Recently I wrote a post on an MSN virus which has been fooling people around the world into downloading it by using infected computers to send a message that goes something similar to this:
Hey, is this your picture? :S http://www.msnimages.net/images/viewimage.php?=abc@hotmail.com
The infected computer would then be a the next zombie host which will spread the virus to his/her contacts.
Currently, most anti-virus acknowledges this as a threat and dutifully cleans the system of it. However, it has come to my knowledge that some anti-virus do not actually remove the virus totally. If you are one of those unlucky souls, I have a treatment for you.
Firstly, download the MSNCleaner.zip and unzip the contents into an accessible folder. (Right click the link and “Save Target As”)
- Reboot into safe mode (Press F8 repeatedly before the Windows boot screen loads and choose “Boot in Safe Mode”)
- In safe mode, go to your folder and run the MsnCleaner.exe
- Click the Analyze button. (This will churn out a list of programs associated with your MSN messenger.)
- If it finds an infection, delete it by clicking the delete button.
- Reboot normally
The above method should remove all of your MSN viruses. If you aren’t sure what to delete, paste your report in the comments area and I’ll try to give you a hand. In the meantime, do warn your friends from not being fooled by the virus. Cheers!
I got this off a forum. Author: BlackCube.
58 responses so far ↓
1 Dan // Jan 23, 2008 at 12:19 pm
Don’t think you would know the answer to this question (since you got it off another site) but any idea what it does?
2 firdooze // Jan 23, 2008 at 5:37 pm
It scans the registry/browser/processes and alerts users of possible infections.
Works quite similar to HijackThis.
3 Chris // Jan 26, 2008 at 8:24 pm
The only thing it found was nsreg.dat which i removed but was pretty sure that it wasn’t the problem. Since i ran the scanner it has still been sending out messages to people, so that didn’t clear it up! any ideas?
4 firdooze // Jan 26, 2008 at 10:03 pm
can you paste your scan report here?
5 Shazeea // Jan 27, 2008 at 2:33 pm
I ran the programme (not on safe mode though) and it found and cleared two infected files. I reinstalled Live Messenger too. So how do I know if the infection has cleared (sorry, that was total doctor-speak, I’m a med student)?
6 firdooze // Jan 27, 2008 at 11:02 pm
<p><p>Shazeea: One way to try is just to run MSN and see whether you are still sending those nasty messages. On the other hand, you could download this free program called HijackThis and run it. Click “system scan with log file” and copy-paste the log file into a new comment or email me. Cheers.</p></p>
7 Mattsa // Jan 28, 2008 at 10:33 am
Just use the software at http://www.msnvirusremoval.com It removes the MSN viruses automatically, and if it cant find it use the Gatherer and they make an update for you.
8 Darren // Jan 30, 2008 at 10:46 pm
Crap. I just picked up this same virus through Yahoo Messenger.
9 sam // Feb 5, 2008 at 9:24 pm
do you know if norton detects this virus. I have the latest version and it did pick it up.
10 sam // Feb 5, 2008 at 9:25 pm
Sorry about the last post, i meant to say…do you know if norton detects this virus. I have the latest version and it did not pick it up
11 firdooze // Feb 6, 2008 at 12:33 am
sam: I really am not sure whether Norton detects the virus. But the removal tool does help and if it still persists, scan deeper using a combination of HijackThis and anti-spywares
12 NessaNessa Blog » Blog Archive » MSN Virus Fix // Feb 6, 2008 at 5:10 am
[…] 8. Run MSNCleaner Version 1.5.5 ( you can find a link to it: http://tech.firdooze.com/2008/01/23/how-to-remove-msn-virus-from-your-computer/) […]
13 Marcus // Feb 7, 2008 at 9:11 am
can somebody pleeeease help me
i think i may have gotten the virus from clicking on a website link advertizing seeing who blocked you on msn, and now every time i go on msn it sends a message to people without me knowing:
hey!, somebody crashed their car into a telephone post on my street. I took a picture with my cell phone:
Marcus Sends: photo561d.zip
its different each time i think
how do i find out what my virus is called, and how do i get rid of it?
pleeease help
14 firdooze // Feb 7, 2008 at 10:25 am
just follow the steps above and you should be fine.
RUN MSN cleaner at safe mode, do a clean anti-virus scan and if you still ain’t sure, do a scan using HijackThis and look for suspicious programs in the lists.
15 Marcus // Feb 11, 2008 at 12:00 pm
k, i ran the msn cleaner and it kinda froze at the end, so it appeared, it detected to files before i closed it:
C:\WINDOWS\nsreg.dat
and
C:\WINDOWS\SiSport.sys
i dont know what to do next lol [sorry, noob]
i also ran spybot search and destroy and is detected 15 problems lol. so i fixed all of them, hopefully one of these things work, too bad i probably wont kno which it was
so please tell me what to do with these MSNCleaner files
thanks sooo much
16 Marcus // Feb 14, 2008 at 7:42 am
k, its not gone.
i deleted both of those files as well as all 15 spybot problems and the msn this is still being sent
17 Animator // Mar 15, 2008 at 4:56 am
I’m still trying to find out if it worked,
thank you for this helpful program though
The file that popped up is:
C:\Windows\nsreg.dat
18 polarhenry // Mar 21, 2008 at 6:54 pm
i used msncleaner to clean my com (delete the file C:\Windows\nsreg.dat), and now i’m not sure whether the problem is fixed, what can i do the next step? thx
19 Tze Yong // Mar 28, 2008 at 9:45 am
Seems like there is another version of this MSN virus spreading around. Probably they just registered a new domain for it…..
photogallery.gigacities.net
Check out here for more information
http://baselearning.blogspot.com/2008/03/msn-virus-ignore-links-to.html
20 kevin // Mar 28, 2008 at 8:15 pm
DONT USE NORTON. IT DOESNT WORK
21 ads92 // Apr 2, 2008 at 12:36 am
i followed the steps above and i found the nsreg.dat.. and deleted it
i logged back into msn and i think it worked.. but am not 100% sure yet
22 Alex // Apr 13, 2008 at 9:39 am
Recently, an MSN virus is circulating which downloads the virus payload from photogallery.gigacities.net or album.gigacities.net . THe FILE NAME of the infected file is “IMG00231[1].JPG-www.imageupload.com”. The MSN Messenger message says “hey, is this your picture ?! h t t p://album.gigacities.net/email.php?=YOURe-mail@hotmail.com” [DO NOT FOLLOW THE LINK UNLESS YOU KNOW WHAT YOU ARE DOING AND WANT TO HARVEST THIS FILE]
See also:
http://en.wikipedia.org/wiki/Backdoor.Win32.IRCBot
23 mahesh // Apr 17, 2008 at 3:23 am
how to remove virus that prompt u sorry and window title is sam
plz. give me ths solution
24 DT // May 28, 2008 at 4:39 pm
I ran the msn cleaner and the msn virus removal software, but they didn’t find anything. So the virus is still on my computer, how can I remove it?? Please help:s
25 teed // Jun 10, 2008 at 9:05 pm
Hi mate, i installed the MSNcleaner and it deleted two things: nsreg.dat.vir and winlogon .exe.vir
My automatic updates for windows now seem to be switched off and I can’t switch them on again in the security centre, but it works manually. What’s going on, do i sill have a virus?
Thanks dude, your a champion.
26 firdooze // Jun 11, 2008 at 2:19 pm
It is advisable to run adware/malware programs and anti-virus programs to double confirm that the viruses are dealt with (of course run them separately!).
teed>> Try running a Spybot S&D or any reputable malware removal program you know. The problem could be malware. If you can’t remove it, try going to safe mode and run the scan again. Cheers.
27 Michael // Jun 14, 2008 at 8:44 pm
Try www.msnvirusremoval.com
28 qubec2 // Jul 3, 2008 at 11:53 pm
Yea im having the exact same problem as teed.
Recently I have just recovered from some viruses (or thought I did) and I’ve been having my automatic updates turned off whenever I startup my notebook.
So I tried turning it back on manually. However, I received a pop up message about Security Center not being able to change my Automatic Updates setting and something about turning on manually.
The next time i startup my notebook, i received the exact same problem.
In need of some help here !
29 secret // Jul 23, 2008 at 3:50 am
i need help coz igot the msn visrus winlongin.exe and i tried everythin but nufin works
i aint gna download anyfin coz i dont trust nufin plz help
30 Shannon(: // Sep 15, 2008 at 9:20 pm
omg ! im also having the same problems !
damn irritating whn ur contacts pops uu a msg : ?
or huh?
;(
norton doesn’t seemed to work.
its did not detect the virus.
help please !
31 Char // Sep 26, 2008 at 11:59 pm
Hey
i used the MSNCleaner and it got rid of something called msimg32. But when i go on msn it still sends my contact list the pictures but instead of them being able to accept it, it automatically fails. How can i get rid of it completly?
Please can you email me
Thanks
xx
32 john // Oct 3, 2008 at 7:16 am
im having the msn virsus which send file to others.i have downloaded hiajckthis and the msn cleaner.but i cant seem to run both of them..i think the virsus have blocked them.and my task manager didnt appear after i press ctrl+alt+del..
33 KVZ // Dec 30, 2008 at 6:17 pm
I think I have the same problem…i know many of my contacts do. However the weird thing is that my msn account doesn’t seem to send those messages, but my sister’s account does. I’m not sure whether she was phished or not so i’m going to scan out with AVG, & Comodo and possibly get HJT and report back. Also, the msnvirusremoval.com thing didn’t find anything on the PC
34 tiff // Dec 31, 2008 at 10:46 am
How do i know if the virus is still being sent to my contacts.. usually it sends offline messages yeah i used the msn cleaner and i deleted the file C:\Windows\nsreg.dat.. how do i know if my msn works ?? (same problem as polarhenry :/) please reply asap thankss
35 aron // Jan 8, 2009 at 5:13 am
After removing the virus, you may also need to change your password!
36 Death Joker // Jan 9, 2009 at 5:31 pm
i got a msn virus thats sends a link, i got it from my ex-girlfriend
37 Kilah // Jan 17, 2009 at 5:12 pm
Hey, how on earth do you reboot? I treid numerous times but there wasnt any difference. Seriously.
38 florranceeli // Jan 23, 2009 at 6:19 pm
hi can you help my msn is keep saying am signed in and am not even near the computer
39 Martin // Jan 26, 2009 at 5:59 pm
Hi
Thanks for the posts, but I was wondering…how can I download any of the programs you suggested (MSNCleaner etc.) when the virus keeps hijacking my Internet connection and preventing me from getting online?
I manage to get online for 2 minutes or so to try and download anti-virus and malware programs but then my computer BSOD due to the virus screwing up my mouse, so I get a DRV_IRQ_SQL error.
Anyway, I think I will just purchase some software, install and do it that way rather than try to download things.
40 shannen // Mar 6, 2009 at 8:04 pm
hi im shannen and ive got this virus that is on my msn and it says to people ahh is this you then it comes up with the website plz help i dont know what to do and i dont know how to cure it
41 shannen // Mar 6, 2009 at 8:07 pm
plz oh plz help me and my family its hacked the computer and my sister is trying to find out to clear it and so far no luck.:(
42 firdooze // Mar 12, 2009 at 8:51 am
There are instructions in the posts above to help you.
43 hey // Mar 21, 2009 at 11:56 am
mine wont let me , apparently i have to use an admin account but that doesnt work either
44 kaz // Apr 7, 2009 at 2:38 am
thz alot it really helped as it deleted all of my msn viruses
45 Fariha // Apr 23, 2009 at 2:26 pm
Hi,
My brother was telling me today that I sent him some offline messages containing abusive words (in my mother tongue but transliterated in English) which I never did. There was no link mentioned or anything. Could this be an MSN virus? :S Recently I downloaded some font files of my native language so I was wondering whether some viruses might have come along with those. Also, will the MSNCleaner work if I run it in normal mode? Thanks!
46 kath // May 2, 2009 at 7:45 pm
hi …
i had the same problem but tbh i dint have msn plus then so i decided to download it wen i did …norton automatically detected a virus and removed it for me …. so the next time i went on msn it stoppped sending the virus ….
well thinki wa slucky so… but why dont to try downloadign msn plusfor those who dont have and have norton on at the same time the virus might show up like mines did …
hope this helps for other user
and recntly my friends have got another virus which also sends a convincing link tbhit changes everytime they send i suppose not to click on tht link also thanks
kath
47 danny // May 7, 2009 at 10:51 am
for all those ppl that are running spyware programs etc, NONE of them will work, they may find other viruses lurking in the back ground but these messages sent offline with a link, infects msn messenger in the registry and duplicates itself as a legitimate msn file, hence why none of the programs work. i did even check out msn page as well, and they are afraid of telling you to do it via the registry, thisi s the only way to completely get rid of it, compare your entries to an uninfected entry,
48 Lanx // May 15, 2009 at 12:10 pm
omfg
my msn acc is freaking hacked…
its like sending rude websites and swearing
plz help me!!!im freaking out..
49 Cameron // May 19, 2009 at 3:32 pm
do you get the msn virus br clicking on the website it has sent you???
50 Raheel // Jul 21, 2009 at 4:45 pm
my problem is that whenever i log into the msn messenger. it automatically send bad websites domain to my friends….havin a problem plz help me!!!
51 Rafael // Jan 29, 2010 at 9:15 am
My MSN messenger is sending out nasty messages and telling people on my contact list to CLICK a link. I am not doing this. My computer is taken over. I am losing my reputation as a computer man. Please please help me by giving me the program to remove this annoying viral worm infection in my MSN. Please help quick. THe above does not work. I have tried. I am running Windows XP SP2. Thanks……………..
52 Jokke // Feb 22, 2010 at 9:49 am
Hey, uhm im on a limited computer. My school computer more exactly, The computer ppl at school don’t know their shit. so Here’s the thing, i’ve gotten a msn virus prob from the school network, and now im sending out links to ppl. tried msn cleaner but it didn’t detect anything, can’t run msnvirus removal cuz the computer is limited as i said, could u please help?
53 Charles // Mar 4, 2010 at 5:22 pm
Here a updated list of solutions to remove msn virus:
http://ezysolutions.blogspot.com/2009/04/how-to-remove-msn-virus.html
54 Basilis // Apr 23, 2010 at 5:00 am
ok i have a different problem and i dont have any idea what is going on……. i think i clicked on some of that spam messages.but the result is i cant log in with msn and i cant use facebook and yahoo.i mean the pages are not loading.i also changed the browser but the problem is still there…also i can load the site for the msn virus removal….if someone knows what is going on i would really appreciate it if can help me,,,
55 Basilis // Apr 23, 2010 at 5:01 am
also i cant load the site for the msn virus removal. sorry
56 coupon // Aug 3, 2010 at 3:03 am
Thanks for this advice. I downloaded it and it worked. But I’m not 100% sure. I went on msn and I wasn’t sending those stupid links. But I want to be 100% sure its all gone because I don’t want to get caught by my sister because its her laptop. Thanks
57 patricia iles // Aug 11, 2010 at 4:05 am
Hya all you are not alone . i am having probs with my msn, its sending links to all in my mail list about is this pic of you . so dont open them its a virus, and i have tried so many different types of virus cleaners and things bit nothing works, cant the owners of msn do something to help us all out here please.
it is driving everybody mad and insane.
58 Hmm // Sep 11, 2010 at 1:52 pm
How do i check if the virus is deleted? Is there a way to check?
Leave a Comment