- Joined
- Apr 27, 2002
Once the virus inflects a computer it inserts a link into the infected computers internet buddy profile. those familiar with aol instant messenger know what i am talking about.
the messege in the profile will read somthing like
"I can't believe I found bballmaddness2's Picture here"
or "listen to this awsome song *link"
If you click the link a trojan virus will be loaded onto your computer called trojan dropper.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.dropper.html
if you see a suspcious link in a buddies profile please alert them to the matter to prevent further infection. this bug is one of the worst i've seen. i know more than 30 people with infections.
-edited by sss- I removed the link to the virus, you know anytime sees this button, They will click it anyway
*edit* sorry sss. for those wondering about the link........it could not be clicked. I inserted spaces in the url to force anyone wanted to visit the link to copy it into the address bar and then remove the spaces.'
****information on fixing the problem****
http://support.resnet.eku.edu/default.asp?which=vaaim1103
Talkstocks dot net - Downloader.MSCache virus
Many users at EKU have noticed a problem with a certain website (talkstocks dot net). This virus is very similar to the Trojan.Sinkin (Realphx) virus from earlier in that it spreads itself through AIM profiles. This method is also used to install another virus recognized by Symantec AntiVirus as Downloader.MSCache. The code can infect all versions of Windows including Windows 98, ME, 2000, and XP(pro and home).
Infection Methods
This virus is activated when a user visits a malicious website (talkstocks dot net). This site prompts a user to install a browser plugin, and run an executable program. This program installs the Downloader.MSCache virus on a user's computer.
Symptoms and Effects
This virus will:
Install multiple adware and spyware packages.
Add registry keys.
Create numerous offensive Favorites in Internet Explorer.
Try to download code from a website (currently unavailable)
There may be other symptoms that are unknown at this time.
Removal
There are two steps to removing this virus from your computer.
Step 1 - Removing the Talkstocks dot net portion
Windows 2000 and Windows XP
1. Press 'Ctrl-Shift-Esc'.
2. Choose the 'Processes' tab.
3. Select 'b.exe' from the list.
4. Click 'End Process'.
5. Go to 'Start/Search/For Files or Folders'.
6. Search all files and folders for 'b.exe'
7. Delete files that have the exact name 'b.exe' or 'b'
8. Click on 'Start/Run...'
9. Type 'regedit' and press 'Enter'.
10. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run'
11. Delete the 'Antivirus' key with a value of 'b.exe'.
12. Close regedit.
13. Empty the recycle bin.
14. Restart computer
15. Reset aim profile by removing the link for the virus.
Windows 98 and Windows ME
1. Turn on the computer (or if the computer is already on, restart).
2. While the computer is coming up and before the Windows screen appears, hold down 'F8' until a Windows start-up option screen appears.
3. Use the up/down arrows to select the 'Safe mode' option.
4. Press the 'Enter' key.
5. When the computer has finished loading, go to 'Start/Find/Files or Folders'.
6. Search all files and folders for 'b.exe'
7. Delete files that have the exact name 'b.exe' or 'b'
8. Click on 'Start/Run...'
9. Type 'regedit' and press 'Enter'.
10. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run'
11. Delete the 'Antivirus' key with a value of 'b.exe'.
12. Close regedit.
13. Empty the recycle bin.
14. Restart computer
15. Reset aim profile by removing the link for the virus.
Step 2 - Removing the Downloader.MSCache portion
You can find removal information for the Downloader.MSCache virus at:
here.
This will not remove all traces of the virus from your computer. This will only stop the spread of the virus, and clean up damage from the Downloader.MSCache virus. Several adware/spyware packages are installed with these viruses as well. Many people have had luck in minimizing damage from the worm by running a third-party program to clean up adware such as AdAware or Spybot. You can find these programs on our download section of our website [Can downolad it from our download sectionhere] .
(I am not sure if that works for all variations of the virus)
the messege in the profile will read somthing like
"I can't believe I found bballmaddness2's Picture here"
or "listen to this awsome song *link"
If you click the link a trojan virus will be loaded onto your computer called trojan dropper.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.dropper.html
if you see a suspcious link in a buddies profile please alert them to the matter to prevent further infection. this bug is one of the worst i've seen. i know more than 30 people with infections.
-edited by sss- I removed the link to the virus, you know anytime sees this button, They will click it anyway
*edit* sorry sss. for those wondering about the link........it could not be clicked. I inserted spaces in the url to force anyone wanted to visit the link to copy it into the address bar and then remove the spaces.'
****information on fixing the problem****
http://support.resnet.eku.edu/default.asp?which=vaaim1103
Talkstocks dot net - Downloader.MSCache virus
Many users at EKU have noticed a problem with a certain website (talkstocks dot net). This virus is very similar to the Trojan.Sinkin (Realphx) virus from earlier in that it spreads itself through AIM profiles. This method is also used to install another virus recognized by Symantec AntiVirus as Downloader.MSCache. The code can infect all versions of Windows including Windows 98, ME, 2000, and XP(pro and home).
Infection Methods
This virus is activated when a user visits a malicious website (talkstocks dot net). This site prompts a user to install a browser plugin, and run an executable program. This program installs the Downloader.MSCache virus on a user's computer.
Symptoms and Effects
This virus will:
Install multiple adware and spyware packages.
Add registry keys.
Create numerous offensive Favorites in Internet Explorer.
Try to download code from a website (currently unavailable)
There may be other symptoms that are unknown at this time.
Removal
There are two steps to removing this virus from your computer.
Step 1 - Removing the Talkstocks dot net portion
Windows 2000 and Windows XP
1. Press 'Ctrl-Shift-Esc'.
2. Choose the 'Processes' tab.
3. Select 'b.exe' from the list.
4. Click 'End Process'.
5. Go to 'Start/Search/For Files or Folders'.
6. Search all files and folders for 'b.exe'
7. Delete files that have the exact name 'b.exe' or 'b'
8. Click on 'Start/Run...'
9. Type 'regedit' and press 'Enter'.
10. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run'
11. Delete the 'Antivirus' key with a value of 'b.exe'.
12. Close regedit.
13. Empty the recycle bin.
14. Restart computer
15. Reset aim profile by removing the link for the virus.
Windows 98 and Windows ME
1. Turn on the computer (or if the computer is already on, restart).
2. While the computer is coming up and before the Windows screen appears, hold down 'F8' until a Windows start-up option screen appears.
3. Use the up/down arrows to select the 'Safe mode' option.
4. Press the 'Enter' key.
5. When the computer has finished loading, go to 'Start/Find/Files or Folders'.
6. Search all files and folders for 'b.exe'
7. Delete files that have the exact name 'b.exe' or 'b'
8. Click on 'Start/Run...'
9. Type 'regedit' and press 'Enter'.
10. Navigate to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run'
11. Delete the 'Antivirus' key with a value of 'b.exe'.
12. Close regedit.
13. Empty the recycle bin.
14. Restart computer
15. Reset aim profile by removing the link for the virus.
Step 2 - Removing the Downloader.MSCache portion
You can find removal information for the Downloader.MSCache virus at:
here.
This will not remove all traces of the virus from your computer. This will only stop the spread of the virus, and clean up damage from the Downloader.MSCache virus. Several adware/spyware packages are installed with these viruses as well. Many people have had luck in minimizing damage from the worm by running a third-party program to clean up adware such as AdAware or Spybot. You can find these programs on our download section of our website [Can downolad it from our download sectionhere] .
(I am not sure if that works for all variations of the virus)
Last edited: