you are using the messenger beta live right? have you seen this yet?
Recently a member of MessengerSays Blog ( Paul ) predicted that a good deal of so called "proxy bypass and patchs" to get you through Windows Messenger Live check. He had predicted right. And the messengersays Admin is "ashamed" to say that it got through to his server.
He had just got warned by a friend that someone name "cumhurat" was spreading a link to http://
[w][w][w].stuffplug[dot]com/temp/downgrdr..However the file is only 5kb, while a real MSNP13 Downgrader is over 100kb.
[quoted from messenger-blog.com]
Please be very very careful!
Apparently the file records the passwords you sign in with on messenger, and uploads them to an FTP server at sifreavcisi.com. Im not quite sure how it launches itself, but just to be on the safe side I advise everyone who thinks he mightve ran it to add the following line to their C:\Windows\System32\drivers\etc\hosts file (You can open it with notepad):
This will redirect all calls to that host to your local computer, and will thus prevent the virus from ever contacting their home.
I also recommend that everyone changes his or her password, as there is a very high chance that it has already been sent there