Mitglieder.BO virus and compromised computer?

[dnl]

"Mich" <Mich8hb@netscape.net> wrote in
news:d3x2e.32589$qN3.31860@trndny01:

>
> "dnl" <dnl@dnl.123.dnl.org> wrote in message
> news:Xns962994939C5dnldnl123dnlorg@216.196.97.131. ..
>> My Kerio firewall just caught a new version of msmsgs.exe trying to
>> access the internet when I haven't updated it and now it appears that
>> I have a virus. I'm trying to figure out what else besides the virus
>> may be on my computer now.
>>
>> I have MSN Messenger installed but Messenger was disabled in
>> services.
> I've
>> tried ending the msmsgs process in the task manager but it keeps
> returning.
>> I just noticed that WinPatrol has not been running either so I'm
>> wondering if that was disabled by whatever activity is going on.
>>
>> Norton doesn't report any viruses but Panda Online reports that I
>> have Mitglieder.BO. Spybot and Adaware aren't detecting anything.
>> Spywareguard is also running. Any suggestions for the best way to
>> clean this computer and get rid of whatever is going on?
>>
>> Thanks.
>>
>>
>
> Messenger service and MS Messenger are not the same got into your
> Admin tools and look...
>
> MSN Messenger is a pain in the butt
>
> To stop messenger from loading when visiting sited such as hotmail
> delete the following key. But remember to backup your registry before
> doing anything to it. This works in Windows 2000 also.
>
> 1. Start > run > type regedit
>
> 2. Navigate to the following key
> [HKEY_CLASSES_ROOT\CLSID\{F3A614DC-ABE0-11d2-A441-00C04F795683}\LocalSe
> rver3 2]
> @="\"C:\\Program Files\\Messenger\\msmsgs.exe\""
>
> 3. This can be done easily by searching for F3A614DC in the registry
> and it will automatically take you there.
>
> 4. Delete this key and you will see that messenger does not load
> anymore when visiting hotmail. Happy tweaking.
>

I know that MSN Messenger and Messenger are different. That's why I
mentioned that I had one disabled in services. Despite that, it keeps
launching on its own.

[David H. Lipman]

From: "dnl" <dnl@dnl.123.dnl.org>

| I know that MSN Messenger and Messenger are different. That's why I
| mentioned that I had one disabled in services. Despite that, it keeps
| launching on its own.

It could also be the following worm...

W32/Funner.worm -- http://vil.nai.com/vil/content/v_128750.htm

"...It then attempts to invoke MSN Messanger (msmsgs.exe) and creates the following registry
key..."

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the Sysclean Front End utility ( SYSCLEAN_FE ) in "Procedure 1"
at the following URL, SYSCLEAN_FE automates the download and
execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm

Direct URL:
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close

Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Mich]

"dnl" <dnl@dnl.123.dnl.org> wrote in message
news:Xns9629EA5DB2D7Ednldnl123dnlorg@216.196.97.13 1...
> "Mich" <Mich8hb@netscape.net> wrote in
> news:d3x2e.32589$qN3.31860@trndny01:
>
> >
> > "dnl" <dnl@dnl.123.dnl.org> wrote in message
> > news:Xns962994939C5dnldnl123dnlorg@216.196.97.131. ..
> >> My Kerio firewall just caught a new version of msmsgs.exe trying to
> >> access the internet when I haven't updated it and now it appears that
> >> I have a virus. I'm trying to figure out what else besides the virus
> >> may be on my computer now.
> >>
> >> I have MSN Messenger installed but Messenger was disabled in
> >> services.
> > I've
> >> tried ending the msmsgs process in the task manager but it keeps
> > returning.
> >> I just noticed that WinPatrol has not been running either so I'm
> >> wondering if that was disabled by whatever activity is going on.
> >>
> >> Norton doesn't report any viruses but Panda Online reports that I
> >> have Mitglieder.BO. Spybot and Adaware aren't detecting anything.
> >> Spywareguard is also running. Any suggestions for the best way to
> >> clean this computer and get rid of whatever is going on?
> >>
> >> Thanks.
> >>
> >>
> >
> > Messenger service and MS Messenger are not the same got into your
> > Admin tools and look...
> >
> > MSN Messenger is a pain in the butt
> >
> > To stop messenger from loading when visiting sited such as hotmail
> > delete the following key. But remember to backup your registry before
> > doing anything to it. This works in Windows 2000 also.
> >
> > 1. Start > run > type regedit
> >
> > 2. Navigate to the following key
> > [HKEY_CLASSES_ROOT\CLSID\{F3A614DC-ABE0-11d2-A441-00C04F795683}\LocalSe
> > rver3 2]
> > @="\"C:\\Program Files\\Messenger\\msmsgs.exe\""
> >
> > 3. This can be done easily by searching for F3A614DC in the registry
> > and it will automatically take you there.
> >
> > 4. Delete this key and you will see that messenger does not load
> > anymore when visiting hotmail. Happy tweaking.
> >
>
> I know that MSN Messenger and Messenger are different. That's why I
> mentioned that I had one disabled in services. Despite that, it keeps
> launching on its own.


Sorry I did not catch that... I have a terrible cold and I'm a little slow
lately.
Did you try the reg hack yet ?

Mich...

>