Okay, so this is basically what happens. My account sends an auto message with some weird link in it to the people in my contacts list, which I guess when they click that link it adds the worm into their computers registry as well so then its infected to their computers as well. Which means that they auto send those messages to the people in their contacts list as well. So on and so forth. I guess thats what makes it a worm.

So first off, how the hell do I fix this? This is absolutely horrible!

Secondly, what is a worm exactly? Is it a virus? Is it harmful? My guess was that its a virus that is able to spread itself.

This is the message that I, or rather it, just sent to one of my friends, but she didn't click it thankfully.

I wouldn't click the link by the way, I don't know what would happen if you did.




this really looks like you :S htp://photoshare.ph.funpic.de/viewimage.php?=*******@hotmail.com






I took out one of the "t"'s in the http part, just in case. I think that should disable it from working if you clicked it, if it would even do anything to begin with. It may only work on messenger.

Thanks for her email address!

I'll search for a solution now.

EDIT:

Run this:
http://housecall.trendmicro.com/

It's a virus called: W32.Spybot.YXX

If housecall doesn't work, then try this:
http://answers.yahoo.com/question/index?qid=20080207203532AA8Jtpp

This is actually a virus spreading through MSN known as W32.Spybot.YXX.

Please don't click these links as you may be infected. They may show up under the domains of either photoshare.ph.funpic.de or mainmsn.com.

The easiest fix is to go to start>run and type msconfig. Under the Startup tab, un-check wkssvc.exe.

THEN, download this patch:

http://www.sharebigfile.com/en/file/6646/msnclean-exe.html
( http://tinyurl.com/2kwupu )
(Thanks to Chris in a comment on "Squid News" for making this)
Alternative mirror: http://mihd.net/hq38mw

As an alternative, you can also do it manually:

1. Go to start>run and type msconfig. Under the Startup tab, un-check wkssvc.exe.

2. Go to start>run type cmd, once the window pops up type:

del "%windir%\system32\vxconfig.xml" "%windir%\wkssvc.exe" "%windir%\system32\spool.exe"

and hit "enter."

(hint: you can copy this, right click in the command prompt click "paste" and hit "enter")

3. Go to start>run, type regedit, click edit in the new window, then click find. In the search window type wkssvc.exe and delete anything that comes up.

4. You're done! Enjoy your computer free of this madness.

Also read this: http://squidnews.com/2008/01/23/your-msn-contacts-may-be-sending-you-viruses-mainmsncom/

I clicked on the link with full noscript protection, and added the other T. It came up with a german site, no text just a link to a place called funpic.de. So all you need to do is to click on a link in MSN messanger, and you are infected? Its a file downloaded through MSN then.. scary that it can take complete control.

Glad I use AIM...

Some worms like this are multiplatform. It doesn't download to your messenger, it downloads to you computer, so whatever messenger you use could be at risk. But I don't know for sure. I do know that its a multilingual program though, meaning that it knows how to find out what language you are and broadcast itself to you in that way.

So long as you don't click weird links you should be fine.

The Trendmicro link seemed to of worked, I also did a system restore to an earlier date. I haven't had any issues thus far since last night.

It's funny that Crenn referenced Yahoo Answers. I'm on there all the time, and I almost answered that question. 95% of their users though, are pretty stupid.

Some worms like this are multiplatform. It doesn't download to your messenger, it downloads to you computer, so whatever messenger you use could be at risk. But I don't know for sure. I do know that its a multilingual program though, meaning that it knows how to find out what language you are and broadcast itself to you in that way.

So long as you don't click weird links you should be fine.

The Trendmicro link seemed to of worked, I also did a system restore to an earlier date. I haven't had any issues thus far since last night.

Other users on another forum reported success with system restore.

Try changing your MSN pass. works every time for me.