Author Topic: MSN PhotoAlbum.zip Virus (Read 24856 times)

Frankie 7 · « **on:** April 08, 2007, 04:45:07 PM »

I have this at the monet. It keeps opening upo loads of chat windows when i am on msn, and also asks some of ym contacts to accept a PhotoAlbum file that i am not even sending.
How can i get this to stop wrecking my msn ? How can i get rid of this ?

It is called.:

W32/IrcWorm-A or something to that affect. only 1 anti-virus seems to know anything about this, Sophos. I dont want to change thp them, But it is looking very likely unless avast can help.

mauserme · « **Reply #1 on:** April 08, 2007, 04:52:18 PM »

Hi Frankie 7 - welcome to the forum.

What operating system do you have? Is there a third party firewall installed?

In addion to the photo album.zip file do you find rdfhost.dll in your system folder?

Frankie 7 · « **Reply #2 on:** April 08, 2007, 04:54:40 PM »

Windows XP

i am runnng Zonealarm firewall.

All photo album files have been deleted, and no rdfhost file in there either. i

mauserme · « **Reply #3 on:** April 08, 2007, 05:26:36 PM »

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Frankie 7 · « **Reply #4 on:** April 08, 2007, 08:07:37 PM »

i cant post it up here.

The message exceeds the maximum allowed length (10000 characters).

mauserme · « **Reply #5 on:** April 08, 2007, 08:08:43 PM »

Just break it into 2 or 3 pieces and post them separately.

Frankie 7 · « **Reply #6 on:** April 08, 2007, 08:39:57 PM »

Logfile of HijackThis v1.99.1
Scan saved at 19:06:46, on 08/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SYSCFG16.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Frank\My Documents\HijackThis.exe

Frankie 7 · « **Reply #7 on:** April 08, 2007, 08:40:23 PM »

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VGOIEBHO Helper - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - C:\Program Files\21cn\VGO\VGOIEBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Frank\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Frankie 7 · « **Reply #8 on:** April 08, 2007, 08:40:44 PM »

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: rdihost - {DF756174-9280-4C6E-9BE2-74F3DDAEFFA9} - rdihost.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

polonus · « **Reply #9 on:** April 08, 2007, 10:58:46 PM »

Hi Frankie7,

Mauserme will also analyze your HJT logfile, what I can see now you have two undesirable toolbar enterings: SweetIMBarForIE toolbar.dll and another for the Trellian Toolbar.
Get Toolobarcop from here: http://windowsxp.mvps.org/toolbarcop.htm and fix these.
What is worse is the Backdoor_Wisdoor.Z trojan and DOMWIS-N-Worm.
[X] O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE - Must be fixed! BKDR_WISDOOR.Z trojan
[X] O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE - Must be fixed! Added by the DOMWIS-N WORM!
Removal instructions: http://www.pestpatrol.com/zks/pestinfo/b/backdoor_wisdoor.asp
Info on domwis worm: http://www.sophos.com/virusinfo/analyses/w32domwisg.html
Do you have extra info on his HJT here Mauserme?

polonus

mauserme · « **Reply #10 on:** April 08, 2007, 11:12:13 PM »

Hi Polonus - here I am.

Here is the fix I propose with some questions at the end:

I see a couple different things going on in your log, Frankie. This may take more than one go but lets start here.

First, zip and passsword protect a copy of C:\Program Files\21cn\VGO\VGOIEBHO.dll and C:\WINDOWS\SYSTEM32\rdihost.dll and email them to virus@avast.com. Include the password in the body of the email with a link to this thread.

EDIT: DavidR suggested an easier method to upload C:\Program Files\21cn\VGO\VGOIEBHO.dll and C:\WINDOWS\SYSTEM32\rdihost.dll to avast!:

Quote

They can be added to the User Files (File, Add) section of the avast chest (before deletion of the original) where it can do no harm and send it from there (select the file, right click, email to Alwil Software).

Then open Folder Options in the Control Panel and click the View tab. Place a check mark next to

> Show Hidden Files and Folders

And remove the check mark (if present) from

> Hide extensions for known file types

> Hide protected operating system files

Then click OK.

Next, open HijackThis again and click the button labled Do A System Scan Only. When it finishes place a check mark next to these lines and click the button labled Fix Checked

O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE

O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O21 - SSODL: rdihost - {DF756174-9280-4C6E-9BE2-74F3DDAEFFA9} - rdihost.dll (file missing)

Close HijackThis, boot into safe mode, and delete these files (if present)

> C:\WINDOWS\SYSCFG16.EXE

> C:\WINDOWS\SYSTEM32\rdihost.dll

Then post a fresh HijackThis log.

As Polonus said Sweet IM is very "iffy". Have you installed it and do you wish to keep it?

Also, have you installed VGO?

polonus · « **Reply #11 on:** April 08, 2007, 11:21:17 PM »

Hi mauserme,

Good analysis. We also should tell Frankie7 whenever his system is totally clean, updated and patched, to
download the three major programs to protect him from spyware and adware: ad-aware free, spybot s&d and spywareblaster (the last proggie only after the computer is completely cleansed), because his infections come from lack of protection in this line. As far as I can see network diagnostics is not bad, just a tool in XP.

polonus

mauserme · « **Reply #12 on:** April 08, 2007, 11:36:05 PM »

Quote from: polonus on April 08, 2007, 11:21:17 PM

... We also should tell Frankie7 whenever his system is totally clean, updated and patched, to
download the three major programs to protect him from spyware and adware: ad-aware free, spybot s&d and spywareblaster

Yep, but lets look at another log first.

Should we throw in AVG Antispyware too, at least. I think I would like a scan with that at the end.

polonus · « **Reply #13 on:** April 08, 2007, 11:49:51 PM »

Hi mauserme,

You can also make this stuff not likely happen by changing default IE settings
IE toolbar > Tools > Internet options > Security tab > Internet > Custom Level

.NET Framework-reliant components
Run components not signed with authenticode
O - PROMPT
Run components signed with Authenticode
O - prompt (don't know if there's a spoofer or something to fake it)

ActiveX controls and plug-ins
Download signed ActiveX controls
O - Prompt
Download unsigned ActiveX controls
O - Disable
Initialize and script ActiveX controls not marked as safe
O - DISABLE (default)
Run ActiveX controls and plug-ins
O - prompt
Script ActiveX controls marked as safe for scripting
O - enable
(skip downloads)

Microsoft VM
Java permissions
O - High safety

Miscellaneous
Access data sources across domains
O - Disable (it's defaulted for me...)
Allow META REFRESH
O - Enable (don't see how it could cause problems)
Display mixed content
O - Prompt
Don't prompt for client certificate selection when no certificate or only one certificate exists
O - disable
Drag and drop or copy and paste files
O - enable
Installation of desktop items
O - Prompt
Launching programs and files in IFRAME
O- Prompt
Navigate sub-frames across different domains
O - Enable
Software channel permissions
O - Medium safety or high
Submit unencrypted form data
O - Prompt (will point fake webpages)
Userdata persistence
O - Enable (should be fine)

SCRIPTING
Active scripting
O - Prompt (might get annoying, but it will help)
Allow paste operations via script
O - Enable
Scripting of Java applets
O - prompt (might get annoying again)

Ok, Privacy tab
Medium High is what I use, you can use Edit to add different webpages to accept or whatever

Advanced tab is another one to edit..

But this is the general idea, if Frankie wants to use IE further,

polonus

DavidR · « **Reply #14 on:** April 09, 2007, 12:16:56 AM »

Lets not forget to ask Frankie 7 or others we are advising to submit these files to avast, since they aren't being detected rather than simply delete them! That way we can help others by improving avast detections.

They can be added to the User Files (File, Add) section of the avast chest (before deletion of the original) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Author Topic: MSN PhotoAlbum.zip Virus (Read 24856 times)

Frankie 7

MSN PhotoAlbum.zip Virus

mauserme

Re: MSN PhotoAlbum.zip Virus

Frankie 7

Re: MSN PhotoAlbum.zip Virus

mauserme

Re: MSN PhotoAlbum.zip Virus

Frankie 7

Re: MSN PhotoAlbum.zip Virus

mauserme

Re: MSN PhotoAlbum.zip Virus

Frankie 7

Re: MSN PhotoAlbum.zip Virus

Frankie 7

Re: MSN PhotoAlbum.zip Virus

Frankie 7

Re: MSN PhotoAlbum.zip Virus

polonus

Re: MSN PhotoAlbum.zip Virus

mauserme

Re: MSN PhotoAlbum.zip Virus

polonus

Re: MSN PhotoAlbum.zip Virus

mauserme

Re: MSN PhotoAlbum.zip Virus

polonus

Re: MSN PhotoAlbum.zip Virus

DavidR

Re: MSN PhotoAlbum.zip Virus