Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Friendly-offer?


  • Please log in to reply
10 replies to this topic

#1 Shia

Shia

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 12 March 2008 - 09:23 AM

My cousin's MSN account recently started sending me links to random websites (when my cousin isn't even signed in), and then my brother clicked on one of them and has now started sending me the same links (also when he's offline). How do I clean it?

Originally the links were random characters (fake example: http://www.dkwghs.info) and were all pointing to .info websites, but for the last two days they have been XXXX://www.friendly-offer.com (<== that's the real URL, so please be careful about clicking on it). I've been trying to Google for help on removing it, but nothing came up.

Please help! It's driving me insane! :thumbsup:

Thanks in advance!

Edit: Moved topic to the more appropriate forum, also disabled a clickable malicious URL, for member protection. ~ Animal

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 12 March 2008 - 11:09 AM

Your cousin's computer has been infected with malware. There is nothing wrong with your computer. Google probably has little info because this infection is fairly new. Unless we can access their computer, there's nothing we can do about it at this point.

We are currently working on identifying the infection and finding a solution to it. As you can see here, someone else is having the exact same problem. Stay in touch with the forum and we can inform you as soon as we find a solution.

Please inform your cousin about the infection on their computer.

Edited by PropagandaPanda, 12 March 2008 - 11:11 AM.


#3 Shia

Shia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 12 March 2008 - 11:15 AM

Thanks for the quick response!

It's also on my brother's computer...he was stupid and clicked on the link. I have access to his computer...can you help?

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 12 March 2008 - 11:19 AM

EDIT: Aha I have identified the malware as W32/Sohanad.B Worm.

However, you, could help identify the source of the infection. First of all, when your brother clicked the link, was he prompted to download anything? Or did the malware install itself without consent?

Please go here. This site will scan URLs for any malicious content.

Copy the links that is being sent into the box at Link Scanner. Please then post back with the scan results.

Edited by PropagandaPanda, 12 March 2008 - 11:31 AM.


#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:09 PM

Posted 12 March 2008 - 11:25 AM

Before we perform tests on the infected computer, could I ask what operating system that computer is using? Also please list all antimalware programs that are installed on that computer.

Edited by PropagandaPanda, 12 March 2008 - 11:28 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 PM

Posted 12 March 2008 - 12:54 PM

Have your brother and cousin do this:

Please download MsnCleaner.zip and save to you Desktop. (in addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.)
  • Extract (unzip) the file to your desktop. (click here if your not sure how to do this) but DO NOT use it yet.
  • Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Double-click MsnCleaner.exe to run the tool.
  • Click the "Analyze" button.
  • A report will be created after the scan and will be saved to C:\MsnCleaner.txt.
  • If it finds an infection, click the "Deleted" button.
  • Reboot normally when done.
Download and perform a scan with Trend Micro's Sysclean Package.
Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Shia

Shia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 15 March 2008 - 10:41 AM

I think it's fixed now (haven't gotten the message for 2 days now)! My brother was signed into his MSN Messenger account and suddenly got a message saying he had signed onto another computer. At that point, I got the friendly-offer message again, so I suggested he change his password and it seems like it worked. :thumbsup:

I quizzed him on how exactly he caused the problem and it turned out he clicked on the URL and then was at a website that said something like "You've been blocked! Find out who blocked you!" He then filled out a form asking for his e-mail address and (stupid child) password.

Thank you PropagandaPanda and quietman7 for your efforts! :flowers:

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 PM

Posted 15 March 2008 - 10:30 PM

If there are no more problems or signs of infection, the next thing to do is to Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Shia

Shia
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 March 2008 - 02:47 PM

Thank you - I've done that.

I guess this topic can now be closed. :thumbsup:

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:09 PM

Posted 16 March 2008 - 02:51 PM

Hello Shia,

I'm glad things are working now. To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1".
"Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 PM

Posted 16 March 2008 - 05:19 PM

Your welcome Shia.

Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users