MSN Messenger Virus

To be honest, i’m sick of all the people that sign into MSN Messenger and you get this:

"Check my new pic at http://tinyurl.com/me.jpeg" or something similar

I wish these people knew how to protect their computer from these sort of viruses.

Anyways, I have done a little research on this virus and hope i could help the community with my little input.

How you got the virus?

You got this virus from a friend on your contact list. (Don't pick up the phone now and yell at your friend yet!)

They don't even know that they are passing the virus, they are passing them because they got it from another friend from their msn messenger contact list.

You will see a message from your friend with something like "I put your picture on your blog, see if it looks ok." or "check out my pic" then you will receive a file request.

The file names are random, something like "PICxxx.zip". Once you opened it, you got the virus and you will pass on the virus automatically on msn messenger without notice.

or the second way is checking out who blocked you on msn messenger. yes it does work and they can tell you who has deleted you or blocked you or have you on msn messenger but i am not going on how of those details today its a different topic.

Symptoms:

*Your computer will be slower than usual.
*There might be Ads popping up to your computer.
*Your mouse might disappear.
*You might not be able to open "My Computer".
*Your internet will get slower
*and you will keep sending the same virus with the random message and the files to your friends in your msn messenger contact list.
*you will be signed on MSN messenger even when you arent signed on it

*Might means might and not definite

Removing the virus:

Now removal part of this virus has too many ways as the virus is not one and has several shapes so i will talk about steps for some basic ones:

To remove picsvc.exe
1- Close your msn messenger (Avoid it to send the same virus to your friends)
2- Click "Start" (Restart your computer if the cursor doesn't work)
3- Click "Run"
4- Type "msconfig"
5- Go to the "Startup" tab.
6- Look for a file with the name "xxxsvc.exe" and make it unchecked.
7- Your computer will have to restart. (Your computer should be faster now)

To remove sending automated messeges to your buddies
1- Unhide folder(s) -> C:\Documents and Settings\user account\Local Settings\Application Data\Microsoft\Messenger\email@host.com
(of course “user account” and “email@host.com” will differ for you on your pc)
2- Delete all files and folders from that folder
3- Chang your MSN messenger/hotmail password

To Remove Cutepic.pdf
1- Hit Ctrl,Alt,Delete on the keypad, look for "hotkeysvc." select it and press "End Task" (if it is on there...).
2- Use the Search feature to look for "hotkeysvc.exe". It will be in the %System% directroy, if it is there at all. Delete that file.
3- Go to Start> Run> [type] msconfig
4- Click the tab at the top right hand corner of the program that poped up that says "Startup".
5- Look for "hotkeysvc.exe" or something like that and uncheck the box next to it.

To remove the PIC1234(1)(1)(1)(1)(1)(1).exe...
1- Close MSN (if not already closed)
2- Goto 'Start> Run' [type] "msconfig"
3- Click the tab at the top right hand corner of the window that pop up that says "Startup"
4- Uncheck the box next to "MSN Messenger".
5- Hit Ok, when it asks if you want to restart your computer say "no".
6- Hit Ctr, Alt, Del find "MsgSpread" and click End Task (if the file is there).
7- On the Desktop, open My Documents.
8- Double click "Messenger Service Received Files" if you dont see a folder called that then go to My Computer> C> Program Files> Messenger Service Received Files
9- You should see a file called PIC1234(1)(1)(1)(1)(1)(1)(1)(1).exe, right click it ONCE and select delete.
10- On the desktop click the "Recycle Bin" and click empty.

Now for Choke.exe...
1- Hit Ctrl, Alt, Delete select Choke.exe press "End Task"
2- Close MSN (if not already closed...)
3- Go to Start> Run> [type] "msconfig"
4- Click the tab at the top right hand corner that says "Startup"
5- Uncheck the box next to "Choke.exe", "ShootPresidentBUSH.exe", or "*The user name here*.exe
6- Use windows search, and look for for "Choke.exe", "ShootPresidentBUSH.exe", or "*The user name here*.exe
7- Right click the file once, and select delete.
8- On the desktop open the "Recyle Bin" and empty the recycle bin.

Now to remove W32.Aplore@mm... (only deactivate actually...)
1- Close MSN (if you haven't already)
2- Go to Start> Run> [type] "msconfig"
3- Click the tab at the top right hand corner that says "Startup"
4- Uncheck the box next to "Explorer"
5- Restart your PC

Also, where ever you are searching for file or folder, do remember it could be a hidden file, so un hide your folders. if you dont know how to do that, you have the comment box, drop me a line there.

Let me know what you think and if it helped. Drop me a line/comments if you need further help.