Over 1 million tech questions and answers.

Windows Live Messenger Virus Problems

Q: Windows Live Messenger Virus Problems

I somehow got a virus/worm/thing related to my Windows Live account. Whenever I would log in, I would send a message with a link to all online contacts (the message being "HOT! HOT! www.isexsexsex.com" or something close to that). I would also spam any contacts of mine that came online while I was. I personally couldn't see the message going out, and I was not logged out of my account. I spent half a day trying to get rid of this dang thing before finally giving up. I first changed my password and security question, but that didn't work. Then I went and downloaded and updated every antivirus/antispyware program I could think of (Malwarebytes, Spybot S&D, Crap Cleaner, Glary Utilities, AVG). After everything was fully updated, I disconnected my computer from the internet and ran scans from all of the above mentioned programs. While the scans were going on, I went on to a completely different computer and changed my passwords to all my important web accounts, then changed my Windows Live account password and security question to a completely different password from the rest. After all the scans on the infected computer were completed and everything they found cleaned up, I uninstalled Windows Live completely, then installed it again fresh. I then reconnected to the internet, and tried signing into Windows Live. Same thing happened, I was still spamming people. I then proceeded to go and manually check all my running processes, and they were all legit and clean. At that point I just got fed up and uninstalled Windows Live again, and I haven't installed it since then. I'm told that the only thing left now to get rid of it is a reformat, but I really don't want to have to do that. Is there anything else I can do that I missed? Also, am I freaking out over nothing? I'm afraid that whatever this is that has infected my account can also collect passwords and other personal information from my computer.Forgot to mention, I'm running Windows XP Professional, and was using the latest version of Windows Live Messenger.

RELEVANCY SCORE 200
Preferred Solution: Windows Live Messenger Virus Problems

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Windows Live Messenger Virus Problems

Hi Legile Blade,Before thinking of a reformat, there are still a few steps that can be taken. I want to ask you to do two scans and post me the results. If you did scans with these programs already, please let me know. Did you update the programs you mention in your post you used to scan?Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.ATF-CLEANER------------------Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please download SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).. Do NOT run a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.SUPERANTISPYWARE------------------------------Scan with SUPERAntiSpyware as follows:Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.DR. WEB CUREIT----------------------Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.Please be patient as this scan could take a long time to complete.When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.Click Select All, then choose Cure > Move incurable.In the top menu, click file and choose save report list.Save the DrWeb.csv report to your desktop.Exit Dr.Web Cureit when done.Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Read other 1 answers
RELEVANCY SCORE 74

Hi, I stupidly clicked on one of the link a friend sent me through msn.
The link derected me to this website and asked me to log in, since then my messenger logs off on its own with a notice saying that i've loged off to another device and sent ppl in my contact list this link: hxxp://thatzz.awesomeofferz.com

i've tried to scan the my computer with AVG-free and it did not help at all. Also try one of the software msn virus removal, and the software couldnt find any malfunction.

Could someone help me please.... Many many thanks

Here's the DDS.txt log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Cindy at 7:21:59.09 on 12/01/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.65.1033.18.3068.1761 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Wi... Read more

Read other answers
RELEVANCY SCORE 68.4

Hi, new here. Sorry if this is the wrong forum, please move to appropriate one, thanks. :)

Basically I'm on Windows Vista 64-bit, loads of problems with Windows Live. I've always been using old msn, but I accidently now can't go back to it. So I've been struggling for hours trying to sort this, unless I'm doing something wrong, possibly.

Anywho the error is I sign in and straight away (1-5 secs) I get 'Windows Live Messenger has stopped working'. After which the program closes.

After all the trouble and errors I can't get past this one, I'll be honest it is REALLY infuriating me at the moment.

Before hand I used to get an error that it couldn't log in and that there may have been something wrong with servers, or something. I ended the process of the Nvidia Network Access Controller to solve that, but I get this new error now.

Help, anyone?

Thanks in advance.

Sho

A:Windows Live messenger problems.

Hi -

Do you have an Internet Security package installed - Norton NIS, N360; Kaspersky, McAfee, etc...?

jcgriff2

.

Read other 3 answers
RELEVANCY SCORE 68.4

Hi guys, hoping you will be able to help me out with my Windows Live Messenger, Microsoft forced all users to update to this new version, great, well not really for a lot of people, like me :S, I am now receiving error 80040154, I have tried EVERYTHING that I can find to try and fix it with no luck. Internet connection is fine, firewall is set up correct, and so is everything else, I can't find where this error is and nor can I fix it, all help would be appreciated.

Thanks in advance, Jake.
 

A:Windows Live Messenger Problems

Read other 8 answers
RELEVANCY SCORE 68.4

I downloaded the newer version of windows live messenger, I had to update it because I could not log in. After updating to the 2009 version I signed in and I lost all of my contacts they are all missing . I then up graded by IE to IE8 thinking this was the problem. Well it didn't work. I checked all of my options out and they were what the shoud be. I went to the connections part of the program and noticed that there was and error in my connection I refreshed it and it is still there. I can't use the diagnose connection problems because I don't have access to it. I have removed the program and then reinstalled it and still nothing. I can't send out invitations to invite my old contacts. One of them sent me an IM and the program froze up my cursor had the hour glass beside it and stayed that way for a long time. I then exited the program and it said it was not responding. Can anyone help me. I am running Windows XP. Thanks in advance,
Computernut

Read other answers
RELEVANCY SCORE 68.4

Hi there. had some trouble with WLM, couldn't get signed in. that was resolved (thanks!) but I am having a new problem. I cannot connect to a contact with a gmail address. I added her, and she shows up in my contact list but only appears as offline. We were both on line, but she showed as offline. then it suddenly changed to Mobile, but I could still not connect and chat with her. Other contacts popped up as available and I could chat with them. Is it the gmail that is the problem?

any suggestions?
 

A:Windows live messenger problems

is she signing using a Google Talk or using MSN?? i dont know if it is possible to chat to Gmail users thru Google Talk.
The only way is if she registers her email with .NET Passport and signs in using WLM. did she do that already?
 

Read other 2 answers
RELEVANCY SCORE 68.4

Hi, I have being getting the error since this afternoon now
i have also search tru and read tru many website regarding the error 81000306

Well the Windows Live Messenger works fine earlier this morning while during the noon, me and my housemate changed the ISP since we have being using our friend's internet
And since we have our own ISP now, we switched the router and start using the internet
All works fine accept i cannot access into windows live messenger.
the thing says that It is not connect to .Net Messenger Services.

Runned all the rgsrv32 dll files, cleared the Socks, Flushed the DNS but none ever work.

It is still the same router tho Linksys that the MSN actually work before the switch of ISP
so either there's something wrong with the ISP or there's something that i need to configure.

Any Ideas where i Should start and do?
Thanks in Advances, much is appreciated and if you live in Asia, i'll buy you some beer.

[edit] i'd just noticed that i cant actualyl access into my hotmail accounts nor can i actualyl post anything at certain forum nor does certain microsoft website works, such as entries of windows and stuff

it would only show blank page after i post or login which basically i got nothing

wait maybe it work from which the problem may lies to the internet making most of the page load into blanks
 

A:Problems for Windows Live Messenger

Several current threads on TechSpot about this issue. Please search for information that will help you. If you do not find it from existing threads, please advise.

EDIT: Here's one: http://www.techspot.com/vb/topic125191.html
 

Read other 2 answers
RELEVANCY SCORE 68.4

I am having problems with Windows Live Messenger, I have windows Vista, could this be the problem? When I try to sign in, the message either says that my "IP Address is not correct" or that WLM is temporarily unavailable. I have uninstalled, and installed a couple of times, nothing is working. I have tried everything that the messenger help service advises.....NOTHING IS WORKING!!
Can anyone help with what to do.....or is there another messenger service I could use instead?
 

Read other answers
RELEVANCY SCORE 68.4

Ok, does this happen to anyone else?
You go to bed, things are working fine, but wake up and it is screwed up?
The midnite gremlins always seem to play havoc with me!
Now when I login to windows live messenger, I get the "so and so wants to add you to their list" box for anyone and everyone who has ever been on my list or in my contact list. I am talking a hundred or more of these boxes I have to manually cancel!

This happened at work, but my home computer was ok.
Now it does it at home, but my new work computer doesn't do it

What is up with messenger?

If you say uninstall and reinstall, how does one save all the custom emoticons? And I did this at my first work computer and it made no difference! You would think that your profile and setup would be the same on any computer but with this it isn't, why not?

Anyone got an idea??????

[email protected] me if u want

Also, does xp have a fix or repair section where it will diagnosis itself and little things will be repaired-such as selective password rememberance, IE7 stuff?

Read other answers
RELEVANCY SCORE 68.4

Hey there!

I've been having problems with WLM 9.0 (14.0.8064.0206, 14.0.8050.1202). WLM Keeps popping up from the taskbarn everytime I minimize Firefox. When I minimize other windows or applications, WLM keeps it's position in the taskbar like it should.

So there's some kind of problem between WLM and Firefox, but what the problem is, I dont know.

Any thoughts?

A:Problems with Windows Live Messenger 9.0.

Hi,

I have W7 beta 7000, WLM9 and FF latest version and have not noticed this behaviour. Which W7 beta do you use?

Read other 6 answers
RELEVANCY SCORE 68.4

Okay, so a few days ago I updated my Windows Essentials and it updated my messenger to 2011. I did not like that version, so I uninstalled it from my laptop. Then I installed an the old version I liked, (or I think I did.)
Anyways, the problem is with my cam.
As you can see, it says "Start or stop a video call" It did not say that before. It used to say " Invite contact to send cam" or " Send your cam". Now it only says "Start or stop video call"
Does anyone know how to fix this and make back to what it said before? I really need it back to that way. Or is there a version of messenger that has it that way? All help is appreciated. Thank you very much.

A:Windows Live Messenger problems

Well, an update, I asked some friends and this is what happened.

This one can see the old version options.
But this friend says that "start or stop video call" is given to him for all his contacts.
But at the same time, this friend said that the option "start or stop video call" is only given to me. To the rest of her contact list, its a normal "send cam" or "start or stop contact's cam"
Is there any way to configure my settings on messenger to show the option "send my cam" or "start or stop contact's cam" instead of "start or stop video call" ??
I would really really appreciate any help on this. Please. All ideas are welcome. I really need the help. PLEASE.

Read other 1 answers
RELEVANCY SCORE 68.4

Ok, so I recently had my ISP changed, and all of a sudden I couldn't get webcams to work on windows live messenger. No one's cams worked, not mine, not my friends, no one.
I called my ISP and they said it wasn't them, I reinstalled messenger, I've had no luck.
I can still make video calls but they're slow and pixelated.
What can I do?????
 

A:Windows Live Messenger Cam Problems

check internet speed what was you on before changing?

http://www.speedtest.net/
 

Read other 1 answers
RELEVANCY SCORE 68.4

Hi all, Im hoping someone can help with the new windows live messenger which I have downloaded recently. I cant seem to access some of the content and am being given an error message of " your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."

I have searched my security settings in IE and Mozilla firefox but it doesnt seem to make any difference.

Any help would be appreciated.......
 

A:windows live messenger problems

A few questions:

1) do you have any firewalls running? Some firewalls can be configured to block ActiveX content, as it a known route of infection.

2) Have you tried uninstalling, downloading a fresh copy, rebooting, and then re-installing. Sometimes this clears up "weird problems" with software.

This will help me and the rest of us see if we can't figure out the source of the problem.
 

Read other 1 answers
RELEVANCY SCORE 68.4

Hey guys, I'm really stuck.

I've just downloaded Windows Live Messenger and I can't get it to sign me in.
Every time I click the Sign In button, it pauses for a few seconds and then a box comes up saying:

"Signing in to Windows Live Messenger failed because the service it temporarily unavailable. Error code: 800401f3".

I've been trying to sort out the connections but I have no idea what I'm doing, any help would be muchly appreciated.

Cheers.

 

A:Windows Live Messenger problems

click on the drop down bar and go to tools---->options then select the network tab and try the connection tests and such. Also try advanced connection and let me whats in there if anything.
 

Read other 2 answers
RELEVANCY SCORE 68.4

Hello,

When I try to Log in to my MSN IM, it just freezes and stays frozen till I restart my computer and then it freezes again. I try to you Ctrl+Alt+Del, but it won't load it. Thanks

Corey
 

Read other answers
RELEVANCY SCORE 68.4

The program is not sending the mails.

A:Problems with Windows Live Messenger

Hello,

Is it possible a firewall is blocking it? Try disabling any anti-virus/firewalls you might have.

You can also try removing the program and reinstalling.

Read other 5 answers
RELEVANCY SCORE 68.4

I cannot see the bar on my windows live messenger Version 9 that tells me who I am talking to in my tabbed chats! It is realy annoying me because I can only talk to one person at a time! What can I do!

A:Windows Live Messenger Problems!

uninstall and reinstall new copy

Read other 1 answers
RELEVANCY SCORE 68.4

With or without running Kaspersky antivirus trial i cannot access from my windows live messenger my hotmail account. It says something about java not installed or blocked.

I downloaded / updated Java from the Sun site and the old JSE enviroment like it says on your site was deleted . Now Messenger went haywire.

Please help!

first post original logs and problems with "My Computer":

http://www.techsupportforum.com/secu...-high-cpu.html

Thanks!

A:Windows Live Messenger Problems

Please be patient and wait for replies to your first HJT help thread - and do not create new threads to get attention.

Read other 1 answers
RELEVANCY SCORE 68

Hi you all. I've been downloading some things yesterday and now other people in my msn list have told me, that I've got a Windows Live Messenger Virus. It sends things to other people in my contact list like this:

www. PhotoShotz. com

HAHAHA!

But then a little bit different ofcourse. Now I've got some questions.

1. I've scanned my whole computer, including USB stick and other attached hardware. I've scanned with AVG 8.5 Free and with the Trial Version of Kaspersky (newest version). But they both haven't noticed the virus. Why?

2. Are AVG 8.5 Free and Kaspersky Trial Version enough to keep viruses away?

3. Well now, how can I delete the virus? I have no idea how to delete Windows Live Messenger, because it isn't in my 'Software' list. Or is it called 'Windows Live Essentials?' Is that WLM?

I've got some more questions, but I guess this is enough for now. THANKS ALOT, IN ADVANCE!
 

Read other answers
RELEVANCY SCORE 68

Hi,

People on my windows live messenger contact list have been complaining that the y have been getting messages from me displaying links to sites such freeoffersforyou dotcom. I havent sent these messages and i think i have some sort of virus because when it does it, it allso logs me out of messenger. I have enclosed the log from the panda scan and the hijack this log. Any help will be greatly appreciated

Cheers
Macca

ActiveScan.txt

Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][2].txt ... Read more

A:windows live messenger virus

Hi Macca18112002 and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
chec... Read more

Read other 9 answers
RELEVANCY SCORE 68

hey,

i do not know anything what so ever about computers etc and i'm sorry if this is the wrong place to come with this issue.

but a few days back my wee sister was on windows live messenger when someone sent her a file saying "i dyed my hair, is this to dark" and there was a "picture" attached. there are a few of these going round, including "i found teh perfect house, look at the garden" and "look at this sunset, wish i was there". everytime on windows messenger now, it sends this file to different contacts even when it says i'm offline.

anywho, i ran some anti-virus programmes and thet didn't seem to pick anything up. they i ran kaspersky and that picked up 2 problems. it deleted one, but the other it doesn;t seem able too. its called "windows\system32\ftkj.exe" i don't know if thats right, its what it says. i really am confused.

i really am sorry it that doesn't make sense, but if you can, please help

A:windows live messenger virus

Click the 5 Steps to Remove Spyware link in my signature below and follow the directions. The 5 Steps will direct you to run multiple online virus scanners to attempt to remove the problem. Step 5 will direct you to post a HijackThis log in the HijackThis Forum Section (not in the XP section) so the HJT analysts can look it over and help you manually remove any threats. Be patient, as the HJT analysts are busy, but they should get to you shortly after you post.

BMR777

Read other 2 answers
RELEVANCY SCORE 68

I don't know what it is and I've been meaning to do something about it.

It usually sends it when I'm not online with a message that is rather vague in description and contains a link. The link takes the person to a page asking for the log on info.

There's also one that advertises some sort of drug that is either for weightloss or male enhancement (I haven't figured that one out, yet).

I'm tired of this and it has caused me to block one person, and be blocked by my mother of all people.

A:Windows Live Messenger Virus?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

Read other 4 answers
RELEVANCY SCORE 68

Hi, I have been having a problem with my computer.

I accidentally opened a file from a friend that I believe was a compressed zip file and it said that I was gonna open some picture of some sort.

As it is, I opened it and it happened to be a virus and now it continuously sends it to everyone on my messenger contact list.

I looked at some of the other threads on this website and tried some of the methods but nothing seemed to work, so I decided to add my problem personally.

I am with Windows XP, and I have the Windows Live Onecare virus program.
I should also add that when i did a virus scan, it showed up that the unwanted software "Backdoor:Win32/Sdbot.gen!A" was quarantined, however, the problems i am experiencing are not stoping.

Please help me....
 

A:Windows live messenger virus!!!

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 68

this thing that is happening is really weird
the names of my contacts who are always online, have been mysteriously changed
it is impossible to change ur contacts display name right? this isn't the weird thing
but the names have changed to something really disturbing
this is a few examples:

real display name : Brown Koala
after being changed : i'm in conspiracy with him to love you

real display name : Diego
after being changed : Philipino *** HOLE
*despite the fact that i have a philipino boyfriend now*

real display name : fox is in love with :heart: prince nuada :heart:
after being changed : fox is in love with :heart: as yongky :heart:
*yongky is my brother's classmate and his display name is Koty [V] Kura-Kura*

real display name : Howhow
after being changed : CHINWEI F*CK U BLOCK ME!?
*i had blocked this guy many months before and the weird thing is....he doesnt even know my real name and non of his friends know me!*

and some other's are saying '*my name* I love you!' with my other contacts having something similar
it had stopped for some while when i had changed my password, but it just started again a few days ago
but it had gotten worse saying some really bad things

i really hope u guys could help me out on this! oh and I'm using a windows XP
Thanks in advance!
 

Read other answers
RELEVANCY SCORE 68

Hi, i was in a chat box yesterday and my friend said "hey look at my photo album" and i extracted the file, only to find out its a virius

my norton antivirius doesnt read it being on the pc but i know its there because it keeps making my wlm crash and sends the message to all my online contacts

can you help please?
 

Read other answers
RELEVANCY SCORE 68

Hey guys,

I recently and stupidly opened up a folder entitled "photo album" through a conversation window in the Messenger.....as a result.. i got a virus which would then freeze the MSN and send out the virus files randomly to people
Whenever that happens, trojans would appear and I always have to run AVG - Free Antivirus and Ad-Aware to remove the trojans
these trojans include : BackDoor.Ircbot.BYF
" BYX

.....
ANY HELP FOR REMOVING THEM OR EVEN THE MAIN VIRUS?......help would be greatly greatly appreciated
 

Read other answers
RELEVANCY SCORE 68

The other day I was sent a link by my friend's msn. Not thinking. I went ahead and clicked on it.
I now have an msn virus. I sign in, talk to people for a minute or so, then it starts sending my contacts the same link. My screen freezes, I undo that, but by the time I do, I can no longer start conversations with anyone. I must sign out, and do the whole thing all over again.
I have searched countless forums in order to find out how to get rid of this annoying thing, yet I cannot find an answer. I am ok with computers, but some of the things people are saying are just too confusing for me. I can't figure out where to go on my computer to find a file (if there even is one) to delete.
I don't know the name of the file I clicked on either.
I don't know what to do.
I have tried re-installing messenger, software removal things, anti virus scanners. You name it. It's probably very simple to get rid of, well, I hope so anyway.
Could someone please tell me how to get rid of it, but in a way that I will understand!
 

A:Windows Live Messenger Virus

Hi, Welcome to TechGuy.org!

You are sure you have malware so you must post your thread in our Malware Removal forum....I can assist you with doing that.

First, those who can help you need you to post a Hijackthis log as a start. We use that tool to give a general idea of the system plus it does show some of the malware. You are also asked to post a second log from Hijackthis to show the list of installed software.

If you suspect you have any malware, I suggest you post a Hijackthis log in our Malware Removal forum
go to Click here to download HJTinstall.exe
Click the blue "Download the Hijackthis Installer" link
Save HJTinstall.exe to your desktop. DO NOT just press run from the website
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
Don't use the Analyse This button, its findings are dangerous if misinterpreted
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Paste the log in your next reply.
... Read more

Read other 1 answers
RELEVANCY SCORE 68

Hi, I keep getting messages on Windows Live Messenger supposedly from people on my contact list that say stuff about them trying acai berries to help lose weight and they think I should try them. Weird messages like that, and it will give a link to a website that says I should click on for more information. I've never clicked on the links and my friend said she never sent those messages to me. Is this a virus or something? And how to I make it stop? Thanks for your help!

A:Windows Live Messenger virus?

Hello, the first thin we should do is run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be... Read more

Read other 1 answers
RELEVANCY SCORE 68

Hello,

I also stupidly clicked on the link sent to me by a friend and now I'm sending the same message to my contacts as well. I tried to look at the solutions offered to other people but I'm not sure if the same will apply to me, so here is my hijack-this log and also the combofix log. I have tried scanning with F-prot antivirus, spybot, and ad-aware (all defintions have been updated) and nothing has helped. I tried to uninstall and reinstall messenger, and now, several of my contacts have just blocked me so I'm sure that I still have a problem. Also, I'm using Windows XP, thank you in advance.

ComboFix 07-12-02.7 - njanevsk 2007-12-03 13:38:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT -5:00]
Running from: C:\Documents and Settings\njanevsk\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 13:24 . 2007-12-03 13:29 <DIR> d-------- C:\Program Files\Windows Live
2007-11-30 16:06 . 2007-11-30 16:06 <DIR> d-------- C:\Documents and Settings\njanevsk\Application Data\Lavasoft
2007-11-30 16:05 . 2007-11-30 16:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-30 11:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-30 11:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-30 11:45 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS... Read more

A:Another Windows Live Messenger Virus

Read other 16 answers
RELEVANCY SCORE 68

Hello all,

I received a virus through Windows Live Messenger through one of my contacts that said: "jesus this picture really looks like you." and the conversation window had a file for download. Foolishly I downloaded the file and now not only do I have the virus, but my Messenger is sending out messages just like the one I opened. I am copying a log file from HJT. I hope this is the right thing to copy. Adaware, Spyware Doctor, and Norton Antivirus cant catch this thing. I appreciate any help on removing it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:36 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program... Read more

A:Windows Live Messenger Virus

Hello r.d.j.,

Welcome to TSG. Malware is showing there, so let's start some repairs now.

Be sure to temporarily disable any protective software when running the scan tools we use here. Very important. You will want to make a copy or have other access to these steps as they will be done without net access.

Open HijackThis, and choose None of the above, just start the program. Click Config Misc Tools Open process manager. From the list, click each of the following if it is present, and Kill Process. Close HijackThis.

C:\WINDOWS\system32\gwqx.exe
Download SDFix.exe and save it to your desktop.

Download ComboFix.exe from here to your desktop.

Now disable your net connection, and if dsl/cable physically disconnect the cable from the machine, if dial-up, the phone line.
===================================================
Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).
In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Then open the C... Read more

Read other 1 answers
RELEVANCY SCORE 68

So it was a normal night, and one of my contacts gave me a random message. He then sent me more and more of the same message. The message was:

So i thought it was some pic, and out of curiosity clicked on it. Then there was nothing but a blank page and a message that said "Do you wish to download this file?" (I was using Google Chrome), so I clicked yes. And then some random .exe file opened up and noth ing really happened after that.

Now, when I go on msn, i automatically spam all my contacts with the "is this you?? thing. My friend said it was a bot virus and he cant stop it himself. Now, i spam people without noticing it, my computer is much slower than usual, and when I play games or full-screen applications, it just automatically minimizes every 5 seconds.

Please Help!!!
 

Read other answers
RELEVANCY SCORE 68

Hello everyone,

Be gentle as i am not very technical with computer jargon,
my problem is that whilst my daughter was on wlm with her friends a link appeared and she clicked on it opening a blank web page and then asking to run a program(dont know what it was) ,since then wlm closes her conversations and wont let her continue unless she logs out and back in again,it also seems it starts sending this link to other people in her contacts,i know this because i was trying to set up a web cam using my laptop and i recieved the link whilst she was on the pc,the link was foto foto-img.com/image.php followed by her email address. i have ran mcafee and spybot but both found nothing.
any help would be very much appreciated.

thanks
mintsauce
 

Read other answers
RELEVANCY SCORE 68

Hi I've just found this site and am desperate for some help. I looked at another thread and it was similar. Basically got a line in msn from someone and it said something about a pic, and there was a file attached (image25). I tried to open it, but it wouldn't, so I found a way to unblock it (stupid me!!!) even though i was feeling a little suspicious, I still did it. So when I did unzip the file and tried to open pic, nothing happened... well i thought nothing until the screen would start blinking and my online contacts would pop up for a second and it would send them a line about a pic... but no file. maybe cos i deleted the file. but it still is extremely annoying sending out messages and then freezing on me - i cant do anything with msn once it happens. i've downloaded the msncleaner 1.4.1 and deleted the files. here's the report.
- Logfile MSNCleaner 1.4.1 by www.forospyware.com
- Created Logfile: 10/1/2007 on 10:06:47 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 6
Deleted file: 6
Undeleted Files: 0

C:\Documents and Settings\winxp\Local Settings\Temp\image08.zip <--- Deleted
C:\Documents and Settings\winxp\Local Settings\Temp\image09.zip <--- Deleted
C:\Documents and Settings\winxp\Local Settings\Temp\image25.zip <--- Deleted
C:\Documents and Settings\winxp\Local Settings\Temp\image41.zip <--- Deleted
C:\Documents and Settings\winxp\Local Settings\Temp\image50.zip &l... Read more

A:Windows Live Messenger - virus please help!

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and P... Read more

Read other 1 answers
RELEVANCY SCORE 68

Hi everybody!
first of all, this is my first time around, so a nice welcome couldn't harm anyone...
anyhow, i'm pretty sure you've got this problem before, but i would like to resolve it if you have done so.
so, you know the story: i get this message with a zip file attachment saying "facebook.zip" and i downloaded it and virus scaned it with Kaspersky Anti-Virus and nothing wrong came up. i also scaned the file itself and nothing came up.
but then i opened it and it started spreading around my messenger and sending the same file to everybody and got my computer stuck several times (didn't need to reboot).
later on i've checked up with the web, and i've scanned it with ad-aware and with spybot.
i've deleted all of the threats, BUT NOTHING HELPS!!!

in short, please help me get this over with. even if i need to hijack it and all, i just want it removed.
please help me! i'm desperate!

ArmyMan007

Cuz you can't beat the best...

 

A:Windows Live Messenger pic virus

Read other 9 answers
RELEVANCY SCORE 68

Hi,

I just had a message from a contact saying something like

"Can I put this picture of you in my album"

There was a link which i clicked and downloaded a zip file, which i stupidly unzipped & run.
My PC seems ok at the moment, i have shut down MSN and am running a virus check.

Are there any fixes that I will need to install to clear this??

Cheers
 

A:Windows Live Messenger Virus !!!

Click here to download HJTsetup.exe.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
 

Read other 1 answers
RELEVANCY SCORE 68

Hello guys, the last few days my inbox has received several emails that indicate undeliverable mail sent from my computer. I assume there are many more that are getting through to someone. The email contains two attachments. One is a file ATT00553.dat (219 bytes) (not the same series of numbers each time) and another file that says "longino calabrese wants to be your friend on Windows Live (2.66 KB)"

Can you help?

Thank you.
 

A:Windows live Messenger Virus

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:48:26 PM, on 10/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\Common\FSHDLL32.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Analog Devices\Core\smax4p... Read more

Read other 1 answers
RELEVANCY SCORE 68

Hi
Yesterday I recieved a message from a friend with a link about something to do with a photo of me, it had my email address in the link and as it came from a good friend, I stupidly clicked on it.
Ever since it has sent the same message to all my friends on messenger, and it has caused messenger to close down all the time and flicker conversation windows on and off all the time!
Im not very computer literate, (i know the basics) so I would really appreciate some help on this!
I ran my windows system scan, and it didnt seem to find anything, yet I suspect after reading other threads it is somehow still on my computer!
Any help would be gratefully appreciated, im starting to panic now!
Kind Regards!
 

Read other answers
RELEVANCY SCORE 68

Hey, I got the same imagexx.zip virus trojan thing that other people on this forum have been getting. My hijackthis log is below.

-------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:04:41 PM, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvbsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 68

my contacts within live messenger receive a message from me directing them to a web link ( haha see your photos on myspace etc)
Here is my hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:16, on 07/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\TomTom HOME 2\TomTomHOME... Read more

Read other answers
RELEVANCY SCORE 68

Hello,

The name is Michael and I'm here because I'm having trouble with Windows live messenger. I'm actually working on a friend's computer right now; I received a familiar message saying, "hey look at this pic!!" or something like that from her computer, and so I've let her know that shes got a virus. I have her computer for a few days to try to help her out.

Anyway, I've followed the above instructions and here are the files from DSS:

Deckard's System Scanner v20071014.68
Run by Queen layla on 2008-04-10 17:08:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
19: 2008-04-11 02:36:52 UTC - RP246 - Installed SUPERAntiSpyware Free Edition
18: 2008-04-10 19:42:02 UTC - RP245 - Windows Update
17: 2008-04-10 19:22:09 UTC - RP244 - Windows Update
16: 2008-04-09 08:20:01 UTC - RP243 - Scheduled Checkpoint
15: 2008-04-07 19:52:05 UTC - RP242 - Windows Update


-- First Restore Point --
1: 2008-03-13 13:01:20 UTC - RP228 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 958 MiB (1024 MiB recommended).


-- HijackThis (run as Queen layla.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 17:13:53... Read more

A:Windows Live Messenger virus

Biddy biddy Bump bump please.

Read other 4 answers
RELEVANCY SCORE 68

Yes, I was stupid and I clicked a link sent to me through msn before asking what it was.

The exact words sent from one of my contact's user said:

this really looks like you :S http://photoshare.ph.funpic.de/viewimage.php?=

with my email address after the =

After clicking this link, It opened a file, and then started sending all of my contacts the same message, with my email address replaced by theirs.

I sent a message to them all telling them not to open the link, as it was a virus, and then closed messenger.

After brief checks on google, it looks like this could potentially be quite a bad virus, I haven't had any problems yet other than my messenger sending that link onto all my contacts, but I imagine they will come if I don't do something about it first!

Please help and tell me what to do!

I am running Windows Vista home premium on an advent laptop.

Thankyou in advance.

Nicky.
 

Read other answers
RELEVANCY SCORE 68

I dont think I need to tell you what happened, as most likely you have already heard about this thing. Below is my Hijack this log, if there is anyone at all who can help I would really really appreciate it. I really do not want to re-build my PC, so this is my last hope. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:26 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\lotus\notes\nslsvice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\ssisvr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Searc... Read more

Read other answers
RELEVANCY SCORE 68

My brother recently clicked on a file that someone sent to him in a message, now every time that i start up my windows live it does the same thing. Can someone please help me with what they know.
Thank You,
Jerry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:34 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.e... Read more

A:Need Help Windows Live Messenger Virus

Delete any existing version of ComboFix you have sitting on your desktop

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net
--------------------------------------------------------------------
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection when Combofix has completely finished then restart your computer to re... Read more

Read other 3 answers
RELEVANCY SCORE 68

I recently accepted a zip file from a friend named 'photo album'. I extracted it and ran the file inside it. Very dumb i know.

Know I have some type of virus on my computer.

When in action it opens and closes WLM windows repetitively (presumably sending the virus in the same way as I received it). Alas, it's happened to quite a few people independent of the apparent chain I'd got myself into, so I assume it's more widespread than I thought.

Can anyone facilitate in helping me remove this Trojan or take appropriate action please?
 

Read other answers
RELEVANCY SCORE 68

Last night, I was chatting to my friend on WLM, when she 'sent' me a message saying

"hey is it ok if i put these pics of you on my profile"

and it was accompanied by an 11kb file, which was called "Image11.zip"

I was foolish enough to accept, extract and run the file inside the .zip.

Now, I can't figure out how to get rid of it.

I've run Ad-Aware and AVG. AVG picked up nothing, Ad-Aware picked up somethings but its still there.

It makes all my contacts pop up on the screen for a second and then go away, so I think it's trying to send the virus to them too.

Does anyone know what to do?

I need help!!!

PLEASE!!
 

A:Windows Live Messenger virus

Hi and welcome

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 68

Hi,

People on my windows live messenger contact list have been complaining that the y have been getting messages from me displaying links to sites such as freeoffersforyou dotcom. I havent sent these messages and i think i have some sort of virus because when it does it, it allso logs me out of messenger. It also send this message to people in my contact list when I'm offline. I have enclosed the log from the panda scan and the hijack this log. Any help will be greatly appreciated

Cheers
Macca

ActiveScan.txt

Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Home Laptop\Cookies\home [email protected][1].txt
Spyware:Spyware/Vundo Not disinfected C:\Program Files\TrojanHunter 4.7\Quarantine\5R526e.dat
Virus:Trj/Downloader.OZB Disinfected C:\Program Files\TrojanHunter 4.7\Quarantine\9Kv8Tz.dat
Virus:Trj/Downloader.OZ... Read more

A:Windows Live Messenger Virus

Read other 14 answers