• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Adware › Worms › MSN Worm Used to install Backdoor | How to remove

MSN Worm Used to install Backdoor | How to remove

Myantispyware team October 1, 2006     No Comment    

F Secure have received reports from customers of suspicious pop-ups that were being spammed through MSN Messenger. Below is a sample message:

lol check 🙂 http://peopleonline.pe.funpic.de/[REMOVED].pif

When the link in the message is clicked, it automatically downloads a file named photo942.PIF. This file is the backdoor component of Licat.C This is used to connect to go.cheap[Removed].info and go.links4[Removed].biz

These websites contains a malicious IP address. Access to this address will again download other malware and adware from www.uglyphotos.net/[Removed] and execute it on the infected machine.

One of the downloaded files is responsible for the pop-up messages that are being spammed via MSN Messenger. It arrives on the system with the filename sprT.exe. This file is also detected as IM-Worm.Win32.Licat.c.

Licat.C, a variant of Licat, is a Trojan. Licat.C can send instant messages or contact certain websites to inform malware authors about certain events and allows downloading files on the infected computer. Licat.C tries to connect to certain websites on Internet.

Licat.C also attempts to replace the original MSN Messenger application client, msnmsgr.exe, with its own copy. The original Messenger file is renamed and is started by the copy. Deleting the Licat.C copy and renaming the original file, msgs.exe, may repair the installation of Messenger.

The other downloaded files are adware related. One is a trojan that drops a variant of PurityScan adware onto the system – detected as Trojan-Dropper.Win32.PurityScan.ag. The other is a Softomate adware installer – detected as Softomate toolbar.

Use the following instructions to remove MSN Worm and associated adware and malware.

1. Using SuperAntispyware.

  • Download SUPERAntiSpyware.
  • Close all programs and Windows on your computer.
  • Double Click SUPERAntiSpyware.exe to install the application.This will start the installation of SUPERAntiSpyware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing click on the Finish button.
  • You will see a message stating that you should update the program before performing a scan. Click Yes. As SUPERAntiSpyware will automatically update itself.
  • You will see SUPERAntiSpyware setup wizard. Follow the prompts. To close the Wizard press Finish.
  • Protect home page dialog will be open. Click on the Protect Home Page button.
  • You will now be at the main program.
  • Click Scan your computer. Click Next.
  • The scan may take some time to finish,so please be patient. When the scan is complete, result of scanning will be open, click OK.
  • Click Next to start removing the found threats.
  • If you are asked to reboot the machine, choose Yes.

2. Using Malwarebytes Anti-Malware.

  • Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
  • Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: Use both antispyware programs for maximum effect.

If you need help with the instructions, then post your questions in our Spyware Removal forum.

Adware Worms

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Spleasedon.fun
How to remove Spleasedon.fun pop-ups (Virus removal guide)
Important Defender update available SCAM
Important Defender update available POP-UP SCAM (Virus removal guide)
unwanted ads
How to uninstall SearchForWords app/extension from Mac (Virus removal guide)
Bengekoo.com
How to remove Bengekoo.com pop-ups (Virus removal guide)
Firewall Spyware Alert SCAM
Firewall Spyware Alert POP-UP SCAM (Virus removal guide)

Follow Us

Search

Useful Guides

How to reset Google Chrome settings to default
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
How to reset Internet Explorer settings to default

Recent Posts

More fake codec sites
How to block VML exploit
Found new Internet Explorer Vulnerability
Worm uses MS04-007, MS05-017, MS05-039, MS06-040 bugs
How to remove DriveCleaner (Uninstall instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.