**msn Virus**

[RobSheffield]

a few members are now infected with the MSN 'hey, is this really you' virus*

 

if you get this come through while on chat, dont open it, it wil infect you, and continue to spawn - its not a nice virus!

 

(*id like to point out that im not!)

[supRo]

yeah, cheers Wayne!! (Supradibbs)!!!!

 

[Gaz Walker]

Wayne is infecting everyone? Theres a shock

 

Gaz.

[Ian R]

Wayne is infecting everyone? Theres a shock

 

Gaz.

 

[attilauk]

i had this earlier thie year on my work pc, its a real pain in the arse to get rid of

[tbourner]

You have to start up in safe mode and delete it from your registry, then delete the offending file from wherever it's saved itself:

http://www.truthandbeautybombs.com/bb/viewtopic.php?t=3573&

[Class One]

I've got it how the hell do I get rid of it. It killed my Norton internet. I'm not very computer literate but need to get rid of it.

[RobSheffield]

Doug - click on Tbourners link above...

[Getrag]

I think my msn might have sent it to him, sorry! To be fair, it was passed on to me just the same way.

[Getrag]

Even if you click that link, it'll point you to the page where it asks you to download the file. I would recommend against clicking the link, unless you're using firefox. i have no idea how Internet Explorer would handle it, nor do i want to find out!

 

It drops a file called "svshost" into a hidden directory in the system32 folder. It blocks (at least) task manager and regedit, and sends itself to all the users on your list. To clean it i took it out of the run keys in HKCU and HKLM in safe mode, then deleted it from the prefetch and system32

 

Anyone got a step by step guide how to do this?

[lovatt]

im also a victim of wayne

[Class One]

SPYBOT removed it for me. Its a free download.Give that a go.

[RobSheffield]

SPYBOT removed it for me. Its a free download.Give that a go.

 

Doug, beware that it doesnt come back, iirc it resides in the systems registry

[Class One]

Then how do I get rid of it as the link doesn't tell you how

[supradibbs]

sorry chaps iam a victim too u know:tongue:

[RobSheffield]

we are all victims wayne.....

[SupraHuman]

you could try trend micro's web site and do a housecall on your pc,that's a very powerfull anti virus program.I use it once a week and it take's care off stuff my norton anti virus can't even find.

[Getrag]

I said sorry already lol

[tbourner]

You need to boot in safe mode for a start (F8 whilst the system is loading I think).

Then look in C:\WINDOWS\system32\

in 'tools\folder options' you should click view and make sure that it is set to show hidden files and folders. Then find a folder that has an odd name (or you might need to look in them to find the file called svshost).

Just delete the file if you find it, if the virus software has got rid of the problem then you shouldn't need to worry about the registry entries.