Warning! Do not download before hiding your IP with a VPN!
Your IP Address is .   Location is
Your Internet Provider can see what you are downloading!  Hide your IP ADDRESS with a VPN!
We strongly recommend using a reliable VPN client to hide yourself on the Internet. It's FREE!
Hide me now!
Releaselog

New MSN trojan spreading quickly

A disturbing news appeared few hours ago at eWeek: A new Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier on Nov. 18 and is being used to discover virtual PCs as a means of increasing its growth vector.

The Trojan is an IRC bot that’s spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word “pics” as a double extension executable—a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name “images” as a .pif executable—for example, IMG34814.pif. The files are infiltrating new systems by using either known contacts from which the Trojan has harvested instant messaging names, as well as from the systems of unknown users. Doublecheck every file you receive through your MSN or your computer could easily end up as a zombie in some huge botnet…

Comments

Feel free to post your New MSN trojan spreading quickly torrent, subtitles, samples, free download, quality, NFO, rapidshare, depositfiles, uploaded.net, rapidgator, filefactory, netload, crack, serial, keygen, requirements or whatever-related comments here. Don't be rude (permban), use only English, don't go offtopic and read FAQ before asking a question. Owners of this website aren't responsible for content of comments.
  1. Lloyd Banks 93
    November 19th, 2007 | 20:15

    I’ve been receiving messages+zip files like that for at least 4 month.

  2. myself
    November 19th, 2007 | 20:16

    and just because microsoft disabled file extension by default for the noobs

  3. wooot
    November 19th, 2007 | 20:19

    Feel free to post your New MSN trojan spreading quickly torrent,

  4. SMek
    November 19th, 2007 | 20:22

    @Lloyd Banks 93

    i guess you need to change friends on msn?

    i have never got any virus true msn its hard to get a virus if you use commonsens but no rule with out exeption but i will keep an eye out

  5. Wankstar
    November 19th, 2007 | 20:22

    Nah, im gonna have a pass. Will wait for the aXXo release.

  6. SMek
    November 19th, 2007 | 20:23

    btw is it better then halo 3?

  7. p-J
    November 19th, 2007 | 20:26

    LOL @ 5! :-P

  8. bob
    November 19th, 2007 | 20:27

    @ Wankstar and SMek

    r u guys stupid or wtf are u trying to talk about go post that stuff in the right topic

  9. AXXO VERSION
    November 19th, 2007 | 20:28
  10. Smokey
    November 19th, 2007 | 20:28

    Of course its better than Halo 3 its the most over rated game ever.

  11. DjSaDoL
    November 19th, 2007 | 20:31

    HA HA HA !!!

    icq user…. :)

    rsrs

  12. .Truth
    November 19th, 2007 | 20:33

    I basically can’t stop laughing at my friends who get infected by some MSN virus just because they accepted a file transfer which contained a trojan.

    But yeah, everyone should be wary of this.

  13. November 19th, 2007 | 20:34

    If you use MSN I think you deserve to get this.

  14. Lakatos
    November 19th, 2007 | 20:41

    indeed. i’m safe with iCal until it gets an XP release like Safari. :(

  15. hikaricore
    November 19th, 2007 | 20:46

    People who are too lazy to even think about being bothered to attempt to understand what it going on around them deserve anything that hits them. Personally I can’t stand the sheer mass of people who own a computer in this day and age and don’t care how they work. These are the same people who can’t program the time on the VCR/microwave mind you… not because it’s a difficult undertaking by any means… oh no, they just don’t give a flying fuc|(. Continuing on into the future as more and more stupid and worthless individuals are born, there will come a day when folks don’t even know how to use a can-opener or even change their car battery. Ahh the wonders of global progress, go humanity go!

  16. me
    November 19th, 2007 | 20:47

    they shouId caII this Dumbexecs cause u onIy get it if ur dumb enough t0 open it

  17. anonymous
    November 19th, 2007 | 20:49

    seriously, this has been around WAY longer

  18. MEME
    November 19th, 2007 | 20:52

    …and this is why I stopped using messenger programs a year ago.

  19. LucidHarmony
    November 19th, 2007 | 20:54

    If you can’t tell it’s a bot message… :P lol

  20. eitanois
    November 19th, 2007 | 20:58

    @13 – Mr X

    Well, i guess this would happen eventually..

    I have to agree with you on this one…

    But this doesn’t end my suspicions of you been a little boys lover.

  21. .....
    November 19th, 2007 | 21:01

    any rapidshare links? i really want this game
    they say its the best game of the year

  22. .....
    November 19th, 2007 | 21:01

    LOL :D just kidding

  23. bLinx
    November 19th, 2007 | 21:05

    Only people who know nothing of the internet and computers get this kind of thing.

  24. eitanois
    November 19th, 2007 | 21:09

    @23 – bLinx

    not true, the g.a.y people
    also could get this.

  25. lolol
    November 19th, 2007 | 21:17

    haha post number 13 its so true.

    I have all the noobs contacts of my msn infected and trying to send me this, the sad thing its that some of those study things related to computer, and they are online pretty much everyday lololol

  26. lev400
    November 19th, 2007 | 21:18

    msn sucks

  27. BillyGreece
    November 19th, 2007 | 21:18

    At first i received this trojan too and i opened it!!!! But thank got norton antibot saved me (again) Its a very light and cool program you should try it guys

  28. Mulleboy
    November 19th, 2007 | 21:18

    LOL I GOT THIS VIRUS NOW, IT MIGHT BE INFECTING MY SYST..

    Mulleboy wants to send you
    pix.zip (2889kb) Do you wish to acceptzors?!
    ——————————————-
    “YES” for laaawl and “NO” for looowl.

  29. Sauron
    November 19th, 2007 | 21:21

    LOL @ 5 and 6! :)
    And I will add
    FIIRST! :D

  30. jgv115
    November 19th, 2007 | 21:40

    my friends always send me that crap

    the first time they send it i knew i shouldnt accept

  31. TheDude
    November 19th, 2007 | 21:47

    I actually feel bad for people who create these exploits. Their lives must be incredibly empty.

    Majority of people who use MSN Messenger are kids. You cant expect them all to be experts in computer security.

  32. the police
    November 19th, 2007 | 21:48

    it’s been nuked… proper will follow

  33. hikaricore
    November 19th, 2007 | 21:52

    TheDude: You’re feeling bad for the wrong people.

  34. yoblin
    November 19th, 2007 | 21:53

    misleading summary… it’s not looking for virtual pc’s it’s looking for VNC’s, much different.

  35. Sychfix
    November 19th, 2007 | 21:55

    Proper botnet out of Sych at 45:03 Get repack

  36. OldGuy
    November 19th, 2007 | 21:58

    Meh, a friend got a virus like that a week ago. Surprisingly, the bot didn’t send me the files…

  37. nsm-virus
    November 19th, 2007 | 22:03

    well you all just got this virus from reading this thread so there hahahaha , i hacked in to the site so if who ever opens this thread and acts like a smart ass gets the virus :lol:

  38. hax0r
    November 19th, 2007 | 22:10

    what fool accepts a file .jpg.exe dont u know nothing

  39. Wankstar
    November 19th, 2007 | 22:28

    Can anyone update us…? Will there be a proper? I heard reloaded might release a new version. Will it run on 64bit vista?

  40. hikaricore
    November 19th, 2007 | 22:29

    Wankstar: You should know by now that NOTHING runs on Vista, let alone 64bit code.

  41. G-unit
    November 19th, 2007 | 22:33

    Ya i think theyre using the bots to DDoS this site i go to…

  42. VeNoMmx
    November 19th, 2007 | 22:43

    Man this is as old as time…virus has been spreading since long ago…

  43. tzu
    November 19th, 2007 | 22:47

    Everyone can get infected. I`ve never been infected before. (only on purpose on closed systems to see how the virus works) But I got infected by this msn virus last week. Was chatting with av friend and he sent me image24.zip file. I thought it was safe. But I got no excuse why i clicked on a batch file beliving it was a picture. Guess I was tired. Think I managed to delete it now. But ofcourse it sent itself to other people on my contactlist and then on….

  44. m1dnight
    November 19th, 2007 | 23:14

    this aint new, this has been going on for the last 5 months or so… if ur a little smart, you see if it’s something dirty…

  45. Projectil3
    November 19th, 2007 | 23:24

    I remember variants of this Trojan from back in summer of 2004,

    people would send messages saying “Is this a picture of you??” and they’d attempt to send a .zip file containing .exe’s and .bat’s lol

    but yeah, I have a few people on my MSN Contact list infected with this trojan, I recommended they get antivirus or format.

    they didn’t believe me so i sent them Screenshots of their trojan in action lol they almost pooped their pants :)

  46. me
    November 19th, 2007 | 23:38

    so is there a way of getting rid then or not?

  47. Steve
    November 19th, 2007 | 23:39

    This is kind of old. The funny part about it is when I got a message from a guy buddy of mine…

    “Hey want to see my private pictures?”

    I was like … “WTF?!?!?!?!”

    I tried to respond but no answer so I blocked him.

    Then a couple of days later while at work I almost got tricked into a message from ANOTHER friend saying.

    “Hey man check out this guy, looks just like you!”

    I ALMOST clicked it then remembered the previous event and then later got another message about the same so I blocked a second person.

    Stuff like this always hits the uneducated or unaware users so a little common net-sense always helps fend off possible problems with virii and like attacks.

  48. Mario
    November 19th, 2007 | 23:59

    A few years ago there was a annoyance like this called Block-Checker. My uncle removed it but I’ve been noticing this for the past 3 weeks. If someone asks or says ANYTHING about a pic, and immediately tries to send you a 72kb .rar file, do not respond or just say decline! I don’t have it, but I’m not stupid enough to accept odd and irregular files.

  49. goatman
    November 20th, 2007 | 00:02

    yeah ive been receiving messages like that for a few weeks i always figured they were virus’s or something like that shame most people i know aren’t that tech savy to figure out that commonly trojans and what not travel in zip files or exe’s

  50. ME
    November 20th, 2007 | 00:08

    I just got the sniffles reading all this chitter chatter am i infected?

  51. Chewie
    November 20th, 2007 | 00:11

    I’ve had lots of messages the same as number 47 before. My sister clicked on one once and I had to fix her computer for her…

  52. costa200
    November 20th, 2007 | 00:11

    The scene has nuked this! Something about some triggers being missed in the crack!

  53. thelumberjack
    November 20th, 2007 | 00:13

    I was infected with this because i usually just accept what ever my friends send me. I got rid of it though it wasn’t hard, 3 virus scanners, 2 spybot scanners and an adaware scanner got all of it. Although i did have to delete a file by finding it on my own.

  54. Johnny
    November 20th, 2007 | 00:48

    Well since msn is a virus anyway, does this trojan actually improve it? Anything to remove Microsoft dominance is a good thing I guess.

  55. dublitze
    November 20th, 2007 | 01:11

    @5
    “Nah, im gonna have a pass. Will wait for the aXXo release.”
    Imao

  56. PINBALLWIZZZARD
    November 20th, 2007 | 02:59

    awwwwww the rapidshare an megaupload links wont work for me :(

  57. PINBALLWIZZZARD
    November 20th, 2007 | 03:01

    can some 1 email , or messenger them to me?…. lmao

  58. Rekrul
    November 20th, 2007 | 04:11

    This isn’t a virus, it’s an intelligence test. Sadly, many people seem to be failing it.

    What’s next? A text file telling people to manually erase their own files?

  59. geek
    November 20th, 2007 | 04:29

    @13 – MR X

    “If you use MSN I think you deserve to get this.” so i guess you are against facebook too, most normal people use MSN, you know, to talk to their friends that have met in real life. not everyones life revolves around ones and zeros

  60. muhaha
    November 20th, 2007 | 05:18

    muhaha you stupid noobs.

  61. cabose369
    November 20th, 2007 | 06:09

    I had one of my contacts just say: here are those pics you asked for and attempt to send me the pics.zip file. I immediately say wtf i didn’t ask for pics. It auto sent it to me again 20 min later so I blocked him.

  62. ricardo
    November 20th, 2007 | 08:11

    how many leechers can der be !!!! arrgghh no seeds

  63. vomit
    November 20th, 2007 | 09:36

    If i was a “Zombie in a Botnet” i would have every faith VOMIT would release me.Probably on 1 cd with mp3 vbr

  64. Craine J
    November 20th, 2007 | 11:44

    uhh… where’s the torrent link?

  65. hikaricore
    November 20th, 2007 | 11:52

    @ 61 geek: don’t be a douche bag just because you’re ignorant.

  66. shom
    November 20th, 2007 | 13:42

    #4 and #5 are bots , lol !

  67. shom
    November 20th, 2007 | 13:43

    how did they pass the spam test ?
    itelligent bot !

  68. Dav0
    November 20th, 2007 | 18:29

    Bots are going up in the world eh…

    btw. any fixes out for it yet? i am not stupid enuff to accept the virus but my cuzin is..

  69. SMek
    November 20th, 2007 | 18:59

    @68 and @69

    i must be the moste intelligent bot in the univers sins i REPLY to some one who says im a bot…

    YEah i was created by the best programers in the world and i was still just an Alpha but that aint so bad becouse now im a Alpha Male and the chicks loves me…

    but seriusly

    HOW THA HELL CAN PEOPLE GET THIS KIND OF STUFF???

    Dont they have a braind at all???

    I mean if all walked straight up to any of stranger and asked

    -”Hey if you give me your car key and i will go and wash it for you”

    if he says Yes Of corse you can… then he’s just stupid and YES deservs to get his car stolen…

    Hope you understand what i ment…

    if you give away the key to your computer your just as stupid as if you give away your car key

  70. TKarlsson
    November 20th, 2007 | 19:52

    Well, i also remember since summer, a friend was “writing”: Hey, look at my new picturies from Germany. and then a .zip file is coming: la65sa05s.zip

    Accept Yes or No, of course everyone in the world is clicking at “YES”

  71. Darth Arcon
    November 20th, 2007 | 20:23

    Well…cant say Im surprised…

  72. Genex
    November 21st, 2007 | 08:09

    i must say this trojan is good to fool some ppl that executable is just as same as jpeg format. PRESTO!! oops no pics. anyways this lil’ kiddo is not hard to get rid of for those of you who know how to play with your regedit

    delete: imageXX.zip or picXX.zip from your received folder

    next step:
    start menu: run > regedit

    scroll to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft >

    Windows > CurrentVersion > Run

    look at the right pane. there should be some idiotic and completely illogical process running, if you are good at guessing what processes shud be in your run list, you would know which process you shud delete.

    for others its easy to guess. cos this trojan assigns a 6 letter .exe file in the run, example: abcdef.exe [check the process out on google if you are suspicious or too afraid to delete it]

    a good sample which i had in run is:

    “Volume Shadow Organizer” = “nvbsvc.exe”

    yeah rite, who the hell ever heard of volume shadow organizer.

    next: unhide all your folders and system files. scroll to
    C:\windows\system
    C:\windows\system32

    you will find abcdef.exe in either of these folder, DELETE it

    restart ur system and VOILA. U R FREE OF THIS BUG!!! lol

  73. iAccepted
    November 21st, 2007 | 08:14

    way to go SMek, couldnt agree with you more. :P must be kinda foolish to accept whatever comes or even open the content of a zip when ya know pictures dont come in .executable formats. muahahahahah

  74. Genex
    November 21st, 2007 | 08:19

    oh! and one more thing. clear your %temp% also

  75. hax0r
    November 24th, 2007 | 11:11

    dont worry about it all they do it use your comp as a serving bot to use in there irc room.
    they upload loads of stuff to your comp via survu and then list the movie music etc for people do download.
    so just keep an eye on your hd getting full and slow connection

Leave a reply

 

rent this ad space