Massive Msn Worm Or Trojan ??

Recently i started receiving messages from one of my contacts with links to
webpages such as the following examples (have replaced http with **** to
prevent people clicking on these links).


****://ucakcatkisi.info
****://www.free-offers-for-you.com
****://www.dont-miss-this.com
****://www.free-offers-your-clicks.com
****://publicinfoart.info
****://invitesoftware.info
****://heycanbasliyor.info
****://auramin.info
****://suborusu.info

When these messages are received, the infected contact goes from being
online to showing as being busy for a period around 1 minute. Then it shows
them logging off and logging on again.

It became annoying to the point i asked them to run Anti spyware and
Antivirus scans. And after having them visit every online scan engine
possible, and using various locally installed anti spyware packages. None
of them was able to detect whatever was causing this barrage of links

Online scanners Tested
===============
Trend Micro , Eset, Symantec, Kaspersky, Panda, Bitdefender, Avast, Sunbelt,
Prevx CSI

Locally Installed Antispyware Tested
=======================
Windows defender, Superantispyware, Spyware Doctor, Spybot S&D, Adware 2007

Asked them to allow me to provide remote assistance to try and help them
with their problem, as this is causing not only them to be logged out of
msn, but its also crashing windows. And forcing them to restart the pc.

What i observed was that "windows live messenger" was using abnormally large
amount of the cpu before it logged them out and eventually caused the o/s to
crash. By This i mean a instant jump to 99%

When they were being logged out, a message with wording similar to "you have
been logged out of messenger and logged into another version that does not
support multiple login".

I then checked all running processes and not only was "windows live
messenger" running, but also "windows messenger" , the one XP installs by
default (Also using large amounts of Cpu time). And thinking of the popup
message from "live messenger" i thought that maybe somehow the old version
of "windows messenger" was in some way related to this problem and removed
it from their system.

This action has stopped my contact from sending me links , but has not
resolved the whole issue. As 4 of their contacts are sending the same links
to them , that in turn still causes them to be signed out of "windows live
messenger" (using lots of cpu time again) and have to log in again.

In short.... These links crash"windows live messenger" and somehow use
"windows messenger" to propagate the message onto everyone on your contact
list.

I use vista x64 , and these links do not cause my pc to crash or for cpu
usage to go up. Whether that's down to whatever is running only affects xp
machines or if its down to the individual piece of code that's been
installed on the xp machine i dont know.

You can observe the behaviour of it when using remote assistance in XP , via
help and support on your startbar. When it brings up your list of messenger
contacts to ask for remote assistance, you can observe it going through your
contact list 1 by 1 messaging them.

My friend and 4 of her friends surely aren't the only 5 people in the world
that's been infected by this

Hopefully this Half fix will help stop some peoples pc crashing but it
wont stop you being logged off or receiving more of these links from your
contacts............ until someone somewhere can deliver a proper fix for
this.

I recieved the same thing and have a saved file of the virus. Where can I
post it?

"Cyberhash" wrote:

> Recently i started receiving messages from one of my contacts with links to
> webpages such as the following examples (have replaced http with **** to
> prevent people clicking on these links).
>
>
> ****://ucakcatkisi.info
> ****://www.free-offers-for-you.com
> ****://www.dont-miss-this.com
> ****://www.free-offers-your-clicks.com
> ****://publicinfoart.info
> ****://invitesoftware.info
> ****://heycanbasliyor.info
> ****://auramin.info
> ****://suborusu.info
>
> When these messages are received, the infected contact goes from being
> online to showing as being busy for a period around 1 minute. Then it shows
> them logging off and logging on again.
>
> It became annoying to the point i asked them to run Anti spyware and
> Antivirus scans. And after having them visit every online scan engine
> possible, and using various locally installed anti spyware packages. None
> of them was able to detect whatever was causing this barrage of links
>
> Online scanners Tested
> ===============
> Trend Micro , Eset, Symantec, Kaspersky, Panda, Bitdefender, Avast, Sunbelt,
> Prevx CSI
>
> Locally Installed Antispyware Tested
> =======================
> Windows defender, Superantispyware, Spyware Doctor, Spybot S&D, Adware 2007
>
> Asked them to allow me to provide remote assistance to try and help them
> with their problem, as this is causing not only them to be logged out of
> msn, but its also crashing windows. And forcing them to restart the pc.
>
> What i observed was that "windows live messenger" was using abnormally large
> amount of the cpu before it logged them out and eventually caused the o/s to
> crash. By This i mean a instant jump to 99%
>
> When they were being logged out, a message with wording similar to "you have
> been logged out of messenger and logged into another version that does not
> support multiple login".
>
> I then checked all running processes and not only was "windows live
> messenger" running, but also "windows messenger" , the one XP installs by
> default (Also using large amounts of Cpu time). And thinking of the popup
> message from "live messenger" i thought that maybe somehow the old version
> of "windows messenger" was in some way related to this problem and removed
> it from their system.
>
> This action has stopped my contact from sending me links , but has not
> resolved the whole issue. As 4 of their contacts are sending the same links
> to them , that in turn still causes them to be signed out of "windows live
> messenger" (using lots of cpu time again) and have to log in again.
>
> In short.... These links crash"windows live messenger" and somehow use
> "windows messenger" to propagate the message onto everyone on your contact
> list.
>
> I use vista x64 , and these links do not cause my pc to crash or for cpu
> usage to go up. Whether that's down to whatever is running only affects xp
> machines or if its down to the individual piece of code that's been
> installed on the xp machine i dont know.
>
> You can observe the behaviour of it when using remote assistance in XP , via
> help and support on your startbar. When it brings up your list of messenger
> contacts to ask for remote assistance, you can observe it going through your
> contact list 1 by 1 messaging them.
>
> My friend and 4 of her friends surely aren't the only 5 people in the world
> that's been infected by this
>
> Hopefully this Half fix will help stop some peoples pc crashing but it
> wont stop you being logged off or receiving more of these links from your
> contacts............ until someone somewhere can deliver a proper fix for
> this.
>
>
>
>