-
June 13th, 2004, 10:19 PM
#1
Junior Member
aim lowdown virus
Hey everyone,
The other day my friend i/med me and said they had another virus that affected their profile. This one just said view my buddy profile, but when you clicked it would give you the virus. The trojan was found as Marvin[1].exe and mcAfee said it was from aim lowdown virus. The trojan keeps re-appearing on my friends computer. Does anyone know how to get rid of it or any info on this virus.
Note: i checked the processes tab under task manager and they were all legit windows or mcafee processes.
-
June 13th, 2004, 10:27 PM
#2
fusiono71,
Here's a link relative to that specific virus and how to irradicate it.
http://www.faqs.org/qa/qa-8958.html
http://john.homsar.com/archives/000237.html
"To remove the virus follow these directions very carefully! (Just be aware that I'm not responsible for anything that goes wrong in the process. You do this at your own risk... although, I don't really see anything major goign wrong I'm just covering my butt here.)
Buddypicture.net, realphx.com, and talkstocks.net AIM profile virus removal instructions:
1.) Bring up your task manager by hitting Ctrl+Alt+Delete. If you see a process called "b," "b.exe," or "av.exe" click on the name and hit the button that says "End Task."
2.) Download this tool from Bowling Green State University:
http://rcc.bgsu.edu/faq/Tools/FixMessageTrojans.exe
3.) Run the tool that you just downloaded.
4.) Change your AIM profile. Be sure to delete everything that's in it!
5.) Visit http://www.microsoft.com/windows/ie/...aspto download and install the official Microsoft patch for Internet Explorer that will prevent you from getting the virus again. (Note- I belive this patch I linked to is only for Windows XP. If you've got ME you might have to find a different patch. You can still get rid of the virus if you skip this step, but if you install the security patch you won't get it again.)
6.) The tools you ran will have reset your IE start page... or if they didn't, your homepage might still be the virus download page. Reset it to something like http://www.homsar.com or http://john.homsar.com
7.) Visit Download.com and download AdAware and run it. Be sure to get the latest update (reference file) before you run it. AdAware is free.
8.) This step is optional: I recommend getting SpyBot Search and Destroy and running that too. It's free and it'll catch stuff AdAware won't and AdAware will catch stuff SpyBot won't.
9.) Run a virus scan on your computer with an updated reference file. If you don't have anti-virus software installed, visit this link to run a free scan from PandaSoft. It's also free: PandaSoft Virus Scanner
10.) Restart Your Computer
11.) You should now be virus free. If you're not, either you're infected with a different strain than I was or you skipped a step."
Good Luck!
Connection refused, try again later.
-
June 13th, 2004, 11:15 PM
#3
Additional Info about your virus:
Four Hundred Guru
Volume 4, Number 5 -- February 18, 2004
You must download this new virus yourself after agreeing to its terms of service. The virus software is sent through an AIM message, seemingly from a friend on your buddy list, which has a link to a new Osama bin Laden game.
To make things worse, you actually have to agree to the rules of the virus software before you can download it.
Connection refused, try again later.
-
June 14th, 2004, 12:31 AM
#4
Junior Member
Relyt,
I am aware of b.exe and av.exe the only problem is they don't exist in my friends computer, he's had b and av before but they are not there anymore. I've made sure to that by personally deleting them and running both adaware and spy bot S&D. The link you have posted for instructions is dead. If you or anyone has any idea if its possible that this is not av or b or has information on this virus if you could please post. Thanks for the info though Relyt
-
June 14th, 2004, 12:35 AM
#5
fusiono71,
Interesting for sure. I got the info from those links, but I'll of course go back and check em out and look some more.
cheers
edit: Went to all of them and the only one you'll need to change is the MS one. Just get the latest patches for your version of Windows and IE and you'll be set.
For Trojan removal one of the best is: "The Cleaner"
www.moosoft.com/
and another one is "TDS-3"
tds.diamondcs.com.au/
cheers again
Connection refused, try again later.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|