what is this???

David H. Lipman · 10-08-2006, 03:35 PM

From: "Nutpants" <nutpants@no-mail.com>

| i got the link from a girl i know and have been talking to on msn( gaim
| really) anfd i got 5 of these from here while i was out.. i was hopeing
| for pics.. but they are exe's and i dont want to run them.
|
| i am just putting up what i got
| and nothing i have found has told me that is is a virus or spyware..
| but i really dont think it is a picture as WTF would she send it as a exe
| or why would anyone..
|
| i would really like to know what it is..
| is there another way to get it checked?
| i am on my 5th spyware checking program and all they finds are cookies
| and have not reported anything else..
|
| this is my first time in this newsgroup..
| if i have dont wrong then i offer an apoligy
|
| Nutpants
|

Basically the pseudo JPEG is being spammed on MSN Messenger and the like.

The URL is malicious. The code is certainly malicious. It is most likely a new
Backdoor.Licat variant. DO NOT RUN IT/THEM -- delete any/all ASAP.

Whenever posting a possibly malicious URL it is alsways BEST to obfuscate the URL by using
hxxp:// or h**p:// or some other means so the URL is not clickable.

It is stated in this News Group's FAQ in section #7. The FAQ is posted reguarly in this
News Groups and on the following web page... http://shplink.com/misc/FAQ.htm

---
7. Are there any posting restrictions, rules or guidelines?
---

We encourage you not to post HijackThis! logs here. HijackThis! logs
will most likely be ignored. Responses to logs or URLs posted on forums
may come from people with questionable credentials and expertise. The
possibility exists that the combination of such a powerful tool and
dubious advice will damage your system. You will be much safer and wiser
to seek analysis at an (expert) Web Forum that handles HijackThis! logs.
See Appendix 2 for a list.

Also, unless requested, do not post the URL where you suspect you
obtained your adware spyware malware / parasite infection.
Instead, alter the URL in some way so as to make it human-readable but
NOT clickable, such as "h**p://www.removethis.example.c*m".
Why? Unsuspecting or inexperienced lurkers might just click on the URL
and get unwittingly hijacked. Note that this request applies only to
suspect URLs, and is not meant to discourage the posting of information
about possibly rogue web sites. Please DO tell us about them; just do so
safely.

--------------------------------------------------------------------------------

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Thread: what is this???

Thread Tools

Display

Threaded View

Re: what is this???

Thread Information

Users Browsing this Thread

Posting Permissions