HomeSystemVirus Removal - Spyware

Beware of MSN virus' hi. this is your photo? '

TipsMake.com - For MSN users, the virus spread through offline messages is very common. Recently appeared a new type of virus in the form of this message from friends on the list . These messages are generated by hackers (phishers) who want to steal everyone's MSN account.

These messages usually start with ' hi ' . this is your photo? 'along with 1 symbol and 1 string of 5 characters. In the next line is a path

Beware of MSN virus' hi. this is your photo? ' Picture 1

If the user accidentally clicks on the link above, it will lead the user to a web page for the MSN account login details, but will automatically download a file named ' Picture_2525.exe 'is about 1.8 mb (this is a new virus). When activated in the system, the user will see a notice board titled ' bedava Film indir. Hemen TIKLA 7 'in Azerbaijani language.

If you continue to click on the bulletin board, an advertising website will appear on the user's browser. After analyzing the action of this virus program, the author discovered the main purpose of the virus is to automatically delete the file system in the ' System32 ' folder and install, activate some additional services when the system operating Windows startup. At the same time, it turns Internet Explorer's default startup site into a ' www.googlesayfa.com/en ' page with a very similar interface to Google. If the user trusts and continues to work on the site itself, a Google Adsense ad will appear with the content ' this website unofficial Google Search Fan website ', and the system will automatically connect to US IP address: 67.228.41.155 through port 6772 .

After analyzing the action of the ' Picture_2525.exe ' file using the VirusTotal online application, there are about 33 out of 41 identifiable apparatuses that are viruses. But it is also quite lucky for users because this virus is not equipped with the 'persistent' feature. Users can create batch files that automatically delete this virus or follow these simple steps:

- Open the Task Manager application, select Tab Processes and cancel the following processes: svlost.exe , svlostSrv.exe , tasman.exe by selecting ' End Process '

- Open Run ( Win + R ) and type: sc delete svlostServices

- Find and delete the following files in the ' WindowsSystem32 ' system directory: libeay32.dll , ssleay32.dll , svlost.exe , svlosta.dll , svlostb.dll , svlostSrv.exe , tasman.exe

- Next, open the Run ( Win + R ) section and continue with the following two separate statements:

reg delete "hkcusoftwaremicrosoftinternet explorermain" / v default_page_url / f
reg delete "hkcusoftwaremicrosoftinternet explorermain" / v "Start Page" / f

After doing all of the above, you have completely removed the virus from the system, but it is best to change your MSN login password.

Besides, the author did a Reverse IP survey using DomainTools tool to track traces and discovered 52 domains under the same server:

And here is a complete list of malicious websites that spread viruses on:

# Ahvalimsn.info
# Ankemsn.info
# Arabiamarabia.info
# Arabimsnks.info
# Asmsnas.info
# Azrrufi.info
# Baemsn.info
# Burdamsns.info
# Demlikciheymsn.info
# Denimenter.info
# Dubaimsn.info
# Ehlenselamam.info
# Elmsnulblock.info
# Gerwhymsn.info
# Habibimwhos.info
# Habibmsnd.info
# Habibulmsn.info
# Hakmsns.info
# Haydari.info
# Heymanat.info
# Hombilmombil.info
# Kimbenibans.info
# Kimbitr.info
# Kimpetek.info
# Leyyamsn.info
# Lovemsnlove.info
# Lovepoemswhy.info
# Maishemsn.info
# Menzilmsn.info
# Msnbut.info
# Msniblock.info
# Msniblocki.info
# Msnminepr.info
# Msnmsntsn.info
# Msnsenm.info
# Mustarabis.info
# Myfedorea.info
# Mysoutchests.info
# Nerdenmsns.info
# Patlirafan.info
# Peyamnetsd.info
# Pirinces.info
# Reddumsn.info
# Senmsnen.info
# Seyyarmsn.info
# Seyyarmsnn.info
# Tayyarmsn.info
# Thisallfreegetit8.info
# Turustum.info
# Vasilios.info
# Wheremerewhy.info
# Zlanmsnm.info
# Karamsns.info

4 ★ | 1 Vote
virusmsn

You should read it

May be interested

  • Beware of the 7 most common types of spamBeware of the 7 most common types of spam
    email, as we know, is always the most vulnerable object on the internet today. anyone who has ever used email is no stranger to having to spend time 'processing' the spam pile almost regularly.
  • Rumors regarding the new Corona virus (2019-nCoV) and WHO answersRumors regarding the new Corona virus (2019-nCoV) and WHO answers
    here are answers to questions about the new corona virus (2019-ncov) of who invite you to refer to better understand it, thereby taking the most effective preventive measures for yourself and your family.
  • How to fix when Facebook is infected with virusHow to fix when Facebook is infected with virus
    facebook is infected with a virus that no user wants. with 9 basic steps in the following article of network administrator, you will be able to recover your facebook account and 'clean up' the obnoxious virus.
  • 17 clear signs that your computer has been attacked by a virus17 clear signs that your computer has been attacked by a virus
    most users have the same opinion that they have installed anti-virus programs and software on their computers, so viruses can hardly attack their computers. however this is a wrong view. viruses are increasingly sophisticated, and they can invade and attack users' computers in many different ways.
  • Download Photo! Editor 1.1: Multifunctional photo editorDownload Photo! Editor 1.1: Multifunctional photo editor
    photo! editor is a useful multi-function program that provides you with a wide range of image editing tools. this photo editor comes with lots of features that can complement every skill and hobby of a digital camera owner.
  • 6 Fatal Misconceptions About Computer Viruses That Everyone Believed6 Fatal Misconceptions About Computer Viruses That Everyone Believed
    for many people, whenever their computer crashes, the first thing they say is, 'it must be a virus!'. in fact, viruses are rarely the culprits causing trouble for your pc these days.
  • Steps to root Win32 virus: ExpiroSteps to root Win32 virus: Expiro
    virus: win32 / expiro.gen is a quite dangerous virus that annoys users by affecting all executable files (.exe files). once virus virus: win32 / expiro.gen attacks your system, it can collect data on your computer and provide your computer access to unwanted users.
  • Virus attacks Mac OS X operating systemVirus attacks Mac OS X operating system
    last week, security firm symantec warned of a virus that could spread on the mac os x platform. although the virus is not very dangerous, it raises a warning that there is no system. any action is not infected by the virus
  • How to enable Photo Stream on iPhone, iPadHow to enable Photo Stream on iPhone, iPad
    my photo stream is a new feature available for icloud users. it automatically syncs 1000 images you take on all devices without the need for wires or synchronization.
  • Top 6 best mobile photo printers 2019Top 6 best mobile photo printers 2019
    mobile photo printers are smaller and more portable than full-size office printers. they are designed to quickly print photos and share with everyone.

Virus Removal - Spyware