Have the msn virus "foto-475_jpeg.zip"

[darthvader619]

How do I get rid of it?

My stupid brother accepted some file on MSN and now it has pwned my computer.

Here is a screenshot of the files contents; http://i1.tinypic.com/731iqfr.jpg

How do I get rid of this, pleez help.

This is what "virustotal" said; http://www.virustotal.com/resultado.html?7cf293763f5c1afb5a8782c91a89ab19

Thanks..

 

[~NeonFire372~]

Try Hijackthis.

 

[Bobert93]

thats the most annoying virus , my friend had it . it automaticalys says somthing like "do u like this photo" then asks u to accecpt a exe in a rar folder . ill try to help u find a solution

 

[Bobert93]

1. Click on the Start button and click on Run
2. Then type in msconfig and click OK
3. You should see a screen that has System Configuration Utility in the blue bar
at the top
4. Click on the Tab that says Startup
5. Locate an entry that says MSN Messenger as the name. The filename will have
PIC1342(2)(1)(1)(2)(1)(1)(1).exe at the right hand side
6. Click the box beside the name MSN Messenger
7. Click the Apply button in the bottom right hand side of the screen
8. Then when prompted restart your computer and when Windows loads up again
locate the file on your computer (it should be in the C:/My Documents/Messenger Received Files directory) and then you should be able to delete it

 

[darthvader619]

I don't have MSN in startup, I manually open it each time I use the computer because my parents use the computer too, and don't like closing it each time they use the computer.

Cryman, I helped my friends get rid of img-0012.zip virus, but I cannot find a solution for this one. This might be the same thing, but google shows nothing for it.

I'll try hijackthis.

Here;

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:20:30 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IDMan.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\OEM\My Documents\Downloads\Programs\HiJackThis_v2.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IDMan.exe /onboot
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5367 bytes

 

[Bobert93]

have u tryed any virus removal tools like nod32

 

[darthvader619]

I tried spybot, and avg 7.5, but I nothing came up with them.

Nod32 is useless.

 

[Bobert93]

but virustotal said avg found it . just download nod32 ,best anti-virus ive used

 

[darthvader619]

Ok im downloading nod32.

I just cancelled the avg scan lol, avg sucks, and it was lagging my computer too much.

 

[Bobert93]

yer it does, nod32 is great its constantly scanning ur computer and internet page ur on for virus and u carnt even tell its on , even for my laptop 256mb ram and 1.3 cpu