This MSN virus is a new virus which spreads via MSN Messenger. Once a computer is infected it will send copies of itself to every online contact on the infected users contact list.

Important Notice: A new MSN Virus removal tool has been created. It is recommend you try this first by downloading and running this before trying the instructions below. You can download the tool HERE. Please let us know if it worked for you so we can keep improving our products.
The message says (or similar to):
“is that u on that photo
http://lollypics.xx.funpic.org/pictu...656.jpg� (link edited to prevent people getting further infected)

Other links may include:
http://www.picture-database99.com

Once clicked, it will open Internet Explorer and prompt you to download a file called photo656.pif or another file with a similar name (note: it is now a .pif file being downloaded, not a .jpg). Once run, the computer will be infected.
This virus also installs a toolbar into Internet Explorer called “Toolbar888�.

AVG Antivirus Detects this threat as:
- Trojan horse Generic2.EXO
- Trojan horse BackDoor.Generic3.SAT
How to Remove MSN Virus Project 1/ Generic2.EXO / Backdoor.Generic3.SAT:
Goto: Start > Control Panel > Add/Remove Programs.
Find Toolbar888 and click the “Change/Remove� button to uninstall it

Press CTRL+ALT+DELETE all at the same time so you are viewing the “Processâ€Â� Tab. If you find any (or all) of the following (don’t worry if you cant find all of them):

• Update.exe
• goll.exe
• loadadv455.exe
• drsmartload.exe
• goll.exe
• two.exe
• vcncr.exe
• rorjxk.exe
• eyewblbby.exe
• cgqrvrva.exe

Highlight the name and click the button “End Process� to each of the above you find in the list.
Find and Delete The Following Folders and their Contents:

• C:\Program Files\Common Files\{28676FB5-0AE9-3081-1205-03030930003d}\
• C:\Program Files\Common Files\{38676FB5-0AE9-3081-1205-03030930003d}\

Find and Delete the Following Files with the Folder (NOT the folder itself):
In the folder: C:\Windows\system32\ (don’t worry if you cant find all of them)
Find and Delete:

• goll.exe
• drv.exe
• loadadv455.exe
• one.exe
• two.exe

In the folder: C:\Documents and Settings\[current user]
(replace [current user] with the name you are currently logged on as, don’t worry if you cant find all of them)
Find and Delete:

• goll.exe
• drv.exe
• loadadv455.exe
• one.exe
• two.exe

In the folder: C:\ (main level of C drive, be careful here, don’t worry if you cant find all of them)
Find and Delete:

• goll.exe
• drv.exe
• loadadv455.exe
• one.exe
• two.exe
• drsmartload.exe

Update your Antivirus with the most current virus definitions and run a full system scan to clean up any remaining files. If you do not have any antivirus software. AVG Free is a great option.
You may need to reinstall MSN Messenger again.

If you like this post then please consider subscribing to our full feed RSS. You can also subscribe by Email and have new posts sent directly to your inbox.

No need to copy and paste!

http://www.technibble.com/how-to-rem...orgeneric3sat/

It would probably be better to tell people about it via a link (when you are a respected member, so you don't seem like a spammer).

Thanks for the information anyway. I'll remember this if I get infected sometime.

i know that's no need for copy past but i want be publishing the website that's why :d

What about the other new one which is REALLLY PEVING ME OFF!! and i dont even have it!!!

where (i think) someone has nicked users passwords, and then the thing automatically logs in sends a url to everyone and the logs off (ur is soemthing like www.free-somin-somin.com )

the reason im saying they nicked the passord and not a normal virus because, a friend logged on when she was in bed and her computer (and net connection) was turned off...

also i know people who were on msn have been logged offf the message send, and then been able to log back in.

im advising people to change their passwords...

Anyone know any thing about it?