Yahoo Messenger Virus Detected
Well, It’s been official now that some virus have targeted the Yahoo messenger this time. Yahoo messenger this time has been affected by some virus . And this virus is sending the text message to all IM clients.
Type rest of the post here
The possible reason/ detection found by the Abhishek is given here.
Conclusions (Confirmed)
1. It uses msinet.ocx and web browser control for communicating with websites or downloading more file.
2. It begins by adding an unusual taskkil.exe in your System32 directory, which is a program to kill System Processes.
3. Creates a batch script located at C:killav.bat to kill antiviruses.
4. It accesses XXX, where the developer may enter commands for the application to update itselves.
5. It then begins access to XXXX, which shows adbrite ads when opened in Firefox, maybe there is an autoclicking feature encoded.
6. It downloads the executable from YYY which it then renames to svchost32.exe
7. It also downloads the executable at YYYY
The developer seems to want this trojan to be termed “Termex†since he owns the domain Mytermex(dot)com (Donot Visit this Site) and has directories named “Termex†on the server where he hosts his Executables!
The code is no doubt a good one, but I’d have preferred if he must’ve used this knowledge for good. Now apparently this doesn’t seem to affect FireFox/Mozilla and Opera Browsers (Note the apparently) but IE users are doomed.
I am Infected! Now what ?
Don’t Panic Tech Guru has written a nice tutorial to save yourself from this Trojan, I haven’t tried it yet, but from the look of it ,it appears that it’ll work. So go ahead and find it here
http://www.newsfactor.com/blog_article.php?aid=305161
How does this spread ?
I am not aware of the other mediums but yes, I mselves have witnessed this propogating through Yahoo Messenger, and there is a possibility that it may send your Yahoo ID/Password to the attacker.
Possible PMs that you may get are
Quote:damn, she is so cute hxxp://nsl-school.org?id=miss_world (Donot Open this URL in your Browser)
[php]have you ever seen such a silly man like this ? hxxp://nsl-school.org?id=stories[/php] (Donot Open this URL in your Browser)
Quote:Download Free MP3s at hxxp://nsl-school.org?id=mp3 (Donot Open this URL in your Browser)
These Message are generally very tempting and make you click on the link, but once you do, You’re doomed!
!!!WARNING DONOT OPEN THE URLS BELOW IN YOUR BROWSER OR YOU MAY GET INFECTED!!!
XXX = hxxp://giftshop.vn/update.txt
XXXX = hxxp://www.myglobal-news.com
YYY = hxxp://italiandirectory.com/termex/host2.exe
YYYY = hxxp://italiandirectory.com/termex/host.exe
Possible Domains Owned by the Developer of this Trojan
hxxp://www.nsl-school.org
hxxp://www.giftshop.vn
hxxp://www.myglobal-news.com
hxxp://www.italiandirectory.com
possible soln of this virus here:-
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
November 10th, 2006 at 12:04 pm
hey abhi,,
sorry 4 dat..
but i gave ur all reference in this post..
so dat any one can refer to u by my blog
k
if u dont want dat i will del dis post n
repost only its soln..
November 27th, 2006 at 2:15 pm
abhi let it b here.. becoz its easily search able.. and ur blog is not in gud in google page rank rite.. so atleast it will help us to get to read ur articel until your site gets the enough page rank to displayed in … early pages..
September 10th, 2009 at 6:25 pm
Hi! I was surfing and found your blog post… nice! I love your blog.
Cheers! Sandra. R.
September 10th, 2009 at 9:43 pm
I love your site.
Love design!!! I just came across your blog and wanted to say that I?ve really enjoyed browsing your blog posts. Sign: ndsam
October 11th, 2009 at 6:13 am
The main reason is that they where not enslaved so they did not get the counter Bracha to have many children. ,
October 23rd, 2009 at 4:18 am
Could it be that the affects of Food Inc. ,