Just noticed there could be a potential nuisance worm going around MSN Messenger/Windows Live Messenger. Just like previous ones, once you have opened the URL, you become infected and it spreads the same message to your whole contact list. Avoid messages like this:
check out these pics of us!
http://p1392.pics-myspace.info
Do not click those links. There maybe be different variants of the message but they will all contain the same link. Once you click it, you will be prompted to download an exe (at least when I did via Firefox). When run, it will infect your system and spread the message. So be careful, never click anything you don’t know about. More news about this and possible solutions to follow.
Update: The domain name has been removed so the threat has been removed. Quick thinking has prevented a major annoyance Or not! It’s now on a slightly different domain, see comment by Ian below.
Well, the domain must be back. I just started getting these IMs from a friend, and the current link does work and attempts to send the virus.
The domain in the IMs is now p1392.pic-myspace.info (notice ‘pics’ is now ‘pic’)
may i know how to remove the MSN messenger worm? how could it be stopped?
what’s the steps to remove the MSN messenger worm - p1392.Myspace virus?
is urgent.. i have been affected by it…
so… what should i do…
ur helping are appreciated… thx
Good News - ill talk to the Msn live support team - on there msn actually - msn.team.canada@hotmail.com - they are the Tech support team,, His name is david Armstong , ill talk to him bout and see what he can do,
Cheers
PLEASE SOMEBODY TELL ME HOW 2 GET RID OF IT…. http://p1392.pic-myspace.info SOME MUCH BAD LUCK….DESPARATE PERSON HERE
just seen someone with this virus( i didnt click it as i dont have myspace)
but anyway told them to delted msn, re download it and re install it seems to have worked for them.
please i have also been infected. i dont no what to do
im really upset.
I just got the virus. I don’t know if I have removed all the files from it yet, but here are some of the files from the virus that I have removed from my system:
in the C:\WINDOWS directory
- usa.exe
- insllre.exe
in the C:\WINDOWS\Prefetch\ directory
- PIC1377.EXE-05503B38.pf
- PIC1377.EXE-05503B38.pf
- KPKCNBZ.EXE-[numbers here, i forgot what they were].pf
- USA.EXE-1E4EA610.pf
The files in the Prefetch one may have different numbers on your computer, but they are part of the virus (notice the PIC1377.EXE part).
Hope that helps, everyone!
If any of you know of any other files part of the virus or system files that could have been infected, please leave a reply here or email me (email on my website). Thank you!
deleting and re-downloading msn works to get rid of the annoying messaging thing, but when you turn on the computer there is this pop up thing asking to run some program, it may be the worm.. not sure though
Here are the steps to remove the worm.
1)Boot to safe mode.
2)Goto c:\windows\prefetch\
3)Delete msnexplorer
4)Delete myspace.exe
5)Goto c:\windows\system32\drivers\
6)Delete msnexplorer.exe
7)Goto c:\
8)Delete myspace.exe
Oh ya, remember to do a full system scan after you have done the above steps.
After everything is done, maybe you could do a registry clean for your computer.
Turns out there was still one more thing. Download Windows Defender at microsoft.com/spyware. It will remove the kpkcnbz.exe on your computer (follow the steps below):
- Open the program
- Click Tools
- Click Software Explorer
- Scroll down the Startup Programs list and look for the kpkcnbz.exe
- Click on kpkcnbz.exe
- Click the Remove button
For now, it seems like this virus thing is gone. I hope so. Live Mail seems slow to load still, so I’m still scanning things and everything.
Use Prevx1R. That’ll clean everything you missed.
My lovely bright brother took just 5 minutes online tonight to give me a reason to spend 2 hours trying to work out how to get rid of this!
I downloaded NOD32 antivirus system, and within 30 seconds of rebooting, it picked it up, and fixed the problem…
mine was lyeflwfqzn.exe
Win32/Rbot
i got it to i was freaking scared at first but now it’s finally gone phew
hey guys jus delete c:\windows\system32\drivers\helpsys the whole folder… make a back up somewhere else… then create a new folder in c:\windows\system32\drivers\ and call it helpsys…. done :)!
the virus just sends out on its own..what do u do after you scan them?
sarah,
just follow the steps given above by sgsiaokia. they should do the trick.
This virus annoyed me loads because I have hella alot of contacts (200 odd in my last count). And I just used task manager and closed it cos it was using Command Prompt or sumfing. Then I used my antivirus software.
does anyone know if u can get it on macs?
ERR s
i just got infected and i cant find any of those exe files that was said above, and its very urgent can anyone please help me!
oh yeah and mine isnt those pic http://p1392.pic-myspace.info, the one i got was from http://www44.emoprofile.net/emo.php?msn=sasuke_rulez@hotmail.com
kt, try this virus remover.
Hey guys, my windows live messanger is being corrupted by a virus that just keeps sending itself out to all my contacts and will not stop. Other things are that it initiates windows live messenger when I am offline and all that sort of stuff. What the virus actually says is: “Lol, I just saw your dreampartner” and it gives a link to some dreampartner site. I’ve stopped going on there since it happened as it is really embarassing and I’m wondering if there is something you know about it or something I can do about it. Thankyou.
well there has been a new domain for this worm.
i have been getting this link from some of my friends.
http://www.hotandcute.net/photo6.php
and also i have noticed a new domain again
this time it says sth like yourdreampartner ..
I am getting the same thing from a cousin of mine, it is talking about the yourdreampartner, I didn’t trust this since she doesn’t speak english.
I tried to address her in her own language, no reply ofcourse so I am afraid she got infected too.
Is it safe to send her an email??
http://www.hotandcute.net/photo6.php i have this problem i have ried everything it wont go away plz plz help me
hi am from India
I am also going thru all these nuts. pls help I have try everything . but still cannot find any solutions.
My PC is IBM thinkvision . I dont want to as I use Windows live messenger for my business purpose .
I’ve been having a problem with my msn messenger as well for the past couple of days. I don’t know how I came upon it, but some virus is opening up chat windows and sending messages with attachments to people on my contact list. The messages contain whatever virus is doing this in a zip files. I have tried deleting and redownloading msn live messenger, and it doesn’t help. I’ve also tried booting to safe mode and looking for the files mentioned above to delete them, but I do not have them in the c:\windows\prefetch directory. I have also tried ’searching’ for all the files mentioned here and came up with nothing.
I downloaded Microsoft Defender and ran it, and it didn’t find anything either. I have Kapersky Anti-Virus 6.0, but it also doesn’t find anything when I scan my computer.
If anyone could help me out I would really appreciate it, I really don’t know what to do.
I had a similar messenger worm that displayed the message:
those ur pics?
I spent days trying to work out how to remove it and finally came up with this set of instructions which I have posted on the internet:
http://www.tobycrisford.co.nr/Messenger_worm_help_file.txt
someone sent that photo6-virus to me!! how can i delete it???
i have found an amazing clue for this.. sorry for the late reply but i think some of u guys might feel it useful. Just reinstall the windows Live Messenger.
this link might be useful:
http://ooopx.info/blog/2007/04/how-to-clean-new-msn-worm.html
HELP ME PLEASE! :[
i have that exact worm thingy, but when i got the link it showed me : http://www.dandonche.com/msntrick/msn.php?s=CgTN&id=1252&profile=natrulestheworld@hotmail.com
thats nothing to do with an myspace pic thing
i even followed some instructions on this page and i couldn’t find any files…help anyone?? much love
Hey - i have been affected by a version of this worm today… my helpful winzip decided to open it FOR me… great. now my machine is sending it out to everyone i know and I’ve had both Ad-Aware and AntiVir premium not pick it up despite 3 scans with both….
Any ideas??
Just stumbled upon a new version of this worm which contacts every1 in my list and sends them a link to a website to veiw which people have blocked them from messeneg. is this the same if not does any1 know how to remove it? pls help.
Spent several hours at work last night cleaning this. Trend AntiVirus released an update on the 20th due to us submitting a file to them. I do not know any other virus software having an update for this new version at this time. The name of the file is never the same it uses random characters. The file is in the windows system32 folder. That folder has a lot of weird named files and the unknowledgable should not attempt to randomly delete files it could cause their system to no longer boot.
its doing my head in lol avg not worked
ad aware 07 not worked
mc afee not worked
trying trojan remover then if that dont work ill try nod32 i have found the file in system32 because the moment i reilesed that i made a noob mistake i went and found the file most recently changed and the file name is kdbqc.exe and is desguised as a pic file
any one with any ideas give us a shout
ok I see all this info but now this virus is coming in the fourm of a ZIP file
Ive looked everywhere on the web and no one seems to know about this new one
I installed the latest messenger live
now Im seeing this happen
hey I found this photo of me .. dont look I look funny
files are
hi7oc.zip
y77ad.zip
v81ib.zip
g39ol.zip
v76pn.zip
Ive tried a seach and so far nothing
no fix??
is it maybe under another name??
please help me thanks
yes I did everything .. un install , scans , registry checks
still getting it
I have been infected with a new worm from MSN it sends u to a website that shows who blocked you from messenger then it infects u and sends it to all your contacts…Does anyone know how to remove this!!! It has already disabled my sound?? PLEASE HELP ME!!! i am very desperate and have come to a dead end with this..nothing picks it up i have tried several antivirus programs..avast..avg..nod32..trend micro..i tried to download panda but it made my pc even worse so i had to do a system restore. If anyone can help me i would greatly appreciate it..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!panda you fool that is a virus it self!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
there is a new address with the hosting by ifreepages.com by the way you know if it is the link because it has your email, in the address. also its not a zip any more ,I think. i am also infectid on a driffrent computer.
what sould I do?????????/ (which works)
Hey, I have been infected with a different type of worm as mentioned above..It seems to work just like the http://p1392.pic-myspace.info but instead it says: very-coolstuff.info.
I’ve tried to use several Antivirus software but it dind’t solve the problem.
Help please