Photoshop Contest PhotoshopContest.com
Creative Contests. Real Prizes. Essential Resource.
You are not logged in. Log in or Register

 


Photoshop Contest Forum Index - General Discussion - Warning to msn users - Reply to topic

Goto page 1, 2  Next

Dot

Location: Tacoma, WA since march 2010, born and raised in Belgium

Post Thu Jan 17, 2008 5:48 am   Reply with quote         


There's a file spreading on msn .. it's sent to others without the knowledge of the one who's msn adress is used to send it with. So if you receive a zip file with the name album or JPG and then a number ..dont accept or open it cause it has malware attached. It seems to be with members of psc that have their msn adress in their profile..or so it seems.

I opened the first one i got ( i got two in couple hours) and your email adress is atached to the file that is in the zip file. It's also accompanied with a stupid chatline like : omg I look so dumb in this pic its funny.. dont show anyone. EVER...
I dont know how this is happening but be aware!

greets
dot




_________________
BWERK!!


Eragon

Location: Slovakia / Europe

Post Thu Jan 17, 2008 6:04 am   Reply with quote         


Last year I got the same *.zip file Argh




Dot

Location: Tacoma, WA since march 2010, born and raised in Belgium

Post Thu Jan 17, 2008 6:12 am   Reply with quote         


and if anyone knows how to help the ones that are mysteriously spreading the file to make it stop please let it know




_________________
BWERK!!


MindGraph

Location: Augusta, Georgia

Post Thu Jan 17, 2008 6:16 am   Reply with quote         


Thanks for the warning Dot.
did it do anything to your computer?




Dot

Location: Tacoma, WA since march 2010, born and raised in Belgium

Post Thu Jan 17, 2008 6:24 am   Reply with quote         


no..i was able to stop it...i think.. ICTUCNXVYOW.EXE ..this is what you have to look out for if you do accidently open one of them.
It want to make a connection with your internet and it starts several processes with that name in the end.

http://www.prevx.com/filenames/142850075086966389-0/OM.EXE.html
here's the only thing i found about it




_________________
BWERK!!


Post Thu Jan 17, 2008 7:43 am   Reply with quote         


other files to look for (be it with hijack this or manual)

(part of hijacklog from an unfortunate victim)
Running processes
C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe
...

O4 - HKLM\..\RunServices: [ywrvouoji]
C:\WINDOWS\system32\ywrvouoji.exe
O4 - HKLM\..\RunServices: [wbxdeahdmqsr] C:\WINDOWS\system32\wbxdeahdmqsr.exe
O4 - HKLM\..\Run: [fjmnjay] C:\Program Files\Common Files\System\ewwwoxi.exe
O23 - Service: Print Spooler Service (ejaoa4uousyaj) - Unknown owner -
C:\WINDOWS\system32\ywrvouoji.exe

I've reported the virus to several av companies (bitdefender, symantec, avast)

Apparently the virus goes undetected for now. Might be a new strain




_________________
I used to do stuff around here
MindGraph

Location: Augusta, Georgia

Post Thu Jan 17, 2008 8:04 am   Reply with quote         


good to know about the file names AND good to know that the Belgium "Max and 99" team are on the job!




Post Thu Jan 17, 2008 8:14 am   Reply with quote         


MindGraph wrote:
good to know about the file names AND good to know that the Belgium "Max and 99" team are on the job!

i thought we we were sam and max


ps, i wouldn't go on the filenames, could be they change but it's a good indication Smile (especially the folders where to look at)




_________________
I used to do stuff around here

Post Thu Jan 17, 2008 9:05 am   Reply with quote         


http://www.kaspersky.com/virusscanner

Kaspersky online file scanner is able to detect the virus
The virus is indicated as Trojan.Win32.Pakes.byj

No removal tool seems to be available yet (alltough there are instructions fro Trojan.win32.pakes but these include different files




_________________
I used to do stuff around here

Post Thu Jan 17, 2008 10:11 am   Reply with quote         


I was hit inadvertently with a browser redirect just looking at jpgs online. Next thing I know someone has control over the IE.
I was able to cure this by doing a system restore to the previous day and I also ran AVG antivirus. I have a Norton firewall but still have no idea how this occured in the first place.

If you do a system restore save any files on an external harddrive that you made in that 24 hour period because it will remove any of those files. Fortunately I had uploaded onto a web based email the files I had made so I was able to retrive them but it was worth it to get rid of this hack by doing that sytem restore.

This is WHY I am such a fan of Apple and the Mac. Nothing like this ever ever happens when I mac-browse and use Firefox.

Hope you find a cure soon Dot! Very Happy




Post Thu Jan 17, 2008 10:49 am   Reply with quote         


manic_d wrote:
Nothing like this ever ever happens when I mac-browse and use Firefox.

never say never Wink




_________________
I used to do stuff around here
Synthvet

Location: Oregon

Post Thu Jan 17, 2008 4:16 pm   Reply with quote         


Dot....thanks for the warning....I'll try to get the message to Blurk and Eve and Led..

They are the only ones I know of on MSN




_________________
Due to the shape of the North American Elk's esophagus,
even if it could speak, it could not pronounce the word lasagna.
- Cliff Clavin
Marx-Man

Location: The United Kingdom!

Post Thu Jan 17, 2008 4:22 pm   Reply with quote         


OMG!!!!


I'VE WON THE SPANISH LOTTERY!!!

I don't remember entering but all I have to do is download a file...




_________________

Post Thu Jan 17, 2008 8:42 pm   Reply with quote         


Synthvet wrote:
Dot....thanks for the warning....I'll try to get the message to Blurk and Eve and Led..

They are the only ones I know of on MSN

you poor chap (well, on the other hand ...)




_________________
I used to do stuff around here

Post Thu Jan 17, 2008 8:50 pm   Reply with quote         


oh btw just received a mail from CA security (some canadian security center)

Quote:

We successfully received the following files:

FILE SIZE CONCLUSION -
sample.zip 109944
img_165-jpg.zip 109804 clean
photo_174.jpg-GREFIXADDRESS@hotmail.com 131072 confirmed malware

This automated scanning service "Virtue" complements our regular technical support service. It is not a replacement for it. For technical support please visit www.ca.com/about/support.htm.

If you would like to comment on the quality of this automated service, please send your suggestion to virtue.

FILE
sample.zip

This file is being analyzed by our researchers. We will inform you of their findings as soon as the analysis is complete.

FILE
img_165-jpg.zip

The PkWare Zip Archive file "img_165-jpg.zip" has been determined to be
clean. For the results of files contained please see below.

FILE
photo_174.jpg-GREFIXADDRESS@hotmail.com

The Windows PE (I386,EXE) file "photo_174.jpg-GREFIXADDRESS@hotmail.com"
has been determined to be malicious. Our researchers have analyzed the
file and confirmed the result.

Aliases reported by other AV products are listed here:
(Trojan.Win32.Pakes.byj)

Researcher comment:
Win32/Cotmonger


We will inform you by email ASAP when we have a signature update
available providing detection.




_________________
I used to do stuff around here

Goto page 1, 2  Next

Photoshop Contest Forum Index - General Discussion - Warning to msn users - Reply to topic

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Navigate PSC
Contests open  completed  winners  prizes  events  rules  rss 
Galleries votes  authentic  skillful  funny  creative  theme  winners 
Interact register  log in/out  forum  chat  user lookup  contact 
Stats monthly leaders  hall of fame  record holders 
PSC advantage  news (rss)  faq  about  links  contact  home 
Help faq  search  new users  tutorials  contact  password 

Adobe, the Adobe logo, Adobe Photoshop, Creative Suite and Illustrator are registered trademarks of Adobe Systems Incorporated.
Text and images copyright © 2000-2006 Photoshop Contest. All rights reserved.
A venture of ExpertRating.com