To make your life easy, you can download a removal tool (thanks to Matrixalaya and YoTsi) to KILL this worm and remove related files.
————————————————————
Yesterday, I received a zip file without given second thought from my Window Live Messenger, then, I unzip the file and worst was I activated it. Immediately after that, my computer was infected by a worm.
This is how the worm spreads through MSN or Window Live Messenger.
After infected by that nasty worm, it will send out the file “img807.zip” together with messages look very curious to other contacts who currently on-line from your MSN or Window Live Messenger contacts list automatically. The other contacts will thought you are the one send out this file.
The messages send together with the file are as below
Did you take this picture? Is that you on the left? How drunk was I in this picture? Is that your mom in this picture? lol, your mom just sent me this picture?
(긴급공지) MSN 바이러스/웜 확산->MSN VIRUS 없애는 방법!
오늘 하루 종일 MSN 바이러스/웜 잡으려고 애쓴 결과, - 각종 spyware/ahnvaccin 등- 아래 방법이 그래도 가장 확실한 듯..
문제의 img807.zip 화일을 MSN 상에서 받아 열어보았다면,
1. 그 img807.zip 화일을 내컴퓨터상에서 검색하여 지우기 (난 my computer 에 당당히도 자리하고 있었음)
2. 바이러스 퍼뜨리는 vpcrtf.exe 도 파일검색하여 delete. vpcr 로 찾아보시길.
3. 그리고 아래의 site에서 removal tool 을 다운받아 vpcrtf 를 완전히 clean 할 것.
4. 그리고, MSN 에 공지나와있듯 msn install 다시 하고, msn 도구 옵션상에서 보안 적용 재확인하고(공지대로 설정), msn 다시 깔고 pin number 도 바꿔서 피싱도 방지할 것... 휴...
20070815 JK
Beware of a worm spreads through instant messengerUPDATED:
To make your life easy, you can download a removal tool (thanks to Matrixalaya and YoTsi) to KILL this worm and remove related files.
————————————————————
Yesterday, I received a zip file without given second thought from my Window Live Messenger, then, I unzip the file and worst was I activated it. Immediately after that, my computer was infected by a worm.
This is how the worm spreads through MSN or Window Live Messenger.
After infected by that nasty worm, it will send out the file “img807.zip” together with messages look very curious to other contacts who currently on-line from your MSN or Window Live Messenger contacts list automatically. The other contacts will thought you are the one send out this file.
The messages send together with the file are as below
Did you take this picture?
Is that you on the left?
How drunk was I in this picture?
Is that your mom in this picture?
lol, your mom just sent me this picture?
The .zip file contains a .com file “img807.jpg-www.photoalbums.com”, which actually is Win32.Backdoor.IRCBot (Lavasoft definition) or Backdoor.Win32.IRCBot.zi (Sophos definition).
When it is activated it will creates a file in Drive C:
C:\windows\vpcrtf.exe
Besides, it will creates a registry entry too
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Visual Application”=”vpcrtf.exe”
How to remove it? I learned this method (thanks to friend of mine in Japan, Shipng) after I spent my whole day to reformat my computer (#¤%&@%¤#@)
Delete the registry entry first:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
“Microsoft Visual Application”=”vpcrtf.exe”
and then restart your computer, and delete the files at Drive C:
%windows%\vpcrtf.exe
%windows%\img807.zip
However, I would like to suggest you scan your computer again with Ad-Adware SE after you have done that (if you are unlucky as me).