Messenger.VirusWarning
Category: Trojan
Risk:
High Risk
* High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.
Description: The program runs approx every 10 mins and gives a pop-up message telling the user the computer is infected with a virus. The popup message says: "Warning! Your computer has been infected with a virus. Please fix and secure your computer immediately." Installs a file called msmsgs.exe named after Windows MSN Messenger in the system folder (C:\Windows\System...). The Properties of the msmsgs.exe file are: - Company Name: Eternal Order of the Impossible Triangle - Internal Name: VirusWarning - Original Filename: VirusWarning.exe - Product Name: Project1 - Product Version: 1.00 If the file is removed, a new version of the program seems to be copied to the system32 directory every time I reboot. The virus program was written with visual basic. Possibly related to the trojan Gaobot.
Alias: None
Signatures:
process: msmsgs.exe: MD5 Hash: 904dc0862e6d003b083
process: msmsgs.exe: MD5 Hash:
process: msmsgs.exe: MD5 Hash: 5a47a910ed023b45a64..
Copyright @2006 THR Computer Solutions: Messenger.VirusWarning