MySpace Users: MySpaceViewer Infected

While tooling around on my MySpace account, I was prompted to download and install the "myspaceviewer".

NOD32 Marked it as TrojanDownloader.Zlob.ADT
It said it quarantined the file, but it was able to throw some nasties on my system anyway. It also prompts you via System Tray to click to purchase Virus Burster.

I immediately began getting popups and noticed that it had 4 processes running that, upon termination, started back up again. The program is installed in different locations, but all under the Program Files folder.
There are 4 processes I saw:

• isamonitor.exe
• pmsngr.exe
• pmmon.exe
• isamini.exe

And the BHO's are called:

• {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\{various named folders}\isaddon.dll
• {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\{various named folders}\iesplugin.dll

I used AVG Anti-Spyware Analysis Tools to kill all 4 process simultaneously and was able to delete the files. Other wise, they start each other back up again. It also installs 2 BHO's that AVG is able to remove once the processes are killed.

I ran a full Scan & Clean with NOD32 and it didn't find anything after deleting the Program Files folder.

 

Was it able be downloaded and installed itself or by ur action?

 

Once you click the Ad that pops up, it begins the download and the installation begins. This is when NOD32 kicked in.

 

In my experience, Smitfraudfix is a very good tool for removing Zlob infections, unfortunately it flags as a potentially dangerous application.

 

http://www.darkreading.com/document.asp?doc_id=108161&f_src=techweb

That is a link about a "Zero day flaw in MySpace"

Apparently, this is all due to XSS Fragmentation.