• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

~New trojan virus spreading through AOL~~

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

zabomb4163

Member
Joined
Apr 27, 2002
Once the virus inflects a computer it inserts a link into the infected computers internet buddy profile. those familiar with aol instant messenger know what i am talking about.

the messege in the profile will read somthing like

"I can't believe I found bballmaddness2's Picture here"

or "listen to this awsome song *link"

If you click the link a trojan virus will be loaded onto your computer called trojan dropper.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.dropper.html


if you see a suspcious link in a buddies profile please alert them to the matter to prevent further infection. this bug is one of the worst i've seen. i know more than 30 people with infections.

-edited by sss- I removed the link to the virus, you know anytime sees this button, noclick.gif They will click it anyway

:rolleyes:

*edit* sorry sss. for those wondering about the link........it could not be clicked. I inserted spaces in the url to force anyone wanted to visit the link to copy it into the address bar and then remove the spaces.'


****information on fixing the problem****
http://support.resnet.eku.edu/default.asp?which=vaaim1103

Talkstocks dot net - Downloader.MSCache virus

Many users at EKU have noticed a problem with a certain website (talkstocks dot net). This virus is very similar to the Trojan.Sinkin (Realphx) virus from earlier in that it spreads itself through AIM profiles. This method is also used to install another virus recognized by Symantec AntiVirus as Downloader.MSCache. The code can infect all versions of Windows including Windows 98, ME, 2000, and XP(pro and home).

Infection Methods
This virus is activated when a user visits a malicious website (talkstocks dot net). This site prompts a user to install a browser plugin, and run an executable program. This program installs the Downloader.MSCache virus on a user's computer.

Symptoms and Effects
This virus will:

Install multiple adware and spyware packages.
Add registry keys.
Create numerous offensive Favorites in Internet Explorer.
Try to download code from a website (currently unavailable)
There may be other symptoms that are unknown at this time.

Removal
There are two steps to removing this virus from your computer.

Step 1 - Removing the Talkstocks dot net portion

Windows 2000 and Windows XP
1. Press 'Ctrl-Shift-Esc'.
2. Choose the 'Processes' tab.
3. Select 'b.exe' from the list.
4. Click 'End Process'.
5. Go to 'Start/Search/For Files or Folders'.
6. Search all files and folders for 'b.exe'
7. Delete files that have the exact name 'b.exe' or 'b'
8. Click on 'Start/Run...'
9. Type 'regedit' and press 'Enter'.
10. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run'
11. Delete the 'Antivirus' key with a value of 'b.exe'.
12. Close regedit.
13. Empty the recycle bin.
14. Restart computer
15. Reset aim profile by removing the link for the virus.

Windows 98 and Windows ME
1. Turn on the computer (or if the computer is already on, restart).
2. While the computer is coming up and before the Windows screen appears, hold down 'F8' until a Windows start-up option screen appears.
3. Use the up/down arrows to select the 'Safe mode' option.
4. Press the 'Enter' key.
5. When the computer has finished loading, go to 'Start/Find/Files or Folders'.
6. Search all files and folders for 'b.exe'
7. Delete files that have the exact name 'b.exe' or 'b'
8. Click on 'Start/Run...'
9. Type 'regedit' and press 'Enter'.
10. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run'
11. Delete the 'Antivirus' key with a value of 'b.exe'.
12. Close regedit.
13. Empty the recycle bin.
14. Restart computer
15. Reset aim profile by removing the link for the virus.

Step 2 - Removing the Downloader.MSCache portion

You can find removal information for the Downloader.MSCache virus at:
here.

This will not remove all traces of the virus from your computer. This will only stop the spread of the virus, and clean up damage from the Downloader.MSCache virus. Several adware/spyware packages are installed with these viruses as well. Many people have had luck in minimizing damage from the worm by running a third-party program to clean up adware such as AdAware or Spybot. You can find these programs on our download section of our website [Can downolad it from our download sectionhere] .


(I am not sure if that works for all variations of the virus)
 
Last edited:
zabomb4163 said:
-edited by sss- I removed the link to the virus, you know anytime sees this button, noclick.gif They will click it anyway

:rolleyes:
Yo, SSS! I can't click the button!! :confused: :confused: ;)

Sucks to hear of the new trojan... Just one more reason I don't click weird links and buttons. Unless posted by SSS :D

JigPu
 
THANK YOU for the directions.... yea i know a bunch of people that got it.... but i love norton :D it saved may butt yet again
 
Whats the point with AOL???? Just one Virus/Trojan after another.... i don't see this happening on the MSN network.... Trust AOL to do anything right these days....
 
i don't imagine it would be all that difficult to spread on the msn network. what spreads trojans like these is an ignorant public who will not use virus scanners.


*UPDATE*
a new version of the virus is in the wild. the new version hijacks AIM and inserts the link during a conversation at a random point.

for those of you that click links your buddy sends you....DO NOT click them unless they tell you ahead of time it is okay.

example......"look at the video camera i'm getting for christmas *link* "

the person with the virus will not see these IM's. they are completely unaware that the virus is spreading to everyone they talk to.



Again, i am urging all of you to let those infected with the virus to update their virus scanners and remove the trojan.
 
people who get virus usualyl deserve them because they do not bother to take the steps to protect themselves or use common sense.

and notice this is aim @ AOL users - should spread like wild fire! heheh\

:D
 
not every AOLer is an idiot (take me for example). but most of them are. only reason i use aol is my dad likes it for whatever reason. i crippled the media player software so it doesnt bloat up my computer.
 
i know not all of them are - just far too many of them are.


sometimes AOL is all one can get in their area, that is fine,
 
AOL have problems with everything these days... they don't bother take PROCAUTIONS to stop people messing around with there networks... its there fault... I have never been hacked through MSN or ICQ...
 
how is it aol's fault? this could easily spread through any instant messenging system. the program is being hijacked not the network.
 
I've seen this and similar trojans go around alot lately. Weird thing is, when I go to the link, it pops up with the "Click OK to install our great software!!!" type box, I click cancel through a few boxes, then i get to the site. On the site, there's always a tool to remove the trojan.

Seen about 5 different sites with this, never once clicked OK, never got the trojan. I don't see why anybody but people stupid enough to click OK should be worried :rolleyes:
 
PhoenixMDM, not all the the variation are like that. in fact, most are not. most of the variations install themselves without user consent.
 
Back