Trojan Going around on MSN
 

DELETE SERVICE.EXE

There is a new trojan going around on MSN that has hit about 11 Ezud Members so far.

The virus in question is sent like this:
where yourmsnaddress is your email.

DO NOT GO TO THIS LINK, it takes you to a site that loads a Java Applet which downloads files to your computer. My Nod32 detected it, and I downloaded the files and uploaded to 4 virus scan sites so that it could become detected.

DELETE SERVICE.EXE IF YOU HAVE THIS!!!

yeah its becoming REALLY bad...Also the ones that like sign off 1 second after they say that piss me off

EDIT: 2 SECONDS AFTER I WROTE THIS

[15:45] [Ezud.com]Avenger.: haha lol http://msncams.ohost.de/[email protected]

Yeah, Ben has this. Thanks for the warning.

EDIT: Ah, you already know :D

EDIT2: Wait a sec, I followed that link but declined the download?

Gah i hope i'm not infected

lildude is going around trying to use it on people

Rofl i havent been on msn at all today luckly.

:0 Thanks for the info =rep

-DeadOwnage

Same here, i barely go on MSN.

Thanks for the warning Lust, much appreciated.

You probably still have it, Nod32 disconnected me before I even got a download.

Those are phishers, they aren't as bad as an actual virus.

I got my computer infected, and I infected about all my friends xD

thanks for the warning ill keep a look out.

Yes, it uses an exploit that is currently unfixed at the moment, hopefully there will be some security patches released soon enough and/or updates to certain software that allow the exploit to run.

Ben has sent me like 20 messages with this. LUCKLY I never clicked on them. I thought something was funny. but meh

who started this? and whoever did = TEHBANNAHAMMA

It doesn't necessarily have to be someone on this forum. Ben could have run an .exe from some site or got it from someone on his list.

The website has now been shutdown, but those that are infected are still in the botnet, and may be used to spread some other time.

I'm 94% sure these are botnets... I know this is how you would go about connecting someone to your botnet.

Edit: Didn't read all the posts.

But yeah, if anyone sends you a link to a Java applet you don't know, don't accept it.

You didn't read, it's an exploit for arbitrary file download(download without having to accept the sign.)

Wrong. Once infected, that account becomes a spreader.
Its basic MSN spreading. Seriously if you have never seen it you have to be like new as hell to the internets.

It always starts off with one person. Then Domino Effect.

Thanks for information, going to be careful.

Not seen any signs I'm infected yet so I'm hoping...

yea this has been around for soo long, who clicks them lol.

Gtfo, You've spammed about 10 threads now and its obvious why someone would click it.

1) Their friend says it.
2) Its only clicking a link - what harm could that do?
3) The url is personalised; it says your email address at the end of the URL.

stop crying you troll.

all i said it was old and i thought no one feel for it anymore. its old thats why i guessed no one would click it anymore. so stop crying lad.

No i didnt start it, i got it from lildude :(
Anyway am i safe or not? :S

No, you're still in the botnet even though they stopped advertising.

What if they didn't start :O

well I havnt been infected but I now know not to click on that :)

Thanks alot man

Guys, the way I deleted it when I was infected was log off, and instantly started a computer scan.
Then depending on your protection it should pick it up.
I did a quick scan with McAffe and it has messenger protection soo.
If you clicked the link, log off MSN immediately and Scan your computer.

Ya, I know theres tons of these that have been going around for a long time on msn. Just never click them, you can tell it's a shitty site by the domain.

The infected file that you need to delete is called either
Service.jpg
or
Server.jpg
its one of those, I forgot which one.

EDIT:
It is Service.exe

Just don't click it in the first place, I mean come on why would you randomly download a random file?

Dice you honestly have no clue how this works,
It opens a Java App asking for your permission,
You would then think, "Oh well it can't do anything to me lets
see what this site is that my best friend just sent me"
Next thing you know you computer gets super slow and
it spams all of your msn with the link.

Service.exe IS the trojan.
The file is automatically downloaded due to a Java exploit.. please read next time.

service.exe is a process belonging to the Dell Solution Center which offers worldwide technical support and training for it's products. This program is important for the stable and secure running of your computer and should not be terminated. This process is also installed alongside Adaptec SCSI cards, and again should not be terminated unless causing problems.

...
Its not a main OS file.

EDIT:

Proof

http://i33.tinypic.com/9gdp3a.jpg

Ok service.exe is the file, I've found the irc and have sent an email to get it shutdown.

Hopefully it gets taken out soon.
I never accept links before verifying that my friend stated the website, not a trojan.