Have you had a message via MSN :
tell me is this really you ? http://photogallery.gigacities.net/viewimage.php?
It's a virus which seems to be not detected and spreading very rapidly.. anyway to remove it.
close down messenger to stop any more distributions... Then
Go to start --> run -->
regedit
press return
navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Look for either an entry that has a data value of 'msn.com'
delete that entry.
reboot laptop /pc
once back in windows
go to start --> run
cmd
press return
cd \windows
attrib -r -h -s msn.com
del msn.com
exit
GONE
Subscribe to:
Post Comments (Atom)
3 comments:
Hey, thanks for this post. It helped me get that virus off my system! =)
I had a similar MSN Messenger invitation to visit a related site:
http://album.gigacities.net/email.php?=[my HOTMAIL e-mail address]
The MSN Message said:
"hey, is this your picture ?! http://album.gigacities.net/email.php?=[my HOTMAIL e-mail address]"
Following the link (NOT RECOMMENDED), yields the file:
IMG00231[1].JPG-www.imageupload.com
It is shown to have Size 39,424 bytes and Size on disk: 40,960 bytes.
This is an MS-DOS .com application that presumably delivers the MSN virus / worm payload.
I was a little disappointed that my current version of Symantec Endpoint Protection with CURRENT threat protections as of TODAY 11 APR 2008 did NOT detect or quarantine this worm. But this is not unusual in the case of Trojans of this type.
I wanted to alert ALL that this worm is now using variant album.gigacities.net rather than only photogallery.gigacities.net
See also: http://www.siteadvisor.com/sites/gigacities.net/postid?p=823036
http://en.wikipedia.org/wiki/Backdoor.Win32.IRCBot
Hey thanks for the advice, I got this virus which stopped me from even connecting to the net, your advice got me back online but I'm a bit stuck on the end part. I've deleted the entry in the registry editor and restarted my PC (which then let me back on the net) but when going into the cmd screen it won't acknowledge the command (the 'attrib -r-h-s msn.com') part onwards, just says things like 'invalid switch -r-h-s' or 'incorrect parimeter'. Any chance you could guide me on where I'm going wrong? Thanks
Post a Comment