"Project1" virus (pictures.templates4friends.com MSN messages)
Having just sorted this I thought I should write something about it. Ben received a message over MSN similar to this earlier this evening:
Username: rofl is this you?
Username: http://pictures.templates4friends.com/ pictures.php?email=emailaddress@hotmail.com
He clicked the link and ended up installing a program "Project1" running the process spool.exe in C:\Documents and Settings\[User name]\. Installation and a quick scan with Microsoft Windows AntiSpyware (Beta) detected it and a few other bits of spyware and seems to have sorted it out. Microsoft's Antispyware had some initial problems, detecting Firefox as spyware, for example but the software was easy to use. The interface didn't seem too bad either, though the menus at the top seemed to operate rather strangely, the scroll bars don't seem to resize according to content and nothing else can be done while the software is scanning.
A reinstallation apparently also works, but it's probably worth installing Antispyware to catch anything else which has been inadvertently clicked.
Read more at Symantec Security Response and McAfee.
Hi! Anyone have any help on a Project1 virus issue? Have been comparing hijack lists here and there but none have really matched mine. Appreciate any extra input! Thanx!!!! :)
Logfile of HijackThis v1.99.1
Scan saved at 10:34:13, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
F:\important downloads\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX6000.exe
I use Zone Alarm and it is picking it up - and deleting an .exe but it keeps coming back.
By Anonymous at 10:03 AM, October 22, 2006