PDA

View Full Version : Warning!!! Icq Virus Link On The Lose!!


landslot79
23-02-2004, 11:39 PM
There is a virus spreading in ICQ
PLs dont not click on the link as followed below

www.jokeworld.biz/index.html

IT will auto install a trojon horse in ur pc and u wont be able to get in ur icq after u restart ur pc..

Test and done.. so is real :P

WAYS TO FIXED IT.

(Taken from HWZ)
icq main button -> preferences->alerts and notifications->sounds->
u shld see e current sound scheme as meine[1]
click on e delete button to delete it n set back to ur own sound scheme.
restart ur pc, tis file'll auto-run(u won't notice it unless u hav zonealarm)
press Control-ALT-Delete to open e task manager.
go to process page, find a file "alsdfkj.exe" n click on END PROCESS ONLY FOR THIS FILE

then go to c:\documents and settings\[username]\local settings\temp\
u shld be able to see this file "alsdfkj.exe"
DELETE it! and clear ur internet explorer cache

Just to play save as once u restart ur pc go and change ur icqpassword ASAP!!

Hope that it help those who kana this :)

landslot79
23-02-2004, 11:42 PM
Ya forget to add that once u kana the virus, u will notice that ur icq 'uh-oh' sound is no more and become silent..

firey
24-02-2004, 12:06 AM
argh..i clic on the link..

landslot79
24-02-2004, 12:15 AM
argh..i clic on the link..

ERrrr.. tell u dont click laio :rolleyes:

USe ur Virus Scan to scan ur pc now.. it will have a virus install in ur harddisk..

Good luck

firey
24-02-2004, 12:18 AM
followed yr instructions..
now icq can boot up
using my scanner to can if got any exra stuff

landslot79
24-02-2004, 12:18 AM
About the virus i found using NAV

Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.


Also Known As: Exploit-ByteVerify [McAfee], Exploit.Java.Bytverify [KAV], JAVA_BYTVERIFY.A [Trend]

Type: Trojan Horse
Infection Length: various



Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
CVE References: CAN-2003-0111

Ah Ben
24-02-2004, 03:43 AM
I did click at that link before from my icq message, but i followed what u mention... icq main button -> preferences->alerts and notifications->sounds, but i never see anything like "meine[1]".... :scratch: That mean i never kena that Trojan Horse?

landslot79
24-02-2004, 01:12 PM
I did click at that link before from my icq message, but i followed what u mention... icq main button -> preferences->alerts and notifications->sounds, but i never see anything like "meine[1]".... :scratch: That mean i never kena that Trojan Horse?

Did u still restart ur pc and also u are using IE ya?
most of us when click on the link will have the virus installed in the pc unless u are not using IE and ICQ.

landslot79
24-02-2004, 01:14 PM
Forget to add... did u lose ur 'uh-oh' sound??
That is the very first sign of ur icq being infected

Chemiluminescent
24-02-2004, 01:14 PM
Actually I was at the page when IE prompted me to install meine.scm or something.. which i straightaway clicked 'no' and left the site. I hope that won't affect the system.

landslot79
24-02-2004, 01:26 PM
Actually I was at the page when IE prompted me to install meine.scm or something.. which i straightaway clicked 'no' and left the site. I hope that won't affect the system.

Should be safe and sound.. but how come ur IE prompt you as many of my friends including me, the IE auto install and run that stupid files.. wat level u set in ur IE???
Share with us.. so next time this type of things wont happen to us again

Ah Ben
24-02-2004, 01:52 PM
Did u still restart ur pc and also u are using IE ya?
most of us when click on the link will have the virus installed in the pc unless u are not using IE and ICQ.
I'm using IE and ICQ, i've disable the uh-oh sound long ago... so can't tell...

Ah Ben
24-02-2004, 01:54 PM
Actually I was at the page when IE prompted me to install meine.scm or something.. which i straightaway clicked 'no' and left the site. I hope that won't affect the system.
U reminded me, i think i also clicked no... hope i never get that damn virus... cb, my friend sent me that virus some more! :(

Chemiluminescent
24-02-2004, 04:34 PM
U reminded me, i think i also clicked no... hope i never get that damn virus... cb, my friend sent me that virus some more! :(
Relak. Your friend don know abt it oso. Can't blame him.

But i find it fishy becos' it was sent to me by a friend whom i long time never talk to liao :laugh: and even before my other computer kena that, I msg him that, 'I think there's something wrong with the site'. He never reply me. :rolleyes:

Chemiluminescent
24-02-2004, 04:35 PM
I'm using IE and ICQ, i've disable the uh-oh sound long ago... so can't tell...

Same here! but my bro didn't disabled the sound. So when this morning I started up his comp (which is faster), there was no horn and I couldn't run ICQ. Bo bian have to use another comp, then happen to read abt the ICQ virus :angry:

Chemiluminescent
24-02-2004, 04:37 PM
Should be safe and sound.. but how come ur IE prompt you as many of my friends including me, the IE auto install and run that stupid files.. wat level u set in ur IE???
Share with us.. so next time this type of things wont happen to us again
Sure. But let me go and chk the computer and see the different settings. Apparently, that computer prompted me abt the file while this computer i'm using now didn't. Else my bro wouldn't have got it last night without even knowing it.

. lala .
24-02-2004, 05:45 PM
I'm using trillian so how am I to tell? I received the link and I think I clicked "no" as well when prompted.

landslot79
24-02-2004, 06:21 PM
U reminded me, i think i also clicked no... hope i never get that damn virus... cb, my friend sent me that virus some more! :(

Ur friends also dont know that they send as it will auto pass the link to those in ur list... so u dont blame them.

Worst still if ur friends dont even know if they have already kana the virus. :|

lyk13
24-02-2004, 08:18 PM
landslot79: I think it's the setting "Enable Install-On-Demand(Internet Explorer)".

Anyway, I long time never activate my ICQ already....so wun gana.

Clara: Think it's ok. Relax. :)

ciscoblue
25-02-2004, 02:26 AM
Any idea where is the website address?
I wish to go and find out what file is being downloaded..

devilion
25-02-2004, 10:51 AM
.... URL stated on the thread starter.

ciscoblue
25-02-2004, 08:08 PM
.... URL stated on the thread starter.

Hee hee, just found out that my zonealarm have blocked all the code and this website becomes unaccessable... :p

Tried to download the webpage but cannot. if able to download the webpage, then can see what the code is doing..

Ah Ben
25-02-2004, 08:35 PM
Ur friends also dont know that they send as it will auto pass the link to those in ur list... so u dont blame them.
Worst still if ur friends dont even know if they have already kana the virus. :|
Yap, called my friend and asked him, he watched that link & said the link will show a hamster talking or whatever and while you're watching this joke thing, it does something to your computer... then your icq automatically sends this link to all the ppl on your contact list... :( Poor thing...

lyk13
25-02-2004, 10:15 PM
Hee hee, just found out that my zonealarm have blocked all the code and this website becomes unaccessable... :p

Tried to download the webpage but cannot. if able to download the webpage, then can see what the code is doing..
Wah so strong ahz!? I dun wanna risk nevertheless....though I am using ZAP too....:)

. lala .
26-02-2004, 07:19 AM
lyk13: Okie. Thanks. :grin:

Ah Ben: O. It's during the loading of the clip? I got too tired waiting after like 30secs? Then I close the entire thing. :ls:

purecat
26-02-2004, 07:47 AM
so meaning if i am using trillian is safe?.... now i dun have any icq program on my pc.

lyk13
26-02-2004, 11:07 AM
so meaning if i am using trillian is safe?.... now i dun have any icq program on my pc.
Errrr...Trillian's ICQ also will pop out the URL window de.....if u click it, may have a chance to get it.

OKK77
26-02-2004, 03:02 PM
landslot79: I think it's the setting "Enable Install-On-Demand(Internet Explorer)".

Anyway, I long time never activate my ICQ already....so wun gana.

Clara: Think it's ok. Relax. :)
Nope, it is not exactly IE's fault though it shares part of the blame. ICQ is configured to download and run sounds/skin configuration files automatically. (-;

lyk13
26-02-2004, 11:44 PM
Nope, it is not exactly IE's fault though it shares part of the blame. ICQ is configured to download and run sounds/skin configuration files automatically. (-;
:eek7: What's that gotta do with ICQ itself? U open the URL in IE for most of the peeps' case and it IS the IE's configuration that allows/disallows auto-download.

Nolife
27-02-2004, 12:26 AM
information i get it from ICQ website. :grin:

The further spread of a worm through ICQ Pro versions has been blocked by ICQ

A worm that has been distributed via a Web site (jokeworld.biz ) has impacted a small number of ICQ Pro users.
All other versions of ICQ (ie. ICQ Lite) were not affected by this worm.

ICQ has already implemented a fix, which blocks any further distribution of the worm through ICQ Pro versions. The block was implemented by ICQ and does not require ICQ users to download any additional software.

For users that have been impacted, and are having trouble running ICQ Pro, please be assured ICQ is working hard on finding a solution so that you can get back to normal use of your ICQ as soon as possible.

Since worms and viruses are a general problem on the Internet, we always recommend that all users use updated anti-virus software.

http://www.icq.com/support/security/update.html

OKK77
27-02-2004, 10:30 AM
:eek7: What's that gotta do with ICQ itself? U open the URL in IE for most of the peeps' case and it IS the IE's configuration that allows/disallows auto-download.
The trojan code can't bloody run if ICQ doesn't execute it, duh!

lyk13
27-02-2004, 10:50 AM
The trojan code can't bloody run if ICQ doesn't execute it, duh!
:doh:

. inke .
28-02-2004, 05:06 AM
it affects icqlite users as well.... and the fix has not yet been implemented. in my friend's case he can't even launch his icq and the process and file cannot be found at all.
so he can do practically nothing.