The New Virus on AIM

[sLvRk155es]

hey guys!
i used to have the [glowpurple]"AWAY MESSAGE VIRUS"[glowpurple] but somehow i got rid of it.
i know some of you guys that have this virus wont allow ur comp to show the thing with u press ctrl+alt+del! so i downloaded this program called "Security Task Manager". You can get it here: http://www.download.com/Security-Tas...ml?tag=lst-0-1
so download this prog. then you'll be able to open ctrl+alt+del w/ no probs!
also, i downloaded another program which detects all ad-ware thats in ur comp! i used it and i was totally surprised to see how many i had! you can get that here: http://www.download.com/Ad-Aware-SE-...ml?tag=lst-0-2
I dont know if its just me, but i detected and deleted ICQLITE on my task manager and it got rid of the virus so maybe some people should check if that's their case also!
I wish you all luck!

[Spyder32]

Wait.. and before I continue, I'm happy you found your way to Ad-Aware but where does this new "AIM virus" come into play? And can you give me more background information on this "away message virus"? Thanks..

[©opy®ight]

i used to have the [glowpurple]"AWAY MESSAGE VIRUS"[glowpurple] but somehow i got rid of it.

I used to have around 5,000 viruses, but somehow i got rid of them...

be more specific at how etc, somebody may have the same problem and wants to know how you got rid of it ....

[sLvRk155es]

ATTN: �opy�ight!
well maybe if u read my whole thread, i told u how i got rid of it.
ill repeat it again, ill detected ICQLITE and deleted it and it took care of the virus.
my post was to basically tell people that they should see if that's their case also.
again, its all said in the 1st post i wrote.


ATTN: Spyder32
the away message virus was a real pain where the virus just automatically puts up a random away message anytime it pleases. so if ure talking to a friend, itll just go off without ur control. usually the link says somethine like: OMG look wat i found! and a link. when you click on it u get infected with it. now a lot of people try to uninstall and reinstall AIM but that doesnt seem to work. also another annoying factor of this virus is that when ure not signed on to AIM, an error message pops up every 2 min that says: "The AIM hyperlink you've clicked on may require you to be online to work. Please log in first." a lot of people are saying to find a file like AV.EXE, BBB.EXE, etc. when they press CTRL+ALT+DEL. howrever, in my case i didnt have either programs but i found that ICQLITE.EXE was causing it on my computer. i dont know if thats gonna be the case is other's people's situations but it did for me. so if anyone else has this virus, i suggest that u just delete any files u never saw before when you open task manager.

[Spyder32]

Indeed, so in short it's basically like the rest of 'em AIM viruses just instead put inside the away message instead of the profile or a message. Thanks

[Soda_Popinsky]

This may have to do with this vulnerability:
http://secunia.com/advisories/12198/

This was a highly critical vulnerability that exploited Aim users, viewing a malicious webpage could overflow instant messenger and install arbitrary code. Proof of concept code is available on k-otik, and was probably modified for other use (skiddified).

So I bet we will in fact be seeing more of these kinds of posts. I guess you have me to thank for that, I guess .

btw: This is not a typical profile virus, this is much worse

[Spyder32]

Soda: Why do we have you to thank for that? And I know it's not a typical profile virus and that it's much worse although I have never been infected with it. I just use common logic/sense and I'm fine

[Soda_Popinsky]

Because I'm the one that discovered / reported it .

Matt Murphy (some dude) reported it to IDefense before I did, but AOL didn't release a security bulletin. I discovered it independently and reported it to Secunia, Secunia released a bulletin, followed by IDefense. IDefense was working with AOL when I found it. I tried contacting AOL for 2 weeks, then I went to Secunia, and waited another week. Then Secunia reported it. Turns out nobody was checking the security reports on the AOL website.
BTW Everyone
Latest AIM is v. 5.9.3690

edit: unfortunately, common sense wouldn't have helped much with this one
Just having AIM and a browser would have done it.