Here's the respond that I got from AOL Webmaster - read along and use that for your own protection
------------------------------------------------------------
Hi! I am Joan B. from the TechMail Department. I would like to thank you for
spending time in writing to us. It is my privilege to be of assistance to you
and all our members.
I understand that your AIM Account has hacked.
I apologize for the inconvenience that you have been experiencing. I appreciate
your patience with this matter and I am here to help you.
It is possible that you unknowingly downloaded a trojan virus through AIM.
Viruses and trojans can be downloaded to your computer by visting some websites,
clicking on links, or installing software. You should always install all OS
patches and security updates and you should always run good virus software with
up to date virus definitions. á
If hyperlinks such as
http://10.2.30.40:8180 or another number automatically
appear in IMs that you send, it probably means that your system is infected with
the "W32/Aplore@MM" virus/worm. Both McAfee and Symantec have web pages set up
with descriptions and removal instructions. As always, please only click on
hyperlinks that you know are safe, even when receiving them from people you
trust. á
If your member profile or away message has links in it that you can't delete or
that get replaced automatically, such as
www.realphx.com or
www.talkstocks.net,
you can try to follow the steps below. If you are a novice computer user, please
get someone more experienced to help you.
Exit AIM so other users don't get infected from you while you are cleaning your
system.
Go to
http://windowsupdate.microsoft.com and install all of the critical
updates. This will prevent the current trojans from reinfecting you once you
have cleaned up the files currently installed.
In IE, go to Tools/Options and reset your Home Page (or just click on Use Blank)
if this setting has been hijacked.
Go to the Add/Remove control panel and uninstall the following: òá "Bargain
Buddy"
òá "Lycos Sidesearch" (Unless you intentionally installed this program.)
òá "Web Helper"
òá "Win Favorites"
òá Anything with "n-CASE" in the name.
òá Anything else that looks suspicious.
Install the latest version of Ad-Aware from
http://www.lavasoftusa.com/support/download/.
Launch Ad-Aware and click the Check For Updates button on it. After installing
any new updates, proceed to the next step.
Configure Ad-Aware to do a custom scan with all options selected, and then
proceed with the scan.
When the Ad-Aware scan is complete, click on Finish. Then right-click on the
list of located objects, choose "Select All Objects", and click on Next. Then
click OK on the confirmation dialog to remove all the objects. Ad-Aware will
probably state that it needs to reboot to finish; in that case reboot now
instead of waiting until later.
Delete all unneeded items from the "temp" directory. If you are not sure where
your system's temp directory is, launch "%temp%" from the Run item on the Start
Menu. Many of the trojan files will still be in the temp directory and they may
be launched in the future if they are not removed now.
Launch "msconfig" from the Run item on the Start Menu, and in the Startup tab of
the System Configuration Utility window that appears, uncheck all of the
following: òá Anything that resembles any of the following items
á "Lycos Sidesearch" (Unless you intentionally installed this program.)
"Bargain Buddy"
"Web Helper"
"Win Favorites"
"Power Scan"
"Sqwire"
"syslaunch.exe"
"uc"
"n-CASE"
òá Any item with a very strange name, such as seemingly random characters.
Click OK to save the changes, and reboot when prompted.
Delete the following items (or anything with very similar names): òá From c:\
:
"url.txt" (file)
òá From c:\Program Files\ :
"Bargain Buddy" (folder)
"Power Scan" (folder)
"Sqwire" (folder)
"syslaunch.exe" (file)
òá From c:\Program Files\Common Files\ :
"SQ" (folder)
òá From c:\Windows\ :
"msgcenter_lminv1.exe" (file)
"bi.exe" (file)
"cdt_bbi8016.exe" (file)
"randomiser.exe" (file)
"winfavorites.exe" (file)
Delete any remaining porn links. These will be in the IE Favorites and/or in
various locations on the Start Menu. Ad-Aware may have cleaned out the actual
links so that only the empty folders remain to be deleted.
In IE, go to Tools/Options and do the following: a. Reset your Home Page if it
has been hijacked again.
b. Click on Delete Files in the Temporary Internet Files section, and make sure
to check the option to also delete Offline Content.
c. Click on Clear History in the History section.
d. Click on OK.
Check the profiles one last time for each of your AIM Screen Names, to make sure
that they are not once again pointing to the malicious web site, and delete any
that are.
That should take care of it, as long as you take the following steps going
forward: òá Frequently install all critical Windows Updates in the future.
òá Use a firewall, which can alert you when malicious programs are trying to
use your Internet connection.
òá Keep your antivirus software up to date and scan all of your hard drives
regularly.
òá Frequently run a program such as Ad-Aware or Spybot that can detect and
remove adware and spyware.
òá Be extremely cautious before clicking on any hyperlink that you are not
certain is safe. (When in doubt, check first with the person who sent you the
link.)
Should you wish to speak with someone in person to walk you through, you may
contact our America Online Technical representative at 1-800-827-6364
(1-800-759-3323 for TTY) or contact through AOL KEYWORD: LIVE HELP by signing on
using the AOL software.
á
Please feel free to write back at your convenience for further needs. It's
through communication with members, such as yourself, that help make this
service truly amazing.
á
Joan B.
Customer Care Consultant
The Technical Department
America Online, Inc.