28 January 2008

WORM_IRCBOT.OY

Trend finally found the Virus! It took them some time but the mymsnpictures.com virus has finaly been detected in the file I downloaded from the link sent to me in MSN.
You can find information about the virus here:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FIRCBOT%2EOY&VSect=Sn

24 January 2008

SOLUTION: Hey, is this your picture?? MSN Virus

After an evening of fighting I think I have finally beaten this MSN virus! I ran Adaware, SpyBot, Windows Defender and Trend Micro Office Scan, but they all left some trace of the virus behind.

I noticed that the sneaky code modified my host file and pointed all anti-virus websites to local host as well as making the host file read-only. You can fix this by going to %SystemRoot%\System32\Drivers\Etc\ and right clicking on hosts file and unchecking the read only checkbox.

You can then open the file in something like wordpad and delete all the entries that show up near the bottom. Mine had a huge list.

Once you have doe this the instructions to get rid of the virus can be found on this helpfull blog:
http://2j07--jamboree.blogspot.com/
Look at the entry " Wednesday, January 23, 2008"

Hope this helps you out!

Hey, is this your picture?? MSN Virus

I got a message from a firend in MSN that said Hey, is this your picture?? followed by a link to a website mymsnpictures.com. Appon following the link a file was downloaded to my machine. The file was a .com file which kind of set off some red lights in my head.
So I tried scanning the file with Trend Micro Office Scan Client and it didn't pick up anything.
So I then decided to try the following online scanners:
  • Trend Micro House Call
  • Bit Deffender Online Scanner
  • kaspersky Online Scanner
None of them picked up anything. So curiousity got the better of me and I decided to open the file.
At that point Windows Defender started screaming like mad!
I imagine that shortly after that multiple MSN windows opened and closed in quick succession on my PC, but I have not been able to verify that yet as I pulled out my network cable. None of my msn contacts have complained yet, but I suggest you ignore any links to pictures in MSN for now.

I will keep you posted as I am currently doing full system scans with Trend and with windows defender.

08 January 2008

Trend Micro Office Scan 8 Control Manager Service Keeps Stopping

I recently noticed that some of my client machines where not up to date when walking around the office. On trying to log into the office scan web console to check what was happening I got an error saying that the Office Scan master service was not running.

This had occured at all 3 of my sites with office scan 8 installed. To rectify the problem you can open the services mmc console. Start > run > services.msc
Find the Office Scan master service and click start.
To prevent the error in future I changed the recovery options for the service to restart the service should it ever fail.