RayDream
2007-04-17, 00:28
Hi there,
Please forgive me if this question is unrelated to system malware, but I am not able to find any better forum ask this.
My friend has infected with a (virus?) on msn. I am unable to identify it with Norton Antivirus, so i can only do a little investigation. Once affect, it starts sending a link to everyone in the list. The link is:
68.ratemynuts.net/view_nuts.php?msn=test@hotmail.com
where 'test' appears to be my msn account. [/B]
Once clicked the link, it will direct and attempt to download a file to be open with 'test@hotmail.com'. I have not open it, but I wonder how does it affect and get the contacts from msn. I managed to use a program to download the file, appears in .com and scan it with Norton, which is not able to identify it.
My question is, does it affect the system? Or affect msn's server acc? How do I remove it so that it will stop distributing itself?
The file can be download here:
I'm not a programmer but I wish I could trace it. Another interesting investigation is, the links that distribute it trace to 68.ratemynuts.net which exist itself. I searched the internet an user got the same thing from 44.ratemynuts.net. And this link will redirect to grassfire.org? Is that some work of a hacker that cover himselves up with other ppl's sites?
Please forgive me if this question is unrelated to system malware, but I am not able to find any better forum ask this.
My friend has infected with a (virus?) on msn. I am unable to identify it with Norton Antivirus, so i can only do a little investigation. Once affect, it starts sending a link to everyone in the list. The link is:
68.ratemynuts.net/view_nuts.php?msn=test@hotmail.com
where 'test' appears to be my msn account. [/B]
Once clicked the link, it will direct and attempt to download a file to be open with 'test@hotmail.com'. I have not open it, but I wonder how does it affect and get the contacts from msn. I managed to use a program to download the file, appears in .com and scan it with Norton, which is not able to identify it.
My question is, does it affect the system? Or affect msn's server acc? How do I remove it so that it will stop distributing itself?
The file can be download here:
I'm not a programmer but I wish I could trace it. Another interesting investigation is, the links that distribute it trace to 68.ratemynuts.net which exist itself. I searched the internet an user got the same thing from 44.ratemynuts.net. And this link will redirect to grassfire.org? Is that some work of a hacker that cover himselves up with other ppl's sites?