MSN Messenger users are again the victims of a chat application worm. Known by a few different names--Troj_Brain.A, W32.Choke.b, W32.NewPic, Worm.JerryMsg--this MSN Messenger worm will infect anyone contacting an infected PC by asking if the user wants to see a new picture. If the correspondent says Yes, the worm then sends a copy itself via MSN Messenger. If chat application other than MSN Messenger is used to contact the infected PC, the worm might install on the new PC but it will not spread to others. MSN Messenger users were victims in June of the tasteless Choke worm. This latest MSN Messenger worm is not destructive, and even contains its own removal instructions. Because of its limited infection capabilities and relative harmlessness, this MSN Messenger worm only ranks as a 2 on the ZDNet meter.
How it works
The worm arrives via MSN Messenger as a file called PIC1324.EXE. If executed, the worm then displays an Error message box on the infected computer with the following text:
"Cannot open file. May be corupted. Replace the file with a new one and try again".
The worm then installs itself to run every time the computer is booted. The worm appears in the task manager as MsgSprd. The worm monitors chats on MSN Messenger and will attempt to engage anyone who contacts the infected computer with the following exchange:
- hey, want me to send my new pic? i took it yesterday
Depending on the response, the worm will send the file with the following text:
| User | Worm |
| send | there |
| sure | [no response] |
| maybe | pweese ? :-) |
| i guess | i hope you like it |
| ok | alright, here ya go |
| yea | alright, here ya go |
| yes | alright, here ya go |
The worm does no damage and its own removal instructions can be found in a file located at C:Messenger1324Brain1Read Me.txt. The text file reads:
-
I come in piece. My name is Jerry.
The purpose of me is to spread. I'm not annoying, nor
dangerous.
How to remove me:
1) Click Start, select Run. The Run dialog box pops up.
2) Type: msconfig The System Configuration Utility pops up.
3) Click the Startup tab at the top. In the list, find MsgSprd, Messenger, or pic1324, uncheck, press Apply, then press Ok.
4) Restart your computer Or press Ctrl - Alt - Del, select MsgSprd from the list, then press End Task.
You may freely delete the files or the 'C:Messenger1324' directory.
Check this link for the removal and prevention of the latest MSN Messenger worm.
hi
i do not understand how to remove the msn worm can you please explain to me easier.
On my computer the run box comes up and i tpye in what you saidvwhere it says open. but it doesnt seem to wrok
bye