IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Bropia.A Virus Scanner: test & report, a new MSN Messenger worm on the loose!
dwergs
post Jan 21 2005, 05:20 PM
Post #1


Mess.iah
Group Icon

Group: Dwergs
Posts: 189
Joined: 1-September 04
Member No.: 2



I've just added a tool to Mess.be that tries to detect and clean the Bropia.A worm which is spreading through MSN Messenger file transfers. Test it and please leave your comments below. We're trying to optimize it as good as possible and make it 100% accurate!
Go to the top of the page
 
+Quote Post
Homer4322
post Jan 21 2005, 05:52 PM
Post #2


Mess.beaver
***

Group: Members
Posts: 102
Joined: 5-October 04
Member No.: 1,044



my virus scanner already picks it up but i would wonder if you could show me the code to make something that would find a virus and remove it (or didn't you make it)
Go to the top of the page
 
+Quote Post
john
post Jan 21 2005, 06:15 PM
Post #3


Mess.bedbug
*

Group: Members
Posts: 26
Joined: 21-January 05
Member No.: 4,710



QUOTE(Homer4322 @ Jan 21 2005, 06:52 PM)
my virus scanner already picks it up but i would wonder if you could show me the code to make something that would find a virus and remove it (or didn't you make it)
[right][snapback]32674[/snapback][/right]


We are aware that virus scanners often pick this trojan up. But not everyone has a virus scanner installed, and many people are often reluctant to download full softwares to isolate a single virus. Me included in this.

I for one would rather download a quick, non-installing, patch to an MSN virus, rather than paying for a full scanner and waiting for it to download.

This post has been edited by john: Jan 21 2005, 06:16 PM
Go to the top of the page
 
+Quote Post
XeroCool
post Jan 21 2005, 08:24 PM
Post #4


r0x0rz.info
*********

Group: Members
Posts: 1,292
Joined: 3-September 04
From: home/xerocool/
Member No.: 33



Can't give you much bugs/suggestions Dwergs since I'm not affected msn_happy.gif.
Go to the top of the page
 
+Quote Post
RebelSean
post Jan 21 2005, 11:13 PM
Post #5


Mess.becauseican
Group Icon

Group: Members
Posts: 3,753
Joined: 5-September 04
From: Tennessee
Member No.: 83



I know that this sounds stupid, but still. Were can I get the virus, and then use the tool to remove it. Just to make sure it works...Noone flame me for that.. kthnx.
Go to the top of the page
 
+Quote Post
Stigmata
post Jan 21 2005, 11:40 PM
Post #6


Mess.betterthanyours
Group Icon

Group: Supervisor
Posts: 1,951
Joined: 5-September 04
From: Uk
Member No.: 79



tryed helping this girl i know cus she has the virus..

but it cannot be found..
Go to the top of the page
 
+Quote Post
john
post Jan 22 2005, 01:31 AM
Post #7


Mess.bedbug
*

Group: Members
Posts: 26
Joined: 21-January 05
Member No.: 4,710



QUOTE(Stigmata @ Jan 22 2005, 12:40 AM)
tryed helping this girl i know cus she has the virus..

but it cannot be found..
[right][snapback]32772[/snapback][/right]


We are trying to find the numerous forms of the virus, so we can isolate as many forms andlocations of it as possible.

Already a few more locations that it saves to have been found, that Norton's website didn't list.

Could you possibly have her send you the oms.exe file, from system32 or C:, if it copied it?

Thanks.

This post has been edited by john: Jan 22 2005, 01:33 AM
Go to the top of the page
 
+Quote Post
Homer4322
post Jan 22 2005, 11:51 AM
Post #8


Mess.beaver
***

Group: Members
Posts: 102
Joined: 5-October 04
Member No.: 1,044



my fullvirus scanner is avg free edition which has updates regulary and has a massive virus database and lots of people say its better than norton i agree its found at www.grisoft.com
Go to the top of the page
 
+Quote Post
XtR0n Ak3R
post Jan 22 2005, 02:01 PM
Post #9


www.adrian-thomas.com
******

Group: Members
Posts: 733
Joined: 27-September 04
From: Scarborough, England
Member No.: 348



QUOTE(Mess.be Fanatic @ Jan 21 2005, 11:13 PM)
I know that this sounds stupid, but still. Were can I get the virus, and then use the tool to remove it. Just to make sure it works...Noone flame me for that.. kthnx.
[right][snapback]32769[/snapback][/right]

Google, look up file names etc. but im not helping you any more, because you'l probably get me in trouble for talking about them:p
Go to the top of the page
 
+Quote Post
Navy
post Jan 25 2005, 12:42 AM
Post #10


Mess.bean
*

Group: Members
Posts: 1
Joined: 25-January 05
Member No.: 4,879



The removal tool don't detect the virus for me.
I delete it manualy.

And it's under a diffrent name for me.
'Funny.exe'

Nice tool, unforunetly it don't work for me.
Go to the top of the page
 
+Quote Post
Shockmaster321
post Feb 2 2005, 02:38 AM
Post #11


Mess.bean
*

Group: Members
Posts: 1
Joined: 2-February 05
Member No.: 5,099



I know this is meant for Bropia.A virus scanner, however i feel that their is an important issue that need's to be made clear here. So far today, i have gotten 10 of my msn contacts desperatly seeking help because they had the Bropia virus. However, i did some reading, and they have Bropia.C, so i would like to request that the developers of the Virus scanner make one for C, as it is affecting most of my msn contacts. If you can that would be great
Go to the top of the page
 
+Quote Post
Remog
post Feb 2 2005, 07:22 AM
Post #12


Ώ Asher
*

Group: Members
Posts: 24
Joined: 31-October 04
Member No.: 2,217



Norton Antivirus detecs it anyway,

I'll get the virus and try the scanner and see if it works or not, if not ill post here and rid it with norton.
Go to the top of the page
 
+Quote Post
Jase
post Feb 2 2005, 02:31 PM
Post #13


Jea ● ye ● se
***********

Group: *Valued Members
Posts: 2,111
Joined: 3-September 04
From: Melbourne.
Member No.: 30



my friend got it scnanned and found nothing btw, i left auto accept for a friend and they got the virus thus sent it to me, so does this virus auto run or does one have to run it?
Go to the top of the page
 
+Quote Post
john
post Feb 2 2005, 07:46 PM
Post #14


Mess.bedbug
*

Group: Members
Posts: 26
Joined: 21-January 05
Member No.: 4,710



yes, its quite interesting. it seems that the virus comes in many different forms, bropia b and c of which drop a different kind of worm variant to a.

the files also seem to be saving to different locations than the ones specific on many anti-virus documentation websites.

if we could get hold of any copies of the variants it copies:

CZ.exe and OMS.exe

then we can try to form a new, small patch. if we had these files we could make it scan further into the users' computers.

the virus scanner isnt intended to replace the other scanners like AVG, it is simply a small patch to get rid of it - but it seems the new forms are posing an issue.
Go to the top of the page
 
+Quote Post
john
post Feb 2 2005, 07:48 PM
Post #15


Mess.bedbug
*

Group: Members
Posts: 26
Joined: 21-January 05
Member No.: 4,710



QUOTE(Jase @ Feb 2 2005, 03:31 PM)
my friend got it scnanned and found nothing btw, i left auto accept for a friend and they got the virus thus sent it to me, so does this virus auto run or does one have to run it?
[right][snapback]36538[/snapback][/right]



no virus auto-runs, it has to be opened on the target computer to be infected. hence the file names that resemble "photo" filenames, to entice people to open them.
Go to the top of the page
 
+Quote Post
Lord d'Eath
post Feb 2 2005, 07:53 PM
Post #16


Web2Messenger Creator
Group Icon

Group: Admin
Posts: 3,862
Joined: 28-January 05
From: Southampton, UK
Member No.: 4,988



.pif is the oldest file extension used by viruses. It's been around for ages. I was getting .pif viruses back in 1998 when I first had access to a computer for any reasonable amount of time. Last week was the first time that I've heard of it being similar to a "picture file"... If it was a picture then MSN would give you a preview of it msn_wink.gif
Go to the top of the page
 
+Quote Post
Broomop
post Feb 9 2005, 11:04 PM
Post #17


Mess.bean
*

Group: Members
Posts: 6
Joined: 9-February 05
Member No.: 5,305



Heres a guide that will kill any future bropia virus threat, but may stop some addons from working. From using this method i actually have not had any trouble using the stuff plugin and the msg plus! installment. If you use windows messenger this will not work for you, as the Bropia Viruses uses this, and that is how to stop it. If you do not understand what i mean by this read these simple steps to protect yourself against the Bropia Virus This Guide has only been tested on WINDOWS XP i do not think this will work on other OS's:

The file is usually located in C:\Program Files\Messenger\msmsgs.exe
if you have this folder but dont see the file, then goto tools > folder options > View(TAB) > Show Hidden Files And Folders

Then just rename it to anything but dont delete it because you may need it, for somthing later. The reason this stops it is because Bropia needs these libarys to send its virus!!

If this fails try this:

Use the search tool in windows, make sure you goto advanced and search through hidden files and folders. find msmsgs.exe rename it to somthing you can later search for again.. done


Hope this helps some people in fixing the problem, this will kill the Bropia virus from infected other users. But it wont stop it dropping files here there and everywhere so using the mess.be cleaner when you think you have had the virus is essentional to use as well.


Maybe someone can make a simple file to do this for people, i cant be bothered and wrote this guide on how to manually do it instead msn_tongue.gif
- Broomop

This post has been edited by Broomop: Feb 9 2005, 11:24 PM
Go to the top of the page
 
+Quote Post
Milford_Cubicle
post Feb 14 2005, 05:46 PM
Post #18


Mess.bean
*

Group: Members
Posts: 6
Joined: 15-November 04
Member No.: 2,717



Does it affect msn 7?

Because on the microsoft website they want 'customers running a vulnerable version of MSN Messenger' to patch it, but there is nothing about version 7, so is it not vunerable, or have they just not got a patch?

http://www.microsoft.com/technet/security/...n/ms05-009.mspx
Go to the top of the page
 
+Quote Post
Lord d'Eath
post Feb 14 2005, 10:18 PM
Post #19


Web2Messenger Creator
Group Icon

Group: Admin
Posts: 3,862
Joined: 28-January 05
From: Southampton, UK
Member No.: 4,988



The vulnerability they were referring to was the display picture exploit in all versions prior to the version of 6.2 released a few days ago. You will be unable to sign in if you havn't upgraded.

This virus DOES affect MSN 7, as far as I know, because it still requires the receiver to execute the file.
Go to the top of the page
 
+Quote Post
tdaiyan
post Sep 11 2005, 10:37 PM
Post #20


Mess.bean
*

Group: Members
Posts: 1
Joined: 11-September 05
Member No.: 12,515



Hi everyone,I am just new here.I have just read all the posts.

Anyway,I have recently handelling this virus thing and ended up exploring msntoday's codes without any tools. However,I have found a bug in there as well.I just don't know whether this is the right pole to talk abt it.As I said,I am new here.

Apart from that I want to know one more thing.Is anyone in this site already decoded msntoday's code.Is it easy to do or I have just luckily did this?will be waiting for the answer........

Ray
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 17th August 2018 - 05:08 AM
2004-2008 Seb Skuse, mess.be.
MessForum v6.1.4 - created for, and for use only by mess.be.