Do NOT click on links that say something like "whoaa look at what i found click here" or "I can't believe I found %n's Picture"
There appears to be a new virus/worm/spyware that is spreading via AIM profile links.
Apparently, malicious code is being placed on computer systems when victims visit either realphx.com or talkstocks.net (there may also be other domains).
This code is executed either when a visitor OKs at the prompt or automatically if the visitor has not patched Internet Explorer for known vulnerabilities (see Windows Update to patch your system).
Once the victim has been infected, their AIM profile will be changed to reflect only a link to one of the above mentioned sites with the text description as "Whoaa...look at what I found, click here" (there may also be other text descriptions). If the victim attempts to reset their profile, the link will reappear after a reboot or restart of AIM.
Due to variations of the virus/worm/spyware it may take a little work to completely clean it from your system.
Below are some links to removal tools we found (but did not test) followed by some manual instructions that were posted on other sites:
Removal tools
http://j.wftp.org
http://digitalmatter.net/index.php
http://rcc.bgsu.edu/faq/FixMessageTrojans.htm
Manual Removal Instructions
http://www.ncsu.edu/resnet/pages/security/realphx.php
http://j.wftp.org
Reply With Quote