Results 1 to 7 of 7
  1. #1
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Fake MSN Messenger?

    I've been trying to clean up a heavily infected Windows 2000 system. One thing I can't get rid of, even identify, is something claiming to be MSN Messenger. It comes up incessantly with the most extraordinary "diagnostics" - critical system errors, damaged registry, windows about to crash in 30 seconds... Then there's a "helpful" website with a strange name, to connect to immediately to save your bacon.

    I don't really know what to look for here. Spybot S&D and AdAware haven't managed to nab this one. Any ideas please?

    Alan

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

  3. #3
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Fake MSN Messenger?

    Thanks Hans. I think the first two links helped me ID it. I was sure that "fakemsn.exe" was not running in the tasklist, so I assumed that wasn't it. But "msmsgs.exe" does ring a bell, so I'm guessing it's that variant that is the offender. I'll chase up that one.

    cheers
    Alan

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Fake MSN Messenger?

    Alan

    I may be missing something, or the virus writer wasn't particularly bright, but finding FakeMSN.exe running on a task list could be a bit of a giveaway?

    Hope you have it sussed...

    John

    PS from Symantec
    "PWSteal.Likmet.A is a Trojan horse that displays a fake MSN Messenger logon window and steals the password provided.
    Type: Trojan Horse
    Infection Length: 1,098,248 bytes"

    So we now have a Trojan larger than many of the entire MS-DOS operating system versions...!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Fake MSN Messenger?

    Alan,

    You might want to look at this MS article on disabling MSN Messenger to see if that might correct the problem. Or use the reg hack found here to add a registry key to stop it from running or you can test for the pop-up vulnurability here and get a link to a fix too. HTH <img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  6. #6
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Fake MSN Messenger?

    Thanks Doc. I'll use those next time I'm working on that box of despair.

    Alan

  7. #7
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Fake MSN Messenger?

    Interesting that PestPatrol is aware of it while some of the other old reliables don't seem to be. <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15>
    Charlotte

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •