AIM Virus/Worm Help

my roommate got this virus via clicking on someone's AOL Instant Messenger Profile... i need a removal tool or manual removal instructions... Symantec's website only seems to have instructions for Norton AV users... any help is greatly appreciated....

he's using Windows XP btw. thanks

he's scanning his comp with his PC Cillin Anti-virus right now...

also, this is NOT realphx, talkstocks, buddypicture, or the Osama WORM

 

try going to 'twocows' and downloading 'stinger'

 

thx for the link xflat but the scan did not find the virus

 

Chi, welcome to Major Geeks..

www.majorgeeks.com has a gigantically enormous file section. Please check there first for files before sending people off to other websites.

Thank you

 

btw fellas i'm not 100% sure this is the virus he has... but the file he downloaded was labeled:

webcam.scr

i tried googling it but it comes up listed under many different virus/worm names...

 

xflat he uses PC Cillin anti-virus... he did a full system scan and it found nothing... but his computer is definetely infected with something... his AOL Instant Messenger automatically puts up an away message for him that links to the download site for "webcam.src" which is hosted on an Angelfires account (odd)...

when i google "webcam.src" i get links related to other virii/trojans but nothign that specifically mentions the file name... he's running stinger and trying this Bazooka spyware scanner right now... i will let u guys know if it finds anything...

appreciate the insight though

(btw, i'm only inquiring about this for him because he does not have a MG account and i seem to know the ropes around here a little better so i'm trying to help him out)

also, he cannot get into Regedit or Ctrl-Alt-Dlt, so i'm having him boot into Safe Mode

 

xflat could you PM me the links to those forums where the problem was described because i'm not seeing them...

i'm having him download and run Spybot right now... he already has Ad-Aware with the latest updates...

 

okay he updated and ran spybot search and destroy, it found 33 items and fixed them all, and the problem still persists...

xflat i'm aware of the talkstocks, realphx, and buddypicture worms... this is definetely NOT it...

the file was called webcam.src, and if he's not in safe mode, it prevents him from using Ctrl-Alt-Dlt to look at his running processes, and also prevents him from getting into regedit

 

true it's possible it was hosted on someone else's site as the website was an angelfires account... PC Cillin found nothing, that house cleaner found nothing, Ad-Aware did not find the 32 items that Spybot found and cleaned, i'll have him uninstall and reinstall AOL Instant Messenger right now...


problem still persists

 

i had the link to the damn solution but i cant find it
gimme a few

 

this may be what you are looking for:
http://www.rsaisp.com/software.asp

 

appreciate the link Wolf, but i'm not sure this is related to realphx or any of those worms that add links to your profiles... this worm or whatever it is automatically puts up an away message for you and even tries to take action when you're exited out of AIM...

although it's very possible that this is some variant of the realphx, talkstocks, buddypicture worm... i'm hoping as more people get infected with this a removal took or removal instructions will surface on the web....

 

alright sorry for the bum link.
If i hear anything (which i do often) ill tell you

 

The worm that is doing this is called w32.spybot.if By running the free virus/remover program Panda ActiveScan, it should find the worm and then remove it for you