If your MSN Messenger / Windows Live Messenger contact offers you some pics, and sends you a zip file with filename like “imageXX.zip” where “XX” is 2 digit number… DO NOT ACCEPT IT!
Your MSN contact’s computer has been infected by MSN Worm and send you the virus without their acknowledgment!
My IM has been set to auto accept incoming file from contacts (using Mac, no worry :P). Recently, I got the zip file a few times from my MSN friends as soon as they appeared online. In the zip file, there is an executable file with filename like “imageXX.JPG-www.photobucket.com” (XX is random digit, e.g. image80.JPG-www.photobucket.com).
Most people will think that the ending “.com” is part of the website address. Wrong. The “.com” means “Command”, which is a file extension of Windows executable file.
If you run the “imageXX.JPG-www.photobucket.com” file, the MSN Worm will be installed on your computer, and then separate to your MSN contacts and so on…
Table of Contents
MSN worm messages
The MSN worm will cheat your contacts with following messages (or similar):
This picture isnt you… right?
newest pics for ya :)
hey did i ever show you this picture of me?
is it ok if I add this pic to my new slideshow?
can i up some of these pics of ya to my myspace profile?
Wow i think i found your pic on myspace!
hah I think I found an old pic of us!
haha lets hope your parents dont see this picture of you :D
you care if i put this pictuer of you in my new album?
OMFG!!!!!!!! :D
wow! look at this old picture i found
sorry about the messup i fixed the pic! Try it one more time pz
is this pic tooo sexy for photobucket??
wow I just dyed my hair… You will never believe the color it is now. lol And dont laugh
my crazy sister wants u to see these pics for some reason… take a look
Can i put this pic of you into my new myspace album?
Take a look at the new pics already! :p
I cant believe they wanted me to upload this picture to facebook lol. Its terrible. Like my outfit tho?
Lmfao hey im sending my new pictures! Check em out!
I’ve been editing some pics you should def see em lol!
dude i just got these pictures off my digital for you! Gimme a moment to find em and send
Wanna see my pics before i send em to facebook?
do you think this picture is too kinky for Myspace?
Hey accept my pictures, i got a bunch from when i was like a toddler :X
I think this picture is terrible. but my friends on myspace want to see it. please dont show noone.
Hey just finished new myspace album! :) theres a few kinky ones in there!
OMG, i found ur pic on cuteornot.com! Check it out
hey you got a myspace album? anyways heres my new myspace album :) accept k?
do I look dumb in this picture? I want to put it on myspace.
hey man accept my pics. :( i just edited it to look maad funny..
Dude i found your picture on hotornot.com! Take a look!
As you see, the messages basically means “Hey, here is my pics!”. Since the message is sent out by your MSN contact (you trust them!), people will easily get cheated.
MSN worm removal method
There are many variants of the MSN worm. Many antivirus in the market fail to detect the MSN worm. I found 2 manual virus removal methods for the MSN worm variant at HERE and HERE.
The removal instruction is not difficult though. It takes 3 steps to remove the MSN worm.
- Delete registry entry of the MSN worm under
[code]HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run[/code]
(the registry entry is different according to the variant) - Restart computer
- Delete virus files found in System folder and Temp folder (the virus files is different according to the variant).
Please note that wrongly editing registry entries could damage your Windows system. Users are advised to get help from expert to remove the virus manually.
For removal methods of similar MSN worms, please search in the CISRT.
How to keep your computer safe?
There are few things you can do to keep your computer free from virus and worm:
- Has an updated antivirus running all the time
- Do not accept incoming files, whenever possible.
- Scan every downloaded/incoming file with an updated antivirus
- Scan every external file storage device (hard disk, USB flash drive, memory card, etc) as soon as it plug into your computer.
- Run full system virus scan weekly
- Dump Windows, switch to Mac or Linux.
Do you have more tips to share? Share with us.
Don’t think your friend send you porn pictures…. hahahahha
I might be more careful about this.
There are a lot of MSN worms that spread around our friends. I always receive this file. But i will ask them some question before receive. This is to make sure the file is being send by them.
thx sharing…i’ll notice it….ahtim just
kena wormed on monday..work till 12midnight…hahaha
Hi! Thanks for sharing. I’ve been receiving lots of spam from my msn add, and have been ignoring all files. Looks like the security is quite loose there huh?
BTW, am dropping by here to also wish you a Merry Christmas and Happy New Year!
As soon as I logged onto my messenger, I got a message from one of my friends saying ‘can i up some of these pics of ya to my myspace profile?’, followed by the zip file.
I immediately thought it was a worm or a virus, and did a google search about it, which led me here.
Thank you very much.
@Kristie: you are a smart user who know the dangerous of unexpected file. Welcome to liewcf.com :)
For an automated removal method, try downloading the MSN Photo Virus Remover tool from http://www.msnvirusremoval.com The Virus Database for the Remover grows on a daily basis, also a tool (MSN Virus Info Gatherer) is included to report your varient if the Remover can not detect it.
Thanks! I got loads of my friends sending me viruses!
Thanks to my virus scanner buddies, I’m always safe.
I’ve got a friend that says “you care if i put this pictuer of you in my new album?” and sends me like every minute.
also there’s another friend that says something related (the list up there). and the point is….this girl is totally korean and doesn’t actually speak english! lol…
thanks for the information
Umm..I got a question….
I think this thing is like an messenger virus also..
my friends sends me a message and a site saying , “heyy ;)” and then “www.####.info” (#=name) and when I click the site, it leads me to a site something about who blocked or deleted you in msn, and says that if you want to figure it out,loggin with your msn account… many of my friends sent me it, and the #### aren’t the same but leads me to the same site..what the….?
Nope, its not a virus.
The site is hijacking user accounts. The people with hijacked accounts just need to change their passwords.