attn: MSN messenger users VIRUS warning!

[Julie]

Hey guys,

A lot of you msn messenger user would already know there is a couple of very annoying viruses going around. One is a link you click on and it starts downloading the virus- cant remember the exact addy but it was something with earthlink.com in it and called 'omg'. It takes over your msn messenger and send the infected link to all your contacts.

Another one involves a virus hiding itself as a file transfer send 'pics' with names like My New Photo, How a blonde eats a banana, Topless in a mini skirt, Mona lisa wants her smile back, annoying crazy frog getting killed. This one also takes over your msn messenger and sends out the same infected files to all your contacts.

Be very wary of any links you click on or accepting any files on msn, its a good idea to ask the contact first whether they sent it and what exactly it is.

[Bec]

Ahh thanks Julie! I've noticed a couple of contacts have funny file transfers at the start of convo's. Haven't opened them, so I'll have to ask them about it.

Come to think of it my msn has been acting very strange tonight. I ran a check on it after a contact logged in saying that some **** gave her a ****** virus and that he's a ****** tool. Virus check came out clean but me thinks me will delete unknown contact this instant

[Darren]

I was going to put something up about this but time slipped away.

Here's the link
hxxp://home.earthlink.net/~gallery10/omg.pif lol! see it! u'll like it

This is a direct copy of the link minus the two t's.

[The1985divo]

Its a fun little virus.....depending on what sort of strain you get it does some crazy things.

W32.Bropia.M is a worm that spreads via MSN Messenger and connects to a Web site to display an image on the compromised computer. The worm may also disable many functions on the compromised computer, including the Task Manager and Registry Editor.

When executed, W32.Bropia.M performs the following actions:



1 Checks for the presence of a debugger and terminates itself if one is found.


2 Creates the file %System%\ISASS.EXE.

Note: %System% is a variable that refers to the drive and path where Windows stores critical system files. By default, this is: C:\Windows\System in Windows 95/98/ME, C:\Winnt\System in Windows 2000/NT, and C:\Windows\System32 in Windows XP.


3 Adds one of the values:

"Isass" = "%System%\ISASS.EXE"
"Anti" = "%System%\ISASS.EXE"
"NvMsnW" = "%System%\ISASS.EXE"

to the registry subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\
RunServices

so that it is executed every time Windows starts.


4 Copies itself as the following:


C:\Beautiful Ass.pif
C:\John Kerry as Super Chicken.scr
C:\Kool.pif
C:\Me & you pic!.pif
C:\Me Pissed!.pif
C:\sexy.pif
C:\She Could Fit her Ass in a Teacup.pif
C:\she's ****in fit.pif
C:\titanic2.jpg.pif


5 Spreads by sending a copy of itself with one of the above file names via MSN instant messenger.


6 Drops the file l0l_53xy_l0l.html and opens it with Internet Explorer. When this file is opened it contacts one of the following Web sites and displays an image:


counter.rapidcounter.com
www.freewebs.com


7 Terminates the following processes:


msconfig.exe
regedit.exe
taskmgr.exe


8 May attempt to swap the left and right mouse buttons.

VERY NASTY VIRUS
but easy to get rid of

http://securityresponse.symantec.com....bropia.m.html


Hope this helps

[vh-holden]

julie, if you give a virus i will slap you.

[Astranomical]

Yep, i got that message from another MSN user. Thankfully, i knew it was a bit sus. Whatever you do, don't click on it.

[IBBO]

yeah but those annoying sent file ones are so easy to spot. you can tell when they say "my new pic" the preview pic on the screen isnt of the pic but of an unknown wierd ass thingo. they sheet me off :b:

[vk_dog_208]

i got that earthlink virus 2weeks ago or so, i was talking to a mate who was talking shit all nite on msn, and the link came up, opened it and bleh i shut it down immediately, only thing i found it doing was deleting the history in mozilla firefox browser which was pretty weird.. i dunno but nothing happened since then, weve got a pretty good virus detector dso maybe it cleared it up.. got the history back from internet explorer, so i cant say to bad things about this one.