SafeFeel.com

Free Computer Networking Security & Software Questions and Answers Website

How to seize rid of a trojan horse name "IMG-XXXX.zip"?

This virus infects a user computer, and auto-send it to other computers through MSN messenger. I hear that in attendance are a few kind of similar trojan attack my friends' computer. The trojan which infects my computer retrieve its wallet as .closure files within C:\WINDOWS Anyone can help out? Thanks!

If you know more more or less this virus, please relay me what does it do to my computer.

Pls: ASAP


Answers: Download and install AVG Free from Grisoft, it blocks all characteristics of trojan viruses

http://free.grisoft.com/doc/2/


This relationship will facilitate you remove that virus

http://www.cisrt.org/enblog/read.php?165...
use "Spybot - Search and Destroy".
also, you can delete adjectives .fastener files from your computer and delete adjectives Temporary internet files.
I don't believe this file is a virus or a trojan because a .fastener record is a report created by a compression program and once it's zip is does nought until it's unzipped. Don't unzip it.
This is the clean MSN worm.

Read this:

http://www.cisrt.org/enblog/read.php?165...

File baptize: IMG-XXXX.zip(img0794-www.photo...
Size: 74,752 bytes
MD5 hash: 5946bfe3c7782acd72642a37b5a638...
Detection: Backdoor.Win32.IRCBot.ahm (Kaspersky)
Details:
(1) Drops files:
%Windows%\system\explorer.exe
%Windows%\IMG-XXXX.zip (XXXX is indiscriminate digitals such as IMG-0356.closure, IMG-7755.fastener, IMG-7960.closure, IMG-8530.zip)

(2) Adds registry switch:
HKEY_LOCAL_MACHINE\SOFTWARE\Mi...
"Windows Explorer Key" = "%Windows%\system\explorer.exe...

(3) Modifies the following registry knob:
HKEY_LOCAL_MACHINE\SYSTEM\Curr...
"%Windows%\system\explorer.exe... = "%Windows%\system\explorer.exe... Sharing"

HKEY_LOCAL_MACHINE\SYSTEM\Curr...
"WaitToKillServiceTimeout" = "7000"

(4) Sends out "IMG-XXXX.zip" and the following messages:

English book:
Check out my nice photo album. :D
wanna see the pics from my break? :>
Nice spanking new photos of me and my friends and stuff and when i be babyish lol...
lol remember when you used to hold your coat resembling this
My friend took nice photos of me.
you Should see em loL!
hey i'm going to affix this picture of us to my weblog
Here are my private pictures for you

http://www.lfpm.org/forum/showthread.php...
This is a alien change of MSN Worm that begin spreading via MSN Messenger. It sends out the .fastener wallet "IMG-XXXX.zip" (XXXX is slapdash digitals), such as IMG-0356.closure, IMG-7755.closure, IMG-7960.closure, IMG-8530.fastener, and such. In the .fastener directory, it contains a .com profile "img0794-www.photoupload.com". Be punctilious please.

The details roughly speaking this alternative:

File dub: IMG-XXXX.zip(img0794-www.photo...
Size: 74,752 bytes
MD5 hash: 5946bfe3c7782acd72642a37b5a638...
Detection: Backdoor.Win32.IRCBot.ahm (Kaspersky)
Details:
(1) Drops files:

%Windows%\system\explorer.exe
%Windows%\IMG-XXXX.zip (XXXX is arbitrary digitals such as IMG-0356.closure, IMG-7755.closure, IMG-7960.fastener, IMG-8530.zip)

(2) Adds registry switch:

HKEY_LOCAL_MACHINE\SOFTWARE\Mi...
"Windows Explorer Key" = "%Windows%\system\explorer.exe...

(3) Modifies the following registry switch:

HKEY_LOCAL_MACHINE\SYSTEM\Curr...
"%Windows%\system\explorer.exe... = "%Windows%\system\explorer.exe... Sharing"

HKEY_LOCAL_MACHINE\SYSTEM\Curr...
"WaitToKillServiceTimeout" = "7000"

(4) Sends out "IMG-XXXX.zip" and the following messages:

English interpretation:

Check out my nice photo album. :D
wanna see the pics from my break?
Nice latest photos of me and my friends and stuff and when i be infantile lol...
lol remember when you used to enjoy your pelt approaching this
My friend took nice photos of me.
you Should see em loL!
hey i'm going to give this picture of us to my weblog
Here are my private pictures for you
------------------------------...
Here are step by step instructions on removal:

Step 1:
Delete registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Mi...
"Windows Explorer Key" = "%Windows%\system\explorer.exe...

Step 2:
Restart Windows

Step 3:
delete virus files:
%Windows%\system\explorer.exe
%Windows%\IMG-XXXX.fastener (XXXX is indiscriminate digitals such as IMG-0356.closure, IMG-7755.fastener, IMG-7960.closure, IMG-8530.zip)

Step 4:
Remove "Windows Sharing" from exceptions tab of Windows Firewall

Step 5:
Set registry facts:
HKEY_LOCAL_MACHINE\SYSTEM\Curr...
"WaitToKillServiceTimeout"="20...

Restart Windows again and you should be rid of it.
here's the simplest mode to remove it. choose a free antispyware here: http://www.2-spyware.com/compare2.php... and run a scan. and consequently delete everything the scan finds.