The World of Layonara  Forums

Author Topic: MSN Virus (Read)  (Read 446 times)

LordCove

MSN Virus (Read)
« on: February 29, 2008, 06:01:35 am »
If someone on your MSN list sends you a download or picture asking " Is this really you?" ....

... DO NOT Download or open it!

Chances are its not really them!

If you do... or already have... I strongly suggest going into any sensitive accounts you have and altering the password if that password is anything like what you use for your Email or MSN account.
 
The following users thanked this post: TheGreatProphetSquishy

lonnarin

Re: MSN Virus (Read)
« Reply #1 on: February 29, 2008, 08:12:44 pm »
If anybody asks me if I'm me, I just summarily assume they work for the government and deny everything.  That government, always up to trouble.
 

Hellblazer

Re: MSN Virus (Read)
« Reply #2 on: February 29, 2008, 08:42:33 pm »
Actually I unfortunately opened it yesterday not paying attention since it was a friend from here that got it herself. The good knew is that its easy to get rid of. Used spy bot search and destroyed, found the file that was saved by msn, also found the braviax.exe file that was installed. ran spybot again imunized and voila.

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #3 on: February 29, 2008, 09:20:03 pm »
It Logs Passwords?!
 

Hellblazer

Re: MSN Virus (Read)
« Reply #4 on: February 29, 2008, 09:57:28 pm »
I don't think so, but it's customary when something like that happens to change your passwords just to be on the safe side. Braviax is a maleware that install a virus Trojan on your computer, and adds a system tray icon that warns you periodically that you are infected by that virus. Then urges you to install a program to eradicate it. The problem is that you have to buy the full version of that program to actually delete the Trojan. I did it manually when I actually found it :P take that Braviax

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #5 on: February 29, 2008, 09:59:53 pm »
Oh no...  Is there a way you could help me if I find out this thing is on my PC?  I've seen no system tray Icon and I restarted once already.  so what should I do now?
 

Hellblazer

Re: MSN Virus (Read)
« Reply #6 on: February 29, 2008, 10:02:06 pm »
If you didn't click on the link and didn't save to your disk when prompted you're not infected. It only does it if you save to disk after clicking the link. Although to be on the safe side you can always get spybot search&destroy (its free) and run it to see if you don't have any other maleware , trojan , invalide registry keys etc. Very useful to keep your computer clean.

Edit*

If I remember corectly the file saved by msn woudl be in the folder to which you usually save the things you download from msnenger. So check for any new file in there using the list with details and checking the dates. Also Braviax is (if infected) located in C:\\windwows\\system32\\Braviax.exe (or dat). Also unless you deactivate the process ( ctrl alt delete process tab, braviax.exe) you wont be able to delete the file, it will tell you that the file is being used by a program or make sure that your disk is not full.

Chazzler

Re: MSN Virus (Read)
« Reply #7 on: March 01, 2008, 08:09:02 am »
Here's a link to Spybot: Search & Destroy, The home of Spybot-S&D!

Keep in mind to download from that site only, as there are some other softwares named as Spybot around the Web, and I believe they are in fact malware themselves.

Install it, follow the wizard (do not make a registry backup if you believe you are infected though!), then just search for problems with it, and then click Fix Problems. Easy as cinnamon buns :)

There are other features available in Spybot S&D also, if you choose Advanced Mode from the Mode-bar at the top of the window. These can prove useful when ie; a program that you do not want to be in Windows startup starts up even  though you have disabled it from msconfig.exe (accessible from Start->Run->msconfig.exe). Keep in mind that it lists more and the same programs associated with startup as msconfig, so you do not need to click them all.

Teatimer.exe (if chosen to be installed & started during install) is a registry-protector software that asks for your confirmation when a program makes drastical changes in Windows' registry, so pretty useful, but you need to know what you're doing with it. Basical guideline to this would be that if you yourself are installing software ie; drivers, programs / make changes that affect the registry and Teatimer asks for your confirmation, it
is ok to allow the change. It also monitors the startup list, of course.

The scan for malware lasts about 10-20minutes, depending on the version of Spybot and from the speed of your computer, so if it runs through in like 10 seconds.. you might wish to just backup your data and format C: and reinstall windows :)

Also, it is important to disable System Restoration Points on your hard drives if you are infected with something and are cleaning the mess up, as many (maybe all) malwares copy themselves to these points and make a registry change for startup to recopy themselves back to your C: \\windows\\system32 folder or some other folder that they use, and so, even if you think you've cleaned up the mess, the malware comes back when you reboot your Windows.

I hope this proves to be of help to someone :)
~Chazzler
 

Honora

Re: MSN Virus (Read)
« Reply #8 on: March 01, 2008, 01:07:31 pm »
W32.Kelvir.P - Symantec.com

It's been around since 2005 in various incarnations.  I got the message and clicked since I'd never seen it before...but our virus detector nuked it.

Death to malicious hakers.  Death to them.
 

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #9 on: March 01, 2008, 02:42:53 pm »
I need help!  I'm infected with it but donno what the heck I'm supposed to do...
 

Honora

Re: MSN Virus (Read)
« Reply #10 on: March 01, 2008, 03:51:56 pm »
Shiff, click the link above and follow the instructions in step #4, it gives a regedit for the virus if you feel comfortable with doing that.  Otherwise, it's an old worm, so update your virus protection and it should catch it.
 

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #11 on: March 01, 2008, 03:58:58 pm »
i tried doing the regedit, I can't find the path they tell you to go to
 

bobby1361

Re: MSN Virus (Read)
« Reply #12 on: March 02, 2008, 05:09:21 am »
A good hint to avoid this is, i they start talking about pictures and try sending you a file that is a .rar file, don't accept!
 

Krell Himmler

Re: MSN Virus (Read)
« Reply #13 on: March 02, 2008, 06:41:21 am »
Having deleted these from so many people's computers.....many scanners can't remove all parts, so google it and make sure you got it all.
 

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #14 on: March 02, 2008, 12:16:01 pm »
I have run Trend Micro, SpyBot, and Ad-aware, and it's STILL HERE!  >.<
 

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #15 on: March 02, 2008, 02:25:45 pm »
FYI the one I had was a Trojan Horse,  SHeur.AVZR
 

Marswipp

Re: MSN Virus (Read)
« Reply #16 on: March 10, 2008, 10:08:00 am »
So you removed the virus?
Playing D&D 3.5e, D&D 5e, Pathfinder, and exploring Starfinder through a VTT
 

Krell Himmler

Re: MSN Virus (Read)
« Reply #17 on: March 10, 2008, 11:07:37 am »
Google it and follow the instructions very carefully, make sure the site you use it clean too, some sites that remove virus's infect you more :(.

Search a few virus database places, antivir has a good one....see if you need to manually remove it. Sometimes scanners fail.
 

ShiffDrgnhrt

Re: MSN Virus (Read)
« Reply #18 on: March 10, 2008, 12:08:18 pm »
I actually got this removed a while ago, but it seemed to mess up my PC and had to Reimage it anyway :(
 

Krell Himmler

Re: MSN Virus (Read)
« Reply #19 on: March 10, 2008, 05:03:03 pm »
With some virus's the only way really to be sure is to format. With certain nasty spyware I do it just to be safe with online banking and such forth.
 

 

anything