Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 12-20-2007, 07:59 PM   #1
In Runtime
 
JediKnight's Avatar
 
Join Date: Apr 2005
Posts: 193
Send a message via AIM to JediKnight Send a message via MSN to JediKnight
Default Have the msn virus "foto-475_jpeg.zip"

How do I get rid of it?

My stupid brother accepted some file on MSN and now it has pwned my computer.

Here is a screenshot of the files contents; http://i1.tinypic.com/731iqfr.jpg

How do I get rid of this, pleez help.

This is what "virustotal" said; http://www.virustotal.com/resultado....8782c91a89ab19

Thanks..
__________________

__________________
You know how I roll.
JediKnight is offline   Reply With Quote
Old 12-20-2007, 08:02 PM   #2
Golden Master
 
Join Date: Apr 2006
Posts: 7,534
Default Re: Have the msn virus "foto-475_jpeg.zip"

Try Hijackthis.
__________________

LA061 is offline   Reply With Quote
Old 12-20-2007, 08:05 PM   #3
Fully Optimized
 
Bobert93's Avatar
 
Join Date: Dec 2007
Posts: 2,449
Default Re: Have the msn virus "foto-475_jpeg.zip"

thats the most annoying virus , my friend had it . it automaticalys says somthing like "do u like this photo" then asks u to accecpt a exe in a rar folder . ill try to help u find a solution
Bobert93 is offline   Reply With Quote
Old 12-20-2007, 08:07 PM   #4
Fully Optimized
 
Bobert93's Avatar
 
Join Date: Dec 2007
Posts: 2,449
Default Re: Have the msn virus "foto-475_jpeg.zip"

1. Click on the Start button and click on Run
2. Then type in msconfig and click OK
3. You should see a screen that has System Configuration Utility in the blue bar
at the top
4. Click on the Tab that says Startup
5. Locate an entry that says MSN Messenger as the name. The filename will have
PIC1342(2)(1)(1)(2)(1)(1)(1).exe at the right hand side
6. Click the box beside the name MSN Messenger
7. Click the Apply button in the bottom right hand side of the screen
8. Then when prompted restart your computer and when Windows loads up again
locate the file on your computer (it should be in the C:/My Documents/Messenger Received Files directory) and then you should be able to delete it
Bobert93 is offline   Reply With Quote
Old 12-20-2007, 08:18 PM   #5
In Runtime
 
JediKnight's Avatar
 
Join Date: Apr 2005
Posts: 193
Send a message via AIM to JediKnight Send a message via MSN to JediKnight
Default Re: Have the msn virus "foto-475_jpeg.zip"

I don't have MSN in startup, I manually open it each time I use the computer because my parents use the computer too, and don't like closing it each time they use the computer.

Cryman, I helped my friends get rid of img-0012.zip virus, but I cannot find a solution for this one. This might be the same thing, but google shows nothing for it.

I'll try hijackthis.

Here;

Code:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:20:30 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IDMan.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\OEM\My Documents\Downloads\Programs\HiJackThis_v2.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IDMan.exe /onboot
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\OEM\LOCALS~1\Temp\Rar$EX08.297\Patch By REA Team\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5367 bytes
__________________
You know how I roll.
JediKnight is offline   Reply With Quote
Old 12-20-2007, 08:34 PM   #6
Fully Optimized
 
Bobert93's Avatar
 
Join Date: Dec 2007
Posts: 2,449
Default Re: Have the msn virus "foto-475_jpeg.zip"

have u tryed any virus removal tools like nod32
Bobert93 is offline   Reply With Quote
Old 12-20-2007, 08:49 PM   #7
In Runtime
 
JediKnight's Avatar
 
Join Date: Apr 2005
Posts: 193
Send a message via AIM to JediKnight Send a message via MSN to JediKnight
Default Re: Have the msn virus "foto-475_jpeg.zip"

I tried spybot, and avg 7.5, but I nothing came up with them.

Nod32 is useless.
__________________
You know how I roll.
JediKnight is offline   Reply With Quote
Old 12-20-2007, 08:51 PM   #8
Fully Optimized
 
Bobert93's Avatar
 
Join Date: Dec 2007
Posts: 2,449
Default Re: Have the msn virus "foto-475_jpeg.zip"

but virustotal said avg found it . just download nod32 ,best anti-virus ive used
Bobert93 is offline   Reply With Quote
Old 12-20-2007, 08:54 PM   #9
In Runtime
 
JediKnight's Avatar
 
Join Date: Apr 2005
Posts: 193
Send a message via AIM to JediKnight Send a message via MSN to JediKnight
Default Re: Have the msn virus "foto-475_jpeg.zip"

Ok im downloading nod32.

I just cancelled the avg scan lol, avg sucks, and it was lagging my computer too much.
__________________
You know how I roll.
JediKnight is offline   Reply With Quote
Old 12-20-2007, 09:02 PM   #10
Fully Optimized
 
Bobert93's Avatar
 
Join Date: Dec 2007
Posts: 2,449
Default Re: Have the msn virus "foto-475_jpeg.zip"

yer it does, nod32 is great its constantly scanning ur computer and internet page ur on for virus and u carnt even tell its on , even for my laptop 256mb ram and 1.3 cpu
__________________

Bobert93 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 05:52 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0