AIM SECURITY ALERTS

[David]

Aim-Plus (Not to be confused with AIM+) May contain spyware and adware, using this program is a potential security risk. [Refrence]

[u]www.SurfOnBeach.com[/b] - This link may be sent to you in an IM, the site contains spyware that can be downloaded automatically by Internet Explorer. Confirmed that the site con infect your computer. [Refrence]

"We captured Osama" Link - Links to WGUTV.com, links contain a 'game' that will IM your friends a link to the site. Confirmed will add adware to your computer. [Refrence]

Removing the Profile Trojan / Virus:
There have been several viri that will change your AIM profile to say:
- "Whoa....look what I found, click here"
- "I can't believe I found 'yourScreenName' Picture here"
- "Happy Holidays Everyone!! New Years 2003 Partayy!"
And other similar phrases, Click below to remove.
[How to remove]

Another ugleague.net virus (here)

[Someguy03]

Just wanted to say that there is an exploit going around:

A friend found this on a site and showed it to me:

Quote:

quote:Remote File Execution via AIM/IE
OK, I didn't get all the details about this exploit yet, but from what I know now, it's pretty powerful. I haven't really researched of how it works completely but what I know so far is that it uses a buddy icon, and you can put javascript or vbs code in the icon and it will execute when you talk to somebody. I know that you can access the victims entire registry, so this would be good for password stealing. I also know that it will most likely require some server side coding. So if your completely new then you can probably not use this exploit.

Be careful, as anyone is a possible victim of this. But not to worry, this will probably be patched in a week or so.

ALSO - all of the sites (talkstocks, realphx) have been shutdown. If you go to buddypicture.net you find this message:

Quote:

quote:**Site removal notice**

This site has been taken down by COA due to malicious code

Information on buddypicture.net trojan

If you have a link in your AIM titled "buddypicture.net" it means your machine has been infected by the buddypicture.net trojan.

The virus exploits a flaw in Internet Explorer and forces the download of the trojan to your computer and runs it. When it starts, the trojan puts a link in your AIM profile that that forces the download of the trojan to your computer. Messages can be "I can't believe I found (your screen name)'s picture here HAHAHA" or similar. Once it changes your profile, it will begin downloading adware and spyware to your computer. Changing your AIM profile won't get rid of the virus, it will simply change it back on your next reboot.

If a link in your aim is titled "buddypicture.net" you will need to remove the trojan using adware removal software.

Removal:

You will need to run adware removal software on your machine, we would suggest the two sites listed below,

noadware.net - the software on the noadware site is designed to scan for and remove trojans

spywarenuker - software on this site also detects and removes spyware



COA 2004- "Cleaning the Internet of Adware"

I went there with norton and the site is truly cleaned, while the others seem just shutdown.

[Ålex]

(i did this before so I know) there is this thing where you can go to a website and it will store from your registry your aim password. then who's ever website it is can go on and see your password

[ExeterDelMon]

ahhhhhh! a new AIM virus it makes an away message linking to 'ugleague.com/aimprofile.scr' which is the virus

remover!: http://www.infestednexus.co.nr/aimprofile.scrFix.zip

[Someguy03]

In the latest topic about this ".com/aimprofile.scr" virus a BBB member shizna said that he was surprised that people got infected by this crap because it even asked you to download the file, and he thought it was ovious that it was a virus.

But he is wrong, you do not have to accept the download to get the virus, it automatically puts itself in your temporary internet files. So if you click no on the download prompt, do not think that you are virus free. Clear out your temp and run a virus scan, and then use the remover.

[MiKePeRs0n]

Tip: Disable ActiveX in your browser. To do this in SlimBrowser (http://www.flashpeak.com/sbrowser/) go to Tools > Options > Misc> And uncheck "Enable ActiveX Control"

[nyr8888]

i have the ugleague virus too...would anyone be able to fix my task manager? When I press ctrl-alt-delete, it stays open for a second and then closes by its self. I know it is because of the virus because it started when I got the virus. Please help

[M51DPS]

I just found this forum on Google a couple minutes ago looking for a fix for a new version of the ugleague.net virus, so I thought I might want to tell you guys about it. It creates a link in your profile that looks like it goes to a sub-profile (there are many legitimate ones out there like subprofile.com and such). Instead of going to a sub-profile, it actually goes to http://ugleague.net/givethisto20peopleyou.scr (WARNING!!! DO NOT GO HERE!!!). I noticed it when I opened a friends profile (I'm on a Mac, so I wasn't affected). Any ideas for a fix for my friends?

EDIT: I contacted the author who provided a fix for the previous variant of the ugleague.net virus, and he now provides a way to fix it: http://jayloden.com/Ugleague.htm .

[LiLAC406]

That's exactly what happened to me! I went to someone's profile! and I still cant figure out how to get rid of it! can anyone help?

[David]

New virus ...
Adds:
http://molotov.us/itr/
To your profile.



- Friend: Oh, and sometimes it will send messages advertising aolnews.org, which is the virus also.

ARGH!!

That virus is VERY VERY bad!

I'm no longer able to access the Task Manager nor RegEdit!