• Best of luck to the class of 2024 for their HSC exams. You got this!
    Let us know your thoughts on the HSC exams here
  • YOU can help the next generation of students in the community!
    Share your trial papers and notes on our Notes & Resources page
MedVision ad

URGENT: Worm: W32.Bropia 14/02/05 (1 Viewer)

sladehk

le random
Joined
Jul 26, 2004
Messages
1,000
Gender
Undisclosed
HSC
2006
Also Known As: IM-Worm.Win32.VB.g [Kaspersky Lab], W32/Bropia.worm.m [McAfee], WORM_BROPIA.M [Trend Micro]
Type: Worm
Infection Length: 11,676 bytes
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

This worm propagates through MSN Messenger. If your friends start sending you files like:

C:\John Kerry as Super Chicken.scr
C:\Beautiful Ass.pif
C:\Kool.pif
C:\Me & you pic!.pif
C:\Me Pissed!.pif
C:\sexy.pif
C:\She Could Fit her Ass in a Teacup.pif
C:\she's fuckin fit.pif
C:\titanic2.jpg.pif

They have been infected! Invite all your friends into a converstion and copy and paste this info.

Symptons:
If you open the screensave file or the *.pif's, you will sudden;y send all your friends the files. Then you will open a html file l0l_53xy_l0l.html.
If you try to use Task Manager to End Process it or use Regedit and etc, it will shut it down.
If you have any off the symptons read BELOW

For more information about the worm and how it works:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.m.html

Having contacted this problem, i wish to help others ;). To fix your comp, immediately turn off your net(pull out your net cable[i did this as fast as i could when i realised i had been infected]) and turn off msn so that you can no longer infect people. When i say turn off i mean exit it so that messenger is no longer running. This stops you from getting more ppl affected. then turn the net back on and download the removal tool from here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.removal.tool.html

Then turn off the net, turn off restore points(if you don't you may be backing up the worm!):
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Run the removal tool and then restart the computer and run the removal again. Then you should be clean. You should then turn back on Restore points
Thankyou for your time attention!
 
Last edited by a moderator:

theone123

blue essence
Joined
Nov 7, 2003
Messages
2,712
Location
Au, Ag, Cu
Gender
Undisclosed
HSC
2003
no wonder, a friend sends me a file type that i dont know of and like i never talk to them on MSN, lucky of my good awareness. :uhhuh:
 

MedNez

:o>---<
Joined
Aug 21, 2004
Messages
3,004
Gender
Male
HSC
N/A
Bumped up to sticky for the moment. Already had two people in the last half hour try to send over infected files.
 

theone123

blue essence
Joined
Nov 7, 2003
Messages
2,712
Location
Au, Ag, Cu
Gender
Undisclosed
HSC
2003
say if i actually dl it and i have the newest virus definitions, what does the anti virus do to stop the virus attacking my comp?
 

sladehk

le random
Joined
Jul 26, 2004
Messages
1,000
Gender
Undisclosed
HSC
2006
If you have the lastest updated antivirius, it shoudl do nothing. But don't take my word for it as worms and viruses are constantly "mutating"
 

sladehk

le random
Joined
Jul 26, 2004
Messages
1,000
Gender
Undisclosed
HSC
2006
That is another issue. I have 7(BETA) and this worm still runs because it works through *.scr and *.pif. (So you care confused- fatmuscle's link describes another problem with MSN)
 

fatmuscle

Active Member
Joined
Jul 6, 2002
Messages
3,707
Location
Hornsby
Gender
Male
HSC
2001
thought it might've been related. Oh well.
Atleast now ppl will know of both issues
 

felafel

Member
Joined
Mar 28, 2004
Messages
269
Location
North Shore
slade, could you post the removal tool on the forum?

i got infected, and the symantec site is too busy

you said to turn off restore points . . . is this the same as system restore?
 

Grobus

Laughing Boy
Joined
Jan 26, 2005
Messages
670
Gender
Male
HSC
2003
A random file with the extension .pif gets sent in the conversation with absolutely no introduction ...
 
Last edited by a moderator:

redruM

Breathe and Stop
Joined
May 11, 2004
Messages
3,954
Gender
Male
HSC
2003
i am the sort of person who accept the file and then ask my friend what that was.
thank god the person who sent the files was someone i didnt really know. so i didnt accept them. blocked and deleted him off my list thereafter. :p
 

MedNez

:o>---<
Joined
Aug 21, 2004
Messages
3,004
Gender
Male
HSC
N/A
From what we have observed, some people may be used to accepting files or trust the person who is sending the file to them. This does not mean people are stupid, nor does it give a reason to disrupt the urgency and flow of this topic by getting into an argument.

This virus is a problem; Please visit the Symantec site before asking for help on how to remove it, and keep this thread to advisories and updates on the virus, please. It will make it easier for those infected to get help, and not have to wade through pointless information on their way.
 

sladehk

le random
Joined
Jul 26, 2004
Messages
1,000
Gender
Undisclosed
HSC
2006
felafel wanted the removal tool?

You can get it from the site but if it is too busy, i have attached it here too.
www.geocities.com/toxic_ron/fxbropia.zip

the reason is that it is 144.1kb while theis forum only allows up to 97kb zip files
:( They should make it at least 1MB :(

theone123:
You can get it from *.pif files and *scr files too(i got it from the *.scr)
 

ishq

brown?
Joined
Nov 12, 2004
Messages
932
Gender
Female
HSC
2005
Ad Aware is good.
Especially if you use Kazaa a lot.
 

ChrisE

Member
Joined
Feb 11, 2004
Messages
372
Location
a lower socio-economic area than yours
Gender
Male
HSC
2004
redruM said:
i am the sort of person who accept the file and then ask my friend what that was.
thank god the person who sent the files was someone i didnt really know. so i didnt accept them. blocked and deleted him off my list thereafter. :p
i did the same thing, accepted it from my cousin and asked what it was and usually im a super vigilant anti viral freak. looks like its time to put the net on my mac and laugh at all windows users.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top