need help!! A MSN VIRUS called 'IM87853.JPG-www.myspace.com.exe'

need help!!!

got this virus (or malware im not sure) yeasterday when my son used the computer. His friend sent him a LINK, he clicked it and the file “IM87853.JPG-www.myspace.com” was downloaded to the computer automatically. he ran it after download, than things happened, his MSN keep sending all these links to everybody on his list, but except that there has nothing strange occurred… AVAST can find any threat either… anyone can help to rid off this virus???

thanks everyone!

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

If you have the file, can you upload it to VirusTotal www.virustotal.com and when you have the result, copy the URL in the addressbar and post it here
If your kid had done this before opening the file…

Just a side note,

I would avoid all use of MSN for now…

-The person who sent it to him, will probably not know, but they are infected in the same way too…

Some preventative measures once you are clean…

-‘Options’ → ‘File transfer’ → Check ‘Automatically reject transfers for known unsafe filetypes’
-‘Options’ → ‘File transfer’ → Set it to scan with: C:\Program Files\Alwil Software\Avast5\ashQuick.exe
-'Options → ‘Security’ → UN check ‘Allow links in conversation windows and my contact list’

  • Teach your son not to allow anything…

This kind of infection was what brought me here…I hate them >:(

-Scott-

Prevx file info
http://www.prevx.com/filenames/X3840609459465846-X1/IM87853.JPG-WWW.MYSPACE.COM[1].EXE.html

THANKS Pondus and scott!!

i deleted the file after i found out it was a virus… i went to the history on the msn, the link was still there, it was:
[u]foto http://facebookimg.com/image.php?=ychd_yang@hotmail.com[/u] this was from that friend’s history,

but you know the msn we have here also sent links to others, so i checkded the other’s history as well, but the link this time was different! this time was: foto http://msnviews.com/image.php?=gangstaprincess1@hotmail.com

and i tried to click the links, but none of them has the reply.

my AVAST found a threat, and the file name was “C:\Users\Public\infocard.exe”, the status was “Threat: Win32:Malware-gen”

i deleted it, but the MSN still are keep sending LINKS to people online.

im using the Malwarbytes doing a full scan right now, and will use the SUPERAntiSpyware as well, hope them find something.

many thanks guys!

Had the same problem with avast. I ran the file in virtualised mode just for curiosity’s sake. I removed the virus from one of my friends’ computer.

Here are the steps.

  1. From Control Panel\Folder options\View uncheck all the boxes which say hide (3 of them) and choose the show all files radio button.
  2. Open task manager and end the process called “infocard.exe”
  3. Search your c drive for “infocard.exe” (no quotation marks) and delete all the files that are not in .NET framework folders. It’s usually in c:\windows. You can also delete the .pf (prefetch) file.
  4. Start\run\regedit [enter]. Do a full search for “infocard” and delete all entries. Also, delete any suspicious entries from Current Version\Run. Be careful not to delete .Net framework entries (which also have an infocard.exe).
  5. Restart!

You should be clean.

LE: I see this virus is pretty old, but avast still doesn’t detect it. It’s really shameful for avast >:(.

LE: I see this virus is pretty old, but avast still doesn't detect it. It's really shameful for avast .
Have you sendt it to avast ? if not sendt it here virus@avast.com

You can also set MSN only to receive messages from known contacts, which means you won’t see much of this spam (unless it’s from an infected contact, of course).

I have.