Backdoor.win32.msnLog [Archive] - Safer-Networking Forums

View Full Version : Backdoor.win32.msnLog

RichardPDX

2008-01-11, 23:37

:oops:
I was on the MS website for IE add-on and there was one about winks. But when I did the install I got a nasty message about Backdoor.win32.msnLog:scratch: I went with the default which I think was to delete the file and have not attempted anything with those winks. I found it a bet surprising that a download from a MS website would generate error text like this. Can someone explain?

md usa spybot fan

2008-01-11, 23:49

RichardPDX:

Can you provide some additional information?

… I was on the MS website for IE add-on and there was one about winks. …
What was the "MS website" and what was the "IE add-on … about winks"?

… I did the install I got a nasty message about Backdoor.win32.msnLog:scratch:
That was the message and what software issued the message?

RichardPDX

2008-01-14, 12:14

RichardPDX:

Can you provide some additional information?

What was the "MS website" and what was the "IE add-on … about winks"?

That was the message and what software issued the message?

It was something to do with winks and MSN Messenger. The URL was
http://www.msncontentplus.com/ and at the moment I can't get a connection. Hold the phone, I found a different address, <a href="http://www.messengercontentplus.com/" target="_blank">
http://www.messengercontentplus.com/ and this one is coming up. Well, this is confusing. I think the program has installed and is working, at least up to a point. I was attempting to make sure my messenger was the latest and greatest and at some point something about winks caught my eye. I am way behind the curve with regard to IM and winks and so forth, but these things sounded interesting so I went through the installation process. And I am presuming that toward the end of that process this SpyBot message came up about backdoor.win32.msnlog. First of all, I had never seen a SpyBot message that looked anything like this. :blink: Secondly, everything appeared to legitimately be coming from MS so this made me stop and take notice. I can't do it right now but I will see if I can figure out how to reproduce the message.

tashi

2008-01-14, 18:24

Hello.

I found it a bet surprising that a download from a MS website would generate error text like this. Can someone explain?

Secondly, everything appeared to legitimately be coming from MS so this made me stop and take notice.

That site is not on Microsoft servers, it is in China.

Whois Output for:
messengercontentplus.comDomain Name Owner:
MSN Content Plus Inc
Room 1806, International Institute Building
Shenzhen, GD 518000
CN

Bottom of their web page:
Address: RM302, Building 9, TY,BaoAn, Shenzhe, China

Please follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a helper will advise you when available.

Cheers.