MSN Blocker (1 Viewer)

[A2RAYA]

has anyone else tried this piece of s**t? what in god's name do i have to do to get rid of this thing..i installed the fucker then uninstalled it but everytime i open up a new convo window it brings up the link for the dam thing...is it like spyware or something like that? and how do i permanently get rid of it
cheers

 

[D_A]

Yea, its a virus.

Friend got it, and from what she told me this is what I think of it:

Makes copies of itself on your hard disk and adds a registry key so that whenever you restart your computer, it would check if the file is there, if not it would reinstall itself.

Everytime you open MSN, it would attempt to send a link to all contacts that are online, clicking on this link would automatically download the virus and execute itself for Internet Explorer. I copied the link into Firefox and it would prompt you, so I think FF users are safer.

Apparently, it disables any active anti-virus + firewall programs...somehow. It also disables regedit/windows task manager/msconfig.

Fixing it?

Goto google.com and search for McAfee Stinger or just Stinger download, its a neat small program that searches for the most recent/common viruses and attempts to remove it.

Or you can do the online scanning thing that Symantec (Norton AV) runs, try updating your anti-virus proggie and if all else fails, format.





All you lose is your porn anyway.

 

[Rafy]

PLEASE DONT CLICK ON THAT BLOCK CHECKER LINK!!!!!

It is malware. Besides you DO NOT require to install a program to use a block checker. They can be browser based. (Not to mention Block checkers dont work anymore)

Anyway removal instuctions below (For step 1 you can just use Windows xp's process thing by pressing ctr-alt-del)

How to remove the "Block Checker" malware correctly
Originally composed by Fergy at the Plus! forums

Step 1: Killing the processes

* Download Sysinternals' "Process Explorer" (http://www.sysinternals.com/Utilities/ProcessExplorer.html) and install it.
* Open Process Explorer and kill "csrss.exe" first.
To avoid killing the wrong csrss.exe process, look at the "User Name" column which lists who has started the process.
If it is "SYSTEM" or "NT AUTHORITY" or the likes, then it means it is the legit windows process started by Windows itself and shouldn't be killed. If it is your username/computername then it means the csrss.exe process has started up as a normal user program and thus is not legit and the fake one. This is the one you need to kill...
* While still in Process Explorer, kill "block-checker.exe" if it is still there.

Step 2: Removing the files

* Uninstall the block checker by going to "Add/Remove Programs" in the control panel.
* Go into "C:\Program Files" and delete the folder labelled "Block Checker" (where C:\ is the drive you installed Windows on) if it is still there.
* Delete the "exclusion_AOL.ini", "exclusion_MSN.ini" and "exclusion_Yahoo.ini" files located in windows' system folder (C:\Windows\System).
* Clean out your recycle bin to totally remove the files from your HDD.

Step 3: Fixing the registry

* Open your registry editor (Start > Run > regedit.exe) and navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" and delete the key named "block-checker".

 

[A2RAYA]

ok im in that program and im goin to kill the csrss.exe but theres only one of it and it says the username is client server runtime or something which if im not mistaking is a legit username right??

 

[lourai*87]

Ok...well i followed some different instructions. And they gave 6 registry values for me to delete. I only located 2. 2 others i got the right field name (000) but the value is supposed to be "block-checker". My value says "resume". The other 2 are in the MUICache but my path is different from that in the instructions and i couldnt see it in there anyway. Have i killed it all, or is it still floating somewhere?

 

[weesa]

meh... theres curiosity for u