MSN virus

Status
Not open for further replies.

crward

In Runtime
Messages
173
i've been trying to sort out a friends computer after his wife click a message on msn, which screwed the pc. it's had norton AV and firewall disabled, and won't access certain websites like microsoft,norton,pandaAV and afew others.
after looking on norton website i came up with what i thought the virus was, but after following the instructions for removal i found it wasn't that virus.
i'm now thinking it's either w32.kelvir or w32.bropia
the message body was 'rofl [name] is this you' (or something like that). anybody know which virus this is so i can get his 'puter fixed for him
forgot to add.... when the system starts it gives an error saying 'changeme.exe' can't be found/run, what the hell is changeme.exe can't find squat on google
 

Lobos

Daemon Poster
Messages
617
Hi crward

sometimes Viruses or trojans will alter your host files preventing you from getting to AV site.

check your host files to see if they have been compromised

Download Hoster http://www.greyknight17.com/spy/Hoster.exe and run it. Choose the 'Restore Original Hosts' button and press OK.

then try and go here

Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Then scan again with HijackThis and post another log. along with the av logs if it could not clean something




Please do this. Click here to download Hijack This. Save it to it’s own folder (not temporary files or the desktop). Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise




Lobos
 
Status
Not open for further replies.
Top