this war.

What exactly is on the disk? Is it a restore disk? Does it just contain an operating system? Did you try booting off the cd? Also what is the part or model number of the computer?(this can be found at the top of the tower) I need to ask you these questions so I can better help you.

Last edited by jman on 17 Feb 2006, 5:09 pm, edited 1 time in total.

great let us know what you find out.

Thanks Jman. Its the restore disk which is why the message is so odd.

I'll the rest part number but it will have to wait until Monday.

BeeBee

No hope. I am wiping everything out now, saving pictures and mp3's to CD. I can't tell for sure where parts of this virus are hiding in the registry so I am just starting out again to be safe. What worries me is that there are very very few people out there that know what to do about these viruses so I am trying to keep a record of all the odd registry keys I find.

hmmm, i better keep a close eye out for this, my fiancee claims there was no restore cds with her laptop when she got it, if that is true and her system gets this virus then she has little or no hope

sounds nasty