hello
recently my friends hav reicieved a virus through a link from other people. the link said, 'hey, look at this : http:/vbulitten........... does anyone know how to get rid of the virus?

hello
recently my friends hav reicieved a virus through a link from other people. the link said, 'hey, look at this : http:/vbulitten........... does anyone know how to get rid of the virus?


This is taken from CNet

I have not tried this solution, i do not use msn messanger. Try at your own risk




Here's the real cure...

This virus is a variant of the CHOD virus...I haven't seen any site or software able to scan and fix it yet, so you have to do it manually.

Boot the computer into SAFE MODE with Networking....F8 on startup. Log in and once it boots up then navigate to the following folder:
C:\Windows\System32

Go to Folder Options on the tools menu and Show Hidden Folders and Uncheck Hide Protected Operating System Files.

Then within the System32 folder look for a folder named something random such as bdyrxkdmxn or dmdonmosxj, it should be faded as it was a hidden, system folder. If you look inside this folder, you will see a 4 or 5 files, one being CSRSS.exe and another being Dark.exe. DELETE THIS ENTIRE FOLDER.

Navigate to the following folder:
C:\Windows\System32\Drivers\etc
Open the HOSTS file in Notepad and delete all instances of (127.0.0.1 *******) except the one that says (127.0.0.1 Localhost)

Then go into the registry editor…..Start-Run-Regedit-Enter
MAKE A BACKUP COPY of the Registry by clicking File – Export and save it to the desktop with today’s date.
Highlight My Computer and then CTRL-F to search for the following files:

Dark.exe – Delete all instances that you find of this.
Fmion.exe – Delete any instances that you find of this

Then Navigate to the following Registry subkeys and delete the shown values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

In the right pane, delete the value: ''csrss''

Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
In the right pane, delete the Value Data, but not the entire string: Right click String and click Modify, then delete the value:

''Load'' = ''%System%\[RANDOM FOLDER NAME]\csrss.exe''
''Run'' = ''%System%\[RANDOM FOLDER NAME]\csrss.exe''

Close the Registry editor.

Reboot the computer and use a virus scanner for additional threats.
After scanning verify if the virus is really gone, navigate to C:\Windows\System32\Drivers\etc and open the HOSTS file in Notepad to see if there are any extra entries as in the beginning.
Finally, go to Folder Options and Hide hidden folders and Check 'Hide Protected Operating System Files'.

just use the new google talk. its VERY basic at the moment, but we all know what happens with their software lol

I couldn't find reference to the virus that Smelly has found, but I did find some matches and removal instructions for w32.kelvir.ab at Symantec. (http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ab.html)

Best of luck.

Is this the "I know who's blocking me on MSN because I use..."?

Is this the "I know who's blocking me on MSN because I use..."?
Huh?

I don't get the reference...

Well...say i was going to talk to someone on msn, i double click on their name thingy and the msn box comes up. Before you get to talk to them a automatic generated wording comes up, which is, ("I know who's blocking me on MSN because I use..."). ... is the adress of the site. I won't post it for such reasons as this.

Is this the virus that were talking about?

Um...lol.

I don't think i'm talking about the same thing. :rolling:

Nevermind about me.

I don't think it's the same thing. There seems to be a plethora of virii/trojans all targetting MSN of late. I found three others while searching today, but I've had to remove at least two others from different machines.

A quick search found me AdWare.BlockChecker (http://securityresponse.symantec.com/avcenter/venc/data/adware.blockchecker.html) on the Symantec site that matches your quote.

Oddly enough it's the first time I've seen a commercial trojan. :rolling:

I only know of 1 currently going around at the moment and it's the one I got.

Mate mate sent me the link and i went to it, downloaded it, installed it. I just wanted to see if it was alright and if it worked. As i should have known it didn't. I typed in an address and it staed that the person was offline, so i though fair enough. Typed in a second, hmmm. So then i typed in someones address who was online at the time, OFFLINE!
Then that's when i thought that this program was dodgy and so i uninstalled it.
After the uninstallation process, i went to talk to a mate and the automatic generated wording came up "I know who's blocking me on MSN because I use...". That's when i had to go to the help on the programs site. it told me a page list full of crap to do. So then i googles my problem and this site came up.

http://jayloden.com/blockremove.htm

Just download the little program exe, go to it when it finishes downloading and it will delete the automatic generated wording for you in a couple of seconds.

I hope that helps anyone with the problem that I had.

Saved the link for later reference. :) Thanks.