PDA

View Full Version : Is this a virus?



Leeza
08-12-2008, 04:33 AM
A few people seem to be receiving MSN links from me that I am not sending. My MSN also logs out on it's own during the night (probably when my AVG kicks in for it's daily scan) and I suspect that this is about the time that Momiji gets my link.

I ran SpyBot and AVG and no threats were found yet Momiji still keeps receiving this link from me even though I don't appear on his friends list as online or offline. Could this be coming from my end or from MSN or what? Of course this isn't bothering me any, but Momiji is getting tired of receiving these links from me. :)

Any help or advice on this would be appreciated.

http://leezas.com/ithappenedagain2.jpg

Momiji
08-12-2008, 04:59 AM
My input:

The links are always different, yet it always contains 'scarletcherryblossom' (my hotmail address) in the URL.

Also, they frequently happen in the morning, not at night. This particular screenshot was from just about 9 AM.

~*~Celes~*~
08-12-2008, 05:00 AM
from my experience, it's a virus. Cookie was sending me weird links too on msn when it said he was offline and then I got a message where he informed me that it was a virus.

Shoeberto
08-12-2008, 05:09 AM
It's either a virus on your system or some kind of hole in MSN's security that's allowing for people to spoof your name to send virus or ad links.

Momiji
08-12-2008, 05:10 AM
Also, this isn't the first time something like this has happened. I got a similar link from Behold the Void once when he had a virus and it infected mine as well. But since neither I or Leeza have viruses, I'd have to say this is something else.

Roto13
08-12-2008, 05:13 AM
Well, if you're signing off when these messages are being sent, it could be because your account is being signed into someplace else.

Leeza
08-12-2008, 05:13 AM
Unless it's a virus that AVG or SpyBot can't find.

My AVG starts at 5:49 am. Momiji receives these much later and I don't know what time I get logged out at night because I'm not the one logging out.

Jessweeee♪
08-12-2008, 05:22 AM
Death by Moogles sends me weird things over Yahoo! when he's running AVG. It's never a link though, I can't remember what it is, I just remember it had something like "fsrv" and "script" and brackets in it. One of my MSN friends also does this, but I don't know if she uses AVG :P

EDIT:

Whenever I copied and pasted it back to him, it was sent back to me, but he couldn't see it himself.

http://img.photobucket.com/albums/v726/jesse053/fwpscript.png

Momiji
08-12-2008, 05:23 AM
I run AVG as well, and I have it set to scan at 4 AM, if that is relevant to this case at all.

Tavrobel
08-12-2008, 05:25 AM
But since neither I or Leeza have viruses, I'd have to say this is something else.

It's most likely a worm. Difference, though, is null for the sake of argument. By the way, SpyBot isn't exactly built for getting rid of viruses, though it does have the ability to. It's actually more directly targeted at Spyware and the like, little things that leak information, not stuff that causes epic crash failure.

I would tell you to use your traditional anti-virus, and if nothing comes up, use SpyBot. But since you've probably tried that, simply Google what you think is an apt description of the situation, and hope you get a good hit. As far as AVG goes, try setting the auto-run to a time that is more convenient for you to monitor. If it's the AVG logging the messenger, then that's one less problem. Despite the whole "everything is going wrong" mentality, it is fairly important to know what problems are and are not related.

Or the whole damn thing could just be AVG being a jerk. But since most peoples' levels of awesome haven't quite gotten there yet, I don't recommend removing all of your sources of anti-virus.

Momiji
08-12-2008, 04:52 PM
http://i285.photobucket.com/albums/ll65/momijitsukuyomi/andyetagain-1.jpg

And here's the one from today.

Flying Mullet
08-12-2008, 04:58 PM
I received those a couple of times from smittenkitten and let her know. She said she'd look into it and I haven't received any since. I don't know what she did to remedy the problem.

Leeza
08-12-2008, 06:52 PM
Momiji, I didn't have my MSN on at all yesterday and it's still not on so I don't know how you managed to get that.

Momiji
08-12-2008, 06:57 PM
Well, as Tavrobel said, it could very well be a worm on either side or both for that matter.



I have an idea. Do you have MSN set to log your conversations?

Tavrobel
08-12-2008, 06:58 PM
One of the solutions I found online was to simply reinstall MSN and change your password.

A further explanation for those who see the unedited version of this post is that it's a vulnerability in MSN messenger itself. While the sending of links is in itself near harmless, actually clicking on the links is what could very well cause you to spiral out of control and drive a flaming plane into a train while shouting at the top of your lungs "F EQUALS M TIMES A SUCKAZ!"

Leeza
08-12-2008, 07:39 PM
There you go, Momiji. We clicked! :)

Okay, I guess I can try reinstalling MSN and changing my password, but I'm not changing my address.

Momiji
08-12-2008, 07:45 PM
Okay then, and if it happens again, I'll reinstall Trillian and change my password as well. :D

Leeza
08-12-2008, 07:47 PM
I installed Pigin and that didn't help any. I didn't change my password though.

Yar
08-12-2008, 08:51 PM
Okay, now I need help.

"Cim" is trying to send me a link, and I haven't talked to Cim in a while!

http://img212.imageshack.us/img212/6402/wormle6.png

What did you do to solve it? This appeared when I was napping sometime between 2:00 and 3:30.

o_O
08-13-2008, 01:34 AM
The results from googling about these websites are scarce and mostly German, but this appears to be a phishing scam and appears to be avoidable by changing your Live account password on the Windows Live website or wherever it is you change that password. :p

It would explain people being logged out automatically and people appearing online when they're actually now, as some machine appears to be logging in from another location and sending these messages. The best piece of advice is never to click links that get spammed to you over MSN, especially if they're suffixed by ":1234" or some other number.

Yar
08-13-2008, 03:25 AM
But as long as I DON'T click, I'm okay? Or is my computer already infected?

Tavrobel
08-13-2008, 03:30 AM
Yes, as long as you don't click you should be okay. The person who you are receiving messages from is the person infected.

Momiji
08-13-2008, 03:34 AM
Well, the first one looked innocent enough (I don't have a screenshot of that one though), so I did end up clicking it, but then it was asking for my username/password stuff so I closed it as soon as it opened and ran a full scan as soon as I did.

I should have used more common sense to think that Leeza would never initiate a conversation with me, since it's usually me who starts them, let along starting a conversation with a random link.

I guess we'll find out if re-installing worked tomorrow morning.

Leeza
08-13-2008, 05:29 AM
Okay, I uninstalled and then reinstalled Messenger and I changed my password so hopefully you won't be receiving a link from me tomorrow, Momiji. :)

Momiji
08-13-2008, 05:33 AM
Time will tell. :D

Balzac
08-13-2008, 05:40 AM
A change of password is all it needs, no need to reinstall.

Baloki
08-13-2008, 08:22 AM
Press Ctrl + Alt + Del (Start Task Manager if a screen comes up with many options) and go to Processes. Screenshot the drop-down list and post it here, would hurt doing the services tab too :D

Also you need to show processes from all users.

Rye
08-13-2008, 02:45 PM
I get those from my friend Sarah. It's pretty harmless, as long as you don't click.

Mirage
08-13-2008, 03:38 PM
These things are almost always caused by someone or something getting a hold of your login information. You might have been tricked to enter your MSN login info at a fake site, and then they've stored it and now use it to log on to the MSN network, send a message, and then log right back out. Repeat until you change the password.

Leeza
08-13-2008, 06:13 PM
Well, Momiji isn't complaining yet so I guess changing my password worked. :)

Flying Mullet
08-13-2008, 08:57 PM
Or is this all an elaborate ruse by Leeza to throw the cops off of her trail after she's been stalking Momiji all this time...

Leeza
08-13-2008, 09:19 PM
Busted. :cat:

Momiji
08-13-2008, 10:56 PM
Well, I never got a message today, so problem solved, I suppose! :kaoclove:

Jessweeee♪
08-15-2008, 02:19 AM
Now Denmark has it ;_;

Shoeberto
08-15-2008, 04:16 AM
I'm really guessing that the spread of it is more related to a server-side security flaw in MSN than viruses.

So... as usual, blame Microsoft :]]]

Momiji
08-15-2008, 05:03 AM
Now Denmark has it ;_;

Have him uninstall MSN and reinstall it, then. It worked for Leeza, so it should work for Den as well.

Leeza
08-15-2008, 05:20 AM
I think just changing the password alone would work.

o_O
08-15-2008, 05:38 AM
Yes, changing the password should work by itself, if it is actually the same thing as pops up on Google. And it's less of a server-side security flaw as it is a phishing scam designed to obtain peoples' usernames and passwords by tricking them into thinking they're entering their details into legitimate software. :p

CimminyCricket
08-17-2008, 09:21 AM
Wow, I wish someone had told me "I" was sending them things. I clean my computer regularly with CCleaner so, I'm hoping that's the only one I've sent.

Yar
08-17-2008, 02:46 PM
That is the only one I ever got, from anyone.

CimminyCricket
08-18-2008, 01:37 AM
I'm assuming I sent that one two days ago, because one of my other friends got it from me two days ago. And today I got one from him.

Peegee
08-19-2008, 05:14 PM
I remember once upon a time my youarefat account for msn logged out by itself and my main account got a text from youarefat with a similar link to what Leeza sent me a few times.

I changed the password to the youarefat account and the problem has not returned.

Now, is this an example of a program that 'hacked' (for lack of a better word - cracked may be better) my password ? Leeza changing her password seemed to resolve the issue. Same with me.

Mirage
08-19-2008, 10:20 PM
No, you got tricked to give up your login info at some mean web site, probably. This is how 99% of MSN hijacks are done.

Vyk
08-30-2008, 09:55 AM
Man, wish I'd found this topic earlier. I've been helping people with this problem for years. Currently Akaria had it. I left her offline messages that it was happening and to change her password. Hasn't happened since

But yeah. Its strictly a password issue as some have mentioned. Nothing to do with the security of your computer or the programs on it. And I agree that its probably more on microsoft's server's side than anything. So saying "be careful what you click" probably isn't the solution. Though I'm pretty sure its never happened with my account..

Mirage
08-30-2008, 11:41 AM
Can't blame microsoft for the users of MSN to "willfully" giving away their passwords. Sure, they're tricked into doing it, but there's nothing MS can do, really. Even highly successful antivirus and security companies can't stop people from sending mail that looks like it's coming from them. These password-tricker sites that people run into are designed to look as much like a real MS site as possible, and are usually hosted on a server in some obscure country where MS can't get to them. And even if they do, the sites are like the heads of a hydra. Cut one off, and two new ones grow out.

If the site that asks for your password doesn't have a domain name ending with microsoft.com, live.com or msn.com, just close the tab at once.