Please read the complete article before following the steps given.

Once again more MSN Messenger Viruses are spreading around the Internet.  This time the virus sends the following message to all your contacts:

cute.pif - W32.Kelvir.A

omg this is funny!
[Followed by a link to download the cute.pif from jose.rivera4.home.att.net]
The user then downloads the file which sends the link to all of their contacts and then downloads a W32.Spybot worm onto the infected machine.

If your are lucky the program will just run on your machine, send to your contacts and end without downloading the Worm.

The first thing you should do therefore is delete the downloaded cute.pif making sure you do not run it again! Then check to see if a Worm has been downloaded as well.

1) Press Ctrl+Alt+Delete and look for hotkeysvc. If it’s there select it and press “End Task”.

2) Use the Windows Find feature to look for a file called “hotkeysvc.exe”. Which if their should be in the %System% directory. If you find the file delete it.

3) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.

4) Click on the tab at the top right that says ‘Startup’.

5) Look for, and if it exists, untick the box next to “hotkeysvc.exe” or similar name.

The http://jose.rivera4.home.att.net/cute.pif has now been fully removed!

IM-Names virus

1) Close Messenger.

2) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.

3) Click on the tab at the top right that says ‘Startup’.

4) Untick the box next to ‘IM-Names’. (If you cannot find it skip this task)

5) Click ‘ok’ and when it asks if you want to restart your computer say no.

6) Press ‘Ctr’ + ‘Alt’ + ‘Del’. Find the process that says ‘IM-Names’ and click End Task.

The virus has now been deactivated!

To remove it fully follow these instructions:

1) Search your computer for all files called “IM-Names” (without quotes)

2) Delete all files that it finds.

3) Empty your Recycle Bin.

The virus has now been fully removed!

PIC1234(1)(1)(1)(1)(1).exe

To remove the virus is simple to do. Simply follow these instructions:

1) Close Messenger. This will simply stop any of your contacts getting the virus.

2) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.

3) Click on the tab at the top right that says ‘Startup’.

4) Untick the box next to ‘MSN Messenger’.

5) Click ‘ok’ and when it asks if you want to restart your computer say no.

6) Press ‘Ctr’ + ‘Alt’ + ‘Del’. Find the file that says ‘MsgSpread‘ and click End Task.

The virus has now been deactivated!

To remove it fully follow these instructions:

1) Go to the Desktop and open My Documents.

2) Double click on Messenger Service Received Files’. If you don’t see a folder called that then go to ‘My Computer’ double left click on ’C’ then ‘Program Files’ and finally ‘Messenger Service Received Files’.

3) You should now see a file called ‘PIC1234(1)(1)(1)(1)(1)(1)(1)(1).exe’.

4) Click on it ONCE and left click and select ’Delete’. This should delete the file.

5) Empty your Recycle Bin.

The virus has now been fully removed!

Choke.exe aka I-Worm.Choke

Even if the user accepts the download he or she will not be infected. The user must download and run the files they received. The file name can differ every time. It can be ‘ShootPresidentBUSH.exe’, ‘Choke.exe’ or ‘%The user name%.exe’ where the user name is a nickname from dalist.txt.

To remove the virus is simple to do. Simply follow these instructions:

1) Press Ctrl+Alt+Delete and select Choke.exe, and press “End Task”.

2) Close Messenger. This will simply stop any of your contacts getting the virus.

3) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.

4) Click on the tab at the top right that says ‘Startup’.

5) Untick the box next to “Choke.exe” or similar name.

The virus has now been deactivated!

To remove it fully follow these instructions:

1) Go to ‘Start’, then ‘Find’ or ‘Search’ and enter “Choke.exe”, then press OK.

2) Click on the file and press ‘Delete’.

3) Empty your recycle bin.

The virus has now been fully removed!

W32.Aplore@mm

W32.Aplore@mm is a MSN Messenger Virus which spreads by sending links to an infected web page. When a user is infected with this virus they send a message do their online contacts. The message may be as follows where ZZZ is the contacts name, the A’s represent an IP address and the B’s represent a port number.

ZZZ says: this is cool, http://AAA.AAA.AA.AA:BBBB

OR ZZZ says: btw, download this, http://AA.AA.AAA.AAA:BBBB

To remove the virus is simple to do. Simply follow these instructions:

1) Close Messenger. This will simply stop any more of your contacts getting the virus.

2) Go to ‘Start’ then ‘Run’ and type ‘msconfig’. A new window should appear.

3) Click on the tab at the top right that says ‘Startup’.

4) Untick the box next to “Explorer”.

5) Restart you Computer.

The virus has now been deactivated!

W32.Annoying.Worm

The delightful author of this worm, who comes “in piece” (pity it’s not “in pieces”), has even included a readme.txt file with uninstall instructions:

How to remove the Annoying.Worm:
1) Click Start, select Run. The Run dialog box pops up.

2) Type: msconfig The System Configuration Utility pops up.

3) Click the Startup tab at the top. In the list, find MsgSprd, Messenger, or pic1324, uncheck, press Apply, then press Ok.

4) Restart your computer Or press Ctrl - Alt - Del, select MsgSprd from the list, then press End Task.

You may freely delete the files or the ‘C:\Messenger1324′ directory.

You may need to uninstall/reinstall Messenger after removing this one from your system.

As you may have passed the MSN Messenger virus on to some of your contacts it is suggested you warn your friends about the MSN Messenger Virus.

Many of these viruses will continue to resend themselves to your contacts and then their contacts, so the vicious circle continues.  If you are infected you are in a position to do something about it.

In future if someone tries to send you a file on MSN Messenger and it ends with ‘.exe’ do NOT download it unless you are really sure you know what it is. Ask the person that is sending you it what it is!

Ensure that your pc is fully up-to-date with the latest patches, also ensure that your anti-virus protection is regularly updated. 

If you use a file shredder it is better than using the recycle bin to empty files. 

I also recommend using CCleaner (formerly CrapCleaner) to rid your system of unwanted garbage that collects on a daily basis.

Some 30% of computers with a security solution installed scanned last week  were infected with some kind of malware.  In the case of computers without any kind of protection, the figure goes up to 44%. Source:http://www.infectedornot.com

Malware creators are trying to put a large number of threats in circulation and install them silently to prevent security companies from detecting them and generating the necessary vaccines. 

Therefore, traditional security solutions must be complemented with other types of online solutions like BitDefender, which uses the ICSA Labs certified scanning engines, so you can feel secure about their virus protection.

As for the malicious code that has appeared in the past week, highlighted are the Bindo.A and Nuwar.HU worms.

Bindo.A aka autoply.exe is a worm designed to spread and infect as many computers as possible by copying itself under names like autoply.exe or MSshare.exe to the shared folders of any P2P programs that the targeted user might have installed.

It also creates a file called AUTORUN.INF in all drives it copies itself to, in order to be run every time that the drive is accessed It is very easy to detect the presence of this worm on the system, as it increases the number of shared files in the P2P shared folders on the computer.

Bindo.A also changes certain shortcuts in the desktop so that they have two execution paths: the original one and one that runs when the original program is launched.

BitDefender is a FREE online virus scanner, which takes a while to run and it is advisable to run this when you have no other programs using resources.  When opened, you will have to click the ‘I Agree’ user license after which you will be taken to the Options page.

Click image for larger view.

The default setting is to scan all of your computer, which is the safest option.  Under the ‘Settings’ the default option is for BitDefender to try and clean the infected files.  There is a warning that if disinfection fails, the files will be deleted.  You can change this option where it says ‘click here’ and a pop-up window opens (ensure you do not have pop-up blockers turned on).

Click image for larger view

Under the heading ‘Action options’ select ‘Prompt user for action’ and under ‘Second action’ again select ‘Prompt user for action’ then click OK, then click where it says ‘Click here to scan’.  BitDefender will then load the anti-virus engine and virus signatures.

If it fails to update, select ‘Yes’ to continue and scanning will start.

Click image for larger view 

When scanning, if an infection is found you will be prompted for an action and you will see the location of the infected file.  You can select ignore, disinfect or delete.  If disinfection fails however, the file will be deleted so use this with caution and ensure that it is not an important file.

Nuwar.HU is a new variant of the infamous “Storm Worm” which takes advantage of Halloween to spread. It ends processes of certain security tools that might be installed on the computer.

Nuwar.HU drops a rootkit called noskrnl.sys on the system and sets it as a service so that it is run automatically when the computer is started. Nuwar.HU spreads in email messages with subjects like “Have a Happy Halloween everyone” or “Party on this Halloween” among many others.

These messages include links to certain web pages that show a ‘dancing skeleton’ animation. If the user downloads and runs the animation offered on the website, the worms infects the computer and turns it into a zombie system at the service of a malicious user.

Rootkit detection

Methods to detect rootkits fall into two categories: Signature-based and heuristic/behavior-based detection.

There is an article about rootkits here and advice on searching your hard drive for the presence of rootkits and tools to remove them which you can get more information by clicking here.

Hot on the heels of the ‘Postcard From A Friend’, there is a new trend starting.

Below is a copy of an email I received - several copies of it too.

DO NOT open this email as it contains a Trojan Downloader, just Delete it

Virus Name:  JS/Psyme also known as HTML/Mht@exp

Spreads through Web Browsing, Downloads Code from the internet, Exploits your system and/or Software vulnerabilities.

Ensure your anti-virus is up-to-date.  I recommend AVG Anti-Virus (freeware)which catches these Trojans and opens  a ‘Threat Detected’ window.

If you are infected with this update your virus definitions file and reboot into Safe Mode, scan with anti-virus and also scan with ad-aware.

After cleaning reboot into normal OS and scan again to ensure there are no traces of the virus remaining.

Email will read similar to this, with some variations: 

Welcome Member,

We are so happy you joined Free Web Tools.

Member Number: 6257277682314
Your Temp. Login ID: user3795
Your Password ID: eq708

Please Change your login and change your Login Information.

Use this link to change your Login info: Free Web Tools

Welcome,
Internet Support
Free Web Tools

Should you find that your website is compromised by the JS/Psyme virus, you will need to download your site - preferably to an external driive or if no external drive is available to a folder on your dektop and follow the instructions as above. 

Scan the folder containing your site in Safe Mode, make a note of where the virus is found and ensure prior to scanning that your anti-virus is up-to-date.  When complete and the infection is removed, reboot into normal OS and scan again.  If clean upload your site to your server.

This video tutorial will show you how to install AVG Anti-Virus.
If you have Norton or McAfee I personally wouldn’t pay their
fees especially when you can have this protection for free.
If you have any other Anti-Virus and intend to install AVG,
please uninstall any other Anti-Virus program that you may
have.
AVG Anti-Virus Free Edition is one of the most popular
solutions to provide basic security protection on home and
non-commercial PCs and is used by millions of people worldwide.

Important

Create a backup of your system or a restore Point before making any changes

Can also be viewed in Windows Media Player by clicking:
AVG Installation

Advancements in Antivirus Software Suites

Protecting your computer from a virus is getting harder
and harder each day.  While it may border on the paranoid,
it goes without saying that you can’t leave your guard down
for one second.  Even corporate giant Microsoft has found
its own systems compromised on more than one occasion. 

Remember the “good old days”, before the advent of the
Internet and downloadable programs?  Life was simple then
in terms of computer viruses.  With the primary way in
which a virus could be transmitted being limited to floppy
disks, the ability to catch and eradicate the virus was a
lot easier.    By today’s standards, it used to take quite
a while before a virus was able to infect a computer and
slow down the system.  The antivirus software of that time
was typically able to identify and eradicate viruses before
they caused too much damage.  Additionally, computer users
were pretty savvy on how to protect themselves in terms of
scanning all floppy disks before copying them to our
desktop. 

The Internet helped change all that.  The Internet
provided a conduit by which viruses could move from host to
host with lightening speed.  No longer could a computer
user just worry about floppy disks as points of entry, but
they now had to worry about email, email attachments, peer-
to-peer file sharing, instant messaging, and software
downloads.  Today’s viruses can attack through multiple
entry points, spread without human intervention, and take
full advantage of vulnerabilities within a system or
program.  With technology advancing everyday, and the
convergence of computers with other mobile devices, the
potential of new types of threats also increase. 

Protecting Your Computer
Luckily, the advancement of antivirus software has kept
pace with current virus threats.   Antivirus software is
essential to a computer’s ability to fend off viruses and
other malicious programs.  These products are designed to
protect against the ability of a virus to enter a computer
through email, web browsers, file servers and desktops.
Additionally, these programs offer a centralized control
feature that handle deployment, configuration and updating.
A computer user should remain diligent and follow a few
simple steps to protect against the threat of a virus:

1. Evaluate your current computer security system.
With the threat of a new generation of viruses able to
attack in a multitude of ways, the approach of having just
one antivirus software version has become outdated.  You
need to be confident that you have protected all aspects of
your computer system from the desktop to the network, and
from the gateway to the server.  Consider a more
comprehensive security system which includes several
features including antivirus, firewall, content filtering,
and intrusion detection.  This type of system will make it
more difficult for the virus to penetrate your system.

2. Only install antivirus software created by a well-
known, reputable company. 
Because new viruses erupt daily, it is important that you
regularly update your anti-virus software.  Become familiar
with the software’s real-time scan feature and configure it
to start automatically each time you boot your computer.
This will protect your system by automatically checking
your computer each time it is powered up. 

3. Make it a habit to always scan all new programs or
files no matter from where they originate.

4. Exercise caution when opening binary, Word, or Excel
documents of unknown sources especially if they were
received during an online chat or as an attachment  to an
email. 

5. Perform regular backups in case your system is
corrupted.  It may be the only way to recover your data if
infected.

Recommended Antivirus Software
There are numerous applications available to consumers.
With a little research, you can pick the program that is
right for you.  Many programs provide a trial version,
which allows you to download the program and test its
abilities.  However, be aware that some anti-virus programs
can be difficult to uninstall.  As a precaution make sure
to set up a System Restore point before installing. 

Here are a few programs, which typically receive high
marks in terms of cost, effectiveness, ease of use, and
customer service.

The Shield Pro 2005™ provides virus protection and hacker
security through ongoing support and updates. When a virus
breaks out, The Shield Pro 2005™ promises to provide a
patch within 2-3 hours and a fix for the virus within 5
hours. You can set your computer to update viruses weekly
and run a complete virus scan.

BitDefender 9 Standard provides antivirus protection, as
well as Peer-2-Peer Applications protection, full email
protection, and heuristics in a virtual environment.  This
provides a new security layer that keeps the operating
system safe from unknown viruses by detecting malicious
pieces of code for which signatures have not been released
yet.

Kaspersky Anti-Virus Personal 5.0  program is simple to
install and use. The user only needs to choose from three
levels of protection.  It allows updates as frequently as
every hour while promising not to disrupt your computer.
The program also offers a two-tier email protection feature
and round-the-clock technical support.

PC-cillin Internet Security  combines antivirus security
and a personal firewall-for comprehensive protection
against viruses, worms, Trojans, and hackers. It also
detects and removes spyware and blocks spam. It even guards
against identity theft by blocking phishing and pharming
attacks.

AVG Anti-Virus Free Edition is a free downloadable
antivirus program that has received high marks for its
reliability.  In the past, free downloadable antivirus
programs have been viewed skeptically because of issues
relating to its reliability.  However, AVG from Grisoft,
remains one of the best-known free anti-virus programs
available.  While AVG cannot be installed on a server
operating system and there is no technical support, it
still makes a good choice for many home computer users.
The best part is that since it is free, you can try it with
no further obligation necessary.