t e c h i e - t a l k s ::: technology at its best

technology at its best

t e c h i e - t a l k s ::: technology at its best header image 2
Seagate announced that 250GB will be a mainstream notebook HDD. Mozilla Turns 10!

HOW TO: Remove MSN virus from your computer

January 23rd, 2008 · 30 Comments

Recently I wrote a post on an MSN virus which has been fooling people around the world into downloading it by using infected computers to send a message that goes something similar to this:

Hey, is this your picture? :S http://www.msnimages.net/images/viewimage.php?=abc@hotmail.com

The infected computer would then be a the next zombie host which will spread the virus to his/her contacts.

Currently, most anti-virus acknowledges this as a threat and dutifully cleans the system of it. However, it has come to my knowledge that some anti-virus do not actually remove the virus totally. If you are one of those unlucky souls, I have a treatment for you.

Firstly, download the MSNCleaner.zip and unzip the contents into an accessible folder. (Right click the link and “Save Target As”)

  • Reboot into safe mode (Press F8 repeatedly before the Windows boot screen loads and choose “Boot in Safe Mode”)
  • In safe mode, go to your folder and run the MsnCleaner.exe
  • Click the Analyze button. (This will churn out a list of programs associated with your MSN messenger.)
  • If it finds an infection, delete it by clicking the delete button.
  • Reboot normally

The above method should remove all of your MSN viruses. If you aren’t sure what to delete, paste your report in the comments area and I’ll try to give you a hand. In the meantime, do warn your friends from not being fooled by the virus. Cheers!


I got this off a forum. Author: BlackCube.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: HOW TO guides

30 responses so far ↓

  • 1 Dan // Jan 23, 2008 at 12:19 pm

    Don’t think you would know the answer to this question (since you got it off another site) but any idea what it does?

  • 2 firdooze // Jan 23, 2008 at 5:37 pm

    It scans the registry/browser/processes and alerts users of possible infections.

    Works quite similar to HijackThis.

  • 3 Chris // Jan 26, 2008 at 8:24 pm

    The only thing it found was nsreg.dat which i removed but was pretty sure that it wasn’t the problem. Since i ran the scanner it has still been sending out messages to people, so that didn’t clear it up! any ideas?

  • 4 firdooze // Jan 26, 2008 at 10:03 pm

    can you paste your scan report here?

  • 5 Shazeea // Jan 27, 2008 at 2:33 pm

    I ran the programme (not on safe mode though) and it found and cleared two infected files. I reinstalled Live Messenger too. So how do I know if the infection has cleared (sorry, that was total doctor-speak, I’m a med student)?

  • 6 firdooze // Jan 27, 2008 at 11:02 pm

    <p><p>Shazeea: One way to try is just to run MSN and see whether you are still sending those nasty messages. On the other hand, you could download this free program called HijackThis and run it. Click “system scan with log file” and copy-paste the log file into a new comment or email me. Cheers.</p></p>

  • 7 Mattsa // Jan 28, 2008 at 10:33 am

    Just use the software at http://www.msnvirusremoval.com It removes the MSN viruses automatically, and if it cant find it use the Gatherer and they make an update for you.

  • 8 Darren // Jan 30, 2008 at 10:46 pm

    Crap. I just picked up this same virus through Yahoo Messenger.

  • 9 sam // Feb 5, 2008 at 9:24 pm

    do you know if norton detects this virus. I have the latest version and it did pick it up.

  • 10 sam // Feb 5, 2008 at 9:25 pm

    Sorry about the last post, i meant to say…do you know if norton detects this virus. I have the latest version and it did not pick it up

  • 11 firdooze // Feb 6, 2008 at 12:33 am

    sam: I really am not sure whether Norton detects the virus. But the removal tool does help and if it still persists, scan deeper using a combination of HijackThis and anti-spywares

  • 12 NessaNessa Blog » Blog Archive » MSN Virus Fix // Feb 6, 2008 at 5:10 am

    […] 8. Run MSNCleaner Version 1.5.5 ( you can find a link to it: http://tech.firdooze.com/2008/01/23/how-to-remove-msn-virus-from-your-computer/) […]

  • 13 Marcus // Feb 7, 2008 at 9:11 am

    can somebody pleeeease help me
    i think i may have gotten the virus from clicking on a website link advertizing seeing who blocked you on msn, and now every time i go on msn it sends a message to people without me knowing:

    hey!, somebody crashed their car into a telephone post on my street. I took a picture with my cell phone:
    Marcus Sends: photo561d.zip

    its different each time i think

    how do i find out what my virus is called, and how do i get rid of it?
    pleeease help

  • 14 firdooze // Feb 7, 2008 at 10:25 am

    just follow the steps above and you should be fine.

    RUN MSN cleaner at safe mode, do a clean anti-virus scan and if you still ain’t sure, do a scan using HijackThis and look for suspicious programs in the lists.

  • 15 Marcus // Feb 11, 2008 at 12:00 pm

    k, i ran the msn cleaner and it kinda froze at the end, so it appeared, it detected to files before i closed it:
    C:\WINDOWS\nsreg.dat
    and
    C:\WINDOWS\SiSport.sys

    i dont know what to do next lol [sorry, noob]

    i also ran spybot search and destroy and is detected 15 problems lol. so i fixed all of them, hopefully one of these things work, too bad i probably wont kno which it was

    so please tell me what to do with these MSNCleaner files

    thanks sooo much

  • 16 Marcus // Feb 14, 2008 at 7:42 am

    k, its not gone.
    i deleted both of those files as well as all 15 spybot problems and the msn this is still being sent

  • 17 Animator // Mar 15, 2008 at 4:56 am

    I’m still trying to find out if it worked,

    thank you for this helpful program though :)

    The file that popped up is:

    C:\Windows\nsreg.dat

  • 18 polarhenry // Mar 21, 2008 at 6:54 pm

    i used msncleaner to clean my com (delete the file C:\Windows\nsreg.dat), and now i’m not sure whether the problem is fixed, what can i do the next step? thx

  • 19 Tze Yong // Mar 28, 2008 at 9:45 am

    Seems like there is another version of this MSN virus spreading around. Probably they just registered a new domain for it…..

    photogallery.gigacities.net

    Check out here for more information
    http://baselearning.blogspot.com/2008/03/msn-virus-ignore-links-to.html

  • 20 kevin // Mar 28, 2008 at 8:15 pm

    DONT USE NORTON. IT DOESNT WORK

  • 21 ads92 // Apr 2, 2008 at 12:36 am

    i followed the steps above and i found the nsreg.dat.. and deleted it
    i logged back into msn and i think it worked.. but am not 100% sure yet

  • 22 Alex // Apr 13, 2008 at 9:39 am

    Recently, an MSN virus is circulating which downloads the virus payload from photogallery.gigacities.net or album.gigacities.net . THe FILE NAME of the infected file is “IMG00231[1].JPG-www.imageupload.com”. The MSN Messenger message says “hey, is this your picture ?! h t t p://album.gigacities.net/email.php?=YOURe-mail@hotmail.com” [DO NOT FOLLOW THE LINK UNLESS YOU KNOW WHAT YOU ARE DOING AND WANT TO HARVEST THIS FILE]

    See also:

    http://en.wikipedia.org/wiki/Backdoor.Win32.IRCBot

  • 23 mahesh // Apr 17, 2008 at 3:23 am

    how to remove virus that prompt u sorry and window title is sam

    plz. give me ths solution

  • 24 DT // May 28, 2008 at 4:39 pm

    I ran the msn cleaner and the msn virus removal software, but they didn’t find anything. So the virus is still on my computer, how can I remove it?? Please help:s

  • 25 teed // Jun 10, 2008 at 9:05 pm

    Hi mate, i installed the MSNcleaner and it deleted two things: nsreg.dat.vir and winlogon .exe.vir
    My automatic updates for windows now seem to be switched off and I can’t switch them on again in the security centre, but it works manually. What’s going on, do i sill have a virus?
    Thanks dude, your a champion.

  • 26 firdooze // Jun 11, 2008 at 2:19 pm

    It is advisable to run adware/malware programs and anti-virus programs to double confirm that the viruses are dealt with (of course run them separately!).

    teed>> Try running a Spybot S&D or any reputable malware removal program you know. The problem could be malware. If you can’t remove it, try going to safe mode and run the scan again. Cheers.

  • 27 Michael // Jun 14, 2008 at 8:44 pm

    Try www.msnvirusremoval.com

  • 28 qubec2 // Jul 3, 2008 at 11:53 pm

    Yea im having the exact same problem as teed.

    Recently I have just recovered from some viruses (or thought I did) and I’ve been having my automatic updates turned off whenever I startup my notebook.
    So I tried turning it back on manually. However, I received a pop up message about Security Center not being able to change my Automatic Updates setting and something about turning on manually.
    The next time i startup my notebook, i received the exact same problem.

    In need of some help here !

  • 29 secret // Jul 23, 2008 at 3:50 am

    i need help coz igot the msn visrus winlongin.exe and i tried everythin but nufin works

    i aint gna download anyfin coz i dont trust nufin plz help

  • 30 Shannon(: // Sep 15, 2008 at 9:20 pm

    omg ! im also having the same problems !
    damn irritating whn ur contacts pops uu a msg : ?
    or huh?
    ;(
    norton doesn’t seemed to work.
    its did not detect the virus.
    help please !

Leave a Comment



Your Ad Here