** VIRUS ALERT **

[Bobber]

I just got wacked by a virus that was sent to me via MSN messenger. When the virus executed, it may have sent a message to anyone in my Contacts list.

If you recieve a message from me, with the text...

lol, look at this
and a link

DO NOT CLICK ON IT AND GET OUT RIGHT AWAY.

I'm in the process of trying to remove this virus right now.

[Canadian Bacon]

Me tooooo

[M.T. Livewell]

If anyone gets a pop from me, let me know cause I ain't sending it.

It will say

M.T. Livewell says
Lol, you gotta see this.
And then include a link. Do not open the link, it has the worm.

M.T. Livewell

[BBRich]

Yeah it's going around.. I was gonna accept it but turned it down at the last second.. good thing. I'm getting that stupid message from everyone!

[fishforfun]

Bobber when you figure out how to get rid of it let me know

[Guest]

Bum deal guys, that really sucks.

Let me know if you need a hand removing the critters. I've got quite a lot of experience doing so.

HW

[fishforfun]

HW ran my antivuris, Fprot, but when I reboot the mach is froze?

[Guest]

Which Antivirus application?

When you ran it, did it detect the worm? If so, what was the name of the worm?

HW

[Guest]

Didn't you guys ever learn to USe protection!

[Guest]

Sound like this guy?

Beware of accepting file transfer requests from a person on your buddy list, where the file is one of the following; hahaha.pif, naked_drunk.pif, WebCam.pif, me_2005.pif and there may be more. If you've opened the transferred document then your PC has been infected. If you did not open the file, then you can just erase the file that was transferred (whew!).

The dropper files, received via the MSN file transfer, have been identified as W32.Bropia.J. This is a worm that propagates using MSN Messenger and drops a variant of the W32.Spybot.Worm. When the file is opened (run) it places a SpyBot file on the system and runs it. The file is ~140KB and when run it installs a file called "winins.exe" to C:\{winnt, windows}\system32\ and has the file attributes of System, Hidden, Read Only (SHR). As with all the SpyBots, this one goes off to connect to an IRC server on the Internet, reports in and waits for further instructions or new versions of the worm from the worms creator.

LOL @ Crazyhook!

HW

[fishforfun]

How about "LOL look at this" came from a known source, and I stupidly opened it, soon as I did knew it was a virus, powered off rebooted ran the antivirus deleted 5 files now mach is locked up.

[Guest]

What operating system are you running?

And what do you mean the machine is locked up? When you turn it on, what exactly happens?

HW

[BigSim]

Hey guys, I dont know if this will work, but its cured all of my Virus problems. And I know you shouldnt generally plug people's stuff, but Google for AVG

Its a free antivirus program that updates as much as any payed-for program I've ever used. Maybe that will help you out. Grisoft should be the company name, I think.

Good Luck and good riddance
BigSim

[Cancatchbass]

Here's a link to the removal tool that will fix you up:

http://securityresponse.symantec.com/av ... .tool.html

Good luck!

CCB

[steven]

same thing for me "LOL look at this" and like an idiot,i open it and boom 32 msn windows waiting for the accept ...outch...i tryed to kill that piece of crap for 3h than i decide to run my NorthonGhost,,so all the system was restore in 5min 30...

if you're don't know if you got it..just do ctrl+alt+del and administrator and you're gonna see PROJECT1,,maybe one or a lot of that in running mode