GrayScales - Scams, Viruses & More
Jim's Blatherings - Simple ramblings (maybe rants) from the Co-Founder of Quikonnex about Scams, Viruses, Internet Marketing, web techniques, tips & anything else that pops into his head.
Subscribe without Email Subscribe without Email
GrayScales - Scams, Viruses & More

MSN Messenger Trojan - Kirvo

Friday, July 22, 2005
The Trojan.Kirvo.B (Symantec) or W32/Kelvir.worm.ea (McAfee) was discovered on July 19/20 and spreads itself via Microsoft's Messenger Service (MSN). This is kind of like those emails you receive from a friend where they really didn't send it. But your friend did allow their computer to get infected and now they're trying to give it to you.

An infected computer will send an MSN instant message to anyone that is on the user's MSN buddy list. If you get it, you'll see an MSN message similar to this:
thats life day for you and the rest of days on you hehe [http://]KillingTime.dynu.net/[REMOVED]Images.php?pic=0017&sec=badluck

or

thats something you want to see everyday hehe http://[blocked].dynu.net/Images.php?pic=7458&sec=jokes

Like most viruses and trojans, there will be variants where the message is different. If the idiots that write this stuff ever figure out how to use good grammar and spelling, this type of attack could spell real trouble. If I got a message like this, I'd have to assume my friend was either drunk or stoned. Your response should not be to click on the link and see what they think is so funny. Send them a reply and say "WHAT?" If they don't reply, they're probably not there and their computer is doing it's own thing. Do your friend a favor and tell them they may be infected and demand they get their act together and get a good anti-virus/anti-spyware package (and keep it up to date).

These trojans install a backdoor spyware program called Spybot, but please do not mistake this one for the real SpyBot program that's an excellent anti-spyware program.

To read more about this virus and how to remove it visit these sites:

Symantec - Kirvo B McAfee - Kelvir
Posted on 07/22/05 at 11:28:11 by Jim Gray
Category: Viruses and Hoaxes

Comments

dan wrote:

Didn't know anything about it and my friend's computer just sent my the link and i went there but it opened a download window but i didn't download but i am running a full system virus and spyware scan thanks Jim!
Posted on 01/27/07 at 00:26:08

Alex wrote:

Ditto on SpyBot Search and Destroy I use it and there are imitators. I also use (may be a little overkill) SpyBlaster and SpyGuard (http://www.javacoolsoftware...), these 2 are active not passive like Spybot Search and Destroy. I have Norton Internet Security and use Yahoo's free Anti-spyware checker.

At work we were told about IM gear in general was having a problem and to shut it down. I am in the process of looking for fixes... I use IM's at home and my son lives on them! My wife as well... so thanks!
Posted on 08/03/05 at 09:52:13

gschloff wrote:

I don't use MSN either, but I sure appreciate the heads up!

Thanks Jim.
Posted on 07/24/05 at 19:42:20

triizine wrote:

Thanx for the warning Jim. I don't use MSN messenger myself, but I do have a teenager who occasionally does. I'll have to make sure he is aware of this one.

SpyBot Search and Destroy is an excellent program, and for anyone who doesn't have it yet, you can get the download free. Just Google the term, "Spybot S&D".

Kudos Jim!
Posted on 07/23/05 at 08:29:28

Add Comments

:

:
:

:




Required for non-registered users




Navigation



Instant Messengers