URLs sent from Contacts who are offline via Windows Live Messenger 8.1

  • Thread starter Thread starter Matt U.K.
  • Start date Start date
M

Matt U.K.

Hi,

I'm receiving urls from some of my Contacts (3 so far) who were offline,
could this be due to virus activity (somewhere)? My computer is Virus
/Malware free and I have a firewall installed.

I'm using AVG, Comodo and Ad-Aware 2007 software.

This started a few of days ago.

Many thanks in advance

Matt U.K.

--
"Help me, Obi-Wan Kenobi. You're my only hope".
 
Matt U.K. wrote:

> Hi,
>
> I'm receiving urls from some of my Contacts (3 so far) who were offline,
> could this be due to virus activity (somewhere)? My computer is Virus
> /Malware free and I have a firewall installed.
>
> I'm using AVG, Comodo and Ad-Aware 2007 software.
>
> This started a few of days ago.

Hi, Matt - Instant Messenger infection is quite common these days and the
current crop of malware that you get from clicking on IM links is extremely
virulent, usually ending in a clean install for the victim. So you're quite
wise to never click on those links.

Since you're sure that your machine is clean (and you haven't clicked on any
links recently), someone you know is probably infected. The contacts you
mention should do some scanning.

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Hi Malke,

Thanks for the reply, I've found the culprit. On my way to check/clean her
computer (a Mac running leopard) now. She confessed to clicking on a link a
couple of days ago.

Matt U.K.

"Malke" <malke@invalid.invalid> wrote in message
news:OVTzfXLbIHA.4712@TK2MSFTNGP04.phx.gbl...
> Matt U.K. wrote:
>
>> Hi,
>>
>> I'm receiving urls from some of my Contacts (3 so far) who were offline,
>> could this be due to virus activity (somewhere)? My computer is Virus
>> /Malware free and I have a firewall installed.
>>
>> I'm using AVG, Comodo and Ad-Aware 2007 software.
>>
>> This started a few of days ago.
>
> Hi, Matt - Instant Messenger infection is quite common these days and the
> current crop of malware that you get from clicking on IM links is
> extremely
> virulent, usually ending in a clean install for the victim. So you're
> quite
> wise to never click on those links.
>
> Since you're sure that your machine is clean (and you haven't clicked on
> any
> links recently), someone you know is probably infected. The contacts you
> mention should do some scanning.
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
 
Matt U.K. wrote:

> Hi Malke,
>
> Thanks for the reply, I've found the culprit. On my way to check/clean
> her
> computer (a Mac running leopard) now. She confessed to clicking on a link
> a couple of days ago.

Interesting. I'd really appreciate it if you'd post back to this thread to
let me know what you did to clean it up. I've got a lot more clients
running Macs now (as I do myself) and I haven't had to clean up infections
on a Mac before. So do let me know if you can. Thanks!

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Hi Malke,

The Mac was clean, I downloaded a 60 day trial version of 'Avast' anti-virus
software from here:-
http://www.avast.com/eng/avast-antivirus-mac-edition.html

I also downloaded 'MacScan' (v2.5.1) 30 day trial from here:-
http://www.download.com/MacScan/3000-2271_4-10478064.html

I cleared the history & caches from BOTH browsers 'Safari', 'Firefox'
(latest versions) AND changed the passwords of her and her son's 'Hotmail'
accounts.

This seems to have cured the problem.

Hope this helps :-)

Matt U.K.

p.s.

I have updated my version of 'Windows Live Messenger' to Version 2008 (Build
8.5.1302.1018) AND deselected the 'Allow links in the conversion window
option. I can't remember if this option is available in the Mac version
6.0.3. (latest version).


"Malke" <malke@invalid.invalid> wrote in message
news:eXoDBKPbIHA.4476@TK2MSFTNGP06.phx.gbl...
> Matt U.K. wrote:
>
>> Hi Malke,
>>
>> Thanks for the reply, I've found the culprit. On my way to check/clean
>> her
>> computer (a Mac running leopard) now. She confessed to clicking on a
>> link
>> a couple of days ago.
>
> Interesting. I'd really appreciate it if you'd post back to this thread to
> let me know what you did to clean it up. I've got a lot more clients
> running Macs now (as I do myself) and I haven't had to clean up infections
> on a Mac before. So do let me know if you can. Thanks!
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
 
Matt U.K. wrote:

> Hi Malke,
>
> The Mac was clean, I downloaded a 60 day trial version of 'Avast'
> anti-virus software from here:-
> http://www.avast.com/eng/avast-antivirus-mac-edition.html
>
> I also downloaded 'MacScan' (v2.5.1) 30 day trial from here:-
> http://www.download.com/MacScan/3000-2271_4-10478064.html
>
> I cleared the history & caches from BOTH browsers 'Safari', 'Firefox'
> (latest versions) AND changed the passwords of her and her son's 'Hotmail'
> accounts.
>
> This seems to have cured the problem.
> p.s.
>
> I have updated my version of 'Windows Live Messenger' to Version 2008
> (Build 8.5.1302.1018) AND deselected the 'Allow links in the conversion
> window
> option. I can't remember if this option is available in the Mac version
> 6.0.3. (latest version).

Thanks, Matt. I appreciate the information. I've filed it away for
reference.

Glad you got everything sorted and thanks again for taking the time to let
me know the outcome.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Your welcome :-)

Matt U.K.

"Malke" <malke@invalid.invalid> wrote in message
news:uiWVJPcbIHA.1208@TK2MSFTNGP05.phx.gbl...
> Matt U.K. wrote:
>
>> Hi Malke,
>>
>> The Mac was clean, I downloaded a 60 day trial version of 'Avast'
>> anti-virus software from here:-
>> http://www.avast.com/eng/avast-antivirus-mac-edition.html
>>
>> I also downloaded 'MacScan' (v2.5.1) 30 day trial from here:-
>> http://www.download.com/MacScan/3000-2271_4-10478064.html
>>
>> I cleared the history & caches from BOTH browsers 'Safari', 'Firefox'
>> (latest versions) AND changed the passwords of her and her son's
>> 'Hotmail'
>> accounts.
>>
>> This seems to have cured the problem.
>> p.s.
>>
>> I have updated my version of 'Windows Live Messenger' to Version 2008
>> (Build 8.5.1302.1018) AND deselected the 'Allow links in the conversion
>> window
>> option. I can't remember if this option is available in the Mac version
>> 6.0.3. (latest version).
>
> Thanks, Matt. I appreciate the information. I've filed it away for
> reference.
>
> Glad you got everything sorted and thanks again for taking the time to let
> me know the outcome.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
 
Hi Malke,

More information found here:-
http://www.channelregister.co.uk/2008/01/23/polyglot_msn_worm/

Matt U.K.

"Matt U.K." <mm_lewis@No_SpAm_hotmail.com> wrote in message
news:aOCdndZ2IvrQgS_anZ2dneKdnZydnZ2d@brightview.com...
> Your welcome :-)
>
> Matt U.K.
>
> "Malke" <malke@invalid.invalid> wrote in message
> news:uiWVJPcbIHA.1208@TK2MSFTNGP05.phx.gbl...
>> Matt U.K. wrote:
>>
>>> Hi Malke,
>>>
>>> The Mac was clean, I downloaded a 60 day trial version of 'Avast'
>>> anti-virus software from here:-
>>> http://www.avast.com/eng/avast-antivirus-mac-edition.html
>>>
>>> I also downloaded 'MacScan' (v2.5.1) 30 day trial from here:-
>>> http://www.download.com/MacScan/3000-2271_4-10478064.html
>>>
>>> I cleared the history & caches from BOTH browsers 'Safari', 'Firefox'
>>> (latest versions) AND changed the passwords of her and her son's
>>> 'Hotmail'
>>> accounts.
>>>
>>> This seems to have cured the problem.
>>> p.s.
>>>
>>> I have updated my version of 'Windows Live Messenger' to Version 2008
>>> (Build 8.5.1302.1018) AND deselected the 'Allow links in the conversion
>>> window
>>> option. I can't remember if this option is available in the Mac version
>>> 6.0.3. (latest version).
>>
>> Thanks, Matt. I appreciate the information. I've filed it away for
>> reference.
>>
>> Glad you got everything sorted and thanks again for taking the time to
>> let
>> me know the outcome.
>>
>> Malke
>> --
>> MS-MVP
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> Don't Panic!
>
>
 
Matt U.K. wrote:

> Hi Malke,
>
> More information found here:-
> http://www.channelregister.co.uk/2008/01/23/polyglot_msn_worm/

Thanks, Matt. I knew about it and in fact had warned my regular mailing list
about it last month:

http://www.elephantboycomputers.com/page3.html#1-30-08

What I didn't expect was a Mac being affected. Not that I'm so foolish as to
think Macs can't be compromised I just wasn't sure how this particular bad
guy would affect OS X.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Hi Malke,

I was also very surprised, as the OS was/is fully patched. Broadband access
is via a Router which itself has a firewall (as does Leopard) built in.
Before infection the Mac was running without any anti-virus software as she
(owner) is awaiting the new anti-virus product from Symantec for Leopard.
We will scan again using the new product from Symantec once we get it.

I ran MacScan (v2.5.1) again today, nothing found. I did find extra options
in the application that clears the history/cache of browsers that are
installed.

Matt U.K.

"Malke" <malke@invalid.invalid> wrote in message
news:O6II$jpbIHA.1188@TK2MSFTNGP04.phx.gbl...
> Matt U.K. wrote:
>
>> Hi Malke,
>>
>> More information found here:-
>> http://www.channelregister.co.uk/2008/01/23/polyglot_msn_worm/
>
> Thanks, Matt. I knew about it and in fact had warned my regular mailing
> list
> about it last month:
>
> http://www.elephantboycomputers.com/page3.html#1-30-08
>
> What I didn't expect was a Mac being affected. Not that I'm so foolish as
> to
> think Macs can't be compromised I just wasn't sure how this particular
> bad
> guy would affect OS X.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
 
Matt U.K. wrote:

> Hi Malke,
>
> I was also very surprised, as the OS was/is fully patched. Broadband
> access is via a Router which itself has a firewall (as does Leopard) built
> in. Before infection the Mac was running without any anti-virus software
> as she (owner) is awaiting the new anti-virus product from Symantec for
> Leopard. We will scan again using the new product from Symantec once we
> get it.
>
> I ran MacScan (v2.5.1) again today, nothing found. I did find extra
> options in the application that clears the history/cache of browsers that
> are installed.

Interesting. I don't bother with av software on my Mac, just as I didn't
when I was on Linux. It sounds like this is an application-only infection,
probably because your friend is on a Mac. Had it been Windows, the results
would have been nasty. It's probably held in check on the Mac because the
executables (outside the application) have nothing to do with OS X and also
because of root being disabled. But that's just speculation on my part.
I'll take a look at MacScan just in case I get a call from a Mac-running
client.

Thanks again,

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Back
Top