New MSN virus: IMG-0012.zip

Microsoft Security Bulletins for September Publi

Arcade World 1000+ Free Games, Zhelatin.jq

Large | Medium | Small

[Post on : September 12, 2007 21:11 | Category : Bot & Botnets | by : Moonny] Reship : Original

A new MSN virus has started spreading recently, it sends itself to MSN contacts as IMG-0012.zip. Like other variants, it sends sham messages to contacts.

In IMG-0012.zip, there is img0012-www.photostorage.com included, the file size is 25,600 bytes, Kaspersky detects it as Backdoor.Win32.SdBot.bxr, and Worm.MSN.Win32.PhotoCheat.f by Rising Antivirus, Win32.Hack.SdBot.bx.25600 by Kingsoft Antivirus.

Details of this virus:
IMG-0012.zip (img0012-www.photostorage.com)
Size: 25,600 bytes
MD5 hash: d799d8ffd0c98af60507b98e2961b826
Detection: Backdoor.Win32.SdBot.bxr (Kaspersky)

Drops files:
%Windows%\system\lsass.exe
%Windows%\IMG-0012.zip

Adds registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Lsass Services"="%Windows%\system\lsass.exe"

Sends messages (English Version):

Quotation

Check out my nice photo album. :D
wanna see the pics from my vacation? :>
Nice new photos of me and my friends and stuff and when i was young lol...
lol remember when you used to have your hair like this
My friend took nice photos of me.
you Should see em loL!
hey i'm going to add this picture of us to my weblog
Here are my private pictures for you

Adds exceptions item:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%Windows%\system\lsass.exe"="%Windows%\system\lsass.exe:*:Enabled:Windows Sharing"

Sets registry data:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="7000"

HOW TO REMOVE? -> Click Here

中文用户可以访问：
http://www.cisrt.org/blog/read.php?378
http://www.cisrt.org/bbs/viewthread.php?tid=1792

Pages: [1] [2]

Last modified by Moonny onSeptember 12, 2007 21:17

Comments(54) | Trackbacks(0) | Reads(40480)

bobby Says :

October 15, 2008 04:23

Just reset your computer.

ME. Says :

July 24, 2008 15:16

hello. i can't find

Windows Lsass Services"="%Windows%\system\lsass.exe"

either !!

how do you do a systems restore ? thanks you.

anger

i just want to get rid of it

MAxzs Says :

June 5, 2008 16:31

To all dear friend, please read properly.

Adds registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Lsass Services"="%Windows%\system\lsass.exe"

of cos u cant found it sleepy

mick Says :

April 2, 2008 22:36

i had this virus once, i found it in my recieved files, i simply deleted the little bastard nd tht was the end of it. but i tried telling some of my friends the same method for the same virus, but they don't seem to have it in their recieved files folders

DjMargera Says :

March 19, 2008 04:32

Very simple for this virus. Simply do a system restore. It sets your PC to an earllier time. Id recommend a month and if you have a D: drive and still want some of your file save them there so they wont get deleted. Ive helped many people with this virus its not hard to get rid off. zan

DAN Says :

March 5, 2008 11:57

just do a system restore! it fixes it!

ME Says :

February 24, 2008 20:30

i did step 1...but i seriouslt can't find

"Windows Lsass Services"="%Windows%\system\lsass.exe"

is it hidden? if so, how do i make it pop up
i did the whole...display hidden files and everything...nothing still happened..

help?

sad teen Says :

February 18, 2008 13:03

sad teen Says :

February 18, 2008 13:01

I'm not sure if I have the same virus... mine sends out like "I want you to see these pictures before I put them on myspace" and "Please don't show anybody this picture!" etc, etc... but I deleted the root file! now it just does the same thing in spanish, and I avoid going on msn because all of my friends get angry at me and act like it's my fault! I'm 7th gr. ppl! how am I supposed to get rid of it shuai

Macka Says :

February 1, 2008 20:16

If you still have that virus then try http://www.msnvirusremoval.com go there and download the tools to remove the virus.

miss_lani Says :

January 31, 2008 18:20

hi i also got the stupid virus umm tryed manyways to get rid of it but can not find it at all its not working please help meeee

gfgffgffgg Says :

January 3, 2008 11:44

You guys are complaning too much....they wont help u, they will only help certain problems so theirs no point commenting

wjr Says :

December 31, 2007 19:38

HEY HELP!!! same prob as bibouz cannot find Windows Lsass Services"="%Windows%\system\lsass.exe"

me Says :

December 25, 2007 01:02

heyy, i cant get the virus to delete. ive ran ainti-virus and everything...no virus shows up and i dont know how to get rid of it...is there a way to get rid of it with anti-virus or do i need to download a different software to get rid of it?? please* help !! i really* need it gone and i dont want to send it to my friends !! pleaseee*******

jenn(L)andrew Says :

December 24, 2007 06:28

hey im totally thick regarding any of this could u simplfy it downn for me and how 2 get rifd ov this virus
wanna see the pics from my vacation? LOL <<<thats wot is cumming up on the screencan u please HELP ME get rid ov this can u please email me at jennifer_aston@hotmail.com if you can help me PLEASE

Pages: 1/4

1 2 3 4

New MSN virus: IMG-0012.zip

Threat Level

Submitting

Categories

Calendar

Statistics

Search

Latest Entries

Latest Comments

20 Hot Entries

20 Hot Comments

Links

Archive

Misc

Our LOGO

< 2010 > < 9 > Geng Yin (Tiger)
Su	Mo	Tu	We	Th	Fr	Sa
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30