AIM Virus Spreading rapidly

[JiveMasterT]

Over the course of the day about 20 people on my buddy list have contracted this virus that is spreading rapidly. You will get a message from someone that says "Hey look at this." and the "this" is a link that points to "http://cesaraceves.com/gallery/gallery.com"

DO NOT CLICK ON THAT LINK! You will get the virus and start spreading it rapidly to everyone on your buddy list. Please post here if you know how to remove it.

Last I checked, the website it is pointing to is running really slow. I did manage to download the .com file using getright but i dont know how to look at the actual code to see what the thing does.

edit...

if you want the fix for it... go here: http://www.jayloden.com/

Edited May 1, 2005 by jivemastert

[b0m8er]

Last I checked, the website it is pointing to is running really slow.  I did manage to download the .com file using getright but i dont know how to look at the actual code to see what the thing does.

585857468[/snapback]

Just submit that file to major AV company, like Symantec, Kaspersky....

Let them play with it....

[JiveMasterT]

I submitted it to Symantec, waiting for a response...

[kyro]

humm

well i couldnt get online with GAIM TRILLIAN and Miranda. my co worker thought i was ditching him. ( mailed him to come on MSN )

whats the prob? Does AIM sucks this much?

[Brandon Live Veteran]

I haven't seen any of these messages...

How does the virus get installed? I assume this only affects systems that are not properly patched?

Edit:

Looks like it just links to a file called "gallery.com"

Wouldn't the user have to accept the download and run the file in order to be affected?

[tlogank]

I had someone send this to me as well, but for some reason, but when I clicked the link, it opened up in Opera (Default Browser) and it wasn't able to affect me.

...Just another reason to use alternative browsers.

[JiveMasterT]

im pretty sure it will just ask to download the .com file if it opens in another browser, in which case you could install it. people who have windows that isnt patched are potentially at risk. i did find a website that has a tool that might be able to remove it... http://www.jayloden.com/check.htm

go there, follow the directions, get the tool.

[Cyber Dog]

It's already detected by kaspersky...

I submitted it to McAfee and their heuristics detected it, so they'll be adding it shortly.

[Brandon Live Veteran]

I had someone send this to me as well, but for some reason, but when I clicked the link, it opened up in Opera (Default Browser) and it wasn't able to affect me.

...Just another reason to use alternative browsers.

585857679[/snapback]

Umm... it doesn't affect IE any more than it affects Opera from what I can tell...

[tlogank]

This takes care of the problem...

EDIT...oh, someone posted it already. Sorry, I didn't refresh the page.

[mistical]

@jivemastert, to help people get rid of this. Could you edit your first post here to include that you can remove the aim virus by downloading AIMFix? here's a direct link to AIMFix: http://www.jayloden.com/aimfix.exe

[Valmor]

Does this automatically execute if your default browser is IE?

[JiveMasterT]

@jivemastert, to help people get rid of this. Could you edit your first post here to include that you can remove the aim virus by downloading AIMFix? here's a direct link to  AIMFix: http://www.jayloden.com/aimfix.exe

585858065[/snapback]

good idea... done.

Does this automatically execute if your default browser is IE?

585858279[/snapback]

Not nessicarily. I think if you have an older version of IE it might auto execute, but if you stay on top of your updates then you should be fine.

[radioboy]

Umm... it doesn't affect IE any more than it affects Opera from what I can tell...

585857699[/snapback]

Actually, it does

IE automatically executes the file w/ certain permissions

Opera does not

[Oompa]

Yep I got this twice. I started talking to the guy that sent it to me :p.

[Homer]

Seems like there is a similar thing going round for MSN too... next time I get it I'll tear it apart on the mac where I know I'll be safe. :p

[Meshuggah]

been getting a lot of these messages... too bad its always from my non-comp savvy friends :/

[Dane2003]

Hello,

I have submitted this file to Symantec and to McAfee. McAfee's Heuristic detection assigned the name "new malware.h" to it, and it is currently being Escalated with a McAfee Researcher at this time.

Symantec has yet to respond to this file, however, I will post an update as soon as I get more information.

[Brandon]

I got it, but of course didnt install click on it.. just looked at the code and its all jibberish

[kylejn]

Yeah, I got this a few times today. I never downloaded the file, so I'm still OK, right?

[Lewkwarm]

Yeah, I got this a few times today. I never downloaded the file, so I'm still OK, right?

585858757[/snapback]

same here, i haven't been infected with it. i'd say you're ok as long as you don't click the link.

[RightfulSpire]

well i opened it in my winME test machine..its the machine i totally trash all the time..and as far as i can tell its doin nuttin..there are no connections goin g out threw the firewall..no files corrupt...i will keep it going to see what happens but this could just be a scare. not a threat of anykind.

[Code.Red]

Yeah, a friend of mine sent this to me, I clicked it and it opened in firefox, asking me to save it or whatnot, I immediatly asked him what it was and he didn't know what I was talking about! So I told him now and he knows he has a virus.

Does this do anything harmful to the PC it is on? Or is all it does is just spread itself?

[Dean W]

Hahahaha, Sorry But I dont Use AIM lol

It's nice to see other Instant Messengers getting virus :p

[stopdroproll]

AIM bashing in 5...4...3...2...