Removing the MSN “Virus”
— posted at February 16th, 2005 by luc in Blog, Tech, Practical ComputingSince my 9am has been cancelled, I thought i might do a bit of public service. As you know there has been a Worm going around MSN that makes you send files to everyone on your contact list after you accept a file from someone who has gotten the worm (hope you see the vicious cycle).
Firstly… DONT ACCEPT ANY FILE WITH A STRANGE ASS NAME. PERIOD. if you wanna get into specifics, Dont accept any file with extension *.pif, *.exe, *.bat . The Pif file extension is the oldest form of file a hacker has used to contain a program or trigger. I Guess if you want to list all the files that you shouldnt accept…. I can kinda pull out a few…
- Drunk_lol.pif
- Webcam_004.pif
- sexy_bedroom.pif
- naked_party.pif
- love_me.pif
- LOL.scr
- Webcam.pif
- bedroom-thongs.pif
- naked_drunk.pif
- LMAO.pif
- ROFL.pif
- underware.pif
- Hot.pif
- new_webcam.pif
- hahahaha.pif
- me_2005.pif
- sister.pif
Those are just a few of the files being passed around… Another one is the handcuffs.pif being passed thru a URL. Don’t click on it… for the love of God… if you are unsure IM the guy who is sending it and ask if its a real file! Aish. Here is an image of how the worm (called the Bropia worm) works.
Anyway… for quick removal… go to the Symantec Website
What if that doesnt work? Hopefully you will have an antivirus program on your PC…
UPDATE YOUR DEFINITIONS
Do a FULL SYSTEM SCAN and if that doesn’t bring anything up, try an online scan. If virus scanners dont pick it up, download a spyware cleaner if you dont have one already. Good ones include Adaware and Spybot search and destroy.
If all these newfangled scanners still do jack shit, we’ll just have to deal with it the old fashioned way.
If you are not too computer literate, at this point you should scream for help… The Next section is not advised unless you know what you are doing or unless you are talking to someone who does.
- CTRL-ALT-DELETE
- Check the tasks running under your Username.
- Look for anything running that looks odd… Like something in your task manager with a *.pif extension maybe? Select and KILL!
- Look for all instances of msn running. SELECT and KILL!
- Look for anything looking strange with msmsg or msmsl or umsmsg or something like that… you see the pattern…. KILL!
- Open The Run Dialog box (windows key – R) and ype MSCONFIG
- Click the startup tab
- Again uncheck all the things that you think shouldnt be there… Dont worry… theres always system restore if you kill the wrong one =)
- Check your Root Folder (C:), Delete anything with the *.pif extension and the filenames i have previously mentioned.
- Check the recieved files directory in My documents. Do the Same as 9
- If anything goes wrong… Or it doesnt work…. Google is your friend. =p
- Get Linux.
** Get a Mac… we all know Mac OS X is the bomb…. Not to mention Its coming to NON Mac Based machines soon!
If you have any questions… Just email me...
Luc
(Done on Fedora 2 Distro of Linux, GNOME Environment. I havent Crashed yet.)
February 16th, 2005 at 2:11 pm
hahaha thanks man. my gf just got infected with that shit and now at least she can do sumn bout it.
February 16th, 2005 at 2:56 pm
td.com always here to do public service
February 16th, 2005 at 4:01 pm
this is why td is number one in my all-time website favourites! smashing!!
thanks luc
February 18th, 2005 at 2:58 am
wah! dam sex lah u lukas!
February 26th, 2005 at 12:54 pm
try TRENT MICRO, stops anithin
March 2nd, 2005 at 2:17 am
hey, I recieved this virus/ file while on msn from a friend, it was the naked_party file. I never had the chance to open it because my computer autimatically restarted once it finished downloading. I didn’t worry abotu it becuase for a week my computer was fine, until I tryed to open msn and was told to proceed i had to download msn 7, I tryed to skip this but it wouldn’t let me, so I downloaded it adn ever since my internet has not been working. It says that theres no connection but it says it’s connected when I check. I also downloaded the symantic tool to get rid of the Bropia viruses on anouther computer and saved them to disk and used it on my computer and it said there was no virus found. but there is definatly somethign wrong. I’m out of ideas and really don’t want to get reformatted. I know you don’t know me but if you have any advice or ideas, I’d really appreciate any help you could offer. Thanks, Amy
March 6th, 2005 at 9:57 pm
a new one is cute.pif.
i recieved that one about 20 minutes ago.
March 7th, 2005 at 9:47 am
Crazy frog gets killed by train!.pif
My new photo!.pif
How a Blonde Eats a Banana…pif
now got such files… so beware…
i deleted some hidden files:
../windows/msmbw.exe
../windows/system32/formatsys.exe
coz those fiels created after i run those pif files.
pls inform me if any information, share with me ya, thanks, cz_register@yahoo.com
cheerz…
March 7th, 2005 at 9:52 am
Well done, nice to find a qucik answer to the problem, even though i wasn’t stupid enuogh to get it ;)
March 7th, 2005 at 12:05 pm
ya, today 07 Mar 05’ i just get infected… with .pif files…
and i clean it by access into safe mode, and search those files which are created with the same infected date. and delete those applciations…
any thing just email me to share about this information. cheerz guys
cz_register@yahoo.com
March 7th, 2005 at 6:30 pm
You are a star – I have friends once more! ;o)
March 8th, 2005 at 9:43 pm
I have windows 2000 os. My friend sent me the msn virus but it was in a MSDOS format. I didn’t know wut it was and i opened it. It began to spam my contact list and sending the file to all the ppl on my list. It won’t allow me to go on task manager. Every time i type the word virus in google it closes. can u help me?
March 15th, 2005 at 9:24 am
hi, ok first up none of them work, i know about msconfig, ctrl-alt-delete… thing is when i use them the virus closes them down… like this site, the only way i can get through it is using mozilla, the virus makes it shut down if i have only 1 tab open, when i have a few more it gives me the option to click cancel. My virus scanner doesnt work either it just closes down. is there any other way?
March 17th, 2005 at 2:46 pm
dis is shit
March 18th, 2005 at 12:24 am
please help me! can’t even load up norton or spybot or anything! eek!
please! jbfwoodroof@hotmail.com
April 4th, 2005 at 10:09 am
Thanks man.
My Computer doesnt have aids anymore, there was a thing where if i tried to look up msn virus or anything with worm in it, it would close my browser, that stopped when i did all this, could that be the .pif or was there something else wrong?
April 22nd, 2005 at 2:48 am
I got it. The symantec search didnt help but i mangaged to get rid of it using Microsoft Antispyware. Thanks a lot, appreciated the info.
April 23rd, 2005 at 4:29 pm
Stupid Friggin Virus… this will help alot…thanks man.
April 27th, 2005 at 8:23 am
omg i cnt get this thing of my computer!weve had it for ages!the virus trys to send itself to everyone on my list,then it wont let me do a system restore or press ctrl alt delete.it wont let any anti virus’s run and it wont let me oen regidit!n i cnt download anythin to help me because if i type in anythin with virus or help etc then it shuts down the internet!what do i do?????
April 28th, 2005 at 6:08 pm
Go to Safe mode.
Run Adadware and Spy S&D.
Run msconfig
Go to the tab called “startup”
Disable the process
Restart Computer.
Run adadware and Spy S&D again.
=====================================
Make sure Adadware and Spy S&D are updated to the newest defineitions.
April 28th, 2005 at 11:58 pm
Hey. I think the best way to remove this virus ( I did it myself) is on recent computers theres a program called System Restore. You can restore your computer to any point in time. So this only works if you enter Safe Mode, then go System Restore (Start, All Programs, Accessories, System Tools, System Restore) and then Restore your computer to when you didn’t have your virus. This was the only way for me.
April 29th, 2005 at 3:53 am
Hi, I also have this virus and I can’t get rid of it. I have tried everything on this site. AVG,Microsoft antispwyare,Adware,spyspot.. none of these programs find anything but the online scanner trend finds one file called C:windowssystem32run.exe and I cant delete it.
Any suggestions?
April 30th, 2005 at 2:02 pm
i got this new one that says
HEY ITS YOU
then gives a link
you download the file
and it sends it 2 everyone how do i get rid of it??
thankz
May 10th, 2005 at 7:25 pm
The trick is therefore NOT to download suspicious files. That should be cardinal rule number uno when it comes to downloading stuff off the net.
Also, having a decent antivirus helps. But they are only there to SUPPLEMENT rule #1 in case of breach.
If you dont know what it is, dont bother downloading it!
Oh, if you find that you CAN’T delete something, its usually coz its a running process. Press CTRL-ALT-DELETE and highlight the target program that you want deleted. Click End Process. Then try removing the program again by shift-deleting it. That sends it to the bowls of computer hell.
May 10th, 2005 at 8:32 pm
You guys sounds quite informative!
So i’m going to try this out.
Once again its an MSN virus thing!
it sends message automatically something like:
“ROLF is this picture of your then it states your msn address” something along those lines!
So my question to you guy is:
Is there a solution?
Thanks
May 15th, 2005 at 1:43 am
Hey Jay…
Firstly you should check your task manager for any suspicious processes you are running under your Username. This will normally inform you where it is and then once you kill the process you can delete the file. I also suggest a thourough scan with Anitspyware programs, with updated definitions in safe mode that should help. If not check your Recieved files or Root Dir to see if there are any suspicious *.pif files or *.exe files you have never seen before… when in doubt, google the filenames.. if you are really stuck.. Use Linux! =p
May 23rd, 2005 at 8:53 pm
I had that ROFL virus, I used spybot and found a virus called Hellz little spy, I removed it?! But since the day that I got the virus it won’t let me sign on msn/windows messenger it just says something like ‘we were unable to sign you into msn because of a problem with your internet connection, but I obviously don’t have a problem if I can access all websites. Actually, my computer won’t let me on hotmail, I can get the first page up but when I sign in it just does not let me says I am offline when I am not. This is annoying as I also cannot read my emails or send any! This problem also happens when I try to use web messenger! SOMEBODY PLEASE HELP ME it is driving me crazy my computer has been like this for around two or three weeks now. Somebody help me please please please
May 25th, 2005 at 1:23 am
Jadey: I got this link for u. Try and do as the instructions say and see if it works. The same goes for all the MSN variation viruses out there. Google up the name/symptom and u should find the solution. Some require manual removals of the virii meaning spybot and adaware cannot remove them.
Usually if ur MSN goes bonkers afterwards its because whatever u deleted affected ur computer in some way or another. In that case, you might want it to be checked out by a tecchy friend. Can’t offer more advice/help than that really.
BTW, since using Avast!, my gf has not been hit by a single worm/virus. She can probably attribute that to sitting behind a university firewall but considering that she was hit quite frequently prior to that using AVG, Avast! has my vote.
May 25th, 2005 at 6:06 am
hey there, i was stupid enough to open that “rofl is this you” virus. I went to the link you gave Jadey and followed the instructions, but couldnt find “current version” in my registry. any ideas as to whats up? thanks for your help.
May 26th, 2005 at 6:51 pm
Its there Kauwabunga. Just keep looking. Registry entries dont go AWOL unless for a good reason.
If your virus is recent, there is a chance that its new. Google (USE THE BLOODY THING :) up the name of the symptom and somebody would have the solution… normally.
June 14th, 2005 at 6:09 pm
how do you run your computer in safe mode lol sorry if this is a stupid question im not that good on computers
June 16th, 2005 at 10:58 am
Andi: Press+hold the F8 button during the Windows loading screen. The screen that has that bar that err… “loads” with the nice WinXP logo on it.
And if that doesn’t work, just mash the friggin button :P
June 24th, 2005 at 11:22 pm
hey can i ask smethn???...i want to knw hw do u delete these .pif files…actually whr r these saved…i cant see them newhr..si cant delete them…:-((
July 2nd, 2005 at 10:58 am
i got this virus last night, said something about seeing bow wow with girls all around him. i ran spyware doctor and got rid of 55 tracking spies and am now using the removal tool, fingers crossed! thanks for the advice
July 2nd, 2005 at 9:03 pm
i have net zero its the best but aol gets the most vruses last year we had aol and my dads pc was mest up by this shit we had
like 50 viruses on our comp
try finding these files on your pc
mallex.exe
bjdgm.exe
the firs one you have to delete it with a licenced antivirus or ms dos because it says “windows is using this program”
July 4th, 2005 at 6:13 pm
heres one to
killallpeeps!.pif
August 4th, 2005 at 3:50 am
hey thanks for the advise. I just got a file that says “is this you?” and if you click and download it, then it screws everthing up… it seems to have royally screwed up my Norton though and i ran both my spybot and ad aware and didnt see anything out of the ordinary… i’m afraid i’ll have to keep trying…
August 4th, 2005 at 3:11 pm
Thank you
! I hope it works!! At least i can try to sort it out
:D
August 21st, 2005 at 8:36 am
i got sent this
www.warezddls.com/funny-stuff/download3849.exe
wow wow wow…..you have to check this out
and my sister went on it and it downloaded somethin guess it is a virus. it comes up on any screen you type on and closes all the msn conversation windows. i have no idea how to get rid of it so any helpers?
August 21st, 2005 at 11:21 am
Hey, i got this virus (well i think its a virus anyway) today over msn. I clicked on this website:http://www.block-checker.com and i downloaded it and now everytime i go on msn and start a convo that link comes up with a message saying go to it etc and it is really annoying. I have tried everything i can think of to get rid of this, i have deleted it, deleted msn and installed it again, downloaded mircrost antispam software and already have adaware and cant it cant find any virus! So what do i do? Please help
August 22nd, 2005 at 7:04 am
the damn virus makes it so i cant open anything, like anti spyware, or even run msconfig, its blocking me from everything ive tried to do. Please i need some help, this is just ridiculous.
August 22nd, 2005 at 3:00 pm
Heya!
My friend sent me a message saying LMAO check this out so i did and i scanned it and there was nothing there so i installed and now i have one of them virus worm things =(
I’ve tried all of your solutions but it wont let me run task manager or Norton or open any pages to do with an adaware or a Anti-Virus!!
This virus has really got me bad my mums gonna go mad if i have to reformatt…again
August 23rd, 2005 at 10:43 am
Ive got the same thing, ive found the file on prosessess its svchost.exe but its not under system its under ur username. Its such a pain in the arse.
August 23rd, 2005 at 11:34 pm
hey iv got a worm which is doin my fuckin ed it wont let me open norton n it wont let me open anything to get rid of it so i cnt open ur links off symantec website have you any idea what worm it is it was sent through msn. n if u can cn u email me on dis site cos the wrom wont let me access my email at all cheers
August 23rd, 2005 at 11:37 pm
ivjust relised its the same as jadeys problem n i need sum help plz thnx
August 25th, 2005 at 7:27 am
just rename the app you try to open liek if you want to open HiJackThis.exe
rename it to somthing liek: thatsright-youbeenhijackedlol.exe
becuae the virs recognises the name hijackthis it will automatically end its process when it comes up.
August 25th, 2005 at 7:28 am
.
August 30th, 2005 at 8:36 am
hey.. i received a virus through msn about a week ago, i cannot sign into msn or access my emails.. i’ve tried everything you’ve said, it wont let me open any anti-virus programs to get rid of it or anything.. someone said to try to go into system restore and restore my computer to when i didnt have the virus, how do i put my computer into safe mode? i tried pressing F8 when the comp is turning on but that doesnt work :s aand does putting the computer into safe mode effect it in any bad ways?? PLEASE HELP me. i dont want to reformatt my computer :( please email bak to this site cos i cant access my emails.. thanks
August 30th, 2005 at 11:01 am
i got a link saying … ‘hey is this your profile? www.chatnetworks.net/[my email address] i clicked it and i was told it was a virus … is it the same one? how do i get rid of it ??? really don’t want my computer to get stuffed up as will lose all my work. any ideas anyone???
September 12th, 2005 at 5:56 pm
i also have a problem with getting on the msn and hotmail. But my messenger works.
could you be a gem and tell me what to do about this problem.
thanks alot really appreciat it
October 5th, 2005 at 5:32 pm
ive got hundreds of viruses! and some on msN?!
can u help me get rid of dem!
October 12th, 2005 at 12:13 am
I have a virus. I think. I need serious help. It isn’t with my msn though. It with AIM messenger. I scanned and found 3 viruses and then went through recovery but it only deleated 2. I need to delete the third. It is spybot.gen. What is that and how do I get rid of it. Also I tried to do the start/run with regedit but something won’t allow the window to stay on the screen. I can’t even get the screen to pop up when I hit ctrlaltdelet. What is going on?? AGGGGGGGGGGGG
October 22nd, 2005 at 2:34 am
I got a message along the lines of “Hahaha, is this you….?”
Now my MSN isn’t working properly.
I tried opening the task bar with CTR ALT DELETE…but it closes right after it opens.
I’m at a total loss as to what i should do, and I have nobody to turn to.
October 26th, 2005 at 11:08 am
Well I would just like to say i fell was so fucken stupid to take a mother fucken virsu of this UGLY STUPID SLUT BITCH from me MSN.
Thanks to advice i fixed it and this is a really goodwebsite and the guys are all hot. Thanks love you in bed long time :)
January 10th, 2006 at 1:14 am
I just received a virus through myspace.com that also has links to AOL AIM sent out by someone named Nick.
This is how it goes:
I received a ‘legit’ [it was, really] e-mail from someone and when I viewed their page, all the sudden, “You have the ROLF virus” window pops up! So, of course, I was irritated because I couldn’t get out of the myspace page I was viewing because I had to push ‘okay’ or x to close out the ROLF message.
So I pushed okay [the x was blocked out] and then it wouldn’t let me view her page…I didn’t know what to do.
The next day, my friend said she went to myspace.com/ubomag [don’t go there tho or you will get it] which is my website myspace link and she said that she got that same message in a window sayig she was infected.
So, then I tried it too and sure, enough that message popped up on mine. So I went into my profile and deleted ALL text, html, etc…and tried again—still says it. I e-mailed MYSPACE about it so I am waiting to hear back.
The other thing, when she clicked on it and got the ROLF message, she pushed ‘ok’ then somethign from AOL popped up saying she had a new message in her in box, but she didn’t open it, of course. Also, when I went to see if my site was infected and I pushed ‘ok’ it took me to someone named nick on myspace. He had friends that seemed normal but his image was that ROLF VIRUS instead of a picture…
So I blocked him. Then I tried to review his page in myspace and it directs you to a blank page…it is so weird.
I have been trying to delete any of those files you mentioned above and am running Norton Virus scan [so far, 15 threats have been detected].
Is there anything I can do to be sure I get rid of this? Is it in my computer or incripted in myspace.com/ubomagazine somehow??
Thanks for the help.
aas
June 13th, 2006 at 9:49 am
I just got this virus 2 days ago. Almost completely goosed my laptop. It’s a crude one too cos it just keeps “typing” something like “click here to see pics of you/us on my myspace …” into any/every application that you have open – just depends where ya focus is – if its desktop, it will launch the first damn program beginning with ‘C’. It also launches itself (I had approx 20-30 myspacer.exe processes, or about 20-30 other processes with names like mc-110-00093-???.exe (summit like that)!) And at one point – in excess of 150 instances of MSN Messenger running! However, because it CONSTANTLY types this friggin message for propogation it doesn’t matter what app you open, you just don’t seem to be able to do anything. THE KEY IS … Start in Safe Mode and run “system restore” (from MSCONFIG). Oh and System Restore will NOT be able to restore your PC to “any point in time” ... it takes snapshots of your PC whenever software is installed or whenever changes are made to registry and/or major system settings … however, this should be enough to get you to a point CLOSE to just before you had that moment of stupidity (like me!) ;-)
HTH someone else,
Pete
June 29th, 2006 at 3:59 pm
hello
please i want somone to send me a msn virus i ve ever seen one
virus liker
September 27th, 2006 at 7:34 pm
HELP!! I just got a link from a cousin saying : Is this you and I opened it. Having a mac it did nothing but not realising it was a virus I sent it on to others to check for me… Now they can’t even open msn! They have done searches (the file is called photo2342.pif) on all diff ways to find it so they can delete it but it doesn’t come up. What do I tell them to do? Will reinstalling msn work> (Windows messenger does work still)?
?
?!? Please help!!
October 3rd, 2006 at 7:33 pm
Hey recently got this Bropia worm virus and was wondering how to get rid of it as i have to pay for spyware docter and am looking for free spyware detection please.
Thanks, please help Asap.
Jacky
April 28th, 2007 at 9:03 pm
I got it from a mate cos I stupidly opened it even when told by the computer that such fuiles can be dangerous.
But the same mate has figured out a pain free way of removing it
!
Uninstall it vira add/remove fiels and then reinstall or download.
Plus your contacts will all still be there.
Just thoguth I’d tell you all.
July 16th, 2007 at 11:09 pm
i got this message off my m8 saying u want to see my past photo ive put together so stupid me went and accepted it it download it and now everytime im on msn it sends the same thing to my contact and shuts down my msn
can anybody help me plz
email me on : c.arends@btinternet.com
if u have any help
thx
August 8th, 2007 at 3:29 am
I went through that I couldnt find any odd lookin files. But I still have the virus.
November 10th, 2007 at 5:31 am
A guy i know sent me this .zip file and it said “can i put these pics of u on myspace” or something like that. I used winrar to extract it and the folders appeared in my Received Files. I saw an MS DOS file..and i thought this was a bit sus. So i asked him about it…and he responded with “oh shit.l..u didn’t open it did you”. Now..i did not run the MS DOS file but i did open the unzipped folder…does this mean i have the virus?
November 15th, 2007 at 7:47 pm
hey what is this for?
December 5th, 2007 at 8:01 am
I have received this mgs from a friend recently. It s a link, something like www.offer-for-you.com. I clicked on it and now it keeps sending the link to people on my msn list everyday. So, anyone can tell me how to get rid of it? My computer skill is rubbish :(
December 14th, 2007 at 8:33 pm
Ok my msn is workin fine but when i was talking to my friend she asked me what the picture was so i was like which picture and i no i’ve got a virus now.. I’m really dumb with computers is there any other way of how to delete the virus?? The top bit was good if your good wiht your computer lol…x
REPLY SOON
Holly..,x
x
December 24th, 2007 at 3:42 pm
umm, i did it as well, ive tried every program i can think of and it doesnt work. can someine tell me, is impfix any good. i used it but it doesnt say whether it worked or not.
for the people who are stuck after trying everything (like me), a reinstall of windows may be the only way.
January 17th, 2008 at 9:01 pm
hey,
i got da virus sayin “look at my pick do i look stupid ??” n told me to accept …....... i did not accept it but still got da virus :s …....
how will i get rid of it .. plzz repli asap
August 16th, 2009 at 4:09 pm
erm…can you help me solve the myspace photo virus at msn one? i find many website also can’t solve it. Please help me and reply me as fast as you can!!thanks you.