main

SMB Worm spreading through MSN Messenger

Arnaudt   on 27 September 2003 - 10:47 · 30 comments & 3042 views

Advertisement (Why?)
Thanks to my good friend dwergs of http://www.mess.be ...

A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).

Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!

An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature. The feature enables customers to link their desktop anti-virus software to the IM client, automatically scanning incoming files for viruses.

Read more for info on how to remove to worm ...

News source: Mess.be


If you already accepted this SMB.exe file, here's how to remove it manually:

  • Go to task manager. (Ctrl+alt+del) and select the Process tab
  • Click admagic.exe then click End Process
  • Go to the C: drive and delete smb.exe and admagic.exe.
  • Go to Windows directory and delete atl.dll, raw32x.dll, sm.dll and uz.exe.
  • Go to the registry (Start > Run > type "regedit" > click ok) and go to HKEY_LOCAL_MACHINESOFTWAREMicorosoftWindowsCurrentVersionRun. Delete the svchost = admagic.exe string value.

Share this Article

About the Author

Full name: Unknown
User name: Arnaudt
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 30 additional comments
(1 reply) #1 Tom Servo on 27 Sep 2003 - 11:38
160kb? DOS window popping up? What the hell? Seriously, in the DOS days, virii were much more sophisticated and stealthy...
#1.1 dismuter on 27 Sep 2003 - 13:33
Yes, they used to be coded in assembly language, they were very small.
Now I guess virus developers are lazy. Maybe in a few years we'll have 1MB virii.
(4 replies) #2 XgD on 27 Sep 2003 - 11:41
ive seen the option to use a virus scanner in MSN6, but what do i put in it to make NAV2003 scan the file? there are a lot of exe's in the NAV directory.

XgD
#2.1 jmc777 on 27 Sep 2003 - 11:46

I think you need to point it towards NAVAPW32.EXE if my memory serves me correctly.
#2.2 Huy on 27 Sep 2003 - 11:47
C:-Program Files-Norton AntiVirus-NAVW32.exe is the one you should point it to.
#2.3 roadwarrior on 27 Sep 2003 - 12:42
Actually, if you turn on IM protection from within NAV, it will configure the setting in MSN messenger itself.
#2.4 Avenger on 27 Sep 2003 - 17:49
For me, McAfee 6.0 auto configured itself to scan MSN Messenger upon file download too. Pretty handy having it do that itself.
#3 DJ Prem on 27 Sep 2003 - 11:54
crap....and thanks for the AV tip
(1 reply) #4 iomayho on 27 Sep 2003 - 12:09
what does it do to your computer...? anything malicious...?
#4.1 Banjo on 27 Sep 2003 - 15:21
The process is called admagic.exe, so I suppose it's adware.
#5 J0ely on 27 Sep 2003 - 12:39
This is as sad as those e-mail viruses.
(5 replies) #6 Electroglitter on 27 Sep 2003 - 12:45
are people STILL dumb enough to accept .exe files via msn messenger?
#6.1 dj_alex_m on 27 Sep 2003 - 12:59
unfortunatly not everyone is a uber computer nerd!
#6.2 Gary_Player on 27 Sep 2003 - 14:04
There should be a test or something...people arnt allowed to drive without a license, to get a license you have to pass the test right? That way you wont hurt anyone or anything (supposidly)...There should be something similar for computer usage
#6.3 MR_Candyman on 27 Sep 2003 - 15:53
I accept transfers, BUT I always ask what it is before I accept. I've never gotten a virus from a messenger service, and nowadays I use linux for my messaging anyways, so it reduces the likelihood of something happening down to far less than 1%
#6.4 darthfader on 27 Sep 2003 - 19:31
Sayng that accepting .exe´s is dumb makes you dumb
#6.5 kal-ky on 27 Sep 2003 - 22:01
QUOTE (#6.0)
are people STILL dumb enough to accept .exe files via msn messenger?

Are people still dumb enough to use MSN Messenger at all?
There are way better alternatives, like Jabber.
#7 SouL2kEEp on 27 Sep 2003 - 15:01
well if you do get the exe from MSN Messenger, NAV Pro 2004 will scan it for you and delete it !!
(1 reply) #8 net-cruizer on 27 Sep 2003 - 16:09
Hmmm, seems like a person whould have to be pretty dumb (borderline retarded), to get this worm, lol.
Personally, I still wonder how people manage to get any virus or worm.
#8.1 darthfader on 27 Sep 2003 - 19:42
Pretty chicks who never spend more than an hour a day using computer are borderline retarded?
(2 replies) #9 |CiN|FuL on 27 Sep 2003 - 16:51
if ur stupid enough to accept the transfer and then double click it.....u deserve the f ucking getting the worm
#9.1 |CiN|FuL on 27 Sep 2003 - 16:52
u deserve to get the f ucking worm **** sorry about that
#9.2 flya150 on 27 Sep 2003 - 17:02
QUOTE (#9.1)
u deserve to get the f ucking worm **** sorry about that

your swearing?
(2 replies) #10 DaveMode on 27 Sep 2003 - 18:04
Anyone dumb enough to actually accept and run some random .exe file through messenger is not going to be smart enough to configure any kind anti-virus software..
#10.1 Avenger on 27 Sep 2003 - 18:16
Well, some AV programs automatically configured themselves to scan Messenger 6.0, but your point is Noted.
#10.2 roadwarrior on 27 Sep 2003 - 19:02
Installing and customizing most IM programs is more involved than installing and configuring most AV programs.
#11 TheDeputy on 27 Sep 2003 - 22:14
ummm duh, who the hell would accept anything they never asked for in the first place. If your even half smart you should realize this in the first place.
geese
#12 trance on 27 Sep 2003 - 23:56
What most of you fail to realize is that this isn't much of a worm to begin with. It is ysing social engineering. This exact scenario can befall not only MSN users, but AOL, and gaim, and it doesn't matter what platform you are using. It is not even using an exploit in MSN. It is more of a bad program than a worm, ie: malware.
#13 trance on 27 Sep 2003 - 23:56
Double posted.. sorry
#14 BonkedProducer on 30 Sep 2003 - 18:35
Social Engineering - because there is no patch for human stupidity... yet another reason I've made the march to linux... I despise MSN messenger and am tired of bing bugged by M$ everytime they make a minor change that causes it to do everything by default yet again.

NO I DON'T WANT TO UNINSTALL IT... I just want to use it only when I WANT to use it... and how about making it easy to log in invisible like Y! or Trillian/GAIM allow me to do... is that sooooo complicated M$??? Now virii ****ers are using it, yet another reason why BEING ON THE NET VIA DIFFERENT PROGRAMS should be controlled by the USER not the OS!... give me a shortcut, and not only will I be happy, but less skilled end users won't suddenly get a message asking them to recieve a file - look at how programs like Gator etc. use web browsing to get people to install them (pop up an install on demand window as most users - too lazy/dumb to read what they are being asked (come on how many times have you tried to help someone and get the response "there was an error message - oh what did it say, I don't know, I just clicked ok" ) click OK and move on.

Last edited by 24513 on 30 Sep 2003 - 18:44

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.879) © 2000 - 2008 Neowin.net