MSN Messenger Virus

[mandapanda2002]

Here is some information on a new MSN Messenger virus that is going around. I emailed the Messenger Service and here is what I got in return.

It has recently been brought to our attention, that a new virus has been
identified that is specifically targeting messaging applications, such as MSN
Messenger. This virus is known as "PIC1324(1)(1).exe". As you know, computer
viruses can be passed around in a variety of ways: via e-mail messages, on
floppy disks, and increasingly, through messaging applications like MSN
Messenger. We are continuing to investigate the situation and explore more ways
in which we can protect you from problems like this.

This particular virus and viruses like it exist in an .exe file. The virus
will only be released if you run the file, in other words double-click the link
or download it. If "PIC1324(1)(1).exe" is sent to you through MSN Messenger, you
will be asked whether you want to download "PIC1324(1)(1).exe". Then you would
have to double-click the link and execute the file itself to propagate the
virus.

There are a number of ways you can protect your computer against
"PIC1324(1)(1).exe" virus and other similar types of viruses:

- Do not double-click the "PIC1324(1)(1).exe" or virus link. Delete the
file immediately.
- Make sure your computer's anti-virus software is up-to-date (go to your
anti-virus company’s Web site or call them to get more
information).
- Back up the data on your hard drive(s) on a regular basis.
- Be cautious about opening messages from people you do not know.

Remember that in MSN Messenger you can control who is on your buddy list and
can send you messages.

For more information about protecting your computer from viruses and about
viruses in general, go to the McAfee website at:
http://vil.mcafee.com/dispVirus.asp?virus_k=99077&

To remove this worm, you must:

Terminate the application registered as MsgSprd. Delete infected files. Remove
the registry value that was added by the worm.

To terminate the application:
1. Press Ctrl+Alt+Delete one time.
2. If you are running Windows NT/2000, click Task Manager.
3. In the list box (on the Applications tab if you are running Windows (NT/2000)
select MsgSprd.
4. Click End Task.

To delete infected files:
1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan. Be sure that NAV
is configured to scan all files.
3. Delete all files that are detected as W32.Annoying.Worm.

To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before you
make any changes. Incorrect changes to the registry could result in permanent
data loss or corrupted files. Please make sure that you modify only the keys
specified. Please see the document How to back up the Windows registry before
you proceed. This document is available from the Symantec Fax-on-Demand system.
In the U.S. and Canada, call (541) 984-2490, select option 2, and then request
document 927002.
1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
4. In the right pane, delete the following value: MSN Messenger %download
location%\PIC1324.exe
5. Click Registry, and then click Exit.

For additional online help, please go to:
http://messenger.msn.com/support/helphome.asp


Sincerely,
MSN Messenger Support


------------------
Amanda

[Techguy]

Welcome to Help From Techs!
Some more on this:
http://www.helpfromtechs.com/ubb/For...ML/000476.html
http://www.helpfromtechs.com/ubb/For...ML/000377.html

------------------
Techguy

[mandapanda2002]

The choke.exe virus you gave links to is not the same as the Pic1324 virus. I know because I received both, but at different times.



------------------
Amanda

[Aegis]

Whenever I try and message someone on MSN now, the chat window is all grey. I (like an idiot) clicked on the PIC1324(1)(1)(5)(2)(1)(1)(1)(1)(2).exe and now this happens. Is there anything new on this? HELP!

[HKEd]

Hi Aegis...the above info should be enough to help deal with this worm. Here's a little more:

W32.Annoying.Worm

The delightful Jerry, author of this worm, who comes "in piece" (wish it was "in pieces"), has even included a readme.txt file with uninstall instructions:

How to remove me:

1) Click Start, select Run. The Run dialog box pops up.
2) Type: msconfig The System Configuration Utility pops up.
3) Click the Startup tab at the top. In the list, find MsgSprd, Messenger, or pic1324, uncheck, press Apply, then press Ok.
4) Restart your computer Or press Ctrl - Alt - Del, select MsgSprd from the list, then press End Task.

You may freely delete the files or the 'C:\Messenger1324' directory.

*Sigh* - a$$wipes like Jerry make me sick.

You may need to uninstall/reinstall Messenger after ridding your system of this bugger. Good luck.

[skls29]

Can someone please help me? I got the virus too and I dont know what to do. The picture file is called pic003.jpg-profiles.msn.com ??? Has anyone heard of it or have any idea of how to remove it? Any help is appreciated! Thanks!

[Doushite_imo]

Anyone heard of a virus going round in MSN.... i got caught by it... i was talking with a friend and it came up with a link.. asking if it was me and in the link it contained my username along with a youtube link.... it smashed me with a worm.. my virus checker got it.. however, since then i have been having huge trouble with messenger... everytime i sign in.. it signs me out.. can anyone help??

[raypen]

I received a virus similar yesterday in an instant messaging chat. The other person (in an internet cafe in Mexico) had no idea it was sent. It was in a zip file, I hit receive and it said not able to receive and to check the settings on my received files. However it was in my received files and not picked up by current McAfee. The problem I have after tinkering around for an hour or so is that ctrl alt delete has been "disabled by administrator". This whole virus seems dormant and then acts up after a while by sending an instant message from my msn chat id to yahoo and freezing screens. I don't have to have Yahoo chat signed in. Also it has some nasty language sort of like calling you an idiot in espanol and another time stating that all contacts in this folder will be eliminated (doesn't do that). Does anyone know how or what this is? I found some text files referring to lcapi0. Help please; anyone!

[raypen]

kk