Monday, September 15, 2008

Anther MSN virus in the wild

If you guys receive a NEWESTPICTURE0011.zip file, delete it immediately. It is a very strong virus.

If you got infected, there are several symptoms.

- No Task Manager
- No regedit
- No msconfig
- AV shuts down
- Autostarts using " Symantec Security Service ". In which I did NOT install that program before
- Deleted my hosts file. Now I can't online.
- Spreads through MSN with the ZIP file NEWPICTURES1100.zip.
- Inside will be a .scr file. DO NOT OPEN IT.
- Using address bar in XP will NOT work.
- Settings will bounce back.
- Programs may not run after being infected. You may need to rename the .exe file. ie, hijackthis.exe rename to hjt.exe
- System Restore disabled
- Infects USB drives as well. Use Win+E to open your drive,as right-click and Open also triggers the virus.

Download and install Malwarebytes Antimalware, Kaspersky Antivirus 2009, ComboFix and boot into safe mode. I will teach you the exact steps if you need to know precisely how to clear it.

No comments: