A new virus labelled a variant of the Win32/Spy.VB.LO trojan by NOD32 has been spreading via Windows Live Messenger over the past couple of weeks, one of the messages it typically sends contains the recipients e-mail address, looking something like this:
» rofl @ you, http://improfile.net/members.php?msn=example@example.com
The Web site has been shutdown to stop it from spreading. The DNS is set to loopback (127.0.0.1) and “Closed for Fraud” is in the whois information.
Kelvin has created a tool called impFix to remove the virus, so give it a try if you believe to be infected with this pest.
Last week Adrian posted about a new messenger worm that has now spread to many users. It spreads by sending a message like one of the following to online contacts:
check out these pics of us! http://p1392.pic-myspace.info
check out this pic of you on myspace! p1392.pic-myspace.info
According to the original post, it was using the domain pics-myspace.info, but on that same day pic-myspace.info was registered and the worm started using that instead. The whois information looks valid…?
Some helpful visitors have posted comments on how to remove it, check out SgSiaoKia’s comment and head over to Serena’s site for full instructions.
