Latest MSN messenger Worm/virus spreading like wildfire

What are MSN messenger Worms?
How to recognize them?
How to remove them?
How to prevent them?

What are MSN messenger Worms?

Any kind of worms/virus spreading through the use of Microsoft's IM client Windows Live Messenger/Msn Messenger, is MSN messenger worms/Virus. Normally what happens is if the system is infected with MSN messenger worms/virus, the only threat is that user's information is at risk. Previously, I've seen vicious worms which could transmit the data from the infected computer to worm writers. Besides, the threat level is low unless you don't share important informations across the MSN contacts.

How come latest Antivirus softwares are not detecting them?
Antivirus is not always the solution for variant nature of worms/virus which use IM networks(protocol). I'm writing variant nature, because, everytime, the worm writer puts the new name to it's worm. So, the worm gets new name more often and it goes undetected even by latest Antivirus softwares. After all, IM networks are made to share information and files.

How to recognize them?
-If all of a sudden, your friends(in IM) start asking you about the stuffs you never sent them. (Normally, they'll ask you 'have you sent me some links or photos' if they are smart enough, else they would click/open blindly)
-If you are feeling computer is getting slow(because, they do consume memory and they stay in memory, so they are memory resident)
NOTE: You may never know what's going on under your nose unless someone notifies you.

OR

if you are not infected but your friends whose computer is infected might send you with alluring texts or words without his consent.
"Hey, i've an interesting pictures IMAGE32131.jpg.com? to share with you" and you are given with the link to click


Normally, infected computer would send something like above through MSN messenger

So.. normally, you would see different changes on these words with the same objective, i.e to send you some obnoxious looking(at least for me) file name but trying to deceive people by making it look like JPG(image) file.

Innocent user just sees/reads the IMAGE**.jpg and forgets about another extention IMAGE**.jpg.com or IMAGE**.jpg.exe. Those .com and .exe are the executable file extention, which means it runs automatically, as soon as you double click them thinking to see an image files.

NEVER EVER CLICK any file name ending with .COM or .EXE. They are made to run instantaneously.

I recently got strange message from my friend on MSN messenger and these WORM WRITERS have come up with unique but working formula.
Infected computer sent me asking "
Hey, i've new pictures on facebook.com ..blah blah"
and the name of sent file was "newfacebook.com"
Again, innocent user might think, oh it's from facebook.com and he/she might end up clicking the same .COM extention.

NEVER EVER CLICK any file name ending with .COM or .EXE. They are made to run instantaneously.

How to remove them?
Ummm.. This is the most important part. Couple of years back, during Windows 98 age, i had big fight with these kinds of worms and i always won. But this is Vista age and Vista is not at risk for the time being. And, there are various forms of similar worms existing for XP. Before you try to fight and eradicate this worm, i want you to load one weapon in your arsenal,just for now. Believe me, it's pretty easy.

That weapon is UNLOCKER.
Unlocker is freeware software to detach some files from the system which refuse to get deleted/moved/copied.

Some files refuse to get deleted/moved/copied

You need this because, to kill memory resident worm, it will help you. And why you need it, because, the worm will be deleted instantly. Some msn messenger worms are very stubborn and they don't want you to delete them. so, Unlocker is the solution.

Download from http://ccollomb.free.fr/unlocker/unlocker1.8.5.exe

Once you installed Unlocker, lets get to the business.

1. Run MSCONFIG
-Click 'Start' button --> Run and type 'msconfig' without quotes and hit 'Enter' key
-Now click the 'Startup' tab and carefully examine the suspicious file/item that's starting automatically, everytime your windows starts.
(Oh, lemme tell you something about MSCONFIG. This is small tool in Microsoft Windows which lets you control what to start and what not to start everytime windows runs. It has other things to do too but right now, you don't need to understand more than that.

MSCONFIG SCREEN and check the location of startup file in folder and registry

And, finding suspicious file/item from the 'Startup' is pretty easy. Just see the file/item and try to check their 'LOCATION' and folder location by extending your gaze at the right side of MSCONFIG screen. You'll see where those files/items are stored, you'll also see where those programs are set in the REGISTRY of windows. )

-Once you think you found the suspicious file/item(it could be MsgSprd, Messenger, newfacebook,pic1324,Image etc), uncheck that, click apply and click OK.

Just Don't restart the PC. Click the option which says, you'll restart your PC later time.

2. Click Start-->Run--->type 'Regedit' and hit enter key.
(Regedit will launch the Registry and please don't play around with it beyond my guide. One single mistake/delete of registry key could result useless Operating System and it's hectic going back to safemode.. and so, but don't worry)

If you've noticed the suspicious file name, remember its few initials and on the registry screen, follow this path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Under Run, check on the right hand side and see if there is the entry saved for those suspicious files. Delete the one or two which look suspicious entry(Right click the entry and select DELETE key).

Close the Windows Registry. (actually, from msconfig, we did the same thing, but we're making sure with this second step that, it would remove it's traces from registry too)

3. Now, press CTRL+SHIFT+ESC key together and you'll be brought up 'Windows Task Manager' screen
-click the Application tab and from there, 'end task' any suspecting file/item.. only if there is.. else let it be.

4. And, Delete/flush the TEMP folder. In windows XP/98, go to C:\windows\temp and delete all the files from there. If some files refuses to get deleted, use UNLOCKER.
Right click on the file which is refusing to get deleted and select UNLOCKER. From the next screen, select 'Unblock and delete' option and click okay. That's it.

5. Not necessary, but still clean your browser's CACHED temporary files. Delete all offline contents from IE and firefox.

6. Lastly, remove/uninstall your MSN messenger and download latest version from http://get.live.com/messenger/overview

How to prevent them?
After you restarted your computer, my recommendations to your online security are as follows:

Good Firewall: Firewall will block all the access to your computer from remote computer. Firewall gives you control what to choose and what not to choose. If you don't have firewall, you are not safe.

Download COMODO firewall. From there click 'Download Now' button and select the link for 32 bit if your processor is 32 bit or 64 bit, if your processor is 64 bit. Mostly it's 32 bit if your computer is more than a year old or so.
COMODO is super firewall till date i've tried. So, believe my words and download it. Rest follow their online instruction to master this application. It's plain easy

Efficient Antivirus: Antivirus should kill/remove all kind of virus and worms,must consume low memory and so. Look no further, download NOD32(for XP) and follow this link
Follow each and every steps how to successfully installing this antivirus. Regularly update antivirus

Smart Anti-spyware: Words of caution, i've seen bogus anti-Spywares on net. Stay away from them. And always use, SPYBOT - Search and Destroy

This antispyware will remove all the spywares from your computer, so give a thorough scan after you install it and yeah, regularly update it's database too.

With the COMBO of these three, you'll be at least, 99 percent safe on net and use your brain(be smart) for 1 more percent to be hundred percent safe.

NOTE: never accept suspcious files, never open enticing emails, never visit suspicious sites or never install anything from any webpage if you doubt. Happy surfing.

Related link:
How to find if someone has blocked you on MSN messenger