Removing The Msn Virus

Instant messaging has been increasing for years. And most popular IM software is Msn messenger. As the use of Msn messenger increases, more worms and viruses get propagated through the messenger. Here’s the latest one usually called the Msn virus.

Technical Names:

Also known as W32.Mimbot.A, W32/Delf-EXR, WORM_IRCBOT.AJY

What it does:

It comes through Msn messenger as an attachment. Once executed, it creates the following files:

• %Windir%\PictureAlbum2007.zip (A zipped copy of the worm.)
• %System%\prodigys323.dll
  or
• %Windir%\myphotos2007.zip
• %System%\newsystem25.dll

It then creates some of the following registry entries so that it runs every time Windows starts:
? HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{448BAC42-AABD-42C5-A550-826BF4AF4BB3}\InProcServer32\”(Default)” = “prodigys323.dll”
? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\ShellServiceObjectDelayLoad\”prodigy1″ = “{448BAC42-AABD-42C5-A550-826BF4AF4BB3}”
? HKEY_CLASSES_ROOT\CLSID\[RANDOM CLSID]\InProcServer32\”(Default)” = “newsystem25.dll
The worm then opens a back door through an IRC server on the ns5.landpurchased.com domain on TCP port 81 or through the https.bindshell.info IRC server on TCP port 81 and awaits further commands from a remote attacker that allow it to perform various actions, including downloading and executing remote files.
It then sends itself to all the Msn contacts available. You can read more detail about the worm here.

The Msn Virus Killer

So here?s the Msn Virus Killer which deletes the above mentioned files and registry entries automatically. This tool also has an option to restore your default Windows settings. This tool is in beta right now so please give feedback of what you experience.

Download Msn Virus Killer

Please download Smart Antivirus from the following URL:
http://technize.com/downloads/