Im Virus *fyi* [Archive] - FileSharing Talk

muchspl2

02-10-2004, 11:07 PM

**DO NOT INSTALL THE ACTIVEX SOFTWARE ON LINK BELOW**
im stats something to the effect of
"hey check this out - http://www.wgutv.com/osama_capture.php?7Uax"
it installs www.buddylinks.com (http://www.buddylinks.com)

BuddyLinks provides a revolutionary new way for instant messenger users to instantaneously share entertaining content with their entire IM "buddy list" network all at one time.

The permission-based software, including interactive games, can be downloaded directly through IM via a URL link. Once the software is downloaded, users can easily and quickly communicate jokes, games and amusing pictures within their entire IM social network.

Aaron_T

02-10-2004, 11:09 PM

:blink: :blink: :blink:

DarthInsinuate

02-11-2004, 12:26 AM

Originally posted by muchspl2@10 February 2004 - 22:07
**DO NOT INSTALL THE ACTIVEX SOFTWARE ON LINK BELOW**
now a good idea would be to not make it a hyperlink, unless you want them to click on it :ph34r: , hmmmmmmmmmmmm

muchspl2

02-11-2004, 12:28 AM

you can click it, but it will pop up a gray box
I wouldn't recommend you saying yes :D

Busyman

02-11-2004, 01:41 AM

Originally posted by DarthInsinuate+10 February 2004 - 20:26--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (DarthInsinuate @ 10 February 2004 - 20:26)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-muchspl2@10 February 2004 - 22:07
**DO NOT INSTALL THE ACTIVEX SOFTWARE ON LINK BELOW**
now a good idea would be to not make it a hyperlink, unless you want them to click on it :ph34r: , hmmmmmmmmmmmm [/b][/quote]
If someone clicks it, they deserve to get, as some of you call it, OWNED OR PWNED!!! :lol: :lol:

muchspl2

02-11-2004, 01:51 AM

here a fix strait jacked from another forum

Systems Affected:
AOL AIM client (does not affect trillian, miranda, etc)
MS Internet Explorer 4.x, 5.x, 6.x

What you can do:
In order of preference:
1, format, reinstall, and apply a sensible security policy, such as not logging on as administrator
2, change your IE settings to not automatically download and install programs just because a web site tells it to
3, tell IE to ignore the buddylinks worm installer

Here's how you do each:
1, it's involved.
2, this is easy. You'll need to run a couple of commands. If you don't have windows XP, you'll need reg.exe, free from lots of places:
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1001" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1004" /t REG_DWORD /d 1 /f
3, This is easy too. Just add its CLSID to the blacklist:
reg add "HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4}" /v "Compatibility Flags" /t REG_DWORD /d 1024 /f

If you're already infected, you need to unregister the file, then delete it. Run these commands:

regsvr32 /s /u "%SYSTEMROOT%\Downloaded Program Files\shellinstaller.ocx"
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "Buddylinks" /t REG_STRING /d "del /s %SYSTEMDRIVE%\shellinstaller.ocx"

All of this in one code block:
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Int  ernet Settings\Zones\3" /v "1001" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Int  ernet Settings\Zones\3" /v "1004" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{FDDCE9FF-1FC6-413c-80B1-37B101FDA1D4}" /v "Compatibility Flags" /t REG_DWORD /d 1024 /f
regsvr32 /s /u "%SYSTEMROOT%\Downloaded Program Files\shellinstaller.ocx"
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Once" /v "Buddylinks" /t REG_STRING /d "del /s %SYSTEMDRIVE%\shellinstaller.ocx"

To run these, copy them to the clipboard and paste them into a command prompt window (start/programs/accessories/command prompt).

To see if you're infected, do "dir /s %SYSTEMDRIVE%\shellinstaller.ocx". If anything comes up, you have it