Results 1 to 5 of 5

Thread: aim lowdown virus

  1. #1
    Junior Member
    Join Date
    Dec 2003
    Posts
    22

    aim lowdown virus

    Hey everyone,
    The other day my friend i/med me and said they had another virus that affected their profile. This one just said view my buddy profile, but when you clicked it would give you the virus. The trojan was found as Marvin[1].exe and mcAfee said it was from aim lowdown virus. The trojan keeps re-appearing on my friends computer. Does anyone know how to get rid of it or any info on this virus.

    Note: i checked the processes tab under task manager and they were all legit windows or mcafee processes.

  2. #2
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    fusiono71,

    Here's a link relative to that specific virus and how to irradicate it.

    http://www.faqs.org/qa/qa-8958.html

    http://john.homsar.com/archives/000237.html

    "To remove the virus follow these directions very carefully! (Just be aware that I'm not responsible for anything that goes wrong in the process. You do this at your own risk... although, I don't really see anything major goign wrong I'm just covering my butt here.)

    Buddypicture.net, realphx.com, and talkstocks.net AIM profile virus removal instructions:

    1.) Bring up your task manager by hitting Ctrl+Alt+Delete. If you see a process called "b," "b.exe," or "av.exe" click on the name and hit the button that says "End Task."

    2.) Download this tool from Bowling Green State University:

    http://rcc.bgsu.edu/faq/Tools/FixMessageTrojans.exe


    3.) Run the tool that you just downloaded.

    4.) Change your AIM profile. Be sure to delete everything that's in it!

    5.) Visit http://www.microsoft.com/windows/ie/...aspto download and install the official Microsoft patch for Internet Explorer that will prevent you from getting the virus again. (Note- I belive this patch I linked to is only for Windows XP. If you've got ME you might have to find a different patch. You can still get rid of the virus if you skip this step, but if you install the security patch you won't get it again.)

    6.) The tools you ran will have reset your IE start page... or if they didn't, your homepage might still be the virus download page. Reset it to something like http://www.homsar.com or http://john.homsar.com

    7.) Visit Download.com and download AdAware and run it. Be sure to get the latest update (reference file) before you run it. AdAware is free.

    8.) This step is optional: I recommend getting SpyBot Search and Destroy and running that too. It's free and it'll catch stuff AdAware won't and AdAware will catch stuff SpyBot won't.

    9.) Run a virus scan on your computer with an updated reference file. If you don't have anti-virus software installed, visit this link to run a free scan from PandaSoft. It's also free: PandaSoft Virus Scanner

    10.) Restart Your Computer

    11.) You should now be virus free. If you're not, either you're infected with a different strain than I was or you skipped a step."


    Good Luck!
    Connection refused, try again later.

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Additional Info about your virus:

    Four Hundred Guru
    Volume 4, Number 5 -- February 18, 2004

    You must download this new virus yourself after agreeing to its terms of service. The virus software is sent through an AIM message, seemingly from a friend on your buddy list, which has a link to a new Osama bin Laden game.
    To make things worse, you actually have to agree to the rules of the virus software before you can download it.


    Connection refused, try again later.

  4. #4
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    Relyt,
    I am aware of b.exe and av.exe the only problem is they don't exist in my friends computer, he's had b and av before but they are not there anymore. I've made sure to that by personally deleting them and running both adaware and spy bot S&D. The link you have posted for instructions is dead. If you or anyone has any idea if its possible that this is not av or b or has information on this virus if you could please post. Thanks for the info though Relyt

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    fusiono71,

    Interesting for sure. I got the info from those links, but I'll of course go back and check em out and look some more.

    cheers

    edit: Went to all of them and the only one you'll need to change is the MS one. Just get the latest patches for your version of Windows and IE and you'll be set.


    For Trojan removal one of the best is: "The Cleaner"

    www.moosoft.com/

    and another one is "TDS-3"

    tds.diamondcs.com.au/

    cheers again
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •