SMB Worm spreading through MSN Messenger

A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).

Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!

An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature. The feature enables customers to link their desktop anti-virus software to the IM client, automatically scanning incoming files for viruses.

SOURCE (http://www.neowin.net/)

Thanks for the post sharedholder!

BOT

Would the file actually be compressed in another so to not be obvious?

An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature.
Would anyone happen to know wich file i have to use ? I use xp pro and i don´t know wich file to use from nav. :( Thanks

right....hmmmm B)

This has "Blaster Spawn" written all over it.

Cheers for the heads up Sharedholder.

Hey, I've seen that file yesterday but I didn't accept it. Thank God!!! Thanks shareholder. I must be careful from now onward...

If you already accepted this SMB.exe file, here's how to remove it manually:

1) Go to task manager. (Ctrl+alt+del) and select the Process tab.
2) Click admagic.exe then click End Process
3) Go to the C: drive and delete smb.exe and admagic.exe.
4) Go to Windows directory and delete atl.dll, raw32x.dll, sm.dll and uz.exe.
5) Go to the registry (Start > Run > type "regedit" > click ok) and go to HKEY_LOCAL_MACHINE\SOFTWARE\Micorosoft\Windows\CurrentVersion\Run. Delete the svchost = admagic.exe string value.

Norton Antivirus 2003 should be able to kill it.

SMB Worm spreading through MSN Messenger

A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).

Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!

An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature. The feature enables customers to link their desktop anti-virus software to the IM client, automatically scanning incoming files for viruses.


Exactly why I always uninstall messenger whenever I re-format my comp!! :D

dont accept any UnKnowN file transfer unless you know the guy.. wtf lol.. not hard