13th June
Backdoor.Ducy is a backdoor Trojan horse that uses MSN Messenger to give an attacker access to your computer.

The latest instant-messaging virus was detected last week and can infect an individual's computer from a Website or an e-mail attachment.

What does Ducy do?

1) It creates the file, %Windir%\Msn.exe.

2) Adds the value:

"control"="%Windir%\msn.exe " to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the Trojan runs when you start Windows.

3) Opens a backdoor on the infected system, allowing an attacker to connect to the system using MSN Messenger.

More information and manual removal instructions can be found HERE..
Wednesday 31st December 2003
2003 is ending with another computer virus causing havoc on the net.

Jitux.A is a worm that spreads via MSN Messenger in a message that only contains a link to the web page http://www.home.no/ {blocked} / jituxramon.exe. When the user visits this web page, a file called JITUXRAMON.EXE is downloaded.

Once the file JITUXRAMON.EXE is run, the Windows 95/98/ME/NT/2000/XP/2003 computer is affected. Jitux.A goes memory resident and sends the message specified above to all the active contacts in Messenger's Contact list every five minutes.

Jitux.A can be removed by a free online anti-virus by Panda Soft called Panda ActiveScan
Saturday 27th September 2003
A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).

Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!

An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature. The feature enables customers to link their desktop anti-virus software to the IM client, automatically scanning incoming files for viruses.

If you already accepted this SMB.exe file, here's how to remove it manually:

1) Go to task manager. (Ctrl+alt+del) and select the Process tab.
2) Click admagic.exe then click End Process
3) Go to the C: drive and delete smb.exe and admagic.exe.
4) Go to Windows directory and delete atl.dll, raw32x.dll, sm.dll and uz.exe.
5) Go to the registry (Start > Run > type "regedit" > click ok) and go to HKEY_LOCAL_MACHINE\SOFTWARE\Micorosoft\Windows\CurrentVersion\Run. Delete the svchost = admagic.exe string value.
 
Back