General Chat

All it keeps saying is sorry unable to sign you in to the msn messenger at this time please try later. to let us try and troubleshoot the problem click here...makes no difference though HELP!! Nicky.x

Paul my nephew is doing a computer science degree and he phoned his dad and told him not to touch it as there is a computer virus attached to 7.5 but it was to late it had fried the hard drive and we just caught it as my son was talking to someone with 7.5 I put my computer on the next day and the virus wiped my msn 6.2 and tried to install 7.5 but my husband stopped it and Microsoft is taking it off the market so I don't have msn on at the moment. You will have to wipe 7.5 through reg edit bit by bit only way to get it off

Thanks Val I have taken it off and have been trying to get 7 back but won't let me, keeps installing 7.5!! and so i cancel each time. does this mean i will no longer be able to use msn?? Nicky.x

Where does it state all this val please? I cannot find anything that states this, and i know lots of people including myself that are using it with no problems? I will remove it, if I can find evidence of this? It is still available for downloading at prresent?? Maz x

Jim said you will have to wipe your machine completely as it is in your registery only way you will be able to get it off sorry

Maz I will find where it is and prove it to you as Microsoft is not happy about it

Ok Val... Thanks babe Maz x

Symantec Security Response - W32.Annoying.Worm This worm is a Visual Basic 6 (VB6) program that spreads using MSN Messenger. It requires Msvbvm60.dll to run symantec web site click on latest threats and it is on page 21/30 Latest Threats 08-30-05 Trojan.Exphook 08-30-05 Trojan.Cdtray This is the virus that is on 7.5

Val Can you give me the link please Maz x

Thanks, Dawn. ooh - 4.7!!! :-) Joy

Put it in to your search engine and go to home page

Val Have been to the site... This is a LOW THREAT! LOW DAMAGE! and LOW DISTRIBUTION! It is TARGETED to msn messenger users... NOT ATTACHED TO IT! Activation When this worm is activated, it worm registers its process to the system as MsgSprd. Then, it creates the value: MSN Messenger %download location%\PIC1324.exe in the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run and displays the following message: The worm remains active (silently), waiting for contacts to send you messages by MSN messenger. Contact When MSN Messenger has made contact, this worm waits a few seconds and then sends the following message to the contact: hey, want me to send my new pic? i took it yesterday If the contact responds with any of the following key words in their message: yes sure yea guess send there maybe ok cool it then sends itself to that contact, with the message: alright, here ya go i hope you like it Other information This worm contains the following text inside itself: I come in piece. My name is Jerry. The purpose of me is to spread. I'm not annoying, nor dangerous. Symantec Security Response encourages all users and administrators to adhere to the following basic security 'best practices': Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates. If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied. Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised. Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files. Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media. Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. Disable System Restore (Windows Me/XP). Update the virus definitions. Do one of the following: Windows 95/98/Me: Restart the computer in Safe mode. Windows NT/2000/XP: End the malicious process. Run a full system scan and delete all the files detected as W32.Annoying.Worm. Reverse the changes made to the registry. For details on each of these steps, read the following instructions. 1. Disabling System Restore (Windows Me/XP) If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer. Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations. Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat. For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

AS I DONT ACCEPT MESSAGES OR FILES FROM PEOPLE I DONT KNOW, I SHOULD BE SAFE! I ONLY HAVE CONTACTS ON MY MESSENGER CONTACT LIST THAT I TRUST MAZ X Oppps... Sorry about Caps!! didn't realise!

Does it matter, Dawn, being 4.7? :-) Joy (worried from............) PS me, too, Maz.

I never got that Maz as I didn't have 7.5 it tried to install it self though I didn't ask for it and that was cause my son was talking to some one with 7.5

Joy It wont make any difference what version you are on babe... The newer versions only have extra bits on them, but if you dont use it often, then the version you have is fine babe Maz x

How to Remove the MSN Messenger Virus PIC1234(1)(1)(1)(1)(1).exe To remove the virus is simple to do. Simply follow these instructions: (If you have any problems then please post a message in the MSN Messenger Virus Forum) 1. Close Messenger. This will simply stop any of your contacts getting the virus. 2. Goto 'Start' then 'Run' and type 'msconfig'. A new window should appear. 3. Click on the tab at the top right that says 'Startup'. 4. Untick the box next to 'MSN Messenger'. 5. Click 'ok' and when it asks if you want to restart your computer say no. 6. Press 'Ctr' + 'Alt' + 'Del'. Find the file that says 'MsgSpread' and click End Task. The virus has now been deactivated! To remove it fully follow these instructions: 1. Goto the Desktop and open My Documents. 2. Double click on 'Messenger Service Received Files'. If you dont see a folder called that then goto 'My Computer' then goto 'C' then 'Program Files' and finally 'Messenger Service Received Files'. 3. You should now see a file called 'PIC1234(1)(1)(1)(1)(1)(1)(1)(1).exe'. 4. Click on it ONCE and press 'Delete'. This should delete the file. 5. Empty your Recylce Bin. The virus has now been fully removed! Paul

How to Remove the MSN Messenger Virus W32.Aplore@mm W32.Aplore@mm is a MSN Messenger Virus which spreads by sending links to an infected web page. When a user is infected with this virus they send a message do their online contacts. The message may be as follows where ZZZ is the contacts name, the A's repersent an IP address and the B's repersent a port number. ZZZ says: this is cool, http://AAA.AAA.AA.AA:BBBB OR ZZZ says: btw, download this, http://AA.AA.AAA.AAA:BBBB To remove the virus is simple to do. Simply follow these instructions: (If you have any problems then please post a message in the MSN Messenger Virus Forum) 1. Close Messenger. This will simply stop any more of your contacts getting the virus. 2. Goto 'Start' then 'Run' and type 'msconfig'. A new window should appear. 3. Click on the tab at the top right that says 'Startup'. 4. Unitick the box next to 'Explorer'. 5. Restart you Computer. The virus has now been deactivated! As you may have passed the MSN Messenger virus on to some of your contacts we suggests you warn your friends about the MSN Messenger Virus In future if someone tries to send you a file on MSN Messenger and it ends with '.exe'. Dont download it unless you are really sure you know what it is. Ask the person that is sending you it what it is! Paul

How to Remove the MSN Messenger Virus cute.pif - W32.Kelvir.A Once again another MSN Messenger Virus is spreading around the Internet. This time the virus sends the following message to all your contacts: omg this is funny! [Followed by a link to download the cute.pif from jose.rivera4.home.att.net] The user then downloads the file which sends the link to all of their contacts and then downloads a W32.Spybot worm onto the infected machine. If your are lucky enough the program will just run on your machine, send to your contacts and end without downloading the Worm as it did on the machines we tested cute.pif on. The first thing you should do therefore is delete the downloaded cute.pif making sure you do not run it again! Then check to see if a Worm has been downloaded as well. If you have any problems then please post a message in the MSN Messenger Virus Forum) 1. Press Ctrl+Alt+Delete and look for hotkeysvc. If it's there select it and press 'End Task'. 2. Use the Windows Find feature to look for a file called 'hotkeysvc.exe'. Which if their should be in the %System% directroy. If you find the file delete it. 3. Goto 'Start' then 'Run' and type 'msconfig'. A new window should appear. 4. Click on the tab at the top right that says 'Startup'. 5. Look for, and if it exists, unitick the box next to 'hotkeysvc.exe' or simlar name. The http://jose.rivera4.home.att.net/cute.pif has now been fully removed! Paul

How to Remove the MSN Messenger Virus Choke.exe aka I-Worm.Choke Even if the user accepts the download he or she will not be infected. The user must download and run the files they received. The file name can differ every time. It can be 'ShootPresidentBUSH.exe', 'Choke.exe' or '%The user name%.exe' where the user name is a nickname from dalist.txt. To remove the virus is simple to do. Simply follow these instructions: (If you have any problems then please post a message in the MSN Messenger Virus Forum) 1. Press Ctrl+Alt+Delete and select Choke.exe, and press 'End Task'. 2. Close Messenger. This will simply stop any of your contacts getting the virus. 3. Goto 'Start' then 'Run' and type 'msconfig'. A new window should appear. 4. Click on the tab at the top right that says 'Startup'. 5. Unitick the box next to 'Choke.exe' or simlar name. The virus has now been deactivated! To remove it fully follow these instructions: 1. Goto 'Start', then 'Find' and search for 'Choke.exe'. 2. Click on the file and press 'Delete'. 3. Empty your recycle bin. The virus has now been fully removed! Paul