Monday, June 11, 2007

MSN Messenger Infected w/ Scripting Worm!

Sample of this rising concern in MSN Messenger User Community
this is from one of the Anti-Virus Product Forum Site...

http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1687267&SiteID=2

Get it fixed using this

Go to Normal Mode
Goto SpyBot advanced mode (download SpyBot if you havn't already) and then goto tools and system startup. Untick everything.
Reboot into normal mode once. (important, do not skip step out)
Reboot into safe mode and scan your computer with SpyBot (I know it works with SpyBot so I reccomend it but you might be able to use others) and then remove any viruses detected
Go back to the system startup menu of SpyBot and delete everything that has re-ticked itself, as this will be part of the virus.
Open up my computer and C drive. Click: Tools -> folder options -> View -> Tick the box marked "Show hidden files" and untick the box marked "Hide system files" press yes on the message that appears and then press apply
From the C drive open Windows -> System32 and arrange icons into the order they have been modified. Towards the bottom of the list of folders should be a folder with a random list of letters, this folder should be a hidden folder. Open the folder, if lsass.exe is stored inside then you have the right one and you must delete this folder, if not then try other folders with random names until you find the right one. (name varies depending on computer)
Now that you have deleted the folder with the random name, reboot into normal mode and log on. Some error messages should pop up saying that lsass.exe was not found. That is good because you just deleted it.
It isn't the genuine version of lsass but the virus! Now press Start -> Run -> Type: "regedit" and press enter -> Press Edit -> Find -> and type Lsass
Whenever the registry editor finds a file with lsass in it, hover your mouse cursor over it, if it is a file stored in the folder you deleted, then delete it from the registry, if not don't. Keep pressing F3 to go through every entry of lsass in the registry, deleting all the ones that link to the folder you deleted. Congratulations, your computer is clean.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)