• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Adware › Worms › MSN Worm Used to install Backdoor | How to remove

MSN Worm Used to install Backdoor | How to remove

Myantispyware team October 1, 2006     No Comment    

F Secure have received reports from customers of suspicious pop-ups that were being spammed through MSN Messenger. Below is a sample message:

lol check 🙂 http://peopleonline.pe.funpic.de/[REMOVED].pif

When the link in the message is clicked, it automatically downloads a file named photo942.PIF. This file is the backdoor component of Licat.C This is used to connect to go.cheap[Removed].info and go.links4[Removed].biz

These websites contains a malicious IP address. Access to this address will again download other malware and adware from www.uglyphotos.net/[Removed] and execute it on the infected machine.

One of the downloaded files is responsible for the pop-up messages that are being spammed via MSN Messenger. It arrives on the system with the filename sprT.exe. This file is also detected as IM-Worm.Win32.Licat.c.

Licat.C, a variant of Licat, is a Trojan. Licat.C can send instant messages or contact certain websites to inform malware authors about certain events and allows downloading files on the infected computer. Licat.C tries to connect to certain websites on Internet.

Licat.C also attempts to replace the original MSN Messenger application client, msnmsgr.exe, with its own copy. The original Messenger file is renamed and is started by the copy. Deleting the Licat.C copy and renaming the original file, msgs.exe, may repair the installation of Messenger.

The other downloaded files are adware related. One is a trojan that drops a variant of PurityScan adware onto the system – detected as Trojan-Dropper.Win32.PurityScan.ag. The other is a Softomate adware installer – detected as Softomate toolbar.

Use the following instructions to remove MSN Worm and associated adware and malware.

1. Using SuperAntispyware.

  • Download SUPERAntiSpyware.
  • Close all programs and Windows on your computer.
  • Double Click SUPERAntiSpyware.exe to install the application.This will start the installation of SUPERAntiSpyware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing click on the Finish button.
  • You will see a message stating that you should update the program before performing a scan. Click Yes. As SUPERAntiSpyware will automatically update itself.
  • You will see SUPERAntiSpyware setup wizard. Follow the prompts. To close the Wizard press Finish.
  • Protect home page dialog will be open. Click on the Protect Home Page button.
  • You will now be at the main program.
  • Click Scan your computer. Click Next.
  • The scan may take some time to finish,so please be patient. When the scan is complete, result of scanning will be open, click OK.
  • Click Next to start removing the found threats.
  • If you are asked to reboot the machine, choose Yes.

2. Using Malwarebytes Anti-Malware.

  • Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
  • Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: Use both antispyware programs for maximum effect.

If you need help with the instructions, then post your questions in our Spyware Removal forum.

Adware Worms

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Defense-fordesktop.com Click Allow Scam
Defense-fordesktop.com Virus Removal Guide
Searches.today Google Search results
How to get rid of Searches.today redirect from Chrome, Firefox, IE, Edge
Helllomedias.com Click Allow Scam
Helllomedias.com Virus Removal Guide
AccessibleSearchGuide mac app adware
How to uninstall AccessibleSearchGuide app/extension from Mac (Virus removal guide)
Link 2captcha Virus Click Allow Scam
Link 2captcha Virus (removal guide)

Follow Us

Search

Useful Guides

How to reset Internet Explorer settings to default
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
remove android virus
How to remove virus from Android phone

Recent Posts

More fake codec sites
How to block VML exploit
Found new Internet Explorer Vulnerability
Worm uses MS04-007, MS05-017, MS05-039, MS06-040 bugs
How to remove DriveCleaner (Uninstall instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.