MSN Messenger Obscure Malaware1

Hello,

Norman Support suggested I write to you for help as I seem to have a very rare, obscure malaware attached to my MSN Messenger Live (and before that Messenger 7.5). They only realized this after I did a NFI.
Each time I was signed in on my computer (I could be off line or not) my MSN Messenger decided to send dialogue boxes to various contacts (signed in or not). I would see these message boxes leaving my computer but it only lasted a split-second. Usually it would be multiple dialogue boxes that would open and close in almost unison. These Dialogue boxes were not empty: friends and family informed me that in the conversation windows the following appeared "jobanna says (time) EH POR TUDO O QUE PASSAMOS JUNTOS KKKKKK, with a sad emoticon after the text.
I had this problem on both my hotmail adresses: jobella1@hotmail.com, joannamenda69@hotmail.com
None of my friends getting these dialogue boxes seem to be infected...
This problem appeared when I moved to Paris and started using my boyfriends wireless connection. I also had a little problem with my hotmail. I was getting emails and sometimes the little envelope icon (on the left hand) was not appearing. This only happened twice.
My computer is also slower than usual.
I have followed your instructions on this page. But I don't know what to do and am terrified to download Messenger LIVE once again.
I can't seem to be able to remove MY WEB SEARCH (which you list as problematic)
I have uploaded PandaActive Scan, Get Run Key, Show New.
I will upload the rest on a second thread (Hope this is correct????
- Messenger version: LIVE MESSENGER 8.0.0812.00
- Operating System: Microsoft Windows XP Professional Version 2002 Service Pack 2 (5.1.2600)
- Browser type: Internet Explorer, version 6.0.2900.2180.xpsp_gdr.060220-1746IS
- Connection Type: Wireless Network Connection, Intel(R)Pro/Wireless LAN
- I use One Live Care, Norman Anti-virus, XP firewall, Google toolbar, and Registry Mechanic and Ad-Aware.

HOPE YOU CAN HELP ME

 

MSN Messenger Obscure Malaware Part 2

Hello,
Please find attached the 2 other attachments you request:

-Bitdefender
-Hijack this

 

Thanks for the quick reply!!!

I am terribly sorry if I violated step 3!! I have been bombarded by a minimum of 20 various emails from hotmail to fix this problem and one of their solutions was to contact my antivirus and download my One Live. I understand that I need to unninstal one of them but seeing that I am paying a Norman subscription and that they have not been much help with this I am not sure which one to zap (One Live is also a 90 day trial)

You mentioned Securitoo but I have no idea what it is or how it got there... Should I remove it?? Could you tell me where to find it???

I completely agree with you that the service at Norman is not great but as hotmail was of no help what's so ever I thought this was the service people got... AND I was soooo happy to have at least the same technician on the line (hotmail has a very bad system where you never get the same person twice helping you). At first he didn't even want to acknowledge I had a problem. He then said it was VERY rare, that nothing was written about it, told me to contact you, and asked that all my friend send him a Norman scan...

Is Nabload. ML the name of my infection??? I will run a new PandaActiveScan ASAP. Will I be able to see if the infection is still there???

I have uninstalled J2SE and Viewpoint Media Player. But as previously mentioned in my other email I cannot seem to remove MY Web Search. When I click remove a blank screen appears... Any suggestions???

I did run Ccleaner in the safe mode so I don't understand why my Temp folders are still full.
I have found my C: WIndows/Temp files but cant seem to find a "Local Settings" in my Joanna Folder????

I can't thank you enough for this... I am currently in a foreign country where I know nobody who can help me with my computer and it is the only way for me to communicate with the outside world

I will do another Ccleaner and PandaScan and I will download MSN Live. Looking forward to reading your suggestions about My Web Search and One Live vs. Norman

Merci

 

Hi
I reinstalled MSN Live and it seems to be running ok...
I ran another PandaScan and it found again that Nabload Virus. Is it normal that after each scan it says it disinfected it and it comes back???
Have attached the latest PadaScan
Cheers
PS. Can I remove all the Zip files I downloaded and all the old log files???

 

Hi,
Thanks for your help!
I've removed the software thanks to Your Uninstaller! and removed Microsoft One Live.
I did Sophos search however I got the following message "Failed to flush drive c:.". Also it wouldn't allow me to save the log "common dialogue error (0x3002).
Please find attached the other 2 logs you requested... Panda found 14 malaware and didn't disinfect them....
FYI My computer is running much faster and I don't seem to be having the problem with my MSN....

 

Chas is taking a much deserved vacation right now,

What program did the log for sophos anti rootkit open with ? did you mean this is the program that gave the common dialog error ?

Your activescan is fine. The files it found are just cookies and nothing to worry about.

Please try and run Sophos Anti Rootkit again, the flushing c:\ is a common problem. Since you say everything is running fine now, I don't expect it to find much but we will check just to be on the safe side.

 

Hi Matt,
Thanks for your quick reply
I was able to save the Sophos log this time but I still had that message "The process cannot access the file because it is being used by another process". I also had 2 other exclamation points saying that it might be blocked by malaware + it found 2 hidden items
Hope it's not too bad
Cheers again
J