THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Peter DeBetta's SQL Programming Blog

Peter DeBetta's blog about programming in SQL Server using technologies such as T-SQL, .NET, CLR, C#, VB, Visual Studio, and SQL Server Management Studio.

Virus Alert: Windows Live Messenger

I received a IM message in Windows Live Messenger from a techie friend earlier today. The message reads (myname replaces my actual email name)

"Hey isnt this YOU?? http://msngallery.ms.funpic.de/viewimage.php?=myname@hotmail.com"

I thought it strange that my friend was offline when this message was sent, but I clicked the link anyways to see what he could be talking about (my ego/curiosity made a bad choice). Next thing I know, I am being prompted to Run or Save a MS-DOS application. Fortunately, I read the dialog and canceled the request.

According to news on the net, some AV programs didn't catch it and many people now have a trojan running on their system.

Published Tuesday, January 29, 2008 4:44 PM by Peter W. DeBetta

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

fangs73 said:

Did you find a fix?  Some people clicked on it and it killed their network connections etc.

This is one of the wores one I have seen.

Eric

January 30, 2008 2:27 PM
 

Peter W. DeBetta said:

From what I could tell, this is the fix: http://dotnetwizard.net/?p=343 (Although I make no claim as to the validity of this site since I did not get infected) :-)

January 30, 2008 3:13 PM
 

Kevin3NF said:

That thing went running through here like wildfire...you may well have gotten it from my box.  My IE7 freezes from time to time for a few seconds and I wind up clicking on an app that wasn't even in front of me at the time :(

I got infected, but a fullscan, file delete and reboot did the trick!

Kevin3NF

January 30, 2008 3:22 PM
 

Peter W. DeBetta said:

Indeed, Kevin, you are the techie friend mentioned in the post. :-)

Glad the fix works!

January 30, 2008 3:26 PM
 

Kevin3NF said:

Dang....are we still friends? :)  I'm almost ready to come to a NTSSUG meeting again!

January 31, 2008 4:24 PM
 

Peter W. DeBetta said:

But of course - just don't let it happen again :-)

January 31, 2008 4:28 PM
 

Peter W. DeBetta said:

I just removed a comment that posted a link to a fix. The comment, by someone named Bjorn, read:

"I managed to get it fixed by running http : / / www. nucia. eu/ dedicated/ msnfix/"

No offense, but a link to an unknown exe file? Unless the fix comes from Microsoft, or one of the known anti-virus companies, please don't post it here.

February 18, 2008 3:58 PM
 

Peter W. DeBetta said:

Follow up: This fix is supposed to be from someone named Bendeboy. From what I have read, he has created a genuine fix for the problem and is supposedly now well-known in the Netherlands because of it; just the same, I would still be wary of running any executable on my system without confirmation of its safety.

February 18, 2008 4:04 PM
 

SL33KR said:

Hey guys i to got this virus from a friend being stupid enough to open it, even though i thought it was a bit odd. I just ran AdAware 2007 and it picked it up straight away. Now seems to be all clear

March 31, 2008 7:12 PM

Leave a Comment

(required) 
(required) 
Submit

About Peter W. DeBetta

Peter DeBetta works for Microsoft as an Application Platform Technology Strategist, specializing in strategies, design, implementation, and deployment of Microsoft SQL Server and .NET solutions. Peter writes courseware, articles, and books – most recently the title Introducing SQL Server 2008 from Microsoft Press. Peter speaks at conferences around the world, including TechEd, SQL PASS Community Summit, DevTeach, SQL Connections, DevWeek, and VSLive!

When Peter isn’t working, you can find him singing and playing guitar (click here to hear an original song by Peter), taking pictures, or simply enjoying life with his wife, son, and daughter.
Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement