?

Log in

No account? Create an account
Eyes

PSA: Virus Alert

Since I know some of you guys use MSN Messenger...

Variants of W32.Bropia virus are spreading quickly over MSN Messenger and Windows Messenger.

Do not accept any .pif files.  If you did, do not open or run it.

Following is a summary of virus information taken from Symantec's webpage about variant type C:

When W32.Bropia.C is executed, it performs the following actions:

  1. Opens and locks the following files to prevent these programs from being started:

    • %System%\taskmgr.exe
    • %System%\cmd.exe

    Note: %System% is a variable that refers to the System folder.  By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Searches for the following files:

    • %System%\winexec32.exe
    • %System%\adaware32.exe
    • %System%\VB6.EXE
    • %System%\iexplore.exe

  3. If the files are not present on the computer, the worm drops and executes the following file:

    C:\cz.exe

    Note: The dropped file is detected as a variant of W32.Spybot.Worm.

  4. Copies itself to the C drive using one of the following file names:

    • LOL.scr
    • Webcam.pif
    • hahahaha.pif
    • me_2005.pif
    • sister.pif

  5. Attempts to send itself through MSN Messenger.  It monitors for any change in the status of MSN Messenger contacts.

  6. Disables the right mouse button.

Note: Different antivirus program vendors report different .exe and .pif filenames which it stores itself under and also transmits itself as.  I have also seen other .pif filenames being offered to me.  All such offered files were .pifs, though.

Comments

And this is why I ditched my MSN connections very very long ago.
I'm on the verge of doing it to Yahoo too.

Dude, you always have Gaim. :D

I use Gaim, and Trillian. But I explicitly do not connect to MSN. And as I said, Yahoo is next on my list. I have like, 2 people on it, and I never talk to them.