AIM Virus - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: AIM Virus

  1. #11
    Junior Member
    Join Date
    Jan 2004
    Posts
    19
    I'm sorry, I should have been more clear. By "SYSTEM" window, I meant "SYSTEM" folder. Sorry, I'm a newbie. It looks like any other folder, for example My Documents. The address is C:\WINDOWS\SYSTEM. There are no objects unless you click on the link on the side that says:
    "This folder contains files that keep your computer working properly. Please be careful if you modify the contents of this folder." Then the actual link, "View the entire contents of this folder."
    Thanks again, for helping

  2. #12
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    Try looking in your startup folder? If its not there, go to start - run - msconfig - then look at your startup files. If its not there either, get WinPatrol (theres a free version). It monitors your startup list and some other stuff. Alot of people would reccommend it.

  3. #13
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    http://www.imchaos.com/alert.asp

    --|| VIRUS ALERT : A new virus is spreading via AIM Profile links.. Read More ||--
    --------------------------------------------------------------------------------


    Do NOT click on links that say something like "whoaa look at what i found click here" or "I can't believe I found %n's Picture"

    There appears to be a new virus/worm/spyware that is spreading via AIM profile links.

    Apparently, malicious code is being placed on computer systems when victims visit either realphx.com or talkstocks.net (there may also be other domains).

    This code is executed either when a visitor OKs at the prompt or automatically if the visitor has not patched Internet Explorer for known vulnerabilities (see Windows Update to patch your system).

    Once the victim has been infected, their AIM profile will be changed to reflect only a link to one of the above mentioned sites with the text description as "Whoaa...look at what I found, click here" (there may also be other text descriptions). If the victim attempts to reset their profile, the link will reappear after a reboot or restart of AIM.

    Due to variations of the virus/worm/spyware it may take a little work to completely clean it from your system.

    Below are some links to removal tools we found (but did not test) followed by some manual instructions that were posted on other sites:

    Removal tools
    http://j.wftp.org
    http://digitalmatter.net/index.php
    http://rcc.bgsu.edu/faq/FixMessageTrojans.htm

    Manual Removal Instructions
    http://www.ncsu.edu/resnet/pages/security/realphx.php
    http://j.wftp.org


    ==========================================

    That is if you did get that virus.

    Do what the other posts above mine mentioned: Get Ad-aware and Spybot and try to clean up your system.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •