AIM virus/bug/worm

[DefMATRIXense]

I don't know what y'all have in your AIM, but it seems that whomever upgraded today may have been hit by a virus of sorts.

A lot of people sent me an identical message that sent me to some site with a fake news story about Osama bin Laden. I think the virus might be called "buddylists" or something like that. It might actually be spyware, but whatever it is, it's keeping me logged out of AIM.

it starts happening this morning. When I turned my pc on in my room, it shows an AIM upgrade 5.5 installation. So I installed it and everything is fine for few hours. And then the next few hours while I was in school, the buddy links virus sent over 140 screen names on my buddy list. When I got home and everyone imed me like at least 100 messages I was like what the fuck... What did I do? So I read all messages and it sounds like someone hacked me or whatever until Fgarriel explained to me on IM. So I check add/remove programs and had a list called Buddy list links. So I uninstalled it. Everything is fine for now. But recently tonight, it got back again without me knowing. I got pissed off and uninstalled it again and scanned for ad windows and virus. It found it and deleted it. Now, I am apologizing for everyone...

 

[VamPyroX]

I know what you're talking about. It's the Saddam game that they're asking you to download. When you download it, it installs itself to your computer. The next time you sign on AIM, it will IM everyone to go play that game and it repeats all over again.

 

[PowerWCRulez]

Hmm, You should use File Transfer and Share and other set to 'DON'T ALLOW' on every settings..

 

[Steel X]

It happened to me also...and I thought I was going to beat the crap out of Defmatrix for that...lol

but okay I'm gonna go check on the files again and see if it wont happen again

It was proably the same hacker who has put in AIM members' profiles about the "HA HA! LOOK AT (anyone's s/n) PICTURE!"...remember that? I was so pissed off I wanna know who did that and watch him suffer to death

 

[Steel X]

Hmm, You should use File Transfer and Share and other set to 'DON'T ALLOW' on every settings..

You mean from the opitons where you edit your perferences? and then click on "reject from all users", right?

 

[Steel X]

is it part of the buddy links messaging Integration? because I want that virous outta my computer!

 

[Steel X]

I found the name of this virus and got it uninstalled...so....problem sloved.

 

[PowerWCRulez]

You mean from the opitons where you edit your perferences? and then click on "reject from all users", right?

In preferences:

Privacy settings
Allow list
NONE don't click all of check boxes

Blocked list
BLOCK THE USERS BELOW (marked on the check box!)

Nothing about me in marked on the check box
--
File sharing settings
Do that marked on the all check boxes "DON'T ALLOW"
--
File Transfer settings
Reject from all users
--
Direct IM
DON'T ALLOW both boxes!
--
Send buddy list
DON'T ALLOW both boxes!

Then you're safe!

 

[prostock19]

Hey, AIM sharing had NOTHING to do with this adware program. This program would IM a link to your friends. Then, when you click on the link, some people (like myself) automatically got the adware, and others had to click YES or NO(No is the answer 99% of the time) to add this adware. Here is the link to McAfee Site.

http://vil.nai.com/vil/content/v_101007.htm

And after sending out an email to them, here is their response.

A.V.E.R.T. Sample Analysis
Virus Research Engineer: Jaime Wong
Identified: Adware-Buddylinks
AVERT(tm) Labs, Singapore

This link leads to an installation of the above adware. You would need to
agree on the installation first before that occurs. Detection can be found
in the latest DATs 4323.

Synopsis -
Adware does not contain a virus, and is not considered a trojan because it
does not damage systems maliciously.
We have added detection for it but not removal. This is for legal and
copyright reasons, and because many programs will have a legitimate use, and
may have been paid for and installed intentionally.
Solution -
As this detection is of type application, detection requires either the
command-line scanner (with /PROGRAM) or the potententially unwated
applications/program options to be activated if it is enabled with your
virus scanning software. Users running VirusScan 7 or later can enable
application or joke detection via the configuration option "Find potentially
unwanted programs" within the VirusScan GUI. You may wish to check with
technical support for the product you are using for further instructions on
enabling this option.

Support -
Virus Research accepts file-samples for analysis and possible inclusion into
AV signature DAT sets. We are also prepared to answer general virus
questions.
All product-related questions and comments can be addressed through
technical support and customer service, including:
* Product installation and update questions
* Product usage questions
* Specific operating system/version questions
* Assistance with detection and cleaning or removal of viruses or trojans
Use the following links to reach online technical support for NAI products.
Corporate Customers:
http://www.networkassociates.com/us/support/
Single User/Home user:
US: http://www.mcafeehelp.com
UK: http://www.mcafeehelp.co.uk


Best Regards,
Jaime Wong
AVERT(tm) (Singapore)
A Division of NAI Labs

 

[Boult]

Read this if you have been hit by buddylinks spam...

Aol Peeved By Adware Outbreak
http://www.wired.com/news/infostructure/0,1377,62275,00.html

On page 2, there are links that tells you how to remove those adwares installed by buddylinks

 

[Boult]

Prostock, see my previous post.. bout AOL being peeved by this outbreak... they offered this tips to remove buddylinks unlike what AVERTS says.. If you were hit with buddylinks then you can remove it if you want to so you can prevent it from happening again.. ....

 

[javapride]

thats so totally messed up its possiblity of a wonder why i dont have an AIM nor AOL bl due to this ??? if this is the case oh boy someone's gonna get it!