But when i clicked it…
(hehe he didnot send it to me :P)
MSN started to live its own live.
Opening chatscreens, sending this link to all my friends etc.
and when they click it, receiving the links back
No mouse and tons of adware installed (driveclean eg.)
AVAST dit not detect this in the IM protection (high level).
Cannot find anything about this, not avast, norton, mcafee, etc…
Even spybot, ad-aware didn’t find anything.
This is the link (DO NOT CLICK)
yo wtf youre nude in this photo htt p://ww w.s tupidpictures.info/p hoto13.ph p
(added some spaces in the link, incase of accidental clicking).
Could someone tell me wich worm/virus this is?
re-installed msn and (before/after)
ran several full scans, normal mode and safe mode, with avast, spybot and adaware and every thing looks clear, only msn still has his own live (once and a while) but no link.
sorry i opened up one about this same thing. How can i get rid of this now ? It is relly annoying me now bigstyle There must be a way to get rid of this. .
Online scanning with mcafee and norton no results, everything is clean ???
even there they dont’t speak about this virus/worm or whatever it is
re-installed msn and everything looks quiet
Only once and a while avast gives a warning about Win32:VBStat-C[trj]
and some annoying popups form drivecleaner.com and some antivirus program that says that the pc is not protected against the SerWab (?)
Also ran scans with spybot and adaware, no results. (also in safe mode windows)
(On my own pc ran a scan with pc doctor from google pack, and discovered 60 infections wich where NOT detected with spybot and adaware)
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
zeromechanic, please test the tools posted by David and run avast at boot time (again, if necessary). avast shouldn’t be given you intermittent warnings about infections if you’re really clean…
OK guys well there is another one to worry about and this virus also comes from MSN and looks you out of everything. The only program that will stay open is msn, everything else will open and close immediately, this includes task manager.
It is sent under the same pretense “hey look at this…weblink” and the file extension is bush.exe,. I got it from a family member and so immediately clicked it, I know not smart. Avast also did not catch it in MSN and later scanned it in safe mode and still did not pick it up. The scariest part is that it was reported in USA Today on 08/16/2001.
Now don’t get me wrong cause I love my avast and I thank the team that put it together and made it free to home users. I truly love this program. What scares me is did I fully remove it?
So far it seems to be gone because I am able to write to you on the pc that would open nothing. I am hoping that perhaps a member can suggest a tool to advise that will scan for this particular virus?
For those who want to know how I got it off my pc manually, I did a ran msconfig, under boot.ini, booted in safe mode, then ran a search all files, searched the files to remove it.
Any help you can give is appreciated.
My heartfelt thanks goes out to the creators and team involved with such a freat program such as avast.
There will always be something like this coming along, it is social engineering, appealing to people sense of curiosity and you have to apply a degree of pro-active action, don’t click on links in unsolicited, unknown messages or emails and don’t open attachments.
avast won’t catch anything like a link in msn there is nothing to detect, it doesn’t scoot off and scan all links in emails or messages it only scans the existing content. The malware wasn’t in the message but at the other end of the link, avast is primarily an anti-virus and a single application is unlikely to catch everything.
Something that was reported in 2001, what was reported in 2001, that type of tricking a user to click on a link or the specific malware bush.exe ?
Any of which could have different variants that are different to the original, unfortunately there really is insufficient information to say what it might have been and if it is completely gone.
If you haven’t already got the software I mentioned in a previous post try installing that to improve overall detection.
A google search for bush.exe returns many hits, http://www.google.com/search?q=bush.exe, but there could well be many different bush.exe files totally unrelated, like faces-of-bush.exe so if your file was slightly different to just bush.exe then this search is not worth much.
After searching the net, google remove drivecleaner, I found that it might be a Vundu infection.
According tho the site it’s the most common one… :-
used several scans, like norton, mcafee etc etc and none of them detected anything.
strange, it was “released” in 2006
The removal instructions where updated at 9 jan 2007…
used the vundu remover, and nomore $#@##@$ popups at the time.
(it found app. 25 infected .dll files in the system32 folder)
and started to use firefox, seems also to be faster than IE
this are the links, hopefully it works for others also.
maybe an idea to add this infection to the Avast scanner, and then be the only one to detect this infection
Unfortunately this comes under the heading of Malware and not Virus although the edges are starting to blur. This is where a multi layer protection comes in with an anti-virus and anti-spyware protection. Malware is continually changing the file names/sizes and action so it would need full time staff just to track these, let alone viruses
ok clear,
I thought that it would make Avast even better then is is right now. ;D
But should avast not detect trojans?
according to the links, the vundu is a familiy of trojans.
Avast detects and stops the VBStat-C trojan…
but it is strange that no scanner detects this.
not spybot, not adaware, not…
and then i start to wonder, what is more annoying
the threat of a virus( most people are already protected by an antivirus)
or beeing bombarded with these popups.
anyhow, thanx for the replies.
problem seems to be solved.
now waiting for the next one ;D ;D ;D
Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
If anybody wants to play ;D its available from http://www.webfaqtory.com/bush.zip Password=Culler. Unless you want to be REAL popular with friends and family, close MSN messenger first
From Process Explorer look for Juegs.exe or Cfreer.exe or (less likely) Nzil.exe or Negdo.exe. Terminate this process. The worm is now disabled and you can run regedit to delete the following keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows
\Cfreer.exe
Yea, this problem with the link happened to me and my other friends as well, except it said “OMG Is that you? :o” with a link (this happened a while ago, forgot link.)
When i clicked on it, all of a sudden the computer was in control and started to install crap (sorry for the language) like search bars, games, etc.
Unfortunately I didn’t have avast then. I had Windows Defender and no AdAware.
That shows that windows defender isnt that strong.