Help MSN

[chrisrod01]

All of a sudden my friend sends me a link which i thought he was going to show me something but the link said www.vbulltinboard chrisrod88@hotmail.com or something like that and when i accept it it send it to everyone else in the list and mess with people computer

 

[UsandThem]

Do have an antivirus program installed on your PC?

 

[mechBgon]

Your friend's computer is infected with what Symantec calls W32.Chod.D or one of its descendants. If you clicked the link and are using an Admin-class account without antivirus protection, your computer is probably infected too.

One symptom of infection is that it makes you post in the wrong section of the Forums.

Once Chod.D is installed, it can take some maneuvering to get it off, because it prevents antivirus software from running if you do install some. I suggest downloading this text file and saving it first, then follow the instructions precisely while in Safe Mode, as a preliminary knockdown punch against the virus. Then reboot into normal Windows and download and install Microsoft Baseline Security Analyzer and a 30-day trial of Kaspersky Antivirus Personal 5 from http://www.kaspersky.com/trials. Configure it, update it, scan with it.

 

[chrisrod01]

how do i start window in safe ? and the last link is wrong

 

[UsandThem]

Originally posted by: chrisrod01
how do i start window in safe ? and the last link is wrong

I think he meant to say "Thanks mechBgon" and the last link works for me.

You boot into safe mode by holding down F6 I believe (or F8) can't remember at the moment when Windows starts to load.

 

[mechBgon]

You start Windows in Safe Mode by pressing the F8 key repeatedly when you know that the first WindowsXP boot screen is about to show on the screen, the one with the little scrolling bar below the WinXP logo.

The last link is working. If you can't get there, then the virus has probably tampered with your HOSTS file to keep you from visiting Kaspersky Labs' website. Open up Notepad and use Notepad to view this file: C:\Windows\System32\Drivers\Etc\HOSTS. If there are any entries in the HOSTS file besides 127.0.0.1 Localhost, delete them all and then close Notepad, saving the changes.

 

[chrisrod01]

Could i Just reformat my computer ? Or restore but i dont have a restore just curious?

 

[mechBgon]

Reformatting is my preferred approach, if you're ok with that. Be aware that a "raw" WindowsXP installation is super-vulnerable to direct backdoor attack without any human involvement at all, unless your WinXP CD has Service Pack 2 already built into it. So if you reinstall, this page may help.

 

[chrisrod01]

My comp has a install os on my hd that i can reformat so if i make a copy of the sp2 and stay offline it will be another alternitive?

 

[mechBgon]

Yeah, you could just download the full-sized SP2 installer and save it on a CD-R. Just to emphasize this, by "stay offline," you want to have the computer's network cable fully unplugged, not just avoiding using email/web yourself. Worms attack directly from the Internet whether you use a browser/email or not, unless you've got a router to keep them at bay.