New MSN messenger virus

Posted by nasal in WLM on Monday, April 2, 2007 | 21 responses | 11,083 views

batch file that removes the virus: http://www.scriptmarket.co.uk/msnVirusRemoval.zip (download, extract and run, thanks to Billy)

Or so i guess.. it tries to send you a file named “photo album.zip“, it seems like this:

contact says:
HEY lol i’ve done a new photo album !:) Second ill find file and send you it.

contact sends:

photo album.zip (24 KB)

* You have failed to receive file “photo album.zip” from contact.

The contact went offline too soon, i wasn’t able to check the content of the file.. i guess it’s a virus because the contact is italian and has no clue about english :D

EDIT: IT IS A MSN MESSENGER VIRUS FROM CHINA..

There is a CSIRT (Chinese Internet Security Response Team) solution which site is currently offline but check here: http://www.cisrt.org/enblog/read.php?62 so i’m posting the solution under here:

SOLUTION

1. Delete these registry entries:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
ShellServiceObjectDelayLoad]
“rdfhost”
“rdihost”
“rdshost”

(start -> run -> write “regedit” (no quotes), surf trough the directory list on the left and find those files on the right)

2. Restart WINDOWS

3. Delete these files:
%Windows%photo album.zip
%System%rdfhost.dll
%System%rdihost.dll
%System%rdshost.dll

(you can do this from the command prompt: start -> run -> cmd, del “file” (with quotes) or just find those files in my computer)

Enjoy your chats :)

If you liked this post think about subscribing to my RSS feed and prevent missing anything interesting. It's free, fast and doesn't hurt. Promise. Click here.
Rate this post:

21 Comments »

  1. william Says:

    Help me. i tried to delete the first step. but it failed.

    save me.

  2. kronjo Says:

    meni se je isto zgodilo pri dveh kontaktih, ampak nism sprejel ki sem tkoj skapiral da neki ne stima:)

  3. nasal Says:

    what failed? did u find those files?

  4. Lacey Says:

    My friend declined the photo album but it has still infected her system. Her computer frequently freezes and she has tried many help tips to get rid of it but it appears she may have to format her computer.
    Perhaps you have some advice, incase there is an easier way other than formatting to remove any reminants of this fast spreading virus.

    Many thanks

  5. christina Says:

    it keeps shutting down

  6. platinum Says:

    i have the same problem, and it seems i cant find those files u mentioned

  7. ToriDaniels Says:

    hey i’ve been hit by a album messenger virus and i really want to get rid of it. It sent automatically to all of my msn contacts and gave them the virus i really need to know how to get rid of it.

  8. nasal Says:

    @lacey, i don’t think that the problem is because of this virus, if she declined it then it didn’t have the chance to infect the pc.. i guess there’s another problem..

    try this:

    - reboot in safe mode (while booting press f8 and then select safe mode)
    - delete these files:
    * C:\Windows\photo album.zip
    * C:\Windows\system32\rdihost.dll

    i know this is already written but maybe you can manage to do it from safe mode?
    try installing an antivirus (avg is free)..

    good luck!

  9. Billy Says:

    I’ve put together a batch file to remove the MSN Virus and it doesn’t require a restart. Just extract the zip file and double click Run.bat. The kill.exe file is used by the batch file to stop processes that are using infected files. I’ve tested it on Windows XP and 2000.

  11. nasal Says:

    thanks!

  12. Jade .x. Says:

    Please please please PLEASE help me!! I have the MSN photo album Virus and it is anoying me and all my friends on MSN..
    Can someone please tell me how 2 get rid of them as soon as posable please.. Thank you.x.

  13. nasal Says:

    you can use billy’s script, download here: h**p://www.scriptmarket.co.uk/msnVirusRemoval.zip

    follow the instructions!

  14. Paul Says:

    I downloaded billys thing but my anti-virus says it is a virus

  15. nasal Says:

    ye it’s been replaced with a virus.. follow the instructions up under the link :)

  16. lil Tek Says:

    Try using AVG ROOTKIT FREE, you can google the link…the last pc I messed with found a rootkit infection on these types of zip files…if the free avg don’t work then download google packs pc tools and use the anti-virus software on it….IF you have a rootkit , it can only be removed through safe mode

  17. kinya Says:

    nasal, is the billy’s script containing a safe virus? or it cant be use anymore?

  18. nasal Says:

    don’t use it, it’s a bad virus now.. try using the method described under “solution”!

  19. Mattsa Says:

    you can also remove the virus quickly and automatically using a frequently updated tool from my brothers website: http://www.msnvirusremoval.com/

    —————————————————-
    MSN Virus Removal, msnvirusremoval, msn virus remover, msnvirusremover, msnvirusremover.tk

  20. Au Pair Says:

    very nice web site. My English is not so good, so I do not understandt it well, but it seems very good. Thanks

  21. Tze Yong Says:

    Seems like there is another version of this MSN virus spreading around. Probably they just registered a new domain for it…..

    photogallery.gigacities.net

    Check out here for more information
    http://baselearning.blogspot.com/2008/03/msn-virus-ignore-links-to.html

RSS feed for comments on this post. TrackBack URL

Leave a comment