I’ve been noticing that a lot of people on my YM list are sending me random messages with links to some sites. I’ve had this before and that time it was coming from my end so now I know people are just infected by a new worm somehow.
I also got this form one of my contacts:
PLS BE INFORMED IMMEDIATELY! A virus is on a rampage in Messengers. The virus name is WORM_SOHAND.I. It shows itself as an innocent IM with a link to a site and tells you it is about cool pictures. Whne the link is clicked, it takes control of your registry, changes your browsers homepage and disables you to change the homepage! after clicked it also sends itself to everyone in your messenger list. So if you recieve it, please remeber DO NOT CLICK THE LINK! just close the window or read the other offline messages. Warning: it may come from your closest friends to! PLEASE, PASS IT ON TO ALL
Anybody else experiencing this lately? I did a search and it’s not yet showing up anywhere but definitely it’s a virus/worm.
****Linky Goodness****
help po! un virus na AVI UST SCANDAL! badtrip una sa pc ko lng tpos un open ko laptop ko nagkaroon nadin ng gnun virus!!! help po nmn pano irecover to! email me at charlian****@****.*** i really need to know how to recover this virus thanks!
My computer is OK now. Download avast home edition and everything will be taken care of.
here is my email add nga pala josh7****@****.***
Help naman po I have the same AVI.Funny scandal virus. It is malfunctioning may Excel and printers.
What’s that YM virus tagalog version. My girlfriend actually got that virus also. Is there any way to get rid of it?
me i have also ym viruses tagalog version i cannot do want is the right , or how to remove that its that ” funny scandal” its my enemy virus of all?
plz contact me at my ym at ” jasonblue2008″ plz help me how i can removre this
The other day I clicked on a file transfer that I thought was sent by my chatmate but I was wrong; the file is skyflake. What I did was download & save it to my desktop then run my anti virus on said file before I opened it. I just want to know if this is a virus coz last night I emailed some pics but I was told there’s one in those I sent that can’t be opened because something was attached to it that my chatmate’s anti virus won’t open. If this is a virus, did it already start to spread by attaching something to my attachments? Please, if anybody could tell me if this is the latest virus that plugs ym & suggest how to get rid of it, although I deleted the file already, would be most appreciated. TY.
hello po ulet just wanna share how i remove the AVI funny ust scandal on my pc. i just download the AVAST anti virus it realy working hard. so now i can used my pm in good condition again… i got the AVAST on this site www.avast.com
patulong nga….!!! ayaw kasing mawala ung scandal sa ym ko ito pala email ko..gomez.****@****.*** thanks…!!!
GOOD DAY TO ALL ABOUT AVI UST SCANDAL FILES, I ALREADY RESTORE MY PS TO THE DATE I KNOW IT WAS WORKING PROPERLY, BUT AFTER THE RESTORING I AGAING CHECK MY WINDOW & FREPETCH IT STILL THERE. STILL I CANT OPEN SYSTEM32 & RUN PROGRAM… PLEASE HELP ME I DONT KNOW WHAT TO DO WITH THIS FILE, I CANT USE MY PC PROPERLY… HELP ME PLEASE…
XXX_STIFLER****@****.***
I found this pdf file that analyzed the malware:
http://geocities.com/rahulmohandas/hacking_the_malware.pdf
Regarding the AVIFunny file. This is also detected by AVG but is not healed by AVG. I was able to manually delete the malware files of a friend, but with difficulty. It has a self regenerating mechanism also as follows: registry autoloads (see above list and use edit find command in the regedit to be sure such registry entries are not stored anywhere else). It also put sporious lsas.exe and smss.exe files, in the windows directory (there are legitimate files of these names used by windows – under windows task manager, the legit files will shutdown windows if the process is stopped). Infected file in WINDOWS\system32\drivers\etc was also found. It created files in the windows/prefetch folder (some of these entries initially refused to be deleted (You may try to open it with notepad and if prompted that no such file exist, create one with the same name of your own just to be sure). malware files are also found in all other partition or separate hard disk. Search and delete carefully the malware files and cure registry settings while modem is unplugged and in safe mode. Run AVG again after (still unplugged to the internet, if still detected, repeat the process again).
that kind of virus was infected my pc (twice!!).. Solution: Restore my pc to the time when it is in good condition.. and after that, I scanned my registry using registry mechanic program. Just as simple as that.. if you have any comments about this, please email me @ rain_ra****@****.***
http://rainrace.blogspot.com
please help me on how can i remove this AVI UST FUNNY SCANDAL. coz i’m afraid to open my yahoo messager now. coz i dont want any of my friends got this too. please email me herse my email add dy3_quicksi****@****.*** help me please
please help me on how can i reamove this AVIFUNNY UST SCANDAL to my pc. someone send me offline meessage but i didnt accept it coz im not sure what it is. but it already enter my pc how many times i delete it. but it still there i cant open now my RUN and system32.please if anyone can help me on how to remove it please reply…
how do i remove this kind of virus… my friend tells me i send this kind of message:
ình di?n xi?c “r?n tóc gáy” freewebtown.com/gaigoitanbinh/index.html
but on my end i am not sending any..
please email me @ jervin_rod****@****.***
i would really appreciate if you can email me on how to delete this.. thanks
download this security task manager!! it really worked for me.. you use it to detect and quarantine the dangerous files.. http://www.neuber.com/taskmanager/index.html?ref=file.net
Using Linux based messengers are safe, but if you are stucked to Windows you may try www.meebo.com for a web interface connection to YM. Yahoo also has a new web interface integrated with their mail service. YM’s interface has a launchcast cache of messages (from where the malware send the random messages), try to google how to clear it.
These malware calls a backup copy and reconstruct a partially healed pc. Not to mention that your default homepage may still pointing at the online malware site (while curing the pc, unplug your internet and make sure that it points to yahoo or google).
You can compare the identified malware files from that which can be hiding as backup within other folders like the startup folder. Note the size and date of detected malware so you can delete backup copies. You have to kill/delete the running malware executible and other clone executible (usually under safe mode – to get around file locking mechanism). Files such as host.exe and host32.exe are said to be a backup according to one site I read. See also Smithfraudfix for possible solution.
The registry keys you can check for possible reconstruction scripts are (using Regedit, It needs caution as you may touch sensitive data):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Windows 95/98/ME registry includes the following seven keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
or to be safe download IE Protector And Tracks Eraser or similar apps that has an option to disable automatically loading files.
Theres this another YM virus from vietnam, funni.exe. I have used many AVs but still couldnt detect the virus.
So, it’s a virus. I thought it was only some sort of spyware that plagues the messenger and whenever you click on the links, that’s the time that you get the virus.
A secured browser is enough to at least prevent it.