0
Recently a relative of mine decided that, when I told him to "not to click on anything anyone sends to you", it did not apply to MSN contacts of people he had never known IRL but who showed a lot of skin in their profile pictures.
Luckily the malware showed an old version of the MSN Messenger in portuguese; not being our language this looked odd enough to send him asking for help to me.
The malware appears when the regular shortcut to MSN is opened. The first time in the session, the portuguese login screen appears and, after clicking "Login", exits. Later clicks in the same shortcuts open the regular MSN. The admin account has not been compromised.
Avast has failed to detect anything wrong (I know it is not most suited tool for this task). I have been looking at the web for solutions, but there are lots of reference about how to use the malware and very little about removing it (and those are paying solutions that do not guarantee the result...)
Any suggestion?
SJuan76
Posted 2011-10-03T07:53:17.870
Reputation: 343
1
have you tried looking at this?
– Journeyman Geek – 2011-10-03T07:57:32.993Yes. I was hoping for a more specific answer, if someone had experience with this kind of malware. If possible, I prefer removing malware manually than to add yet another program in the mix. – SJuan76 – 2011-10-03T08:00:47.737
Or at least, if I have to use a program, be as sure as I can be that I only have to install one of them (and not trying half a dozen) – SJuan76 – 2011-10-03T08:03:28.717
unless you know what the virus is, its hard to tell exactly what to use. Autoruns (to kill off odd logon processes) process explorer (to look for unusual processes at logon) + malwarebytes (its effective enough that it will either get rid of the virus, or be blocked, which is a sign that escalation is required) is what i'd use. I'd also suggest switching AV to MS Security essentials if you can. – Journeyman Geek – 2011-10-03T08:07:43.503
See my post on how to remove the malware...http://superuser.com/questions/100360/what-to-do-if-my-computer-is-infected-by-a-virus-or-a-malware/157533#157533
– Moab – 2011-10-03T16:29:33.147