Im Virus *fyi*

[muchspl2]

**DO NOT INSTALL THE ACTIVEX SOFTWARE ON LINK BELOW**
im stats something to the effect of
"hey check this out - http://www.wgutv.com/osama_capture.php?7Uax"
it installs www.buddylinks.com

BuddyLinks provides a revolutionary new way for instant messenger users to instantaneously share entertaining content with their entire IM "buddy list" network all at one time.

The permission-based software, including interactive games, can be downloaded directly through IM via a URL link. Once the software is downloaded, users can easily and quickly communicate jokes, games and amusing pictures within their entire IM social network.

[Aaron_T]

[DarthInsinuate]

Originally posted by muchspl2@10 February 2004 - 22:07
**DO NOT INSTALL THE ACTIVEX SOFTWARE ON LINK BELOW**

now a good idea would be to not make it a hyperlink, unless you want them to click on it , hmmmmmmmmmmmm

[muchspl2]

you can click it, but it will pop up a gray box
I wouldn't recommend you saying yes

[Busyman]

Originally posted by DarthInsinuate+10 February 2004 - 20:26--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (DarthInsinuate @ 10 February 2004 - 20:26)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-muchspl2@10 February 2004 - 22:07
**DO NOT INSTALL THE ACTIVEX SOFTWARE ON LINK BELOW**

now a good idea would be to not make it a hyperlink, unless you want them to click on it , hmmmmmmmmmmmm [/b][/quote]
If someone clicks it, they deserve to get, as some of you call it, OWNED OR PWNED&#33;&#33;&#33;

[muchspl2]

here a fix strait jacked from another forum

Systems Affected:
AOL AIM client (does not affect trillian, miranda, etc)
MS Internet Explorer 4.x, 5.x, 6.x

What you can do:
In order of preference:
1, format, reinstall, and apply a sensible security policy, such as not logging on as administrator
2, change your IE settings to not automatically download and install programs just because a web site tells it to
3, tell IE to ignore the buddylinks worm installer

Here&#39;s how you do each:
1, it&#39;s involved.
2, this is easy. You&#39;ll need to run a couple of commands. If you don&#39;t have windows XP, you&#39;ll need reg.exe, free from lots of places:

Code:

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1001" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1004" /t REG_DWORD /d 1 /f

3, This is easy too. Just add its CLSID to the blacklist:

Code:

reg add "HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4}" /v "Compatibility Flags" /t REG_DWORD /d 1024 /f

If you&#39;re already infected, you need to unregister the file, then delete it. Run these commands:

Code:

regsvr32 /s /u "%SYSTEMROOT%\Downloaded Program Files\shellinstaller.ocx"
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "Buddylinks" /t REG_STRING /d "del /s %SYSTEMDRIVE%\shellinstaller.ocx"

All of this in one code block:

Code:

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Int  ernet Settings\Zones\3" /v "1001" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Int  ernet Settings\Zones\3" /v "1004" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4}" /v "Compatibility Flags" /t REG_DWORD /d 1024 /f
regsvr32 /s /u "%SYSTEMROOT%\Downloaded Program Files\shellinstaller.ocx"
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Once" /v "Buddylinks" /t REG_STRING /d "del /s %SYSTEMDRIVE%\shellinstaller.ocx"

To run these, copy them to the clipboard and paste them into a command prompt window (start/programs/accessories/command prompt).

To see if you&#39;re infected, do "dir /s %SYSTEMDRIVE%&#092;shellinstaller.ocx". If anything comes up, you have it