Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"crazyfrog" is driving me crazy.. Is it a virus?

Status
Not open for further replies.
MALFIE

MALFIE

Technical User
Apr 3, 2003
113
AU
Received a file attachment while using Messenger (I know..I know..) called crazyfrog. It contained an obscene graphic..

Now I can't talk to anyone.. that is.. I see them connect.. and I send a message.. then when they reply it shows the C drive (as in My computer) for a second then drops back to Messenger and I cant use it again unless I reboot.
It wont let me run my virus proggie in normal mode and when I do, in safe mode.. it finds nothing (it is up to date as yesterday..)

Looking about it seems similiar to bropia-R worm but the removed tool for bropia doesnt find anything..

Any suggestions??

"We do not stop playing because we are old, more likely we grow old because we stop playing...
 
Sort by date Sort by votes
Do you have (or have you had) messenger plus installed on the machine?

If so, if you look in c:\programfiles do you see a folder for c2media and/or 1 to 3 folders with really odd name combinations?

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Thanks for that....

I run Ca Vet (Innoculate) on my own PC and after I found all these files in the root directory of TWO PCs ( 1 XP Home, other Win2000 )just in for service I copied them onto a usb pen drive with the intention of "zipping" them to forward onto the Virus package tech..

However, as soon as I placed the drive into my PC Vet promptly wiped the lot , telling me it was the SUMON worm virus...

Both the other PCs have the same virus package running.. the only difference being mine was right up to date whereas theirs was a day or two old...

As it would not run the virus prog in normal mode I updated the viral defs manually then rebooted in SAFE.

It then found hostlblock. trojan in system32/drivers/etc/hosts

then went on to detect and delete

system32/serbw.exe (sumon)
system32/formatsys.exe (sumon)
windows\msmbw.exe (sumon)


It places a dozen or so MSDOS .pif shortcut files, hidden, in the root directory + a few others elsewhere that look menacing.. Of course you have to turn on View Hidden Files to find them, even in search.. But deleting those is a waste of time as they reappear on reboot.. probably being "seeded" but the above generating files..

Happily, both PCs are not operating correctly and there is no sign of the earlier problems..

Another case of why to keep virus defs RIGHT up to date..



"We do not stop playing because we are old, more likely we grow old because we stop playing...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
301
Oorde
Oorde
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
244
2ffat
2ffat
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
223
Henry Pence
Henry Pence
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
269
2ffat
2ffat
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
504
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top