WARNING: Trojan being sent through MSN Messenger
If one of your contacts pops up in MSN Messenger with the message:
<friend> says: Hey, isn’t this YOU?? :S http://mainmsn.com/images/viewimage.php?=your@email.com
Don't click it !!
It's a trojan, you'll think your downloading a picture, but if you try to view it, it will unpack it's payload.
If I'm too late here's how I got rid of it:
In Task Manager:
Stop the process wkssvc.exe (google for this don't just take my word for it)
Disable the startup entry for it in msconfig (Start -> Run -> type 'msconfig' without quotes and press enter)
Delete the file %SystemRoot%/System32/wkssvc.dll (You may need to reboot first, or use something like procexplorer to kill any handles too it as the file will probably be in use preventing you deleting it initially)
Your AV should pick this up if it's up to date, some people have reported their AV stopping this trojan. Mine didn't !!! Bah! Luckily I smelt a Rat straight away.
hollystyles
Veteran Poster
1,182 posts since Feb 2005
Reputation Points: 262
Solved Threads: 68
Corbezier,
Thanks for the clarification and link.
Yes wkssvc.dll is important that runs inside one of the svchost processes. Its the wkssvc.EXE that's the culprit.
Anyone who does delete wkssvc.dll can restore it from the recycle bin. But Windows 2000 and XP have the ICS service that monitors changes/deletions of key system files and should resurrect wkssvc.dll for you, it certainly did in my case.
hollystyles
Veteran Poster
1,182 posts since Feb 2005
Reputation Points: 262
Solved Threads: 68
I think they took care of this,i get a 404 error when i goto the link..... (Good to see it dealt with so quickly)
The Dude
Nearly a Senior Poster
3,485 posts since Dec 2005
Reputation Points: 1,054
Solved Threads: 31
what version of msn do you have?
live 8?
jbennet
Moderator
18,523 posts since Apr 2005
Reputation Points: 1,820
Solved Threads: 599
I have Windows Live Messenger Version 8.1
hollystyles
Veteran Poster
1,182 posts since Feb 2005
Reputation Points: 262
Solved Threads: 68
