[Update 10/12/04: If you are looking for info on the Funner worm that spreads on MSN Messenger, read this article or this page from Symantec. Funner sends itself to everyone on a user's contact list and may try to download content from www.78p.com. Links via Slashdot.]
[Update 6/21/04: A number of commenters are reporting a new version of an AIM virus that closes task manager before the process can be ended. If you have this problem, commenter Tony recommends a program called Security Task Manager that can be downloaded here. This program should allow you to find the files responsible (perhaps "netstatt.exe"), stop them from running, and then delete them. Jay Loden's AIMFix is also working for some people, but that site is facing heavy server traffic and is not always available. A mirror of the fix is up at ftp://metafero.elon.edu/AIMFix.exe.
Jay has also provided these manual removal instructions:
1) For manual removal of the virus files, you will need to first end the processes [Note: not all files will exist on all computers]:
“YahooMsngr.exe”, “NETSTATT.exe”, “YahooMsgr.exe”, “wintcp.exe”, “lansrv.exe”, “idctup20.exe”, “fpjlfrllddpnsi.exe”, “svcl.exe”, “exhhulashk.exe”, “OSNERAOUSGZDPV.exe”, “winampa.exe”, “Data”, “Debug”, “Slideshow.exe”, “Payload.exe”, “MSCVT.exe”, “service.exe”, “zzqh.exe”, “zzb.exe”, “snd332.exe”, “aim1.exe”, “lsas.exe”, “taskmanage.exe”, “winxp.exe”, “download_me.exe”, “windowsupdater.exe”, “wuaumqr.exe”, “winupdat.exe”, “blengine.exe”, “ChannelUp.exe”, “hpztsb05.exe”, “av.exe”, “b.exe”, “bbb.exe”, “wucaumqr.exe”, “winampa”, “xlroue.exe”, “A0L.exe”, “iexpl0re.exe”, “svehost.exe”, “bvjlxjs.exe”, “gxmryzf.exe”, or “aocyvou.exe” (there are more, but I didnt have them all available at the time of posting)using DS Software’s Taskill utility available from
http://members.ozemail.com.au/~nulifetv/freezip/freeware/taskill.exe
and open it to see a list of running programs. Choose the process and select “Kill”.
2) Now you will need to search through the hard drive for the files “YahooMsngr.exe”, “NETSTATT.exe”, “YahooMsgr.exe”, “wintcp.exe”, “lansrv.exe”, “idctup20.exe”, “fpjlfrllddpnsi.exe”, “svcl.exe”, “exhhulashk.exe”, “OSNERAOUSGZDPV.exe”, “winampa.exe”, “Data”, “Debug”, “Slideshow.exe”, “Payload.exe”, “MSCVT.exe”, “service.exe”, “zzqh.exe”, “zzb.exe”, “snd332.exe”, “aim1.exe”, “lsas.exe”, “taskmanage.exe”, “winxp.exe”, “download_me.exe”, “windowsupdater.exe”, “wuaumqr.exe”, “winupdat.exe”, “blengine.exe”, “ChannelUp.exe”, “hpztsb05.exe”, “av.exe”, “b.exe”, “bbb.exe”, “wucaumqr.exe”, “winampa”, “xlroue.exe”, “A0L.exe”, “iexpl0re.exe”, “svehost.exe”, “bvjlxjs.exe”, “gxmryzf.exe”, or “aocyvou.exe”. These files would be hidden, and will require you to enable viewing of hidden files and folders.
To do this, click on the Tools menu in Explorer, then click Folder Options, and go to the View tab. (if you are on 98 this will be in the View menu) Now check the box next to “show hidden files and folders” and uncheck the “Hide protected operating system files” box. Now choose “apply to all folders” and click apply.
The files are usually located in “C:”, “C:\Windows”, “C:\Winnt”, “C:\Windows\System”, “C:\Winnt\System”, “C:\Windows\System32″, “C:\Winnt\System32″, “C:\Program Files\PSD Tools”, “C:\Program Files\PSDTools” or C:\Documents and Settings\yourusername\Applicaton Data”, though it varies on computer to computer.
3) Delete any of the files if they exist.
4) Please don’t forget to take the link out of your profile]
[Update 2/11/04: From a comment posted today: "I got the osama version yesterday, and I removed it without a problem... First of all, the processes run by this version are called "blengine" and "ChannelUp", so those are the ones to kill if you get this... Removing this virus is pretty much the same procedure that has been posted [below].”]
[Update 2/10/04: Traffic to this website doubled today, which can only mean one thing: there's a new AIM virus going around. This one has a link reading "check this out: http://www.wgutv.com/osama_capture.php?JVFD". I know nothing about this one, but once again J Loden has a fix for it on his site. I haven't tried it out since I don't have the virus, but you can do so here.]
[Update 1/13/04: J Loden is working on a fix for the new virus that puts "an0th3r pr0fil3 0wN3d By b1Ld0" into your profile. Go to his page here for removal instructions and, soon, and automated fix.]
[Update 12/21/03: Comment 35 links to a site with several AIM virus removal tools and it looks legit. So if you don't want to proceed with manual removal, check out Jay Loden's page.]
[Update 12/04/03: There is a new version of this spreading through a link reading something like "I can't believe I found %n's picture here hahaha." The new file name is probably av.exe or a.exe. Just follow the original directions for removing b.exe below or click here for more info.]
I don’t know if this is best classified as a virus or a worm, but whatever it is is spreading via Instant Messenger. The link was in my profile for a while, so my apologies if you got it from me. The link reads “Whoaaa….look at what I found, click here”. Don’t do that! It takes you to a page called talkstocks.net and immediately installs software you don’t want.
But if you did click the link, here are some things you can do to fix the problem. Now I’m no computer expert, so I’m not going to vouch for any these methods. The one I tried worked for me, though.
I followed the directions in Reply 9 on this page. First, edit your AIM profile to delete the link. Then hit ctrl-alt-delete and end the task “b.exe” (may also be “bbb.exe”). Finally, find the same file on your computer (probably in a windows folder) and delete that. Reply 9 lists an additional step to take the file off of the list of start-up tasks, but on my computer that had apparently taken care of itself after I deleted the file. [Additional 11/20/03: some users may need to click "processes" after hitting ctrl-alt-delete.]
From what I can tell, this solves the problem of having the link reappearing on your AIM profile everytime you sign on. However, there are many other files installed as well, including spyware. This page lists the files and directions for deleting them. I haven’t tried the directions yet. I’m going to wait and see if any easier fixes get developed in the next few days, and if they haven’t I’ll try them then.
Again, I’m not a computer expert and can’t vouch for these methods, but hopefully the information above will be helpful if you have this problem.
Permalink - Share/Save - Comments (261)
Jacob Grier is a freelance writer, barista, mixologist, and magician in Portland, OR. He writes, eats, and drinks a lot. His articles have appeared in The Washington Post, Reason Online, The Oregonian, and other publications.
Follow me on Twitter
Being the computer expert around here, I’ll just note that what Jacob said sounds right. To get rid of the spyware, check out Ad-Aware. http://www.ad-aware.com. I would also suggest removing the link from your profile after deleting that file, rather than before.
The good news is that, from what I’ve heard anyway, this little bug doesn’t do any actual damage.
By the way, when you go to that page, it pops up a message asking you whether or not it’s OK to install their software, and says fairly specifically what that install does. As a general rule, DO NOT EVER CLICK OK on anything that pops up while browsing the internet.
I think that’s new. When I went to it there were multiple pop-ups and I don’t remember any of them asking permission, though it’s possible I clicked that one along with the others by mistake.
My sister noticed this virus when I went on AIM and she saw it in my profile. I immediately tried deleting it, which had no impact whatsoever on the appearance of it in my profile. So I looked online and happened upon this site. The instructions may seem very clear but, being a computer-somewhat-illiterate person myself, it was hard finding the file b.exe. I went to ‘ctrl alt delete’ and it wasn’t there. I think you may want to add, near ctrl alt delete, that you have to click on ‘processes’ and try to find the file in there. This seemingly insignificant piece of information may save many hours of time for people that are trying to rid themselves of the virus. Thanks for helping me out, just trying to return the favor. (the sentence I was confused with was when you said ‘then hit ctrl-alt-delete and end the task ‘b.exe’, when you actually have to click into ‘processes before finding the file). Thanks again~
Thanks Evan, I noted that addition. Glad you found this helpful.
I’ve also noticed another fix for this problem. Simply running Windows Update, and getting/installing all of the most recent Critical Updates, and updating/using a good VirusScanner. I’m using Mcafee 7.0 Pro, and, after updating it, it picked up the virus on the first scan. After the virus is deleted, go ahead and change your profile back to whatever you want it to be. I hope this helps.
uhh maybe my computer sucks but i dont have a “processes” button anywhere! i want this thing gone - someone help me
i have it too, but i can’t find any b.exe is there another name dat it could be…
Yep, I just updated the post. There’s a new version that is called av.exe or a.exe.
GUYS, That AIM bug you are tlaking about. It crashed my whole system, the futhest i can get in is to see my desktop backround. I think i got it abnormally bad………….
I tried to start it in safe mode…… nope that didn’t work. I have windows xp pro. Dude im never going to use aim again……………………………………………………
THIS STUFF WORKS
i cant figure this thing out sum1 help me!!!!!!!
Thanks for all your help, guys, it was driving me bananas! I hate worms! I spent all day trying to get rid of it with scans and such, and finally got it into my head to look on Google and I’m so glad I did. Just hitting control-alt-delete and clicking on av.exe, and then going to run and finding av.exe and deleting that did the trick perfectly! Then you just go into your profile and erase the offending thing like you normally would! Thanks to this site and those who posted on this matter! I owe ya one!
thanks so much!! i finally got rid of the little worm….=)
my computer is really messed up, and i’ve deleted the file bbb.exe from it and also deleted the virus from my profile, but whenever i push ctrl-alt-delete, the thing that pops up never stays up long enough for me to click processes and click what a want to be shut off. is there any way i can fix this or is there another way to shut off processes?
i dont understand this whole process thing or the .exe files. i dont see either when i click ctrl alt delete. im so confused, can someone possibly provide more of an explaination? :-/
I’m glad to see that these instructions are working for most people. If they’re not working for you and you have a question, try to be detailed when you ask about it and maybe I or someone reading this will be able to help you out (this page is getting a lot of traffic lately). Finally, if anyone has any further tips, please post them.
Okay, here’s my question to add to the list. When I try to delete av.exe it says it can’t delete because windows is using it. I’m running windows ME. Any suggestions?
Helpme!, you need to stop that program from running before you can delete it. That’s what the ctrl-alt-delete, processes, and “end task” instructions are for. Have you tried those? I’ve never used ME, so the method may be different for you.
I cured my problem…. I found that…hit ctrl alt delete, processes, and i mine was called AV.exe, Click end task, then go to C:windows and delete the AV.exe file, recycle it, and restart comp. BOOM! Its gone, well at least mine is…Hope this helped u people..
Ok guys, I’ve been trying to get rid of this little worm all day long. The easiest way to do it is to press Ctrl+Alt+Delete… then click on the Av and say “End Task”… After you do this simply go to START, and press FIND, Files and Folders and search for Av.exe… right click on it and press DELETE. After you have done this you will be rid of it! Erase your profile, your little worm should be gone.
None of the posts are working for me! I am running windows me and am wondering if this is the problem. Ctrl+alt+del does not show me processes button to click on…I can end task, shut down or cancel. It seems to have shut down my whole system. Help!!!
Lynn, after you hit ctrl-alt-delete find the file (see the original post) and hit end task. After that you should be able to find the file and delete it.
every time i get away the virus that is on my pro when i shut down my computer and go back on its still there how can i delette it completly?
yo do bb.exe on start on desktop then serch it and delete anything that look like a small window and it has a blue trimming around it
AND BIG UPS TO HERNDON VIRGINA
Katherine, follow the original directions, searching for the file names mentioned. I don’t advise deleting every file with the description in Subhail’s comment.
Okay i got this worm maybe 2 weeks ago… i have tried lots of that anti virus shit.. doesnt work! and i tried pressing “ctrl alt delete”
but i didnt find that file name… this thing is driving me fucking nuts.. please if u have any suggestions WRITE BACK!!!!
My Norton antivirus says I have the virus- but I did ctrl-alt-delete and there isn’t a file of that description (av.exe, bbb.exe, etc.) and my profile is fine (I also didn’t click on the boxes- I just hit X to close it.) Is it possible that the virus could have other names, or does it only start if I reset my computer?
This virus is driving me nuts!!! I’ve deleted all the files out of my computer, but something is still not right. whenever i close out a window, and image of the window still stays up on my desktop, if anyone has info that could help, please let me know because this is gettin extremely annoying!
ive gotten rid of everything except pop ups someone help me with this!!!
& Ive tried Hijack this and Spy Bot Search & Destroy
I read through this whole forum along with many and i mean many others, spending most of my sunday night along with monday morning looking for an answer. I do have the aim virus but maybe a different version, im running windows 98, i have norton, ad-ware, spybot ect ect. but when im online and i try to IM someone it replaces it with “Check out the new cam im gonna get “PIC”(where pic is, is usualy merged with a link” Please help, im not that much of a newb at computers but this shit is real annoying.
By the way to my last Post i forgot to add that when i try to go to run and get to regedit or to msconfig both windows shut down in a matter of seconds before i can clikc anything.
ahh, hey,i keep trying so much different stuff and nothing works..i found av.exe and deleted in ctrl alt delete but now im so lost about the whole folder thing, and i dont have a FIND in my start list, and when i try RUN nothing comes up…so if any of you would like to help me itd’ be greatly appreciated
Please visit http://www.jayloden.com if you are infected with an AIM virus. I have provided removal tools and instructions on manually removing the most common AIM viruses that are floating around at the moment. Good luck!
-J
i think this worked for me, thanks for the help!
woooooooo damn the AIM bug it gone THANKS ALOT PPLZ!!!!!!!!!!!!!
help!argh…aiite i dont have AIM worm/virus, but my CTRL+ALT+ DEL, task manager doesn’t stay up… i see it for a brief second, then it goes away.. i believe its some kind of virus, but not sure, my current virus scanner can’t pick it up.. again my problem is that my task manager won’t stay up. it disappears after 2 seconds, help me
dude u guy r confusing. i figured out how to do it. ok. here.
1. press ctrl+alt+delete
2. find 2 programs called av and one with like fuy in it (NOTE: most times people only find the av program, and thats ok, but for some they might have the other one. its ok if u dont have both but u MUST have the Av one)
3. highlight Av and press “end task”
4. got to My Computer
5. go into your C Drive
6. go into the folder called WINDOWS
7. open it up and scroll down until u see a program called Av
8. delete it, move it into the Recycle Bin
9. empty the Recycle Bin
10. go into ur profile and delete everything then press “finish”
dont take my credit
Can someone please help me? I clicked on my friends AIM and I got the trojan Virus.. Her profile said, WOW LOOK THAT I FOUND!!! I don’t have anything written on my profile but I went to a website that gave me the virus..I ran an antivirus and it found the virus…I deleted it but it always comes back when I restart the PC.. Can anyone tell me what to do?? Pleaseee send me an email at xxsasazinhaxx@aol.com or simply IM me.. THANK U GUYS
i have one of those aim profile bugs, the one that says “happy holidays everyone!!…” I’ve tried to get rid of it, but when i use ctrl+alt+delete, i can’t find any of the files people list (ex. Av, B, etc.) and so i cannot figure out how to delete it. what am i supposed to do now?? hheeellllpppp =(
[i have windows 98, im thinking that has something to do with it?]
hmmmmmmmmm, this is a problem. do u have any other unknown applications in ur task manager? like names of apps that u havent seen b4? well if u do close it and juss follow my steps except with the program u have and u should get rid of it
Mel, J Loden (www.jayloden.com) recommends using a fix at this address for the Happy Holidays version of the virus:
http://www.rsaisp.com/software.asp
If you try it out and it works, please let us know.
hey everyone.
I was pissed off like most of you probably are right now. I am not sure if anyone has posted this link but I thought I would try and help out. All you have to do, is go to the website I will attach below, and open the program it gives you. as far as I know, it seems pretty legit. I do not think there is any spyware that comes with it. next all you have to do is go into your profile and deleate the link. to make sure it worked (even though it didn’t say to do this on the website), I logged off of AIM and restarted my computer. there is now no “Look I found _____’s Picture Here!”. I am not sure if there are different versions of the virus, but this one worked for me. The link to the download is
http://www.rsaisp.com/software.asp
Again, I would like to appologize if this has been posted before or if everyone is fixed now. I was just frustrated with this AIM Buddy Profile Virus, that I thought I would try and help all you out. Also, when you open the program that you downloaded, it took me to the microsoft website to download some kind of patch or something to prevent this from happening in the future. I did not download this patch from microsoft, but I believe it isn’t needed.
There are a few simple directions on this link http://www.rsaisp.com/software.asp
that should help you through. It is not very hard at all. Just go to that link and it will explain these simple directions. I do not know much about finding all of these viruses and such, but this simple program worked for me. I hope this works out for all of you. Best of luck,
Alex
Hey Guys, i did everything everyone said, my only problem is this:
After ending task of the Av program, i found the file in the Windows folder, however it says it is unable to delte, is is full or write protected…. Any ideas???
omg thanks so much everyone!!!
This worked for me….
Control-alt-delete…..then click on AV…END TASK…then go to ….search for files or folders and search for “AV” and when it comes up delete it! N then delete it from your profile and its gone!
HELP
In my profile on AIM there is this link that says
“Whoaa…look what I found, Click here”. Before this link appeared, there was another link that stated “REAL PHX”. Somehow these links are connected. If anyone has any idea how to get rid of this virus, PLEASE tell me how!
to get rid of the virus “Whoaa…look what I found, Click here” try to go into your profile, highlight it, right click and and select cut. Cut it out of your info…it ususally works
Susan, that’s just a temporary fix. Mallory, I recommend following the instructions in my original post or trying the removal tool at:
http://www.jayloden.com/VirusClean.htm
You guys are geniuses, thank you so much for your advice on kicking this dumb worm right in the teeth.
I KICKED THE VIRUS’ ASS
I got that spyware crap..i accidently clicked on someone’s im..it says..”Check out the camera i want” and a link..can anyone help me with it..my antivirus says some file is win32.exe is spyware…i’m gonna try everything that this site is sayin..thanks..r3n
okay this is kool how you tell how to get rid of this virus and all. but i have a different one on my profile that reads……..”happy holidyas everyone..New years 2003 partayy” can you help me with that. Thanks.
***ANICA*** i had the same problem and this is what i did…
1. press ctrl+alt+delete
2. go under processes—find 2 programs called av and one with like fuy in it (NOTE: most times people only find the av program, and thats ok, but for some they might have the other one.)
3. highlight Av and press “end task”
4. go to My Computer
5. go into your C Drive
6. go into the folder called WINDOWS
7. open it up and scroll down until u see a program called Av
8. delete it, move it into the Recycle Bin
9. empty the Recycle Bin
10. go into ur profile and delete everything then press “finish”
omg!!! there is a nother virus for aim pro thats says an0th3r pr0fil3 0wN3d By b1Ld0 if anyone knows how to get the virus away plz!!!!!!!!!!! email me!!!!! i really need to know how to get this one away!! help me!!! =(
i have the an0th3r pr0fil3 0wN3d By b1Ld0 virus. av.exe, b.exe, bbb.exe or anything is showing up, nothing w/ fuy in it. i have something that says msbb.exe, could that be it
does anyone know how to get rid of one of those things called an0th3r pr0fil3 0wN3d By b1Ld0 cause i don’t know how to…thanks
Damn an0th3r pr0fil3 0wN3d By b1Ld0 sux i need a fixing tool
msbb.exe does appear to be spyware. You can check the date it was created on to verify that it was put on your computer the same time you lost control of your AIM profile.
I dont know how to remove the an0th3r pr0fil3 0wN3d By b1Ld0, it takes u to this website: http://home.mchsi.com/~hdgone/homepage.html and installs the program, and it wasnt like one of those popups that ask u if u wanna install it, it just did it on its own, ive had it for a few days now, if anyone knows how to remove it PLEEASSSEE email me!!!! thanks…
an0th3r pr0fil3 0wN3d By b1Ld0
HOW DO I GET RID OF IT!? PLZ HELP ME!!!!
Ok everyone!!
This “virus”, an0th3r pr0fil3 0wN3d By b1Ld0. It can be deleted! I had it in my profile. Dont even bother going to those websites that says it can delete the worms, cuz they dont work for this one. All ya gotta do is uninstall AIM and reinstall AIM. Thats what I did, and now my profile doesn’t say that!
I HOPE IT WORKS FOR YA’LL!
i cant find the file name or anything, there has 2 be a different name its under
Visit this page for how to remove the bildo version of the virus: http://www.jayloden.com/Bildo.htm
i have another aim virus that puts a link that says “slideshow from last weekend, check it out!”
i’ve downloaded spybot: search and destroy and adaware and rsaisp.com’s fix and nothing seems to work. i don’t know where to begin. i’d greatly appreciate some assistance.
thank you katie it worked great!!
also jayloden’s virus clean does not work.
Happy Holidays Everyone!!
New Years 2003 Partayy!
i have that one and i cant find any way to get ride of it.. does ne-1 know how?
Hey I also have the virus that reads “slideshow from last weekend, check it out!” I am very computer stupid and need help. I have gone to task manager, but all I can find is MSCVT.exe, E_A10IC2.EXE, and a few other weird looking files. I see nothing even close to “Av” or any of the other files mentioned. Can someone please give me simple instuctions on how to remove this….I would so very much appreciate it. THIS IS DRIVING ME CRAZY PLEASE HELP!
I would say delete any weird looking files that are running. Go to run and type msconfig and see what your starup files and other processes are. Delete the weird ones. Thats what I did and so far the stupid message hasn’t come up although its only been like 5 minutes. That link to that virus program does not work. And my version of mcafee, 7, doesn’t see the virus, nor does ad aware or anti trojan. Ill let you know if it comes back
I still got the problem. It seems it happens whenever i put an away message on. I don’t know what to do.
i also have the happy holidays everyone news years partay… problem… its extremely frustrating..so if anyone figures out how to get rid of it…please post something..because im about ready to throw my computer out a window…
I believe I just solved the problem where it says Owned by Bildo. I had a file always loaded called snd233 or somethin. I didn’t know why that file was needed but thought it had something to do with sound. Also it was sitting on my C drive but not in any folder. I checked the file info and one of the things about it said profiler so I said maybe this was the bug. So I terminated the process and it seems that I do not have the problem anymore. I got rid of the file and took it off the startup list. Bye
for the slideshow virus, make sure to delete MSCVT.exe from your processes, and check your registry because the virus might have put something there as well. delete slideshow.exe if it’s there. good luck. there may be something from jay loden soon if this doesn’t work for you.
If you can’t find the virus or adware make sure you are doing an advanced search, ie… hidden files and folders. typical place is go to c:\ or root then navigate upwards to documents and settings then to whoever current user is then applications or temps(folder will be subdued yellow because it is hidden).gator and download accelerator typically haunt this area. when you find it delete it and remember where it was. now run regedit and do a search for whatever you deleted and remove all refs to it from your registry(only if you feel comfy hacking the registry) back up the reg first.export it to root and then you can restore it from recovery console if a diaster occurs. Now go back and make sure the file you deleted is still deleted.If it was loaded into memory it might just put itself back into place as soon as you delete. Don’t believe me try to delete microsofts out of box experience(that annoying ballon and keys telling you 30 days are up activate xp or turn it off.(another hot tip, if you hack xp by copyng in wpa.dbl and wpa.bak to system 32 then install sp1 your back to an unactivated xp)goto windows\system32\oobe. Now try and delete msoobe.exe. give her hell. the faster you type the faster it replaces itself
i had the Whoaaa look at what i found here thing. And 2 delete the virus i went to the website where it came from scrolled down and clicked remove. but it wasnt that easy. now i have this adult links daily kinda spyware thing on my computer and i cant get it off. how the fuck do i get rid of adult links daily
my stupid brother downloaded kazaa, i deleted most of it which was probably a bad idea. but i still have lil bits n pieces left on my computer how do i get rid of those.
I HATE COMPUTERS!!ok well heres the thing i have the old AIM(i think) well actually i ust to have the new one but i think it deleted itself…lol but ne ways my profile is screwed up, everytime i sign off or put an away message up my profile deletes itself. And it never did this before so i dont kno if it is jsut my computer or if i have the virous! Well if you think you can help will you please respond to me fast?ż THANKS!!
CURE FOR B1LDO IS:
AFTER YOU DELETE SND332 SEARCH FOR “INFO” ITS A WEBPAGE IN YOUR AIM DATA FOLDER. DELETE THAT AND UR CURED!!!!!!!
how tha fuck u get rid of this gay thing
SUM1 PLZ HELP ME
hey, this kid i never talk to online sent me this website via aol instant messenger. so i went there, and tons of people from my buddy lists have been sending me messages saying the link didn’t work… i didn’t send any of those links out, what is going on??
I would just like to say this is really fucking eerie. I needed to find out how to fix this thing, and I got linked to here, run by someone who goes to Vanderbilt University. I am a student at Vandy and leave for Study Abroad on Monday. It’s a fucking small internet world…
I got the osama version yesterday, and I removed it without a problem. I discovered several things in the process. First of all, the processes run by this version are called “blengine” and “ChannelUp”, so those are the ones to kill if you get this.
Also, if you use something to connect to AOL messenger besides the actual AOL client (like Trillian, DeadAIM, or something else), then your profile is not changed and you don’t send messages to others. Also, many people use Internet Explorer (IE for short)as their browser for searching the internet. If you use a different browser, like Mozilla Firebird or others, then the virus won’t be able to install itself when you go to the web page that is linked. The reason I got it is because I opened up IE to view the page, not knowing about these viruses.
Anyway, that is just some more advice about the virus. Removing this virus is pretty much the same procedure that has been posted above.
I pressed control alt delete, and ended those two programs, then deleted it from my computer… people still keep saying i’m sending those links.
So I have the problem other people have.. THE WHOLE CLICK HERE FOR A CAMERA type thing. But i can’t remove it because whenever i press CTRL + ALT + DEL the box closes real fast.
What do I do?
I got some bullshit virus from aim, and i deleted it from my profile, but i can’t get on the internet without signing on to aol… a popup comes up and says that blah blah .exe bullshit have caused something, and something else……
how do i get rid of this? i have windows ME, please help, and email me… i hate reading all this stuff…please help
thank you
-john
When I try to delete the blengine file, it says:
“Cannot delete blengine: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.”
Did you end the process first?
i clicked on a virus link that said something about aim buddy games, do you know the link to take it out of my system?
I just got hit with this yesterday (the Osama version). The info here helped. I just have a few more additions. A directory was created on my computer in this location C:\Program Files\Common Files\PSD Tools\. In there were all the binaries, dll’s, etc. related to this. The important thing, for me, was to shut down my AIM and delete ALL the files in that directory. I didn’t realize it at first, but two DLL’s were being used by AIM and they didn’t get deleted on my first run through since I still had AIM open. When I signed on again, it IM was sent out a second time. After signing off, deleting the two dll’s and signing back on, everything seems to be good.
-Jim
My room mate’s aim keeps sending out “how far can you get? http://www.buddylinks.net/night_raptor/”
apparently he can’t see that he’s even sending the im’s when he’s talking with people. Anyone heard of this?
i have sumthing where somehow something gets onto my screenname and then all of my buddylist just dissapears. I noticed the problem when my buddy list dissapeared twice. Then i was online one night and the IM came up saying how i was signed on 2 places…and then i saw my b/l go away right in front of my eyes. I had it saved. But that night it happend over 6 times. Anyone know about this? and i changed my password 3 times and didnt tell anyone. plz IM me about it soon
sorry i mean post somthing about this soon im gettin pretty pi$$ed off about this..^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hey..how do i get this stupid thing outa my profile it says “an0th3r pr0fil3 0wN3d By b1Ld0″ and i went to a website to delete it but it keeps coming back and deleting what i wrote in my profile before! please help me with it! email me if you know how to permanently delete it out of there! thanks!!!
Chelsea!
My friend has the aim thing but it says http://ugleague.net/aimprofile.scr. Is this different than the virus’ being discussed here or is it removed the same way?
hey i hav the same away message thing that says “new profile http://ugleague.net/aimprofile.scr !” as an away message. and when i exit aim it signs on again and shows the away message again….. if anyone has any information at all. e-mail me at planboner@yahoo.com . Thanks
I have the same exact problem as Cliff and Jamie. None of the virus scans or ad-aware scans pick it up. Help me!!
I have the same http://ugleague.net/aimprofile.scr virus…it’s getting to be very annoying. PLEASE if anyone finds a cure for it…post as quickly as humanly possible. I’m about ready to reinstall Windows. If I can find the cd…
I updated my site two days ago to cover this virus also…there is a removal tool and manual instructions as per my usual operating procedures.
http://www.jayloden.com
Good luck, and if the removal tool for some reason fails, try running it in Safe Mode and do drop me a line to let me know it didnt work for you. Thanks!
-Jay
Hey Jay, i tried ALL of your tools to get rid of the ugleague virus, yet it STILL SHOWS UP!!
HELP ME!!!
ok i really need help! i have one of those ugleague.net AIM virus, trojans, or whatever. However, it is not a link in my profile. What it does is it randomly turns my away message on (or if its already on, changes it) and makes it have one of those links that says ugleague.net/Love.scr, etc. However, another problem is that whenever I’m not on AIM, it randomly has a box that says something like “Youve clicked a link that cannot be loaded. You may have to be on AIM for this to work. Please sign in now.” Then it tries to load AIM. This is driving my dad insane and he is threatening to delete AIM altogether! This can’t happen! Help me PLEASE!
HOW DO I GET RID OF THIS AWAY MESSAGE VIRUS?!? sometimes it says Is It Real http://www.ugleague.net/Love.scr ? , sometimes it says New Profile http://www.ugleague.net/profile.scr ! its sooo annoying it always puts an away message up by itself or changes the away message im already using…. how do i get rid of it?!?!
same problem here! i tried going to http://jayloden.com/ugleague.htm im not sure if it worked for me yet but it probably did… it had trouble deleting winampa.exe b/c i already deleted it.. if you have already done this, it should be fine though. i highly suggest this. however, if you would like to know the possible applications you have on your computer and are not comfortable with downloading this software, here they are: winampa.exe xlroue.exe iepl0re.exe bvjlxjs.exe gxmryzf.exe aocyvou.exe All of these may not be on your computer, but some of them should be. I hope this helps!
PaYcE—>
Shadow Cat (XGaMeRs)
Ok.. This @#$%ing ugleague is really pissing me off..
This is what i did:
1) tried reinstallling AIM
2) went to jay’s website, and followed all the directions..
3) Can’t run task manager, cause it keeps disappearing w/in 3 seconds of ctrl+alt+del.
4) did a search for the exe files, but to no avail..
I am about three seconds away from putting a grenade inside my computer… SOMEONE PLEASE HELP ME!!!!
Oh, and for those who get that message about the application must be open to use the hyperlink stuff.. yeah, i get it too.. VIRUSES SUCK MY @#$%!!! if you can help me, please IM me on aol at shadyfozzie!!
Thanx
if anyone can help with the ugleague virus, please reply.
i’ve read that uninstalling aim won’t do any good so i haven’t tried yet.
i tried jay loden’s removal for it but it says that my system is clean. however, i know that it is NOT clean because every 10 minutes or so an away message is popping up on aim with that link. even when i am not on aim, the sign on box pops up saying that i need to be online for the hyperlink to work.
i can’t use alt control delete because the box closes itself right away. i can’t access the registry because that closes immediately too. it’s not on the add/programs list eitber.
i also tried searching for the file names of this virus but nothing comes up.
this is getting very frustrating!! please help!
there must be some new incarnation of it, i’ve tried all the prior listed removal methods and nothing is working for me
i have the same problem and i want to kill someone
Hey guys, i tried something, and for the most part it worked getting rid of that ugvirus. If you have norton antivirus, it’s pretty effective..
What happened was, my profile link changed to something like punkposer.com or something like that.. when i clicked on it, it showed that my computer had a virus in it ( i forget the namne, but it was a bot.gen in it..
After that, i scanned for viruses and the computer found three (all in my Winnt folder) the main one was SVCHOST.exe..
i deleted them, restarted my computer, and now i can get my task mananger to work again..
hope this helps any of you!!!
Tim
im having trouble getting the ugleague virus off of aim..its not in my profile anymore but the away messenge is still popping up and the websites directions arents working how can i get it off
i found the SVCHOST.exe but when i try to deleted it. It says access denied
I Have a new virus in my profile that is ugleage.net/givethisto20peopleyou.scr, and in your profile it shows up as ‘View My Buddy Profile’. Please tell me how to get rid of it!
i have no idea how to get rid of it. i have the same one as u and everything i tried doesnt work
I am having this same away message problem and i did the link thats in your site but it says “Virus not found! Your computer is clean!” but i STILL have the away message popping up with the http://www.ugleague.net/profile.scr and i also had that view my buddy profile thing, but i don’t think i have it anymore. PLEASE help me i have been sitting at my computer since 11:30 using numerous virus-scans and it is killing me. PLEASE help.
i tried pressing ctr alt delete like every1 says, but it wont let me open it, it just opens then closes it right away.. is there any other way to get rid of it?
yeahh i tried both of those things 2 and neither worked its really making me mad ive tried spybot and adware and neither work..i have no clue how to fix it cuz his website things doesnt work
yeahh the ctrl alt delete doesnt work for me either..its really really gay
The ug virus will just not go away. I have tried everyting i know how to do!! PLLLLLEEEEAASSSEEE help if you can
help me 2 with the ug virus
this aim away message virus is so god damn ANNOYING… how the hell do i get rid of it? When i am online about every ten seconds (literally) an away message pops up replacing my current one or just appearing, saying: “Check It Out http://www.ugleague.net/profile.scr !!!” and then when i am offline every ten seconds aim sign on screen pops up and an error message says: The AIM hyperlink you’ve clicked on may require you to be online to work. Please log in first.” AND IT DOESNT STOP NO MATTER WHAT I DO!!!
I am in high school and I really need this damn thing to go away as it prohibits me from doing anything at all on my computer. But the wierd thing is, is that i have never clicked on any popup adds or downloaded any programs, so i dont know how it got onto my damn computer…
I REALLY NEED HELP!!!!!!!!!
yo,
this aim virus is killing my computer.
the link is, Check It Out http://www.ugleague.net/profile.scr
everytime i began to chat some stupid ass away message comes up and later AIM begans to sign on and stupid stuff. i need to get this out, please help me asap. and also, i re-installed aim 3-5 times, shit wont work tho. so let me kno what to do. thanks.
later
Bharat.
PLEASE HELP ME IT WONT GO AWAY THE WEBSITE WITH ALL THE INSTRUCTIONS IS SOOOO CONUFSING I NEED HELP PLEASE HELP ME I AM CRYING BECAUSE I AM SOOOO SCARED HELP!
i have the same problem as every one else..the profile one…if i exit aim it turns on by itself so i have the auto login thingy not checked off…but it still turns on but doesn’t sign me in saying “the AIM hyperlink you’ve clicked on may require you to be online to work. Please login first. i also tried reinstalling aim but nothing works…help!
I had the double one (both profile and away message). Check for the file zar.scr, it was only visible while the virus was active. That was what downloaded onto my computer (even though the link pointed towards a different .scr file) I deleted that, then used the manual removal on jayloden, and it seems to have worked.
I have the same problem as Rupangi and blizzard1030, but my ctrl + alt + del doesn’t work, so now what do I do? My away messages used to say: Check It Out http://www.ugleague.net/profile.scr !!! And now it says: true friends http://www.angelfire.com/biz7/friendz/friends.scr ? I’ve been to every website and done everything it told me to do and nothing is working! please help!!
how about he one with the http://www.angelfire.com/ak5/sinz0/friend.scr hyperlink?
just wanted to drop a quick apology for my little “experiment” that got a little out of hand a few months back. mine was the one with the “an0th3r pr0f1l3 0wn3d by b1ld0″ link. it all began as a small project to demonstrate to a few other computer guru friends the new IE exploit and the dangers of not Updating and using third-party protection software (I personally recommend Norton’s Internet Security ‘03). anywho, it ended up spreading like a wildfire and even getting my cable service terminated. oh well, experiment was successful… windows blows. if you’re still having trouble with it feel free to contact me on AIM at billy04x.
ciao
ive had the “view my buddy profile” virus for almost a month now and cant find a link that actually helps. hopefully someone cant find a cure. in the meantime ill check back. thanks to everyone thats trying to figure it out.
Okay..um me being the idiot i am clicked on a link in a friends profile and now its in mine..is there any way you know how the fix it..the link is..http://molotov.us/itr/
Thanks for the Help!!
delete aim people!!
I would just like to reiterate what has already been posted. I am Jay of Jayloden.com and my site provides removal tools and instructions for all the AIM viruses listed on this page, and some not listed.
So if you have an AIM virus, please, check the SITE, and try the newest version of my AIM virus removal tool. If you have something that is not removed by the tool, please contact me on AIM or by e-mail (HolisticDriving or jay at elon.edu)and I will help you remove it and add it to the removal tool to help others.
As a side note, reinstalling AIM does not fix any of these viruses so save yourself some pain and suffering and don’t bother.
Thanks!
-Jay
http://www.jayloden.com/VirusClean.htm
Hey, My aol is sending these links in my IM to people I’m talking to and I have no idea wtf is going on… Last night I put on an away message and when I came back it was gone and people that IMed me had all that link shit over and over again… anyone heard of this?
go to d12world.com/board
sign up real quick, you don’t even need an e-mail address, and post a topic asking and you’ll get all your answers
go to d12world.com/board
sign up real quick, you don’t even need an e-mail address, and post a topic asking and you’ll get all your answers
go to d12world.com/board
sign up real quick, you don’t even need an e-mail address, and post a topic asking and you’ll get all your answers
sorry for double posting
Okay, I have a virus in my away message that says “i just made a screensaver! everyone check it out http://www.esynx.com/screensaver.scr click open to see it!!” It will only show up on random occasions. I have tried many things to get it off, inlcuding norton, but it will NOT let me open norton. When i click on norton, it will open for 3 seconds and then disappear. A lot of my friends are having this same problem. Someone PLEASE help me and tell me how to get this thing off!! I would greatly appreciate it!
I have the same thing as JB. I clicked on the link in my friend’s away message to view her screensaver and now every once in a while, that becomes my away message too. I can’t find anything on the internet about it being a virus but I’m sure it is and I also can’t open my Norton AntiVirus program. Help!
Hey Amy, this is JB…I finally got that screensaver virus off of my computer. Here is what you do: go to http://www.jayloden.com/VirusClean.htm and then click on “AIMFix” then open it and run the quick virus check. It should tell you that viruses were found. After you do all of that, click on AIMFix again and run the quick virus check again. Keep doing it over and over again until it finally says that NO known viruses were found…I had to go to AIMFix 3 times before it said that there were no viruses. Once it finally says that, restart your computer and then the virus should be completely gone. I hope this helps!! Good luck, Jenn
Oh yeah Amy, I forgot to say that after you go to that website and do all the AIMFix stuff and restart your computer, try opening Norton and if it works properly, then you know that the virus is gone. My Norton did not work either when i had the virus, but once I did that AIMFix thing a few times and restarted my computer, my norton now works fine. -Jenn
my computer has this weird virus and it shows up in the AIM info on every screen name…in the info this website is shown..http://molotov.us/itr/ and then has a smile face at the end…if anyone can help me get rid of it please post somethin on this site bc im not givin out my email..thanks
Ok, so I have the http://molotov.us/itr/ thing on my profile and I cannot seem to figure out how to get rid of it. I have tried going to http://www.jayloden.com/VirusClean.htm but it does not come up (cannot find server). I have tried ctrl+alt+delete and my task manager screen only comes up for a half a second. This thing is so freaking annoying and I cannot seem to remove it, please help!!!!!!!!
THANK YOU!!! The Av.exe one worked for me! I’ve been trying to get the bug off my profile for DAYS!!!
can anyone tell me how to remove an aim virus.
temporary internet files\Content.IE5\OT2JQP0H\mypersonalaimprofile[1].scr
the Backdoor.SDBot.Gen virus
I have norton 2003 it doesnt seem to be able to repair it
There’s another AIM virus going around.. I don’t have the exact website though.. but when you sign on to AIM.. every now and then an away message will pop up that says “you gotta see this..” and it also has a website for angelfire.com/bestfriends or something like that.. and then you press I’m back and it says if you’d like to install something about MediaTickets or something and then a lycos website comes up about “Money money money” and it does it a lot.. and Idont know how to get rid of it.. please help me :o/
It’s a virus alisa. It’s an old virus, but I think it’s got a new spin to it. I don’t think it’s the same one, but a new variant.
I’m still working on it. The current removal tools don’t seem to work, at least not on the system I’ve found it. Nor has AV caught it.
this virus keeps puttn my away message on with a link to the virus…anyone know what im talking about or how i can get rid of it?
jesus man i got a new virus it was in an away message saying “omfg http://www.angelfire.com/bc3/gins/friends.scr”
now every time i’m online that away message pops up and everytime i’m on ie it links to that site and nothing else and i cant open my crl alt del screen either its driving me crazy please if you know how to fix this please tell me
I have the same problem as Jake–please help!!
oh my gosh…i have the SAME away message virus!!! PLEASE help me get rid of it!!!!
Yeah, I’m in the same boat… I’ve been running ad-aware and searching for a solution for hours. Its really starting to piss me off
PLEASE HELP!!!
i have the same away message virus with “omfg http://www.angelfire.com/bc3/gins/friends.scr”
how do i get rid of it?!? please let me know
and now it comes up all the time…TIA for any help…
After long and frustrating hours, it seems that I fixed it. However, I did so many things, its hard to put a finger on a single thing that made it go away. But I’ll tell you what I did do that I think was effective.
1) There’s an AIM fix out there on this site: http://www.jayloden.com/VirusClean.htm. I installed it and ran it on my computer.
2) Go to Internet Options in Control Panel. Delete all files and cookies in the Temporary Internet Folder because thats where the virus is. (To get to Internet options in XP its Control Panel -> Network and Internet Connections -> Internet options)
3) I already had and ran ad-aware regularly. I also downloaded Spybot Search and Destroy. This may help also.
4) Keep running ad-aware and restarting if the window pops up to start over. I dont think you can get rid of it while the window is up on your screen. And as you know by now, you cant close the window once its up there.
So I hope that helps. Hopefully the pain and frustration I’ve experienced in that last 12 hours will do some good for someone.
I too have acquired the — “omfg http://www.angelfire.com/bc3/gins/friends.scr” — virus. When I log onto AIM it automatically puts up an away message with that link in it. When I press Ctrl/Alt/Delete - the Task Manager stays up for about 2 seconds, and just when I’m about to click the ‘Processes’ tab it goes away. This is annoying the sh*t out of me. Internet Explorer keeps popping up and trying to load that angelfire site, and then little boxes pop up saying I have to “Log on to AIM for the hyperlink to work”. If I leave the computer for even 5 minutes about 100000 of those messages are stacked on top of each other. I have Windows XP and I don’t know what to do. If anybody knows anything about this, please help.
I did a Search for SVCHost and found it on my system, but when I try to delete it, it says “Access Denied.” Please I would really appreciate ANY help :O(
AIM: BluEyedGrL1283
Email: kms797@students.jwu.edu
ps - the http://www.JayLoden site does not work.
i think i have that angelfire away message virus you guys are talking about. however, my link is different than the ones above. it is: http://www.angelfire.com/al4/spin8/staff.html the title at the top of my internet explorer says Security with a bunch of .:.: kinds of things before and after it. my internet explorer always asks me if i want to let ActivveX controls and plug ins to run, and i always say no because at some point i got some weird virus through that.(i’ve got XP) anyways, i’ll press no and get a message telling me i have to say yes to view the site. i can’t close the internet window at all, and if i press ctrl alt delete, the window only pops up for a few seconds and it takes a few tries to get the mouse in the right spot to hit close. i tried that jayloden.com aimfix, and it said it found a virus and fixed it. however, i restarted and the same thing happens, and the aimfix tells me my computer is clean. i already tried ad-aware and spybot more than once. i ran my virus scan (norton antivirus professional 2003) and it didnt find anything. this angelfire link pops up in an away message, even if i am online at the time and not away. it even opens my aim when i’m not using it (when i’m offline) and puts that as my away message. i already put something in my profile telling people not to click it, however i just can’t seem to get rid of it. the characteristics of this worm/virus/trojan(?) seem to be a little from each post above^. i can’t even open ctrl alt delete when the internet isn’t open to the website (it pops up randomly). i can’t click the processes key to try and close it according to the directions above. i know people have complained about that but i didn’t find a detailed answer on getting it to stay open, so i thought i’d try too. i think i have enough details in this to explain what’s going on, and i hope someone knows how to get rid of thise! please help. email:christi313@hotmail.com
well i am glad to say after a while of screwin around i have found something that works thank god go to this web site http://www.jayloden.com/Ugleague.htm download the “taskill” open it and now you can view all your processes without the virus shutting it and look for a proccess call yahoomessenger or something similar kill that task and then hit control alt delete and now the windows task manager should stay open now unfortunetly this is all i can find so far as of fighting this virus i’m sure this thing wont go away that easy but i am trying good luck and try your best not to spread this virus
sorry the correct name of the procces is “yahoomsngr.exe” i am going to run a search on my computer for this program and i am going to try and delete it i suggest that you do the same
follow the dirrections on this site but look for the file name yahoomsngr.exe http://www.jayloden.com/Ugleague.htm make sure you delete the hidden file to and the virus is gone for good finaly
i tried what you guys said and it didn’t work. i downloaded taskill, but i don’t have anything named yahoomsngr.exe in that list. i ran the program when the internet explorer was on that angelfire page and when it wasn’t, and i still didn’t find anything. are we talking about different viruses? this is driving me crazy.
yea i tried using all the programs you stated and they didn’t work, someone help me
wtf i looked for all those files and i saw none of them but i still get the security warning every minute its pissing me off pleaz help me before i go psycho
i got the uleage virsu but with this adress
http://www.angelfire.com/ga4/spin3/profile.scr
jays tool worked fine and deleted all the files…thank you
Yeaaah I have the same AIM virus! this link is in my away message now. “www.angelfire.com/al4/spin8/staff.html”
If you know how to remove it then pleaaaase email me at :
Onesanity@hotmail.com
And for some reason I can’t seem to change my Homepage Address. ahhh please help.
I have a virus that put a link in my profile saying “view my buddyprofile” and I was wondering if anyone knew how to get rid of it? I’d love you forever!
I have it now and I cannot get ctrl alt delete to work. it will open and then close in under a second. i think they improved their profile.scr or somethin. i have Bulletproof Softwares spyware removal tool and norton antivirus 2004 professional edition. neither are pickin up on it. cant find any info on this anywhere else on the web. this sucks…..
Jays website does not work by the way and i dont understand why someone doesnt just post the manual removal instrucions here instead of giving dead links
ok this virus sucks so bad. I also have the “www.angelfire.com/al4/spin8/staff.html” thing happening on my computer. Jays website is not working for me either. It also has that crappy “View my BuddyProfile” link in my AIM profile that is not supposed to be there. Finally, my task manager and registry editor will only stay open for like 2 seconds. This seems to be what everyone else has, based on everyone else’s rant.
Please please please someone post how to manually fix this!!!!!
I have the same problem as the last 10 people. The “OMFG http://www.angelfire.com/al4/spin8/staff.html” away message pops up. I need to know how to fix this.. Please post something, the Jay links don’t work.. help please
me again, the jay links work off and on i think cause the first time i came here it didn’t work, and like the next day it did. don’t give up on it is all i can say. try and try it could work for you even though it didn’t really for me. could be useful in the future i guess.
No thanks to jay but i got rid of it…HERES WHAT TO DO i downloaded a seperate task manager that wouldnt close after 2 seconds on me… i recommend http://www.neuber.com/taskmanager/download.html …. Then look for a process called netstatt.exe and end it. then search your whole c: drive and make sure that in the search options u search for hidden files and system files and search for “netstatt.exe” and delete and there may be 1 or 2 more files associated with it most likely located in “C:\windows\system32″ for windows xp users. then u should be ok and if u hit any more problems i would use the nifty “security task manager” from http://www.neuber.com/taskmanager/download.html
HOPE I HELPED I KNOW HOW FRUSTRATING IT CAN BE
YOU ROCK TONY
the separate task manager is good but when you reboot your computer the problem comes back. netstat.exe cannot be deleted, it keeps returning back to the folder. It is ridiculous that Norton Antivirus is not detecting this file as a virus. Something needs to be done immediately.
well i didn’t download that separate task manager, i downloaded taskill (i had it downloaded from yesterday or something one of the 1000 things i used to try and get rid of it) HOWEVER, i haven’t restarted yet and i don’t know if it will come back. if you’re interested, i think it was from jayloden.com i don’t know when the site will be back up but whatever that’s where it’s from :-/
I had the angelfire virus and i downloaded the task manager- make sure u send the file to quarantine and then go into the quarantine folder and delete it- then search your computer for the file- and delete it when you find them- mine had 2- then empty the trash- reboot and see if it worked- it did for me
i rebooted now and it works i can keep task manager open
Im sorry, the site has been down repeatedly over the past few days, it’s not because I’m a jerk or I don’t want to help people, it’s just that I can’t afford real hosting at the moment, and as such, when I lose my internet connection at home, I lose my website too.
The site is back up as of now, and I’m doing my best to keep it up, but I can’t do much about losing my connection…feel free to complain to Earthlink on my behalf. In the meantime, there is an alternate link to AIMFix at ftp://metafero.elon.edu/AIMFix.exe and either that or my site should be up to help. As always you can contact me by IM at HolisticDriving, I try to be on as close to 24/7 as I can.
-Jay
It has come to my attention that people felt it was more efficacious to post the manual instructions instead of “dead links”. Ask, and thou shalt receive:
1) For manual removal of the virus files, you will need to first end the processes:
“YahooMsngr.exe”, “NETSTATT.exe”, “YahooMsgr.exe”, “wintcp.exe”, “lansrv.exe”, “idctup20.exe”, “fpjlfrllddpnsi.exe”, “svcl.exe”, “exhhulashk.exe”, “OSNERAOUSGZDPV.exe”, “winampa.exe”, “Data”, “Debug”, “Slideshow.exe”, “Payload.exe”, “MSCVT.exe”, “service.exe”, “zzqh.exe”, “zzb.exe”, “snd332.exe”, “aim1.exe”, “lsas.exe”, “taskmanage.exe”, “winxp.exe”, “download_me.exe”, “windowsupdater.exe”, “wuaumqr.exe”, “winupdat.exe”, “blengine.exe”, “ChannelUp.exe”, “hpztsb05.exe”, “av.exe”, “b.exe”, “bbb.exe”, “wucaumqr.exe”, “winampa”, “xlroue.exe”, “A0L.exe”, “iexpl0re.exe”, “svehost.exe”, “bvjlxjs.exe”, “gxmryzf.exe”, or “aocyvou.exe” (there are more, but I didnt have them all available at the time of posting)using DS Software’s Taskill utility available from
http://members.ozemail.com.au/~nulifetv/freezip/freeware/taskill.exe
and open it to see a list of running programs. Choose the process and select “Kill”.
2) Now you will need to search through the hard drive for the files “YahooMsngr.exe”, “NETSTATT.exe”, “YahooMsgr.exe”, “wintcp.exe”, “lansrv.exe”, “idctup20.exe”, “fpjlfrllddpnsi.exe”, “svcl.exe”, “exhhulashk.exe”, “OSNERAOUSGZDPV.exe”, “winampa.exe”, “Data”, “Debug”, “Slideshow.exe”, “Payload.exe”, “MSCVT.exe”, “service.exe”, “zzqh.exe”, “zzb.exe”, “snd332.exe”, “aim1.exe”, “lsas.exe”, “taskmanage.exe”, “winxp.exe”, “download_me.exe”, “windowsupdater.exe”, “wuaumqr.exe”, “winupdat.exe”, “blengine.exe”, “ChannelUp.exe”, “hpztsb05.exe”, “av.exe”, “b.exe”, “bbb.exe”, “wucaumqr.exe”, “winampa”, “xlroue.exe”, “A0L.exe”, “iexpl0re.exe”, “svehost.exe”, “bvjlxjs.exe”, “gxmryzf.exe”, or “aocyvou.exe”. These files would be hidden, and will require you to enable viewing of hidden files and folders.
To do this, click on the Tools menu in Explorer, then click Folder Options, and go to the View tab. (if you are on 98 this will be in the View menu) Now check the box next to “show hidden files and folders” and uncheck the “Hide protected operating system files” box. Now choose “apply to all folders” and click apply.
The files are usually located in “C:”, “C:\Windows”, “C:\Winnt”, “C:\Windows\System”, “C:\Winnt\System”, “C:\Windows\System32″, “C:\Winnt\System32″, “C:\Program Files\PSD Tools”, “C:\Program Files\PSDTools” or C:\Documents and Settings\yourusername\Applicaton Data”, though it varies on computer to computer.
3) Delete any of the files if they exist.
4) Please don’t forget to take the link out of
OR you can just use AIMFix and then IM me or email me if that doesn’t work.
-Jay
I installed the software from Jays site and it helped. Be sure to reinstall Norton antivirus, it may be infected, i know mine was. It was not detecting any viruses. WHen i reinstalled Norton, it detected the virus Bloodhound.W32.EP in the files:”bestfriend[1].scr” “00000035.exe” and “A0095949.exe”. I hope this helps.
I have a virus on AIM that sometimes replaces my away messages with a message that reads “oh F*CK,” and then has a hyperlink listed after it … i haven’t been able to find this virus listed on any “virus fix” websites. Can you help me?
I have the same problem as Kendra… help! EMAIL ME at Zubes4@yahoo.com
Same as above two. My away message will pop up with an OMFG or something of the sort and a link to click on. Please help it’s driving me nuts.
I have the same problem as Alisa. I had downloaded Spybot and it seemed to help. The virus was only coming up once at night and sometimes not at all. Then it started coming up more, it seemed like whenever I would leave my computer idle it went up. My AIM away message would say like OMFG or something with an angelfire link. And sometimes I’ll get the lycos website and a little box that you have to say yes or no to. In order to exit the lycos website you have to exit the little box and really really fast “x” the lycos website or else another box will come up and you have to try it again. After getting rid of that my computer is fine for about a day until it pops up again. My Task Manager won’t stay open but I did find SVCHOST.exe and deleted it. I don’t know if it helped yet, but if there are any other tips, can you PLEASE post them, because my friend caught the virus too.
I am having some similar problems with my comp. This site has REALLY helped but i still need some more help. i had the same type link pop up in my away message, but it said “LOOK” instead of “OMFG”. i think i somehow managed to get rid of that virus because my AIM is working fine now, but my task manager closes after like 1 second. i ran an adware program and antivirus program but i am still having problems. i did some searching and found a site that said problems with the task manager mean you have a virus or worm in the folder windows/system32. it told me how i can get my task manager open, which i did, but then it said to delete the file that you think has the virus, but i have NO idea which one it is!! i checked for all the processes that are at the top of this page, but none of them are there..
here is a list of the system processes that are running.. can someone tell me if one of them is not supposed to be running? or tell me any other way to fix this problem?
ati2evxx.exe (twice)
csrss.exe
DefWatch.exe
KodakCCS.exe (digital camera maybe??)
LSASS.exe
Rtvscan.exe
ScsiAccess.exe
SERVICES.exe
SMSS.exe
SPOOLSV.exe
SVCHOST.exe (theres like 5 of them, 3 under system, 1 under “local service” and 1 under “network service”)
System
System Idle Process
WINLOGON.EXE
wircd.exe
WMIAPSRV.exe
any help is VERY much appreciated!!
i am having some similar problems with my comp. This site has REALLY helped but i still need some more help. i had the same type link pop up in my away message, but it said “LOOK” instead of “OMFG
There is a new version out, and it changes the away message. It says something like “LOOK [link] ?!?!?!”. From what I can tell the AIMfix.exe fixes it just fine.
and megan, all those processes are normal.
i also have the angelfire away message virus and ive tried aim fix which didnt work, then i tried uninstalling aim and reinstalling and it appeared to work for day, but today the virus popped up again. any other suggestions?
I have the same LOOK [link] virus that just randomly pops up an away messages…how in the world do you get rid of this???
Hey, I’m having the same problems as you guys… for a while my away message will be fine… but then it will pop up wiht LOOK! and a random link from angel fire.. then it will redirect me to that link, but it says something like the site has been destroyed because it did not cooperate with angelfires terms of services or something. I downloaded the task manager..but I’m not really sure which files to delete… if anyone has any suggestions, I will be very grateful. Thanks.
Actually, I just tried deleting the netstatt.exe, there were two of those programs during the searches.. one would not let me delete it but one would… and I tried opening up my task manager and that worked! Lets hope the away messages don’t come back, thank you so much!
I had the same problem - inactive Task manager, many dos commands like msconfig.exe, regedit.exe and even NAV software were not working. I just followed what Jacob Grier advised - downloaded, installed and ran “Security Task manager”. Found the culprit file named “xbszgri.exe” lying in c:\windows\system32 folder. I just removed the process and Task Manager and all started working again. Thanks Jacob.
Hey guys my system found a virus Bllodhound.w32.ep and then the system shut down. how to get rid of the virus as my system is not shutting down now.
i have some problem
when i logon to the internet
i have a massege that my computer will be shutdown in 60 seconds
because of error at c:\windows\system32\lsass.exe
can any body help me and i will aprechiate this so much
Hey Guys! If you’re having problems with deleting your files, just delete them with windows turned off!! Delete the virus files in Ms-dos mode when the virus isn’t running! (unless it’s a boot viurs) A good way to enter ms-dos mode is to use a boot disk (you can make one using windows)
i keep getting this as my away message about ever 3 minutes that i am signed on AIM:
OMFG LOOK http://pics99.blogsite.org/friends.scr !!!!!
my taskmanager wont stay open and my virus scanner doesnt find anything… its really annoying please help
-sean
thats the same message i’m getting… i can’t get rid of it.. i’ve tried everythin that everyone else has said.. i know a lot about computers and usually get viruses off my comp and send it back to where it came from.. but this virus is on my sis’s comp with windows 98… so i can’t even get into the processes to see what it is thats running.. if anyone can knows what the filename is to delete.. could you please e-mail me at marc5000@rcn.com thanks a lot
I’m having the same trouble: “OMFG LOOK http://pics99.blogsite.org/friends.scr !!!!!” Keeps popping up as my away message. It will even change my away message to that, or log me into my AIM account just to put that message up. I’ve tried everything I can think of…. PLEASE HELP! I fear I may never be able to use AIM again.
I had the same problem with the OMFG away message. I found that clearing my cookies and my history (In Internet Explorer go to tools, then internet options) has erased it. I havent had a problem in a few days.
I have the same virus…the OMFG one…and I’ve deleated my cookies and history…but I am still unable to open my task manager…and I’m not even sure that doing that has taken away the virus…any help?
IT HAS BEEN FIXED! I AM SO HAPPY
http://www.jayloden.com/AIMFix.exe
THAT IS FOR THE AWAY MESSAGE VIRUS!
ITS AWSOME!!!!!
i have a “mybestfriend.scr” virus, i’m wondering if that is the same thing as “bestfriend.scr” … i have tried the hijackthis removal, and aimfix, and neither has worked. if you can help me, please email me. thank you!
I am having the same problem as Natasha…and Aimfix is not working for me either..please help!
How about this one for you. I click on the link because it is in one of my friends profiles. I’ve done this before i don’t know why i did it again this time. It puts an away message up that says “OMFG i found some new pictures… and then the url. Even when i am not on aim or it is even loaded on my computer, it will load itself up and put that same away message up for me. Then my computer froze and i had the “flip the switch on the wall” to turn it off. I rebooted and nothing works correctly. It takes 10 min to load Norton and it went into Norton and configured or delted some files so a message pops up and says ” Norton can’t protect aim instant messanger, we are unable to find certain files” somethin like that, you get the point. I tried running a bunch of different anti-virus programs but they all turn out the same. It takes about 30 sec. to scan 1 (yes 1) file. I have about 250k files on my computer. I calculated how long it would take and it would be around 70 days to finish the virus scan. I try rebooting in safe mode a number of time. When i get to the screen that lets me choose, it won’t let me switch to safe mode. The arrow keys won’t work. I think i’ll either have to reconfig my computer or use the ( windows xp restore ) and pick up where ever it saved last if that even works. For now i will be using a public computer for my needs which sucks. If you have solutions to my problem please e-mail me at Dougstultz@hotmail.com or just reply to this comment. I’ll be checking back her every day or so to see for new information. Thanks
I have the Best Friends/Away Message virus. I have tried Jays AIM Fix which doesnt seem to work, run norton virus scans and am constanty running ad-aware but the virus is still there. the only way i can avoid the annoying message that pops up telling u that u must be online and signs u on aim. although there is still the problem with the task manager. i read for another virus that effected the taskmngr, to go to c://windows/syst32/taskmgr.exe and just changing the “.exe” to “.com” this allows u to open the processes for more than 3 seconds but i cannot find the things i need to delete. This is realy getting on my nerves. please email me at tanguy347@hotmail.com
Apperently, my friend has the virus/worm whatever in her computer and her away message has posted two differnet messages; one that says “OMFG LOOK” then a link, and another than say “WTF LOOK” then a link. Her task manager also closes within moments of opening it. Her schools tech staff apperently went through her computer and got rid of the viruses but within a day or so, the messages came back on. It obviously is not being detected by her protection software, or by their tech staff.
I fixed the Aim virus by downloading the security task mgr, and deleting a process called Sophosantivirus, a program that I don’t have on my comp and is located in my system32 files. Virus scanners shouldn’t be in there. Msconfig started working, and I unchecked the sophosantivirus in the startup processes, and an also a process which was hidden, and only took up a black space. Everything is running fine. The Security task mgr is your best friend.
i dont think this has anything 2 do w/ aim, all i kno is i got a brand new laptop. 1 day it was fine then the next day i cant click in boxes 2 write stuff like google or anywhere. say i wanna click run on the start menu then i want 2 type in the file i want to run. i can click in there 2 write anything. like i had 2 use my other computer 2 write this message b/c i cant click in the box 2 write anything. the cursor doesnt go in it. i cant press tab either, it just skips over the box. pleaseee help
hello, i have been having problems with my aim for a while now (no its not a virus and i have all the latest updates and all of that)..when i sign on AIM it works perfectly fine..until i decide to IM someone or someone decides to IM me,,it shuts off before the message could loads, i have re-install it and scaned AIM with my Norton..it sucks that i cant use my aim..any suggestions ?
hey guys!
i used to have the “AWAY MESSAGE VIRUS” but somehow i got rid of it.
i know some of you guys that have this virus wont allow ur comp to show the thing with u press ctrl+alt+del! so i downloaded this program called “Security Task Manager”. You can get it here: http://www.download.com/Security-Task-Manager/3000-2094-10318553.html?tag=lst-0-1
so download this prog. then you’ll be able to open ctrl+alt+del w/ no probs!
also, i downloaded another program which detects all ad-ware thats in ur comp! i used it and i was totally surprised to see how many i had! you can get that here: http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10319876.html?tag=lst-0-2
I dont know if its just me, but i detected and deleted ICQLITE on my task manager and it got rid of the virus so maybe some people should check if that’s their case also!
I wish you all luck!
hey tom i have the SAME problem i hate it…i don’t have like these profile viruses or w/e and i can sign onto aim and everything but when someone tries to talk to me or when i talk to them it crashes and kicks me off so i can’t talk to anyone…help me fix it if you can!
oops tom that wasn’t for you that was for andre haha oops
i the .scr virus, and i have tried everyway posted on the interent, and nothing works. i’m getting very very angry, and i need some help quick. someone email me or post something that can help.
I have an away message that keeps popping up on AIM that reads OMFG best friends sceensaver etc etc. can anyone help me with this, i cant even open task manager cause the program closes it before i can click on it and end process so that i can delete it.
OMFG LOOK AIM PROFILE/VIRII
yeah i just got this too.. and i found out its a key logger (etwr.txt), disables cntl+alt+del.. so you cant close it. and it changes your away message so more people click and download it right now im runnin spybot, adaware and everything tryin to get rid of it..
c:\windows\system 32\etwe.txt
check and make sure its not loggin you.. and then i think it sends through a server or somthing.. probably to the creators email
http://www.christianmovies.com/bestfriends.scr
ya this is it… ran adaware, norton and spyboy…still here
To get rid of that annoying best friends thing that pops up in ure away message… all ya gotta do is erase your cookies and your files in ure temporary internet storage folder… do this by clicking on on tools… internet options.. and then you’ll see to tabs for cookies and files, click on them both and BAM! ure all set… worked for me…
I think i have the WTF Look Virus, i clikced on it and figured out it was a virus and went on to delete it. Now my internet connection disconects every three minutes. Im on a router, and everytime i reset the router it starts working, three minutes later it cuts off again. Anyone have any suggestions or know how i can fix it?
haha meagan… you have like basically the same programs running as me. i think i got these spywares from porn sites….hmm…what sites have you been going to…?
I had the WTF LOOK virus and tried AIMFIX at http://jayloden.com/VirusClean.htm and it hasn’t popped up again. As for now it has helped.
The Security Task Manager worked for me for the OMG LOOK Virus.
is navapp.exe a file needed on the computer, or is this the corrupt file, aka my aim viurs
actaully the excact file is NAVAPP.EXE-05EED3f.pf
is this the corrupt file?
everytime my friend tries to IM someone or get IMs it says that there is an error and it has to close..
is there any way to fix this?
recently i had a version of the virus but was able to delete it by taking out a file called msmsgs.exe in ‘program files.’ msmsgs.exe is a legitimate program but it should be in the system32 folder so that tipped me off. however, it seems like i have a new version as a different message popped up on my away message today. however, this one comes up much less frequently. any suggestions?
hey, i have this virus that people can get through an away message. right after i log on it comes up with “WTF?!?!?” and a link. DO NOT CLICK ON IT IF YOU COME ACROSS THIS MESSAGE. i clicked on it, BIG MISTAKE. and now i cant fix it. can someone help me?!
Ok my AIM works fine…not any problem..except when I try to delete this odd away message that randomly showed up on my computer. It then shuts down AIM and i have to restart it. its just labeled as “????????????????????????????????” and the message is all these ? marks and some odd characters…Any help would be appreciated
Did anyone get the OMG LOOK .pif ? (not the .scr) I can’t seem to get it off my computer. Where is it hiding?
Thanks
the newest version of that bestfriends virus is named x.bat, its a dos batch file. It should be hiding in the c directory, find it and delete it and that should stop the problems it causes, then u can go and clean up the mess it made.
i have a virus, it says beach pictures and the url is .pif, but i tried to do the reboot in safe mode and download aim fix but it didn’t work! please someone tell me how to get rid of it, it’s ruining my life!
hello i was hoping you can help me out. I was online today , and i was talking to my girlfriend, and while we where talking her away message came up for pictures of her at the beach , i was like ok ill click it thinkig it was her’s but it brought me to something elese, and since then i cant get to my windows task manager , when i do it goes up for a sec then dissapers ever time i go to it, and when im on aim every like 20 min or so ….it puts my away message up for that beach pictures crap for somone elese to get it, and i cant get it off my computer, also when i try to go to different sites it wont let me download now, and i cant even read my mail on yahoo.com it dosnt rdirect me since i got this virus thing can you help me at all…. my email is njtitans21@yahoo.com thanks for any help you may have,…
hey its me again lol, this virus wont even let me delete my email in yahoo mail, i knw i didnt get a email virus because i dont open mail i dont know on my home computer..this is killin me this dumb virus
hey its me again lol, this virus wont even let me delete my email in yahoo mail, i knw i didnt get a email virus because i dont open mail i dont know on my home computer..this is killin me this dumb virus
any one got advice for me please…. my aim sn is turbotrixsti
I have the beach pictures virus also…if anybody has a fix for that please let me know…this is very annoying and i have the same problems..any help would be great..thanks
hey I’ve got that same virus..it was labeled beach pics when I clicked it but after it popped up a few times it changed to Valentines Pics with a new url. My task manager only shows up for a second and i can’t get on to any of the webites for clearing viruses. I’m a dummy when it comes to computers so I have no idea what to do. My email is VanessaHill_5@hotmail.com…PLEASE HELP!!!
hey I’ve got that same virus..it was labeled beach pics when I clicked it but after it popped up a few times it changed to Valentines Pics with a new url. My task manager only shows up for a second and i can’t get on to any of the webites for clearing viruses. I’m a dummy when it comes to computers so I have no idea what to do. My email is VanessaHill_5@hotmail.com…PLEASE HELP!!!
i have the same problem. please let me know how to get rid of it
yeaa i have the same virus.. i have been trying everything possible since this is my brothers computer and he will flip out when he sees i got a virus on it.. please let me know if anyone finds anything.. my screen name is ShortyKT87
i have the aim “look at my beach pics” virus and I have NO clue how to delete it. it has completely messed up my whole computer! Someone please post how to fix it (in easy terms lol)! Thanks
Ahh, look– another doofus. I, too, have this go’dammed beach pictures crap. If any of you kids find a solution shoot an e-mail my way or try to IM me at RainbowFaerie305. I’ve been trying to stay off AIM though ’cause that away message thing is really ticking me off.
The beach virus is killing me, anyone know how to fix it, I tried all of Jay Loden’s suggestions
please email
My AIM crashes literally every min. I cant find anything else wrong on my computer. I have scanned it with everything Norton has to offer, and nothing is taking care of it, does anyone have ANY ideas?? I really dont wanna have to re-install windows over freakin AIM, but im running out of options
kay, i have an AIM virus, but it’s not like in my profile, it says “hey check this out!” with a link, and if you click it, you have to run it blah blah. and now whenever i have an away message up, it takes it off, and sends the “hey check this out!” crap to everyone on my buddy list. does anyone know how to get rid of it?
hey. how do you get rid of the virus that makes you send a link to everyone on your buddylist permenantly? cuz now everyone else is starting to get it. it says something like..”click here for my pictures” and before that..the girl that posted an entry before me.. i used to have that virus too. now it’s a diferrent link
funny thing is that I got that “Virus” and managed to manually erase it in a matter of minutes… I deleted the file named aim.exe in C:/WINDOWS/system32
I’ve tried i dont know how many scans and programs now to try to get rid of this bug but its uncontrollable. I keeps sending IMs to people and it says:
“this looks like you http://www.users.muohio.edu/reberak/pic.pif”
PLEASE HELP ME!!!!!!!!!!!!!!!!!!!!!!
i have a promblem.i don`t know if it is a virus. i accidently deleted my buddy list. but i saved my buddy list before. now i want to load my buddy list. it won`t work it says ” 0NE OR MORE OF THE ADDITIONS OR MODIFICATIONS TO YOUR BUDDY LIST WERE NOT ABLE TO SAVED. ” how do i load my buddy list ?
I have this fucking virus that puts up an away when im not typing for like 5 mins and it says “LOL LOOK http://home.comcast.net/~Ddaannaaee/pictures.pif”
HOW DO I GET RID OF THIS ANNOYING THING!!!!
ALSO WHEN YOUR NOT ON AIM AND ITS EXITED IT WILL POP UP AND SAY THIS LINK THAT YOU HAVE CLICKED MEANS YOU HAVE TO BE SIGNED ON OR SOME BULLSHIT LIKE THAT HOW DO I GET RID OF IT!
i just got a virus from aim that said loool fat rocks and it had a link to go to and now everytime im online it ims everyone on my buddylist with that same thing
i just got a virus from aim that said loool fat rocks and it had a link to go to and now everytime im online it ims everyone on my buddylist with that same thing
I have the same virus as post 251, someone help.
I was online today, and was tricked into clicking on a link from my friend’s im (AIM and AOL) supposedly displaying pictures. Now my aim keeps creating an away message that says :LOL LOOK http://paramiliar.com/pictures.php?funny !!!
how do I get rid of this?
Please email me!
I have this same virus. Please if anyone knows how to get rid of it please let me know. It is driving me insane. I’m in college and I can’t go a day without my computer. I have to use it for all my classes. Please someone help.
Hey can someone please help me i get the Aim virus that i get from onening one of those gay hey look..! messages and it now sent the message to all of my buddies like a million times and then changed my password can someone please help me ..if so send me a email at Qball27@comcast.net
I cliked on a link that said “how do i look?” with a URL that looked lik snapfish or any one of those pic sites, from a friend. it automatically sent it to all my buddies and Norton identified it as a Hacking file, but couldn’t delete it - neither could spybot or adaware. my Setup window automatically popped up and something about mIPS…or something along those lines. anyway i shut off my comp before anything else happened. any idea?
I just got the same bug, the one with the picture file trick, i don’t know what to do with it. I’ve tried everything… some fishy things are happening with my computer but the worst of it is AIM won’t open. I hope that I can figure something out soon.
well i seem to have some sort of AIM virus also. i dont see anything related to it on here. so if ANY ONE knows anything about a “check this out” buddypic virus PLEASE help me out. if im online or signed on my screen name for a while then it starts to send it to people on my buddy list. someone please help me.
kraziikolexo@hotmail.com is my email if someone can help
this girl was telling me about her aim “signing off” even though it appears that she was still signed on and it appeared to me that she was still signed on but she could not recieve any IM’s that were sent to her and this would happen every 2-5 minutes…it would sign off and sign back on and in 2 more minuts it would happen… and about a month ago and i tried re-installing and different versions but it didnt work…HELP PLZ