Vista - Windows Live Messenger worm

A friend of mine sent me a link via messenger that looked dubious to
say the least. I asked him if he had sent it and he said he hadn't, as
I suspected. Few weeks later another friend asked me if I had sent him
a link and I hadn't it looked like this -->

http://<my login name>.found.some.c0o0ol5tuff.info

So it looks like I now have this worm. Every so often messenger closes
and says it's connect on another computer and to start it up again
too.

How do you get rid of it? I tried reinstalling messenger and also
running impfix3, ad-aware 2007 and scanning with AVG yet it seems to
still be on my system.

Did you try using Spybot to find any trojans, worms etc and did you do a hijack this?

I did a google on this and it looks like its a malicous link

On May 15, 5:34*am, nataliew <gu...@xxxxxx-email.com> wrote:Yes I ran the latest SpyBot1.5 and it found nothing other than a few
dodgey cookies which I removed.
HiJackThis turned up nothing unusual.

Greetings Sir Elric,

There is no way you have obtained any Messenger worm unless you specifically clicking on the
file and told your browser to execute it.

Most Messenger worms are rather unsophisticated (in terms of hiding) and you would've seen it
on your HiJackThis log (to reference your other post).

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--


"Sir Elric" <leehogg@xxxxxx> wrote in message
news:21fa8b50-60f9-49cd-a2f9-8e8eccd1b071@xxxxxx

Hello Sir Ethic,

if you continue to get the message "You have been signed out because you
signed in at another location", this means probably that your Messenger
password has been hijacked by the virus you installed accidentally from that
website. So, first go and remove the virus by any means. Then, AFTER
removing it, I advise you to change your Messenger password so any stolen
password will not be able to sign in anymore. To change your Messenger
password, go to https://account.live.com/SummaryPage.aspx and click the
'Change' link in the password section.

Regards,
mynetx


"Sir Elric" <leehogg@xxxxxx> schrieb im Newsbeitrag
news:21fa8b50-60f9-49cd-a2f9-8e8eccd1b071@xxxxxx

On May 15, 11:38*am, "Jonathan Kay [MVP]"
<msnewsrepl...@xxxxxx> wrote:Yes I did click on the bogus link that was sent to me through
messenger from a friend, well it wasn't sent by him I just thought it
had, and it took me to some mobile phone site which I closed.
Did I get the worm just from viewing a web page?

On May 15, 5:48*pm, "mynetx [Messenger Plus!]"
<myn...@xxxxxx> wrote:Cheers. I 'think' I have gotten rid of it and have changed the
password too.

Hi,

The only way that's possible is if you haven't stayed up-to-date with browser updates
(Firefox, IE, doesn't matter) as some of these worms take advantage of exploits from several
years ago.

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--



"Sir Elric" <leehogg@xxxxxx> wrote in message
news:1c7e9bcc-730b-416e-a277-ad6645f1cabf@xxxxxx

On May 17, 11:17*am, "Jonathan Kay [MVP]"
<msnewsrepl...@xxxxxx> wrote:I use IE7 (7.0.5730.11) and it's up to date. I'm not one to open
dodgey files so I'm not sure how I got this worm. Good news is I
haven't had any more trouble since I ran all the scans and changed the
password