wow, this is you?

Discussion in 'malware problems & news' started by snakeeyes_andy, Oct 25, 2005.

Thread Status:
Not open for further replies.
  1. snakeeyes_andy

    snakeeyes_andy Registered Member

    Joined:
    Oct 25, 2005
    Posts:
    1
    Help!

    This link was sent to me via msn...

    wow, this is you? hxxp://www.imzone.org/profile.php?msn=snakeeyes_andy at hotmail.com
    stuipdly I opened it..and now is on my computer...and has sent this link to all my address in msn and keeps coming up when messaging people..Please help and tell me how I can get rid off!
     
    Last edited by a moderator: Oct 25, 2005
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi snakeeyes_andy, welcome to Wilders.


    Exactly what is on your computer?

    We need a little more information please.

    Cheers :D
     
    Last edited: Oct 26, 2005
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It is detected by Nod32 as: a variant of Win32/VB.AAM trojan

    Cheers :D
     
  4. dgefg2446

    dgefg2446 Guest

    Hey, it seems to be a brand new worm running around msn.

    Doesn't look like anyone knows how to remove it yet:
    http://www.msnfanatic.com/index.php?module=announce&ANN_user_op=view&ANN_id=464

    My friends computer has it.

    Not only has it removed anti-virus info from her registry, it also has blocked anti-virus related websites.

    She can't access her regedit either... Can't even get her puter to reboot in safemode (msconfig won't run either)

    Tricky, tricky worm...
     
  5. laur200041

    laur200041 Guest

    I have it too, from a link hxxp://www.messengerstats.net/etc/etc with the tag "wow, this is you?". I'm pretty sure it's a form of the w32.kelvir virus, and it definitely blocks anything even remotely related to anti-virus software, as well as the related websites. I managed to get a copy of the w32.kelvir removal tool from symantec, which is telling me I don't have the virus. This is not cool. Any ideas on how to get rid of it?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Run Nod32 in "Safe Mode", just make sure it is FULLY TWEAKED.

    After this you may have to reinstall the odd program, and if you find Windows system files affected, you can place your Windows CD in the drive, click start> run type in CMD, when the black window opens type in "sfc /scannow" SFC (System File Checker, a part of Windows File Protection) will replace any changed/damaged system files with a clean copy. SFC may not solve every problem, but it's a good start that anyone can do.

    Let us know how you go.

    Cheers :D
     
  7. Eoghan

    Eoghan Guest

    I had it and got rid of it. For some reason, I could create a new account on XP (Network Administrator) and the virus did not affect it. I then ran Norton AntiVirus and found out it is the Chod.D worm (looked up in Symantec because the virus blocks AntiVirus web pages - a problem which i cannot undo)

    We then downloaded "System Mechanic" which got rid of alot of problems, then following the Norton instructions.

    If you know how to free up the internet, that would be exellent.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you tried repairing Winsock, further information found HERE

    Cheers :D
     
  9. Eoghan

    Eoghan Guest

    "Step 2. Install TCP/IP

    1. Right-click the network connection, and then click Properties.

    2. Click Install.

    3. Click Protocol, and then click Add.

    4. Click Have Disk.

    5. Type C:\Windows\inf, and then click OK.

    6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

    7. Restart the computer."

    I have a problem in that now these registries have been deleted, the internet does not work on that particular computer (I am now on another).

    It reads "acquiring network address"
    So I assume this is all fixed once I install this TCP/IP, but where do i install this from? Or is it hidden under the ice?

    Please Help!
     
  10. Eoghan

    Eoghan Guest

    Wow,

    Sorry, I did it, all better. Thanks for telling me this stuff.

    Eoghan
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You did it the manual method, there is also a automated tool available in that post.

    My pleasure.

    Cheers :D
     
  12. laur

    laur Guest

    Regarding blocked web pages, it's because they're listed in the hosts file. Go into system32 and find drivers/etc and then show all hidden files (go into view options) - "hosts" should show up. Go into it and all the blocked websites can be deleted, or you can just delete the whole hosts file (harmless) and the computer will create a new clean one.
     
Loading...
Thread Status:
Not open for further replies.