Dont click on a link:
hxxp://wwx.uglyphotos.net/photo223.PIF
It often say:
"lol check hxxp://wxw.uglyphotos.net/*******.PIF"
I made the link unclickable so you guys dont click on it.
SuperAntiSpyware and Ewido can take the Virus huh.gif
Some more info about the Virus/Worm:
Identification:
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\User\Xinstall.exe
This entry is identificating the Worm !
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) -
http://activex.matcash.com/speedtest2.dll
This 016 line is often visible in the Hijackthis log !
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e7.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e7.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e7.exe
These 04 lines is sometimes shown in the Hijackthis log, This is the Alcan infection. but Xinstall.exe is the most common identification !
Info:
Its called Worm.Licat.c by Ewido
And the Worm also install Toolbar888
dev.exe is often shown in the log (logs: Hijackthis, Ewido and SuperAntiSpyware)
I've seen HJT logs where the Worm adds Xinstall.exe, (more info about the aggresive file here:
http://fileinfo.prevx.com/filesearch.asp?f...h=xinstall.exe)
Removal:
Use Ewido:
http://www.ewido.net/en/download/
Use SuperAntiSpyware:
http://www.superantispyware.com/downloadfi...UPERANTISPYWARE
To kill xinstall.exe you should use some trojans/spyware scanners. Or delete the file manually
Also uninstall Msn Messenger because the file: msmsgs.exe is infected by the Worm, Delete the Folder C:\Programs\MSN Messenger
