Spyware, Viruses, & Security forum

General discussion

haha, is this really you? msn messenger virus

by ant9985 / October 21, 2005 10:49 PM PDT

hi, last night i got an msn message from somone on my list, it read something like this: 'haha, is this really you? (then after had some numbers and a website which was like www.messengertools.com and had my email address on the end. as it was a friend and i thought it was some funny picture or something i clicked on it, and downloaded the file. when i tryed opening it, it said it cant open, then i tryed using the internet, and i couldnt access any websites, i asked my friend what he sent me, he said he didnt send me anything. also norton IS doesnt work now aswell, and system restore is allways being turned off so i have no restore dates. also when i press ctrl alt delete, the processes menu apears, but after a few seconds closes itself as does reg. edit. im currently using my mothers computer to talk on here. does anyone know what this virus is? and how to remove it? it came from the website: www.messengertools.org or .net cant remember exact site. any help appreciated, thnx

Discussion is locked
You are posting a reply to: haha, is this really you? msn messenger virus
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: haha, is this really you? msn messenger virus
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hi ant9985
by roddy32 / October 21, 2005 11:47 PM PDT

There and many, many viruses/trojans/etc. floating through all the messengers. We need the name of it to help you. Try doing a scan with your Norton and any spyware scanners that you have while in safe mode if you can get in there. Here are the directions for that.
http://www.pchell.com/support/safemode.shtml

Collapse -
no success
by ant9985 / October 22, 2005 7:35 AM PDT
In reply to: Hi ant9985

well i have tryed extensivly to find the file name of the virus for you, but no luck im afraid. the problems with processes menu and reg. edit closing after a few seconds have suddenly vanished, so all that remains is not being able to go on websites. i tryed my file sharing program, and that worked fine, im pretty sure other things work aswell on the web, its just norton doesnt work at all, and i cant access webpages.

Collapse -
WHAT are you using for
by roddy32 / October 22, 2005 7:48 AM PDT
In reply to: no success

AntiSpyware Programs? Norton is for Viruses NOT spyware or trojans although it WILL deal with a few of them, this MAY be spyware or a trojan. Norton will not even work in safe mode? Are you getting for error messages and exactly what do you mean by "norton doesnt work at all"?

Collapse -
Some things to try
by steve11375 / October 22, 2005 7:58 AM PDT

Hi Ant,

Here are a few suggestions of things you can try:

1. http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=1313&messageID=15002 This is a whole suite of utilities. Run all of these first.

2. Microsoft Anti-spyware get it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

3. Try Ewido Security suite get it here http://www.ewido.net/en/download/

Report back on these things first, if nothing shows up then we can give you instructions for Hijackthis to try.

Hope that helps,
Steve

Collapse -
tryed some of those allready
by ant9985 / October 22, 2005 8:56 AM PDT
In reply to: Some things to try

what i mean by norton not working, is that it doesnt load at startup and when i double click on it on desktop, it gives me a message saying it failed to load, or something, do u want to send message to microsoft about it. norton wont work in safe mode either.

thnx for the links to software but i have allready tryed 3 of those, please bear in mind though that i cant access the internet, so online scanners arent any use. I have tryed adaware, spybot, spyware doctore, sting and a few others.

iv found some information on the problem and gonna go try that now, thnx a lot for all the replys and ill post back here if i dont have any luck

Collapse -
(NT) (NT) OK, Keep us posted if you need more help.
by roddy32 / October 22, 2005 9:02 AM PDT
Collapse -
W32.serflog.b
by ant9985 / October 22, 2005 8:22 PM PDT

hi, i searched around a bit, and one of the msn viruses that was mentioned on a website was W32.serflog.b i searched the registry for it, and there it was, W32.serflog.b so im pretty sure thats whats been stopping my norton from working and stoping me from accessing websites. When i looked on norton website they said that it stops u accesing security websites not the whole net, which is kinda worrying. i think that trojan that my virus scanner deleted has messed it up as i can access msconfig and regedit and stuff which im not suppose to be able to if i have this virus. norton says i need to scan with norton antivirus and delete the file which is a bit of a joke as the virus stops norton from working. What i could do is delete the string: W32.serflog.b in the reistry but iv got a feeling this wont cure my net problems, does anyone know how to completely remove this virus and restore internet settings that it ruined somehow?

Collapse -
I am not a malware removal expert but
by roddy32 / October 22, 2005 8:51 PM PDT
In reply to: W32.serflog.b

I would suggest that you download HijackThis on to a floppy using the good computer and load it on to the infected one and follow these instructions and post a log at a HijackThis expert forum (NOT) here please. THEY will walk you through it. Hopefully you already have some of the programs at the bottom of this post. HJT is a very powerful tool and only advanced users should use it.

Please. post your HJT logs in one of the following HJT forums:

- http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
- http://forums.spywareinfo.com/index.php?showforum=18
- http://forums.subratam.org/index.php?showforum=7

Attention: You have to register to be able to post your HJT log !!


HijackThis download locations:
http://castlecops.com/zx/Merijn/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://downloads.subratam.org/hijackthis.zip

It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis creates will not be accidentally deleted.

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed on)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to ''HJT'' or ''HijackThis''. Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.

Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post the log file in any forums that offers HijackThis analysis.

Most of what it lists will be harmless, so do not fix anything yet.

BEFORE you post your HJT log - it would be appreciated if you would :

Download and install the following programs, If they're not on your computer, yet:
- AdAware SE : http://www.lavasoftusa.com/support/download/
- Spybot 1.4: http://www.safer-networking.org/en/mirrors/index.html
- CCleaner: http://www.ccleaner.com/ccdownload.php
Download CWShredder: http://www.intermute.com/products/cwshredder.html
and put it in it's own folder, f.e. 'C:\CWShredder' or C:\Program Files\CWShredder'
- Microsoft AntiSpyware Beta:
http://www.microsoft.com/athome/security/spyware/software/default.mspx


Please be PATIENT - For those of you looking for assistance with HJT logs, please be patient. The experts are really swamped with requests to have logs reviewed etc. If they do not get with you immediately it only means they are helping someone else. Remember they do this free of charge and in their spare time so please be patient.

Collapse -
thnx
by ant9985 / October 22, 2005 9:09 PM PDT

ok thnx very much

Collapse -
(NT) (NT) You're welcome and Good luck to you.
by roddy32 / October 22, 2005 9:43 PM PDT
In reply to: thnx
Collapse -
Same type of virus bt diffrent type of effects.
by Brandl / October 23, 2005 3:12 PM PDT

Hi. I've got the same type of virus as ant does(haha, is that really you?). But now the computer is messed up. Whenever i try to turn on my computer, after the screen loads, in a few seconds the entire computer goes to the blue screen that shows <ESC=Boot Menu> <F1=Setup> <F10=System Recover> (Windows XP Home Edition). Whenever I try to reboot the computer, it shows the same thing over again. I tried using the system recover But it does not respond. Now I can't even access the computer without it blinking off in a few seconds. I'm using my backup computer here so.. Please help me!

(P.S. I installed the Windows XP Service pack 2 shortly after i got all the symptoms ant got, but without knowing that i got the virus)

Collapse -
I think I know the name of the virus I have it too
by storm_gal / October 23, 2005 8:58 PM PDT

hey I think I know the name of the virus I got information on how to get rid of it from this website:

http://forums.happy-messaging.com/discuss/messages/35/35.html

apparently its a worm called svshost.exe

anyways I followed the instructions on this website and located the folder where it is and the file name but I can't seem to do the next step which was to get hijackit.exe and do a scan looking for particular files listed.

The problem is that I downloaded the hijackit program but when I go to run it, it only stays up for like 5 seconds and then it shuts down on me so I can't locate the files to delete them.

I also have the same problem when I try to run msconfig to get rid of the file from the startup list.

If anyone knows how I can access this stuff without it shutting down on me or another way around it, it would be very much appreciated.

Oh by the way I'm using windows xp home edition

thanks.

Collapse -
Please follow the advice that was posted
by roddy32 / October 23, 2005 9:16 PM PDT
Collapse -
Can't get onto the computer desktop
by Brandl / October 23, 2005 9:59 PM PDT

I can't even enter the computer desktop, let alone do anything but enter the setup menu. I tried using system restore but no use. The only thing now I can think of is system recover. I can't stay on the desktop for more than a few seconds before it transfers me to the screen where it shows <ESC=Boot Menu> <F1=Setup> <F10=System Recover>. I'm stumped. Help!

Collapse -
As I stated before, I am
by roddy32 / October 23, 2005 10:16 PM PDT

NOT an expert which was why I recommended posting in one of the HJT expert forums that are listed in my previous post. THEY would be able to offer you better advice than I can.

Collapse -
I have fixed the problem
by johnpierre / October 25, 2005 1:41 AM PDT

Hi
I had precisely the same virus, with the same symptons i.e no Norton, cant get into registry, system restore not working.
What i did was visit www.symantec.com, then click on the security response tab along the top.
Then scroll down to 'check for security risks' click on that, this will then scan your computer and give you a read out at the end with the name of the viruses that are on your computer.
I then printed that out and telephoned symantec support 02076165813, you will hear some options, please choose virus removal support.
They where brilliant they guided me through a very complicated procedure and eventually i got rid of the virus, my computer is working better than ever now.
If you want any more info you can email me on jpierre@ntlworld.com
Good Luck!

Collapse -
weird variation of virus
by IAmAdam / October 26, 2005 12:43 AM PDT

fortunately, i didn't restart. my computer is actually working relatively normal. internet is fine task manager is normal..as far as i know. But the msconfig refuses to stay up. that's the only thing that is telling me the stupid virus is still on my system. when i got first got it i think i deleted all my cookies and internet files. whether or not it helped i don't know. anyone else have this happen?

Collapse -
something similar...
by dchas / October 26, 2005 1:09 AM PDT

I got the "haha is this you?" followed by the messengerstats page... and I had a brain fart by letting that go through.

My internet works fine... my norton doesn't seem to work and I cant log on to msn messenger or any symantec wed pages. I can pull up msconfig and turned off csrss for startup...originally it closed after 2 seconds but now it doesnt, I cleared out all the csrss files that I could, I understand that csrss is an important file on a normal functioning computer, this virus disguises itself as it....

I've used all of those original programs recommended with little success (starter, ccleaner, adaware and even ewido)

Help?

Collapse -
more info
by dchas / October 26, 2005 1:12 AM PDT
In reply to: something similar...

Im using XP Home

I also cleared out netstat.exe

And Ive rebooted quite a few times hoping different methods had worked...to no success.

Collapse -
I found a solution to the msn virus problem
by storm_gal / October 26, 2005 3:13 PM PDT
In reply to: more info

hey I finally found the solution to get rid of the msn messenger virus. Since I knew the name of teh virus I got from the haha is this u link thing I downloaded the following program and scanned my computer and it found it and delted it.

here is the link:

http://www.superadblocker.com/definition/svshost/

The name of the worm is svshost, I had the same problem with the msconfig not staying up for more than 3 secs and so forth.

Everything works good now so well this might help some people out.

Collapse -
There is a new variety of this virus thingy out there...
by seraphs_scepter / October 25, 2005 4:28 PM PDT

And this is how I cured it.

Here is the message I got from a good friend.

"wow, this is you? http://www.messengerstats.net/profile.php?msn=[my e-mail address]"

I clicked the link, downloaded the file, and it autoran the executable, corrupting my computer.

First, do NOT restart your computer until the following is done.

1)"Start"/"Find"/vzxeeg -- there should be a folder called vzxeeg. Delete it. Also, while you're at it, delete netstat.com, and netstat.exe, if they are on your computer.

2)msconfig editing -- go to "Start"/"Run" and run "msconfig" (w/o quot. marks) Click the "Startup" tab. Deselect "CSRSS", and "load=" and "run=" if they are listed. If not.... well, I'll follow up on that. My friend is also infected with the virus, but it's a little different on his computer since he restarted...

3)Final cleanup -- "Start"/"Find" -- look for any fragments of csrss and delete them. You don't want this on your computer.

I hope I've been a help to someone. If you need more help, reply -- I'll be checking this forum for a few more days after today (10/25/05).

Collapse -
After a restart
by DragonKid / October 25, 2005 4:45 PM PDT

What do you do if the computer was restarted? My roommate had this happen to his computer and he restarted it before your post came along. How do we get rid of it after he restarted it? Please help!

Collapse -
help please
by gchamp6 / October 25, 2005 4:53 PM PDT

yeah i have that virus and i did restart my computer already, my norton does not work so i downloaded a trial version of norton and that doesnt work either. i can use the internet, but i cant go to any webpages that would take me to symantec support. so if you have a solution for me that would be great!!!

Collapse -
This MSN Virus
by shaps2k / October 25, 2005 5:04 PM PDT
In reply to: help please

If anyone knows the actual virus' NAME, then you can go to

http://securityresponse.symantec.com/avcenter/tools.list.html

There, you can download a tool to remove that virus. I personally have NO idea what the name of the virus is, and if I could figure that out, I could download the appropriate tool, but there are 88 tools, and at about 10 minutes a tool, well, you do the math...

Collapse -
Can't find vzxeeg
by jsylum / October 25, 2005 5:08 PM PDT
In reply to: help please

Hi,
I have the same problems and also restarted my computer already. I tried to look for the file vzxeeg anyway and couldn't find it. I did find the netstat stuff though. I deleted them but i doubt it really helps me right now. I tried to run msconfig but it shuts off after two seconds, just like my microsoft antivirus program. When I am connected to the internet, my pages get hijacked and my MSN gets turned on automatically. Please please help! Thanks a million.

Collapse -
Hidden files displayed? (also, may have the ID of the virus)
by seraphs_scepter / October 26, 2005 9:39 AM PDT
In reply to: Can't find vzxeeg

(Ok, first of all, my OS is Windows 98SE, so things might be a bit different for all you XP/NT/etc. users out there...

Oh, and I'm no computer expert either, just someone with some experience.)

If you have hidden files set to not be displayed (which is part of the virus' programming), you MAY not be able to see the folder (I'm not sure -- I removed the folder yesterday). Go to any folder, "View"/"Folder Options...", click the "View" tab, look under "Hidden Files", and click "Show All Files". Now, hidden files will be displayed. Try finding vzxeeg now -- it just might work.


I was searching through Symantec.com, and this virus seemed unusually close to the one being discussed.
It's not the same, I don't think, but.... very similar.

http://securityresponse.symantec.com/avcenter/venc/data/w32.chod.d.html

Good luck with all your computers! Don't lose hope!

Collapse -
me too....:(
by madnc_8 / October 25, 2005 10:27 PM PDT

hi
i also have this virus, its getting around a bit isnt it lol..
i did the reboot as well, so i'd be greatful to hear what you come up with from

i managed to load it up in safe mode with networking so i could get msconfig to stay up for longer than a seccond.... so i was able to disable the CSRSS file.
it wont allow me to delete teh files on the comp though.

cant find vzxeeg at all however.....

Collapse -
same here
by evylldemon / October 26, 2005 1:21 AM PDT
In reply to: me too....:(

i managed to disabe csrss from the startup by clicking very quickly before it closed, haha. i deleted the appropriate csrss files by checking when they were created, i left two because they were created when i got my computer so they are probably legit. i also found a file in Prefetch called "myemailadress"@hotmail.com ######## that was also created when the virus was downloaded so i deleted that aswell. i can find that other file that was mentioned and the problem doesnt seem to be fixed. my norton still doesnt work and the startup still closes seconds after i open it.
im looking forward to someone posting a fix for it for people who have already restarted their computer. this is the only place ive found where people have even discussed this.

Collapse -
Got Rid of it.
by mparentrt / October 26, 2005 2:38 AM PDT
In reply to: same here

Had the is this really you virus, Tried everything I could with no success. Made sure that I had all the software/drivers I needed handy. Saved all files that I wanted to keep from my PC on CD's and did a fresh install. Sorry but I think it's the only way........

Collapse -
reformat eh?
by helenkadeca / October 26, 2005 8:29 AM PDT
In reply to: Got Rid of it.

i think your right.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?