new AIM virus?
Results 1 to 7 of 7

Thread: new AIM virus?

  1. #1
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836

    new AIM virus?

    There seems to be another AIM virus/trojan spreading through the buddy profiles. Patch up your windows. Below are some removal tools as well, if you've already caught the virus.

    Do NOT click on links that say something like "whoaa look at what i found click here" or "I can't believe I found %n's Picture"

    There appears to be a new virus/worm/spyware that is spreading via AIM profile links.

    Apparently, malicious code is being placed on computer systems when victims visit either realphx.com or talkstocks.net (there may also be other domains).

    This code is executed either when a visitor OKs at the prompt or automatically if the visitor has not patched Internet Explorer for known vulnerabilities (see Windows Update to patch your system).

    Once the victim has been infected, their AIM profile will be changed to reflect only a link to one of the above mentioned sites with the text description as "Whoaa...look at what I found, click here" (there may also be other text descriptions). If the victim attempts to reset their profile, the link will reappear after a reboot or restart of AIM.

    Due to variations of the virus/worm/spyware it may take a little work to completely clean it from your system.

    Below are some links to removal tools we found (but did not test) followed by some manual instructions that were posted on other sites:

    Removal tools
    http://j.wftp.org
    http://digitalmatter.net/index.php
    http://rcc.bgsu.edu/faq/FixMessageTrojans.htm

    Manual Removal Instructions
    http://www.ncsu.edu/resnet/pages/security/realphx.php
    http://j.wftp.org
    http://www.imchaos.com/alert/




    EDIT:

    Actually this is a pretty old alert. I reread it a few times and noticed the similiarities from the old alert. There's a couple more threads about this around AO. Sorry for the false alarm. Update your windows anyways...just to be safe

  2. #2
    Ah who cares how old it is. as long as you learn something, or alerted about some suspicious activity's, then in my book it's all good.
    I still found it to be an interesting read, and it reminded me to check for some updates for other programs.

    And i'm just happy that i don't use Aim . So i don't really have ta worry about it anyhow.


    cheers
    front2back:.

  3. #3
    Junior Member
    Join Date
    Apr 2004
    Posts
    19

    Cool Well........

    Well........I am usually on full alert when It comes to links to web pages. I am scared to click a link to a page when I do not know its content. But thanks for the heads up. I will be more cautious on aim. Thanks........
    TRINITY IS COOL........
    http://pub2.ezboard.com/btrinityland
    (C++ Novice)

  4. #4
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    I told you not to accept those attachments from my AIM account.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    LOL now you tell me....so you gave up on my firewall yet?

  6. #6
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Originally posted here by Cybr1d
    LOL now you tell me....so you gave up on my firewall yet?
    Not yet. Bugtraq just posted a exploit for Norton internet security.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    ooooooo....sounds good ...BRING IT ON BIAAACH

    Oh yeah...dont forget about the physical router too

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •