Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
XP
accessibility
basics
beta.general
beta.help-and-support
configuration_manage
customize
device_driver.dev
embedded
embedded.techpreview
games
general
hardware
help_and_support
messenger
moviemaker
music
network_web
newusers
perform_maintain
photos
print_fax
security_admin
setup_deployment
video
winlogo
wmi
work_remotely
  
 
date: Wed, 06 Aug 2008 09:29:02 -0500,    group: microsoft.public.windowsxp.messenger        back       


Virus and/or hacking problem with Windows Messenger    
I'm running Windows XP Pro SP2 and Windows Messenger v5.1.0701

About 10 days ago, I received 2 IM's, several hours apart, from one of 
my contacts. Both of them asked me to go to unknown websites, a 
different site in each message. I was very suspicious and cautious, 
because I had never received this kind of IM before. The website from 
the first message asked me to login with my MSN account and password. I 
refused to do so. I never visited the website from the second message.

I sent an email to my contact and asked him if he had originated these 2 
IM's. His answer was that he had not, and that many of his other 
contacts had reported the same thing happening to them. He suspects 
either he has a virus which is exploiting his Messenger account, or 
someone has hacked into his account and is using it.

I shut down Messenger on my end and left it off until today. When I 
re-started Messenger I had a notice that someone I have never heard of 
has added me as a contact. I blocked that person from contacting me. His 
ID is Brooke, his email and Sign-in name are brookesised@hotmail.com, 
and his service is .NET Messenger Service.

I see how to remove him from *my* contact list. Is there any way for me 
to remove myself from *his* contact list?

Is this something new, or is this a known and documented exploit? Is 
there a fix for my contact, who apparently is the victim?

Thanks!

John
-- 
Please reply in this newsgroup. I never post my true
email address to prevent spam. Thank you.
date: Wed, 06 Aug 2008 09:29:02 -0500   author:   John

Re: Virus and/or hacking problem with Windows Messenger    
Hi there,

I have had a similar experience to John. I have gotten messages from 
contacts who seem to be infected, which I always ignore and inform them.

Yesterday, I logged into Messenger for the first time in two weeks and 
promptly got a message from an unknown contact. I closed the window without 
going to the link in the message. However, when I did, it looked like it 
quickly ran a dos window that closed. I am now concerned that I am infected.

I have done the following: Checked to make sure this unknown user is not in 
my contacts. Uninstalled Messenger (am going to reinstall) and have updated 
my AV and Ad-Aware, which have noth come up clean on several scans. 

Is this a new trojan out there? How can I be certain I am not infected?

Any help or guidance is greatly appreciated.


"Jonathan Kay [MVP]" wrote:

> Greetings John,
> 
> The vast majority of Messenger viruses and worms work exactly in the way you just described. 
> They link you to a website, prompt you for your credentials or download and ask you to 
> execute an executable.  They then do whatever they're programmed to do, and then send the web 
> site link to their entire contact list.  As such, it sure sounds like that one contact of 
> yours is infected.  You are not.
> 
> There is no way to remove yourself from someone else's contact list.  All you can do is block 
> and then delete them.  After that you can continue to control your status with said contact 
> by clicking the Tools menu, then Options, and then the Privacy tab.  If the contact in 
> question has removed you from their main contact list, then you can right-click that contact 
> in the Privacy tab options block or allow list, and choose Delete.  If they have not removed 
> you from their main contact list however, the option will be grayed out.
> 
> -- 
> Jonathan Kay
> Microsoft MVP - Windows Live Messenger
> MSN Messenger/Windows Messenger
> MessengerGeek Blog: http://www.messengergeek.com
> Messenger Resources: http://messenger.jonathankay.com
> (c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
> --
> 
> 
> "John"  wrote in message news:#lncKD99IHA.1204@TK2MSFTNGP04.phx.gbl...
> > I'm running Windows XP Pro SP2 and Windows Messenger v5.1.0701
> >
> > About 10 days ago, I received 2 IM's, several hours apart, from one of my contacts. Both of 
> > them asked me to go to unknown websites, a different site in each message. I was very 
> > suspicious and cautious, because I had never received this kind of IM before. The website 
> > from the first message asked me to login with my MSN account and password. I refused to do 
> > so. I never visited the website from the second message.
> >
> > I sent an email to my contact and asked him if he had originated these 2 IM's. His answer 
> > was that he had not, and that many of his other contacts had reported the same thing 
> > happening to them. He suspects either he has a virus which is exploiting his Messenger 
> > account, or someone has hacked into his account and is using it.
> >
> > I shut down Messenger on my end and left it off until today. When I re-started Messenger I 
> > had a notice that someone I have never heard of has added me as a contact. I blocked that 
> > person from contacting me. His ID is Brooke, his email and Sign-in name are 
> > brookesised@hotmail.com, and his service is .NET Messenger Service.
> >
> > I see how to remove him from *my* contact list. Is there any way for me to remove myself 
> > from *his* contact list?
> >
> > Is this something new, or is this a known and documented exploit? Is there a fix for my 
> > contact, who apparently is the victim?
> >
> > Thanks!
> >
> > John
> > -- 
> > Please reply in this newsgroup. I never post my true
> > email address to prevent spam. Thank you. 
> 
>
date: Tue, 12 Aug 2008 09:22:04 -0700   author:   Jason

Re: Virus and/or hacking problem with Windows Messenger    
Greetings Jason,

There is no possible way anyone can send you a link on Messenger that will go and execute 
anything without further prompting.  It was probably something else.

Don't bother reinstalling Messenger, it doesn't even remove it's configuration files when you 
do it -- it's a simple copy files, save windows installer registry key routine.

-- 
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--



"Jason"  wrote in message 
news:4B3986DC-2958-4F99-B16E-7DB0B4940128@microsoft.com...
> Hi there,
>
> I have had a similar experience to John. I have gotten messages from
> contacts who seem to be infected, which I always ignore and inform them.
>
> Yesterday, I logged into Messenger for the first time in two weeks and
> promptly got a message from an unknown contact. I closed the window without
> going to the link in the message. However, when I did, it looked like it
> quickly ran a dos window that closed. I am now concerned that I am infected.
>
> I have done the following: Checked to make sure this unknown user is not in
> my contacts. Uninstalled Messenger (am going to reinstall) and have updated
> my AV and Ad-Aware, which have noth come up clean on several scans.
>
> Is this a new trojan out there? How can I be certain I am not infected?
>
> Any help or guidance is greatly appreciated.
>
>
> "Jonathan Kay [MVP]" wrote:
>
>> Greetings John,
>>
>> The vast majority of Messenger viruses and worms work exactly in the way you just 
>> described.
>> They link you to a website, prompt you for your credentials or download and ask you to
>> execute an executable.  They then do whatever they're programmed to do, and then send the 
>> web
>> site link to their entire contact list.  As such, it sure sounds like that one contact of
>> yours is infected.  You are not.
>>
>> There is no way to remove yourself from someone else's contact list.  All you can do is 
>> block
>> and then delete them.  After that you can continue to control your status with said 
>> contact
>> by clicking the Tools menu, then Options, and then the Privacy tab.  If the contact in
>> question has removed you from their main contact list, then you can right-click that 
>> contact
>> in the Privacy tab options block or allow list, and choose Delete.  If they have not 
>> removed
>> you from their main contact list however, the option will be grayed out.
>>
>> -- 
>> Jonathan Kay
>> Microsoft MVP - Windows Live Messenger
>> MSN Messenger/Windows Messenger
>> MessengerGeek Blog: http://www.messengergeek.com
>> Messenger Resources: http://messenger.jonathankay.com
>> (c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
>> --
>>
>>
>> "John"  wrote in message news:#lncKD99IHA.1204@TK2MSFTNGP04.phx.gbl...
>> > I'm running Windows XP Pro SP2 and Windows Messenger v5.1.0701
>> >
>> > About 10 days ago, I received 2 IM's, several hours apart, from one of my contacts. Both 
>> > of
>> > them asked me to go to unknown websites, a different site in each message. I was very
>> > suspicious and cautious, because I had never received this kind of IM before. The 
>> > website
>> > from the first message asked me to login with my MSN account and password. I refused to 
>> > do
>> > so. I never visited the website from the second message.
>> >
>> > I sent an email to my contact and asked him if he had originated these 2 IM's. His 
>> > answer
>> > was that he had not, and that many of his other contacts had reported the same thing
>> > happening to them. He suspects either he has a virus which is exploiting his Messenger
>> > account, or someone has hacked into his account and is using it.
>> >
>> > I shut down Messenger on my end and left it off until today. When I re-started Messenger 
>> > I
>> > had a notice that someone I have never heard of has added me as a contact. I blocked 
>> > that
>> > person from contacting me. His ID is Brooke, his email and Sign-in name are
>> > brookesised@hotmail.com, and his service is .NET Messenger Service.
>> >
>> > I see how to remove him from *my* contact list. Is there any way for me to remove myself
>> > from *his* contact list?
>> >
>> > Is this something new, or is this a known and documented exploit? Is there a fix for my
>> > contact, who apparently is the victim?
>> >
>> > Thanks!
>> >
>> > John
>> > -- 
>> > Please reply in this newsgroup. I never post my true
>> > email address to prevent spam. Thank you.
>>
>>
date: Tue, 12 Aug 2008 22:57:47 -0400   author:   Jonathan Kay [MVP]

Re: Virus and/or hacking problem with Windows Messenger    
"Jonathan Kay [MVP]" wrote:

> Greetings Jason,
> 
> There is no possible way anyone can send you a link on Messenger that will go and execute 
> anything without further prompting.  It was probably something else.
> 
> Don't bother reinstalling Messenger, it doesn't even remove it's configuration files when you 
> do it -- it's a simple copy files, save windows installer registry key routine.
> 
> -- 
> Jonathan Kay
> Microsoft MVP - Windows Live Messenger
> MSN Messenger/Windows Messenger
> MessengerGeek Blog: http://www.messengergeek.com
> Messenger Resources: http://messenger.jonathankay.com
> (c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
> --
> 
> 
> 
> "Jason"  wrote in message 
> news:4B3986DC-2958-4F99-B16E-7DB0B4940128@microsoft.com...
> > Hi there,
> >
> > I have had a similar experience to John. I have gotten messages from
> > contacts who seem to be infected, which I always ignore and inform them.
> >
> > Yesterday, I logged into Messenger for the first time in two weeks and
> > promptly got a message from an unknown contact. I closed the window without
> > going to the link in the message. However, when I did, it looked like it
> > quickly ran a dos window that closed. I am now concerned that I am infected.
> >
> > I have done the following: Checked to make sure this unknown user is not in
> > my contacts. Uninstalled Messenger (am going to reinstall) and have updated
> > my AV and Ad-Aware, which have noth come up clean on several scans.
> >
> > Is this a new trojan out there? How can I be certain I am not infected?
> >
> > Any help or guidance is greatly appreciated.
> >
> >
> > "Jonathan Kay [MVP]" wrote:
> >
> >> Greetings John,
> >>
> >> The vast majority of Messenger viruses and worms work exactly in the way you just 
> >> described.
> >> They link you to a website, prompt you for your credentials or download and ask you to
> >> execute an executable.  They then do whatever they're programmed to do, and then send the 
> >> web
> >> site link to their entire contact list.  As such, it sure sounds like that one contact of
> >> yours is infected.  You are not.
> >>
> >> There is no way to remove yourself from someone else's contact list.  All you can do is 
> >> block
> >> and then delete them.  After that you can continue to control your status with said 
> >> contact
> >> by clicking the Tools menu, then Options, and then the Privacy tab.  If the contact in
> >> question has removed you from their main contact list, then you can right-click that 
> >> contact
> >> in the Privacy tab options block or allow list, and choose Delete.  If they have not 
> >> removed
> >> you from their main contact list however, the option will be grayed out.
> >>
> >> -- 
> >> Jonathan Kay
> >> Microsoft MVP - Windows Live Messenger
> >> MSN Messenger/Windows Messenger
> >> MessengerGeek Blog: http://www.messengergeek.com
> >> Messenger Resources: http://messenger.jonathankay.com
> >> (c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
> >> --
> >>
> >>
> >> "John"  wrote in message news:#lncKD99IHA.1204@TK2MSFTNGP04.phx.gbl...
> >> > I'm running Windows XP Pro SP2 and Windows Messenger v5.1.0701
> >> >
> >> > About 10 days ago, I received 2 IM's, several hours apart, from one of my contacts. Both 
> >> > of
> >> > them asked me to go to unknown websites, a different site in each message. I was very
> >> > suspicious and cautious, because I had never received this kind of IM before. The 
> >> > website
> >> > from the first message asked me to login with my MSN account and password. I refused to 
> >> > do
> >> > so. I never visited the website from the second message.
> >> >
> >> > I sent an email to my contact and asked him if he had originated these 2 IM's. His 
> >> > answer
> >> > was that he had not, and that many of his other contacts had reported the same thing
> >> > happening to them. He suspects either he has a virus which is exploiting his Messenger
> >> > account, or someone has hacked into his account and is using it.
> >> >
> >> > I shut down Messenger on my end and left it off until today. When I re-started Messenger 
> >> > I
> >> > had a notice that someone I have never heard of has added me as a contact. I blocked 
> >> > that
> >> > person from contacting me. His ID is Brooke, his email and Sign-in name are
> >> > brookesised@hotmail.com, and his service is .NET Messenger Service.
> >> >
> >> > I see how to remove him from *my* contact list. Is there any way for me to remove myself
> >> > from *his* contact list?
> >> >
> >> > Is this something new, or is this a known and documented exploit? Is there a fix for my
> >> > contact, who apparently is the victim?
> >> >
> >> > Thanks!
> >> >
> >> > John
> >> > -- 
> >> > Please reply in this newsgroup. I never post my true
> >> > email address to prevent spam. Thank you.
> >>
> >> 
> 

To: Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger

Jonathan do you work for Microsoft?  Are you new?  These annoying links have 
been spreading like wildfire for the better part of a year!  Yes people get 
fooled because the links appear to be from a friend (one of your contacts).

Bill Gates is too busy making dumb commercials while his userbase gets 
frustated to no end. Only in America!

Change your MSN password some people say..  shouldn't happen in the first 
place if MS techs cared.

Rant over..
date: Wed, 17 Sep 2008 12:55:01 -0700   author:   Annoyed I.T Tech Annoyed I.T

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us