MSN Virus?
Hey
I just got this damn thing on my comp, my friend said to me yesterday: "I think I found your pic on myspace!" then sent me a file called "pics.zip" but I was playing a computer game so when I was back on the msn conversation she was already offline so I couldn't accept the file. I was like wtf because she has never seen me in real life and I have never sent her my pictures. Today she sent me that file again saying: "Have you ever saw me Naked? :D"
That line was obviously trying to make me accept it, though instead of accepting it, I asked her why she said she think she found my pictures in myspace. She didn't answer me and after like 10 seconds she got logged off. About 10 minutes later she logged on again and sent me the file again saying: "ok I DO NOT like my new hair color.. but people on facebook do. what do you think? And no laughing! lol".
I've known her for a very long time so I thought she only tried to make me accept the file because she had something else on the zip and trying to give me a good laugh or something like that. So I accepted it (yes, I know, I'm stupid). I scanned it with Norton and it found nothing. So I opened the zip and then saw only one file… I saw it was a dos file and I know it won't do anything on my comp unless I execute it myself so I extracted it and opened it in a hex editor to see if I could see anything there. Nothing found although when I was going to use olly I misclicked and did a double click on it…. The file immedietly deleted itself and norton warned me about service.exe is trying to connect to a dns server. I then blocked it and opened taskmgr and clicked on processor, I then saw service.exe was running so I closed it. I deleted the zip and now I have no idea what's going on. I did a full system scan with Norton and is going to do a scan with ad-aware soon too.
Just wondering if you guys know anything about this. I think its just sending the same file to my other contacts.
To the best of my knowledge, (And experience with MSN Viruses) they generally 'attack' your computer with addware that sends the same messages to your contacts who you chat with. eg, you have it whoever you talk too gets the message to accept it.]
I dont acually kno what "type" of addware it is but some have been known too moniter your websites visited but i dont know.
Anuyway, hope it helps/.
FireSaleHaxor
k thx
I just did a little more research on it and google. I found this http://www.sophos.com/security/analyses/w32ircbotxv.html and it looks pretty much like it although it differs a little. Instead of starting csrss.exe its starting service.exe, should I remove those regkey?