Home › Forums › Archives › Instant Messaging › Windows Live Messenger Support › photo album.zip
- This topic has 28 replies, 10 voices, and was last updated 16 years, 5 months ago by rcweb.
-
AuthorPosts
-
March 30, 2007 at 9:22 pm #26727warriors292Member
my daughter has been sent this through msn and has stupidly opened it, the trouble is it is now sending itself to all her contacts trying to get them to open it, when this happens her computer freezes and wont do anything for a min. after looking it up it seems to be a virus of some kind but avg hasn`t picked up on it, i have deleted the folder ic c: program files called photo album.zip but it is still sending itself onto all her contacts…
anyone help ????March 31, 2007 at 6:11 am #159862PhilipModeratorwarriors292;217024 wrote:my daughter has been sent this through msn and has stupidly opened it, the trouble is it is now sending itself to all her contacts trying to get them to open it, when this happens her computer freezes and wont do anything for a min. after looking it up it seems to be a virus of some kind but avg hasn`t picked up on it, i have deleted the folder ic c: program files called photo album.zip but it is still sending itself onto all her contacts…
anyone help ????Hi there, and welcome to the BBB forums. I did some searching, it seems that the photo album.zip file contains the W32/IrcWorm-A. The only antivirus vendor who had some info on it was Sophos. The easiest way to get rid of this worm would be to download a trial copy of Sophos Antivirus here. Make sure to also update it after installation. Before installing Sophos, uninstall any existing antivirus programs in your system.
Please post back if you’re still encountering problems.
April 1, 2007 at 12:29 am #159875X BladerMemberi have this thing in to i did try your suggestion but it failed to do anything for me please can you give any more information on how i can get this of my wlm please
never mind it seams to be out now
well i signed into my messenger this morning and about 30 mins into the convo it started doing it again the pif fil is removed and eveything alone with it and also the virus scan removed it but it is still in please help
regards
April 1, 2007 at 1:32 am #159863PhilipModeratorX Blader;217051 wrote:i have this thing in to i did try your suggestion but it failed to do anything for me please can you give any more information on how i can get this of my wlm pleasenever mind it seams to be out now
regards
Some additional info: this appears to be a new worm spreading on the net, that’s why none of the antivirus vendors (except Sophos) has posted anything about it. The moral of the story is: don’t open any files sent from your contacts, unless you’ve verified it with them. And keep your antivirus program up to date.
April 1, 2007 at 6:41 pm #159876X BladerMemberwell i signed into my messenger this morning and about 30 mins into the convo it started doing it again the pif fil is removed and eveything alone with it and also the virus scan removed it but it is still in please help
well its gone again this time i did nothing with it ill update if it show up tomorrow
regards
April 2, 2007 at 2:37 am #159864PhilipModeratorX Blader;217070 wrote:well i signed into my messenger this morning and about 30 mins into the convo it started doing it again the pif fil is removed and eveything alone with it and also the virus scan removed it but it is still in please helpwell its gone again this time i did nothing with it ill update if it show up tomorrow
regards
Today (April 2) I searched the major antivirus vendor’s websites, and unfortunately, there’s still not much about this W32/IrcWorm-A. If your system is still infected, you can try the following. Warning: this involves editing the Registry. Be very careful when doing this, because editing the wrong keys could cause your system to malfunction. Do this at your own risk.
- Go to My Received Files in My Documents folder. Delete (Shift + Delete) the Photo Album.zip folder and its contents.
- Go to C:Windows. Delete the Photo Album.zip folder.
- In C:WindowsSystem, find the rdfhost.dll or rdshost.dll files. Delete them.
- Go to Start > Run. Type regedit to open the Registry. Navigate to HKLMSOFTWAREMicrosoftWindowsCurrentVersion
ShellServiceObjectDelayLoad rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key (right-click and click on Delete) - Navigate to HKCRCLSID{5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key.
- Reboot your computer.
Check to see whether the problem still exists. Please post back to let me know.
April 3, 2007 at 10:25 pm #159877X BladerMemberwell is all gone now so im relieved its all gone no come backs
thanks for the help
April 8, 2007 at 12:57 pm #159878frankie7MemberI cannot find this directory at all. On my system it just does’nt appear. Not the way you say it anyway.
I cannot get rid of this at all. 🙁
I keep getting loads of chat boxes opening up all the time, and my contacts say i keep asking them do they ant to see my photoalbum.zip how this got onto my system, i have no idea.
Is there any other way to fix this ?
April 8, 2007 at 1:07 pm #159865PhilipModeratorfrankie7;217300 wrote:I cannot find this directory at all. On my system it just does’nt appear. Not the way you say it anyway.I cannot get rid of this at all. 🙁
Hi Frankie,
Welcome to BBB. Which directory couldn’t you find? What operating system are you using? Did you follow the steps in post #2 below, and still unsuccessful?
Did a Google search for the worm, but it seems like Sophos is the only antivirus vendor posting info about it.
April 8, 2007 at 1:14 pm #159879frankie7Memberi use avast, but by using this only tempoary, will it still disappear after i unistall this software ?
I am using windows XP.
Quote:* Go to My Received Files in My Documents folder. Delete (Shift + Delete) the Photo Album.zip folder and its contents.
* Go to C:Windows. Delete the Photo Album.zip folder.
* In C:WindowsSystem, find the rdfhost.dll or rdshost.dll files. Delete them.
* Go to Start > Run. Type regedit to open the Registry. Navigate to HKLMSOFTWAREMicrosoftWindowsCurrentVersionShe llServiceObjectDelayLoad
rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key (right-click and click on Delete)
* Navigate to HKCRCLSID{5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key.
* Reboot your computer.this part, the part that says
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShe llServiceObjectDelayLoad
rdshost Is not there. I have different settings.April 8, 2007 at 2:00 pm #159866PhilipModeratorI don’t think Avast can catch this worm, but you can give it a try by downloading the latest Avast antivirus definitions and doing a thorough scan of your system.
The Registry line HKLMSOFTWAREMicrosoftWindowsCurrentVersionShe llServiceObjectDelayLoad rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD} should read:
HKLMSOFTWAREMicrosoftWindowsCurrentVersion
ShellServiceObjectDelayLoad rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD}If you can’t find this key, just do the other steps first.
April 8, 2007 at 2:22 pm #159880frankie7Membernah, i dont have those keys at all.
if i install sophos, after i get rid of this, can u uninstall sophos and return to my old anti virus, and this will still be gone ?
April 9, 2007 at 4:57 am #159867PhilipModeratorFrankie:
If you want to install Sophos, you’ve got to completely uninstall Avast first. If you intend to revert back to Avast, you’ve also got to completely uninstall Sophos after it’s done its job of cleaning out that photo album worm. To ensure system stability, you should have only one antivirus program running.
I hope the above makes sense to you.
April 16, 2007 at 6:13 pm #159881melancholyMemberI have tried to download Sophos but the installation process could not be completed because it says that simple file sharing needs to be disabled, how do I do that?
April 17, 2007 at 2:08 am #159868PhilipModeratormelancholy;217533 wrote:I have tried to download Sophos but the installation process could not be completed because it says that simple file sharing needs to be disabled, how do I do that?Hi, and welcome to the BBB Forums. Here’s how you can disable simple file sharing:
- Open My Computer from the Start Menu or Windows XP Desktop. A new My Computer window will appear.
- Open the Tools menu and choose “Folder Options” from this menu. A new Folder Options window will appear.
- Click on the View tab and locate the “Use Simple File Sharing (Recommended)” checkbox in the list of Advanced Settings.
- To disable Simple File Sharing, ensure this checkbox is not checked.
- Click OK to close the Folder Options window. The settings for Simple File Sharing are now updated; no computer reboot is required.
Hope this helps.
-
AuthorPosts
- You must be logged in to reply to this topic.