It happens to the best of us...

image

What do you get when you combine a busy evening, an ongoing IM chat and a moment of inattention?  You get what you see to left of screen.

Note that I declined the download... don't play with with fire by downloading the virus, even if you know what it is and just want to experiment.

My infected correspondent is a high-calibre computer professional - right up there with the best of them - but as this incident shows, even the best of us make mistakes.

For what its worth, the PC was isolated from the internet within 5 minutes of the infection occurring.  No word, yet, on how easy or difficult it was to clean, or if it was given a name by the clean-up tools used, but from what I can see it was this one:

http://www.k7computing.com/virusdetails.asp?virusid=46459

Published Thu, Oct 23 2008 12:27 by sandi
Filed under:

Comments

# re: It happens to the best of us...

Wednesday, October 22, 2008 10:33 PM by Cliff S

I often get infected links thrown at me by infected people on my list. Haven't had any odd files pushed towards me yet however.

# re: It happens to the best of us...

Thursday, October 23, 2008 12:46 AM by mechBgon

He/she might want to look into low-rights accounts and Software Restriction Policy, if his/her version of Windows features SRP.  This is a great proactive safeguard when handling malware.

http://www.mechbgon.com/srp

Tom McFadden

MVP - Windows Desktop Experience

# re: It happens to the best of us...

Friday, October 24, 2008 8:06 AM by Kimberly

MSNFix is the way to go to clean these infections up. They usually are nasty irc bots.

Download is available here:

sosvirus.changelog.fr/MSNFix.zip

Extract all files and launch MSNFix.bat

Note: Under Vista UAC should be disabled the time of the cleanup.

# re: It happens to the best of us...

Saturday, October 25, 2008 12:15 AM by Mark Odell

mechBgon wrote:

> He/she might want to look into low-rights accounts and Software Restriction Policy, if his/her version of Windows features SRP. This is a great proactive safeguard when handling malware.

Better still, s/he might want to look into disabling the ability of the IM client to auto-convert text URLs into clickable hyperlinks. For instance:

www.mess.be/msnmessenger75.htm (under "Security Options")

This is an even-greater proactive safeguard against ever needing to "handle" malware resulting from "accidental" clicks. (And, if the IM client doesn't allow that to be disabled, s/he might want to ask the question "Why not?".)

I would also be curious about exactly what it is that's pre-enabling a clicked-on _ZIP file_ to unpack--and automatically run--unknown executables leading to malware infection. What's "arming" that "bomb" for the user to trigger?