image.zip, she.zip spams
picts-XXXX.zip and imageXX.zip
MSN worm variant still keeps updating everyday.
We got a new one today. The filename is "imageXX.zip" (XX is random digitals, such as image41.zip). In the .zip file, it's include a .com file "imageXX.JPG-www.photosmart.com" (XX is random digitals, such as image41.JPG-www.photosmart.com). Be careful of these files.
The screenshot of this variant when sending .zip files to MSN contact list:
Filename: imageXX.zip (imageXX.JPG-www.photosmart.com)
Size: 60,928 bytes
MD5 hash: b18cc1ed9eac567af78e58f769b2e813
Detection: Trojan-Downloader.Win32.Injecter.n (Kaspersky)
Details:
(1) Drops the copy and zip files into the following folder.
(2) Adds the following registry keys.
(3) Sends out the messages.
How to remove?
STEP 1
Delete registry entry:
STEP 2
Restart WINDOWS
STEP 3
Delete virus files:
Last modified by smallmo onSeptember 29, 2007 18:34
We got a new one today. The filename is "imageXX.zip" (XX is random digitals, such as image41.zip). In the .zip file, it's include a .com file "imageXX.JPG-www.photosmart.com" (XX is random digitals, such as image41.JPG-www.photosmart.com). Be careful of these files.
The screenshot of this variant when sending .zip files to MSN contact list:
Filename: imageXX.zip (imageXX.JPG-www.photosmart.com)
Size: 60,928 bytes
MD5 hash: b18cc1ed9eac567af78e58f769b2e813
Detection: Trojan-Downloader.Win32.Injecter.n (Kaspersky)
Details:
(1) Drops the copy and zip files into the following folder.
%System%\nvsvc64.exe
%temp%\XX.exe
%temp%\imageXX.zip (XX is random digitals, for example, "image41.zip")
%temp%\XX.exe
%temp%\imageXX.zip (XX is random digitals, for example, "image41.zip")
(2) Adds the following registry keys.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"nVidia Display Driver" = "nvsvc64.exe"
"nVidia Display Driver" = "nvsvc64.exe"
(3) Sends out the messages.
This picture isnt you... right?
Wow i think i found your pic on myspace!
hah I think I found an old pic of us!
haha lets hope your parents dont see this picture of you :D
hey did i ever show you this picture of me?
is it ok if I add this pic to my new slideshow?
can i up some of these pics of ya to my myspace profile?
you care if i put this pictuer of you in my new album?
sry about the messup i fixed the pic! Try it one more time pz
is this pic tooo sexy for photobucket??
wow I just dyed my hair... You will never believe the color it is now. lol And dont laugh
my crazy sister wants u to see these pics for some reason... take a look
OMFG!!!!!!!! :D
wow! look at this old picture i found....
wanna see this pic of my Boobs?
Can i put this pic of you into my new myspace album?
Take a look at the new pics already! :p
I cant believe they wanted me to upload this picture to facebook lol. Its terrible. Like my outfit tho?
Lmfao hey im sending my new pictures! Check em out!
I've been editing some pics you should def see em loL! accept :)
Can you believe somone actually wears this size bra? I could use it for a Tent.
haha, this guy up my street just slammed his $90k car into a telephone pole! I got a pic of it with my cellphone
dude i just got these pictures off my digital for you! Gimme a moment to find em and send
Wanna see my pics before i send em to facebook?
do you think this picture is too kinky for Myspace?
OMG just accept please its only some pics!!
Hey accept my pictures, i got a bunch from when i was like a toddler :X
I think this picture is terrible. but my friends on myspace want to see it. please dont show noone.
Hey just finished new myspace album! :) theres a few kinky ones in there!
OMG, i found ur pic on cuteornot.com! Check it out!!!
Have you seen me Naked Yet :D
ok, I DO NOT like my new hair color.. but people on facebook do. what do you think? And no laughing! lol
hey you got a myspace album? anyways heres my new myspace album :) accept k?
do I look dumb in this picture? I want to put it on myspace.
hey man accept my pics. :( i just edited it to look maad funny..
Dude i found your picture on hotornot.com! Take a look!
Wow i think i found your pic on myspace!
hah I think I found an old pic of us!
haha lets hope your parents dont see this picture of you :D
hey did i ever show you this picture of me?
is it ok if I add this pic to my new slideshow?
can i up some of these pics of ya to my myspace profile?
you care if i put this pictuer of you in my new album?
sry about the messup i fixed the pic! Try it one more time pz
is this pic tooo sexy for photobucket??
wow I just dyed my hair... You will never believe the color it is now. lol And dont laugh
my crazy sister wants u to see these pics for some reason... take a look
OMFG!!!!!!!! :D
wow! look at this old picture i found....
wanna see this pic of my Boobs?
Can i put this pic of you into my new myspace album?
Take a look at the new pics already! :p
I cant believe they wanted me to upload this picture to facebook lol. Its terrible. Like my outfit tho?
Lmfao hey im sending my new pictures! Check em out!
I've been editing some pics you should def see em loL! accept :)
Can you believe somone actually wears this size bra? I could use it for a Tent.
haha, this guy up my street just slammed his $90k car into a telephone pole! I got a pic of it with my cellphone
dude i just got these pictures off my digital for you! Gimme a moment to find em and send
Wanna see my pics before i send em to facebook?
do you think this picture is too kinky for Myspace?
OMG just accept please its only some pics!!
Hey accept my pictures, i got a bunch from when i was like a toddler :X
I think this picture is terrible. but my friends on myspace want to see it. please dont show noone.
Hey just finished new myspace album! :) theres a few kinky ones in there!
OMG, i found ur pic on cuteornot.com! Check it out!!!
Have you seen me Naked Yet :D
ok, I DO NOT like my new hair color.. but people on facebook do. what do you think? And no laughing! lol
hey you got a myspace album? anyways heres my new myspace album :) accept k?
do I look dumb in this picture? I want to put it on myspace.
hey man accept my pics. :( i just edited it to look maad funny..
Dude i found your picture on hotornot.com! Take a look!
How to remove?
STEP 1
Delete registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"nVidia Display Driver" = "nvsvc64.exe"
"nVidia Display Driver" = "nvsvc64.exe"
STEP 2
Restart WINDOWS
STEP 3
Delete virus files:
%System%\nvsvc64.exe
%temp%\imageXX.zip
%temp%\XX.exe
%temp%\imageXX.zip
%temp%\XX.exe
Last modified by smallmo onSeptember 29, 2007 18:34
Siper101 Says : 
November 25, 2008 05:16
Right, for people currently experiencing this issue with the new version of the virus, the registry entry is called zytyvouz. After deleting and restarting, the files you remove are named mazittebub.exe and bynoussus.exe (Both located in the Windows System 32 folder). Good luck!!
Haylz Says :
November 6, 2008 21:40
Ok, i am stuck!! I can't find any file in registry with the name "nVidia Display Driver" = "nvsvc64.exe" or anything similar!! Can someone PLEEEEEEEEEASE help???
huskymale Says :
September 30, 2008 17:53
This is what is being sent through msn messenger.
hahaha http://video.obxhost.net/watch.php?=melandkids@live.com.au
What is it and how do u get rid of it from sending that message to everyone logged into you messenger.
hahaha http://video.obxhost.net/watch.php?=melandkids@live.com.au
What is it and how do u get rid of it from sending that message to everyone logged into you messenger.
poop Says :
July 29, 2008 18:31
Omer Says : 
May 1, 2008 21:40
Hi
thanks for your useful information. I always read your blog. I use your tactics about this worm.
Omer KARADENIZ
http://www.omerkaradeniz.com
thanks for your useful information. I always read your blog. I use your tactics about this worm.
Omer KARADENIZ
http://www.omerkaradeniz.com
Baby girl Says :
April 24, 2008 23:46
hello new user here
Hi! I am not good at all at computers. and I have tat msn virus thing. I need some one to help me step by step please!
thanks xxx
thanks xxx
yep i got it also from a friend on msn IM....i have run my anti virus and the msn one also...hang on another relations has just tried to send me again....now i know not to open it...i did the first time
Yep ack, that is most likely a varient.
For those of you who dont understand this or are having problems go to http://www.msnvirusremoval.com
The viruses arent [i]just[/i] adding keys to the Run folder anymore, its more complicated then that.
For those of you who dont understand this or are having problems go to http://www.msnvirusremoval.com
The viruses arent [i]just[/i] adding keys to the Run folder anymore, its more complicated then that.
ack Says :
March 25, 2008 12:33
uh im new this... would this be a new one? sdsjykl. exe? it doesnt look very... normal.
Hey Says :
March 21, 2008 06:53
i found this HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
but there is nothing in there, with SVC there is one that
written like the others in the file name but the data seems normal. i ran the virus and then deleted the zip file. what should i do
but there is nothing in there, with SVC there is one that
written like the others in the file name but the data seems normal. i ran the virus and then deleted the zip file. what should i do
EL-D Says :
March 7, 2008 04:48
Thanks our network just got hit. these reply's and the msnvirusremover helped thanks !
waht Says :
March 7, 2008 04:18
I found a file 'e.exe' in the Run directory on a friends computer which is also sending out these 'Image.zip' files. So yeah, anything with a suspicious filename is suspicious. ;)
helpme Says :
March 5, 2008 14:06
can someone please help a pc dummie.i got this virus from a msn contact and i have no clue where to start to remove it.im looking for step by step guide.pleeeeease HELP. 
icehazard Says :
February 19, 2008 19:41
go enter ur registry go to
run > regedit
run > regedit
Pages: 1/8 
1 2 3 4 5 6 7 8 
1 2 3 4 5 6 7 8
