Yahoo Messenger Virus

Discussion in 'malware problems & news' started by an_eeyore, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. an_eeyore

    an_eeyore Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    3
    Location:
    Wisconsin
    Help, while talking to someone on Yahoo Messenger they sent me a link to which I opened (foolish me) while now it keeps popping up when I'm talking to other people...I have ran all the virus scan and spybot scan and just about every other scan and don't know how to get rid of it...Can anyone help? Spy bot & Mcaffee 8.0...no viruses were dedected...
     
    Last edited: Oct 11, 2005
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Hey an_eeyore, Welcome to Wilders!

    Just a quick question,
    Can you be more specific as to what you have scanned with and any/all results that you have?

    That would help us all to point you in the right direction :)
     
  3. an_eeyore

    an_eeyore Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    3
    Location:
    Wisconsin
    I used spybot, spyware remover, bitdefender, maccaffee8.0. I don't know what else to use..thanks for all ur help.
    Anne
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Can u post a screenshot of the popup?


    snowbound
     
  5. an_eeyore

    an_eeyore Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    3
    Location:
    Wisconsin
    the link is /[COLOR="Blue"]removed[/COLOR] and [COLOR="Blue"]Removed[/COLOR]...they pop up in messenger when ever they want to. thanks for any help, Anne

    Please don't post links to malware or possible malware. Ron
     
    Last edited by a moderator: Oct 12, 2005
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Whoa, i just clicked on your links and got this from NOD32,

    Edit- removed my screenshot as it showed malware link.


    snowbound
     
    Last edited: Oct 12, 2005
  7. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Sounds like you either want to obtain a trial version of NOD32, or do a HijackThis post to one of the boards that analyse them.

    Also there are other online scanners out there, including Kaspersky, Trend Micro, and Ewido (I think they've got one now)

    Other free Anti-spywares include Microsoft AntiSpyware, Ad-Aware SE, and Spyware Doctor (sometimes you have to search for their free version)
     
  8. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
  9. NinaCruz

    NinaCruz Guest

    Is there anyway to get back my yahoo id? Because after that ym message I could not access the yahoo id i had before
     
  10. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    If you have Windows XP and have a restore point from before the 11th Oct do a restore to a time when your pc was trouble free. If not maybe you will have to re register with Yahoo.
     
  11. xyzxxxx

    xyzxxxx Guest

    Restoring wont do a thing...he will have to go through Yahoo support to try to get his account back
     
  12. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    The idea is to restore his PC to a time when there was no virus present, and then go to yahoo to retrieve his account.
     
  13. sai krishna

    sai krishna Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    2
    using avast antivirus it is finding a virus in windows directory.
     
  14. sai krishna

    sai krishna Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    2
    from this yahoo messanger virus system restore point is also affected. use avast antivirus to get rid of that one
     
  15. TECHWG

    TECHWG Guest

    There is an exploit in lots of versions of Yahoo messenger that alloowes remote code execution or loading of programs on your pc . . it uses the "avatar" or "display pictures" feature. My suggestiopn would be format your pc, or uninstalll yahoo completely and delete the directory, then use another version of yahoo messenger and / or just simply disable that function in the settings as i have
     
  16. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I also would suggest not to use messangers like MSN, Yahoo, etc. If you don'y need video/voice suuport switch to alternatives like Miranda, Gaim. etc. They are less vulnerable and whats more important mostly 'Open Source'.
     
  17. TECHWG

    TECHWG Guest

    i personally dont like third party since they are not part of the original, and when msn or yahoo changes, you have to wait for an update
     
  18. vondanix

    vondanix Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    1
    got the same problem too.
    what happen is when i open my YM! there are offline messages giving links.
    someone said that if you click on the links, they will get your username/ID and password and they might change it.

    as of now the trojan is called ByteVerify and the only thing to get rid of it is to reformat the PC! >.<
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    I'm very sorry, but I consider that to be a bit overeacting.
    There are lots of ways to get rid of ByteVerify and the worms that spread using Yahoo Messenger.
    But staying away from the offline messages is a good tip!! :)
     
  20. ANETGames

    ANETGames Registered Member

    Joined:
    Oct 11, 2006
    Posts:
    2
    Well, i have to agree with what he said about "over reacting".

    Trust me, there's always a way to remove things, unless theyre Auto-Reformatters... But anyways,
    All you need to do is perhaps do a search on your system, go advanced, and then change it to "Search for files created within" whenever the time period is you were infected...

    Try using Hijack This, and posting somewhere where they will analyze them for you. But not here please.

    Also, again, try using some trusted programs that someone else already had mentioned, and be sure to update any security patches.

    You may want to consider looking for a vulnerability patch from Microsoft?

    Anyways, Good luck,
    And feel free to email me if you need any further assistance =D
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Why not to try SuperAntispyware free and AVG antispyware free version.
    Also scan with AVS( Kaspersky).
    One of my co-worker got IM worm( Qcan) and it was detected by SAS and AVG antipspyware( including Kaspersky and Antivir). I cleaned that PC.
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    How to do that?
    Thanks.
     
  24. secg

    secg Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    4
    there is one trojan which sends this link to all the messeneg contacts and then collects the passwords .
     
  25. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    OP, your virus match the description I've made HERE ??
    If so, disable svchost from startup and do a scan with NOD32. It will fix it. ;)
     
Loading...
Thread Status:
Not open for further replies.