Msn Link Virus

[BallisticMissle]

Im attempting to fix my friends computer, where he accidently clicked on a link on msn messenger(www.vbullentin.com or something like that) then ended up puttng a virus of some-sort on his computer.. Its done more than spam the people on his MSN, it has also shuts down everything he uses, like he trys to open norton, it shuts down, ive tried hijackthis and it just shuts and probably a few other programs.. Ive tried to go to Safe mode but his computer just freezes when its go into safe mode.. He basically cant do anything except go on msn and go to some sites on the internet. Well Hes running Windows XP and using mozilla. What can we do?
PS: Hes tried reinstalling msn and norton etc. but to no avail

 

[mechBgon]

1) Uninstall whatever antivirus software is installed now, and install a 30-day trialware of Kaspersky Antivirus Personal 5 from http://www.kaspersky.com/trials .

2) Go to the Threats And Exclusions panel and enable scanning with Extended Databases.

3) Max out the real-time and on-demand scan options.

4) Reboot into Safe Mode and do a full scan in Safe Mode.

Kaspersky has detection for that one, as I just noticed from their weblog at http://www.viruslist.com/weblog. They're also excellent in general, can't say no to 30 days of free Kaspersky Hope that helps!

 

[BallisticMissle]

K i got it installed but i got a error note when i load it up saying there was an error opening and i should reinstall but ive tried reinstalling like twice and same thing still pops up everytiume

 

[mechBgon]

Ok, next... right-click & save this text file and get the manual scanning utility it mentions. Unzip it as directed, then reboot into Safe Mode and run it using the command line in the text file. It may help clear the way for Kaspersky to install and run normally.

 

[mechBgon]

Researching it a little more, this is what Symantec/Norton calls W32.Chod.D. In addition to preventing various antivirus software from running, it also modifies your HOSTS file to keep you from getting updates.

If today's McAfee manual scan utility doesn't get it, try again in about 24 hours, because McAfee updates that thing every day at the least. Since it needs no installation, it can be run in Safe Mode and you can yank the rug out from under that worm and then restart in Safe Mode and try again with Kaspersky.

Bigger picture: any chance you could break your friend of the habit of IM'ing from an Administrator-class account? If he'd used a Limited account, this worm would probably have fallen flat on its face for lack of sufficient authority to write to his Windows directory initially. If you want to try that idea, I can help you get it set up.

 

[BallisticMissle]

Alrite well his computer has come to complete weirdness, so we've decided to reformat it, thanks for the advice

 

[mcfatty2]

YOU! no one has posted on my forum thing ='(