Question:
help! what does this MS-DOS file do?
anonymous
2008-03-25 09:31:35 UTC
a friend on msn sent me this file sayiong something like "hhey what are you doing in this picture?" and it had a link to a "picture". i downloaded the picture and realized it was a MS-DOS file. the person who sent it said some1 sent it to her and now her computer automatically sends it to other people. i scanned it with a couple virus scanners. they all say its okay but its obviously not.

how do i find out what it does? will a simple deleting to the trick to get rid of it? please help.

btw heres the link to it if you wanna see if you can figure out what it does:
msngallery.gigacities.net/?=

("msngallery.gigacities.net/?=something" works, msngallery.gigacities.net/?=anything" works

basically anything after that "=" works)

please help
Twelve answers:
Maikel S
2008-03-25 10:08:54 UTC
This is a virus/trojan, don't open it, just delete it.

If you got infected then use this solution:

http://www.makiek.nl/msn7.php
Colm
2008-03-26 18:45:55 UTC
Ok. Got the Virus. My "Run" thingy wouldn't recognise any file name mentione din this, but I managed to delete the original file that I downloaded, I just put it in a folder and deleted that. I was allowed, and then deleted it fomr the Recycle bin.



I then searched in "Start Search" for ms-dos, or something that woul find me that file, the IMG00231-live mess..... showed up, But its location no, longer exists and is at 0bytes rather than the original 37.5mb.



Is this enough? Is it gone? Or is that incredibly naive, anyway does anyone know what this does as well?
Samson
2008-03-25 11:13:55 UTC
This is obviously a new messenger worm. I just got one of those links from a friend of mine in NZ and didn't click it. The reason it's not being detected by your virus scanners is that it's so new, they don't have a definition for it yet in the AV programs. Just use msn web messenger for now and hang tight for someone to come up with a fix.
Anna B
2008-03-25 13:47:19 UTC
Hi, sorry, I'm a bit of a novice when it comes to this.



I've just clicked the link (I thought I recognised it), and I'm not sure if I've been infected. I know how to look for a file in comand prompt, but do you know what the path is?



I searched using the Windows search function but the file you mentioned didn't appear.



Also, is there a solution written in English?
Devin S
2008-03-25 20:22:31 UTC
Nighthawk was right. Follow his instructions and it comes right off :D I've done it on two computers. Hit the reg entry he listed and delete it, then go to WINDOWS in C:. Click view, go to folder options tab, click "show hidden files and folders" and click apply. Scroll to the bottom of that "Windows" page, and then work your way up looking for "msn.com" saved as a MS-DOS Application. If you can't find it, just type the string nighthawk listed into command prompt and you're good to go.





Good luck!
Amber
2016-04-11 10:13:43 UTC
1. Open a notepad 2. Press Ctrl + O, 3. In the file of types combo box choose ALL FILES, then from the open dialog choose the batch file.
flubewl
2008-03-25 15:55:33 UTC
I've also been hit by this.. grrrr... managed to remove the reg entry.. but not the file as far as I can see.. am I missing something... where does the virus file live? it was saved to the desktop, where obviously I have removed it from... but does it replicate its self somewjhere else???
anonymous
2008-03-25 12:55:39 UTC
My friend received this and I did fast analyzes of it using sysinternals tools. It creates %windir%\msn.com file, which it marks as an system file and hides. After that it creates registry key under



HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run to autorun itself. This key is given name "Microsoft live messenger" and value "msn.com" . When this key is removed and computer restarted virus file itself can be removed for example from command line by typing



del /ash %windir%\msn.com
anonymous
2008-03-26 17:56:57 UTC
hey i just got this virus and i used nighthawk's fix but i'm not finding the value " msn.com" under the key RUN. I searched for msn.com but found it under HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ Internet domains\hotmail.com. Need some help do i delete the second key?
anonymous
2008-03-25 09:36:03 UTC
Delete it, he obviously lied about what the file was, so i he obviously doesn't want you to find out its a malicious program, whatever you do don't open it.



Just delete the file.
rusvladik
2008-03-25 12:10:02 UTC
Damn it , I just got infected too, I got easily tricked.



Does anybody know if it has some kind of Keylogging ability as well?



It's really important to me..
Jcontrols
2008-03-25 09:40:28 UTC
Sorry,I'm not crazy! What is the name of the file? :-)=


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...