Author Topic: Windows Live Messenger sends multiple messages to users virus Brazil  (Read 6958 times)

0 Members and 1 Guest are viewing this topic.

leandro.miranda

  • Guest
Ha I am trying to remove a curse day in the company where I work. MSN OS has its own life. send dozens of messages ..

The LINK to download the plague is VIRUS: h p: / / mynewpicturss.com / album.php? =

This is a problem sary. I have done many actions .. removed and no ...

Hermite15

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #1 on: March 31, 2011, 09:02:26 PM »
you should have posted this in the virus section, but okay, I'll notify someone that will help you ;) (... if he wants to ;D )

Hermite15

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #2 on: March 31, 2011, 09:05:13 PM »
in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #3 on: March 31, 2011, 09:09:41 PM »
Here are the destructions for MBAM.  But a few questions - does the virus have a name given by your AV ?
Is it a network that is infected or a single system ?

After the MBAM run I would like to run an analysis on the system 

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

THEN

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check


  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Offline Charyb-0

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2508
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #4 on: March 31, 2011, 09:15:45 PM »
@essexboy
I was getting ready to re-image so I went ahead and ran it. Behavior shield popped up. I submitted the sample to Avast.

3/31/2011 2:03:04 PM   Modification of: \REGISTRY\USER\S-1-5-21-3283010599-301252469-166660181-1000\Software\Microsoft\Windows\CurrentVersion\Run\ovbodmsv
    By:  C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IJRI3GY\PIC976242742133-JPG-www.facebook.com.exe
    Via: C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IJRI3GY\PIC976242742133-JPG-www.facebook.com.exe
         -> Action allowed


http://www.virustotal.com/file-scan/report.html?id=d1ef3ea4cf899250de36a2e7f85f1d934fcaa83bcde558a12b1f904ad31939d8-1301517851
« Last Edit: March 31, 2011, 09:24:23 PM by Charyb »

leandro.miranda

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #5 on: March 31, 2011, 09:22:23 PM »
I have six machines of great importance in the network that are experiencing this problem. Does avast will solve it?


Here are the destructions for MBAM.  But a few questions - does the virus have a name given by your AV ?
Is it a network that is infected or a single system ?

After the MBAM run I would like to run an analysis on the system 

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

THEN

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check


  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #6 on: March 31, 2011, 09:28:43 PM »
Run a bootscan with Avast on each system then run MBAM on each system
If the symptoms persist attach the analysis of one machine and I should be able to give the file locations of it on all machines (the file names may differ though)

leandro.miranda

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #7 on: March 31, 2011, 09:51:18 PM »
Ok, I'll like this, and I'll post the results soon.

Run a bootscan with Avast on each system then run MBAM on each system
If the symptoms persist attach the analysis of one machine and I should be able to give the file locations of it on all machines (the file names may differ though)

Nesivos

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #8 on: March 31, 2011, 09:55:45 PM »
Using HiJackThis might help :)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #9 on: March 31, 2011, 10:18:34 PM »
Unfortunately Hijackthis no longer looks at all the relevant entry points like appcerts etc .....
Quote
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\Security\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 12:07:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/02/16 04:37:56 | 000,000,000 | R--D | M] - Z:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | R--- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Trend have not updated the programme now for getting on 3 years

Nesivos

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #10 on: April 01, 2011, 03:36:45 AM »
I replaced HJT with OTL and located the OTL Tutorial.  Now I have to read it ???

Thanks

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #11 on: April 01, 2011, 07:00:05 PM »
A fair bit of malware nowadays inserts commands into the IFEO, appcert or security providers chain.  So deleting files from the run entries will still leave the malware active..

OTL is very versatile as well, it will investigate any area that you ask it to


leandro.miranda

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #12 on: April 05, 2011, 06:49:07 PM »
This program did not remove the virus, I'm having the same problem today. :'(

in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.

Hermite15

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #13 on: April 05, 2011, 07:04:25 PM »
This program did not remove the virus, I'm having the same problem today. :'(

in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.

follow Essexboy's instructions when he comes back to this thread ;)

leandro.miranda

  • Guest
Re: Windows Live Messenger sends multiple messages to users virus Brazil
« Reply #14 on: April 05, 2011, 07:21:57 PM »
Yes I followed the instructions, I installed mbam and did the updates, then scan sent on any PC. And did not detect any problems.

This program did not remove the virus, I'm having the same problem today. :'(

in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.

follow Essexboy's instructions when he comes back to this thread ;)