-
April 26th, 2004, 01:39 PM
#1
new AIM virus?
There seems to be another AIM virus/trojan spreading through the buddy profiles. Patch up your windows. Below are some removal tools as well, if you've already caught the virus.
Do NOT click on links that say something like "whoaa look at what i found click here" or "I can't believe I found %n's Picture"
There appears to be a new virus/worm/spyware that is spreading via AIM profile links.
Apparently, malicious code is being placed on computer systems when victims visit either realphx.com or talkstocks.net (there may also be other domains).
This code is executed either when a visitor OKs at the prompt or automatically if the visitor has not patched Internet Explorer for known vulnerabilities (see Windows Update to patch your system).
Once the victim has been infected, their AIM profile will be changed to reflect only a link to one of the above mentioned sites with the text description as "Whoaa...look at what I found, click here" (there may also be other text descriptions). If the victim attempts to reset their profile, the link will reappear after a reboot or restart of AIM.
Due to variations of the virus/worm/spyware it may take a little work to completely clean it from your system.
Below are some links to removal tools we found (but did not test) followed by some manual instructions that were posted on other sites:
Removal tools
http://j.wftp.org
http://digitalmatter.net/index.php
http://rcc.bgsu.edu/faq/FixMessageTrojans.htm
Manual Removal Instructions
http://www.ncsu.edu/resnet/pages/security/realphx.php
http://j.wftp.org
http://www.imchaos.com/alert/
EDIT:
Actually this is a pretty old alert. I reread it a few times and noticed the similiarities from the old alert. There's a couple more threads about this around AO. Sorry for the false alarm. Update your windows anyways...just to be safe
-
April 26th, 2004, 02:33 PM
#2
Ah who cares how old it is. as long as you learn something, or alerted about some suspicious activity's, then in my book it's all good.
I still found it to be an interesting read, and it reminded me to check for some updates for other programs.
And i'm just happy that i don't use Aim . So i don't really have ta worry about it anyhow.
cheers
front2back:.
-
April 26th, 2004, 05:56 PM
#3
Junior Member
Well........
Well........I am usually on full alert when It comes to links to web pages. I am scared to click a link to a page when I do not know its content. But thanks for the heads up. I will be more cautious on aim. Thanks........
-
April 26th, 2004, 06:42 PM
#4
I told you not to accept those attachments from my AIM account.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
April 26th, 2004, 06:48 PM
#5
LOL now you tell me....so you gave up on my firewall yet?
-
April 26th, 2004, 06:52 PM
#6
Originally posted here by Cybr1d
LOL now you tell me....so you gave up on my firewall yet?
Not yet. Bugtraq just posted a exploit for Norton internet security.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
April 26th, 2004, 06:55 PM
#7
ooooooo....sounds good ...BRING IT ON BIAAACH
Oh yeah...dont forget about the physical router too
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|