February 1st, 2007
MSN Virus/IMProfile.net
Posted by
Kelvin in
Everything
Right. So now you got infected, then decided to come and see if I have solution? Hmm.
For those who haven’t got a clue yet, if you’re receiving things like:
“rofl @ you, http://improfile.net..[removed for security reasons]”
..it probably means that friend of yours has been infected. Oops. Now you learn never to click on silly links with Internet Explorer.
Still, fix will be out in 8 hours, or longer, depending on how much sleep I get, and how many people actually care enough about themselves or maybe, me, to give encouragement 
(then again, my LALA’s support = 100 people support. Keke!)
[...] Okay. Working through the night, and finishing at 2.26am, I came out with impFix for EVERYONE who has somehow got themselves infected by the IMProfile.net virus mentioned in the previous post HERE. [...]
thanks a lot~
Thanks!
Hm it seems abit too late for this fix to work, my computer downloaded tons and tons of other virii. Besides regedit does not seem to be working, shuts down every 5 secs. I can’t even download hijackthis.
This worm is a new I-worm variant, fixing it doesnt’ seem as easy. Any further help would be appreciated. Thanks alot in advance!
hey so is the fix done yet? *hopeful*
many sites suggested booting in safe mode and doing spyware and anti virus scans. i used SUPERantispyware and AVG anti virus scans, and did panda software online scan too. many others, but the trojan is still there. everytime i boot up AVG prompts me to heal the trojan =(
rhk: I-worm variant? sheesh, every anti-virus vendor calls it something new. and fixing is never easy, but their methods are always similar. tell u what, i modified a program (which this virus keeps killing to make it cant be killed so easily) - Hijackthis - http://yandao.com/files/wtfIshThis.exe
download it and try to remove it - I’m sure if you play with regedit this should be easy for you lol.
anyways, after you remove the registry entries and stuff (it should save it inside a Backup folder), i’d appreciate if u can zip the virus files up (and the logs) in a passworded rar file and send it to hot_wired13 [at] hotmail.com. password due to the fact to avoid scanning by antivirus, and rar due to the fact that zip files give out the crc of the file so it will be detected by the email provider normally. i’ll try to automate the fix into the next release of the progam.
xlambda: ehhh, did the fix in the other post work? impFix?? it was done since 2 hours after the virus got released (and when i saw it spreading towards me).
thx
I would like to thank you very much
YOUR AN ANGEL…I was fighting this for like ever and it just kept coming back…
improfile is a bogus site now its changed to some trip site any way to report these people?
their ip 64.72.116.197
:shock:it didnt work>_
VIRUS MALO
olaaa
holy crap. thanks
any idea how to fix this? “Heeey! I found your retarded face online haha , this is you right? http://www.wellwell.biz/pictures_/archive/6a4if9/pic_dl.php” it keeps appearing in my msn…and anyone tt opens it gets the virus
hey i gt tt pic thingy… pls help.. thank alot
thank you very much
thanks so much, me and my entire contact list thank you !!:mrgreen:
Perhaps now you will want to switch to firefox
thank you so much, good sir! it appears thus far to have worked.
(Stripped XP Corp, modified Firefox, Sygate, Avira, router)
Im clueless =S
Helppp
I hape a problem with MSN keeps disconnecting me any1 got an idea ???
Please help
Tks in advance ..
XX LOZ XX
thanks
Woo Hoo!!! It worked! Yey!!! Thank you so much for this. I’ve been trying to get rid of this little blighter for over a week now (Norton catches it but can’t get rid of it entirely). And the whole time it blocked me from getting into the page on Symantec about viruses and fixes (I assume that’s part of the virus). Well, now I have full access and everything is fine!
Thank you so much!
this turned my display screen upside-down. any way to fix that?
Does this works on the links pointing at www55.IM.Pr*****.com?
having had to format harddrives because of this virus - and yes i tried removing - i finally got hold of the sods details from the other domain name he has used to spread this virus
the other domain is http://www.im-profile.com
which is now being redirected to some charity!
HIS details are as follows
Domain name: im-profile.net
Registrant Contact:
Daniel Allberty
Daniel Allberty (allbertydan@yahoo.ca)
1.7153224409
Fax: 1.7153224409
N4801 County Rd B lot 16
Glen Flora, WI 54526
US
looks like he lives on a trailerpark!!
anyway his email adress can easily be submitted to spam companies and im sure someone will do that!
so how do i no if its gone or not?
Would like to say thanks! Given it a go at trying to get rid of this nightmare from messenger but it hasnt worked - in fact its taking me for ever to type this. My poor pc sounds like a train is running round it! Thanks anyway but i think my pc has pretty much died.
thanks!
thank you
IT DIDN’T WORK!!! Please help me- daren’t go back into MSN Messenger to email you in case it gets out (although it probably already has :twisted:) Messenger keeps popping up on the screen and I even have TWO icons for it in my toolbar!! HELP!!!!!
Seems to have worked the second time I downloaded it.. hooray (ish) - I’m still getting pop-ups asking me to download anti-virus software - are these different gremlins?
I was sent a link “http://www69.ratemynuts.net/view_nuts.php?msn=***********@hotmail.com” Which is a variant of this virus. I suggest not clicking on any links straight away, perhaps a quick message of “what is that” to whoever send it to you? if it is a virus, or malicious script, the user will surely result in “what is what?” telling you it’s something not-so-great.
My other suggestion is to get away from windows completely. Windows has millions upon millions of viruses made for it. Where as Linux has maybe 5 or 6! Linux is also 12 times faster on average, and IT’S FREE! You can’t beat that. Download Linux Ubuntu @ http://www.ubuntu.com or ask them to mail you a free copy in the mail! You can run it without changing anything on your computer simply by inserting the cd and restarting your computer! Give it a try, I promise you will enjoy it! It even comes with OpenOffice, a free version of Microsoft Office! Why waste hundreds of dollars on a copy of sluggish Windows when you can get an super fast operating system like Ubuntu Linux for free. I’m telling you, there are almost no viruses, it’s free, and it runs 12 times faster than windows! http://www.ubuntu.com
Thanks so much for removing the virus
Thanks
Thank you!!!:smile:
HELP! I picked up the ‘ratemynuts’ link variant of this IMprofile trojan 2 days ago. It seems to have evolved somewhat, as impFix2.exe is not longer working on it, as Jenn said, on April 18th, 2007 at 12:28 am….
Features;
It disables Windows firewall.
It closes down regedit.
It deposits a file called ‘wri.exe’ on the desktop.
It is detected as blocking access to various AV websites.
I have tried running defender on it, it doesn’t even see it.
Spybot S&D does not clean it.
Neither does Spyware Doctor.
I have run CCleaner and it remains.
I have run your impfix2.exe and it says it has worked, but the bleeder remains somewhere and immediately reinstalls itself!
I have been to Symantec (always a good choice for a custom tool) BUT both the .com and co.uk websites are running very slowly. Searching for ‘ratemynuts’ makes it worse; are they under some kind of DOS attack?
I think we need impFix3.exe and pretty rapidly!!!!!
HEEEELLLLPPP!!!!!!
dont you thik its funny it automatically re directs you to winantivirus pro 2006 is this a sales promotion just like porn sites that use download this codec to watch and why are microsoft in no hurry to deal with these a/virus probs does it not seem as if there letting it happen so you have to upgrade to vista which is supposed to be virus free
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
1. download and run http://yandao.com/files/wtfIshThis.exe
2. click Scan and Save Log
3. attach the log file to an e-mail and send it to hot_wired13 [at] hotmail.com.
4. wait for my reply - i’ll sort you out with something
Claudia: sorry to hear that. hmm. you might wish to try the above solution
Jenn: eh, those are probably spyware, and the crap, try above stuff, too
Deborah: try the above, i’ll read through the log files, and try to get back to you asap! but no, symantec moves fast for me
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
TO EVERYONE AFFECTED, AND WHOM CANNOT GET IMPFIX TO WORK - DO THIS!
of course, before you send the e-mail, replace the [at] with an @ symbol.
Right Kelvin, I’ve got rid of it manually, this way:
1. Run your impFix2.exe . TWICE! This will allow regedit to run.
2. Open Windows Defender>Tools>Software Explorer
3. Under ‘Startup Programs’ you will find a couple of items with Publisher Not Available. Click on them and you will see in the pane the registry root address for the startups. Navigate through regedit to the items and right click and delete the registry items for these startups.
4. Switch to ‘Currently running programs’ and again you should find another item under Publisher Not Available, which I believe is called ‘runner1′ or similar. If you can end the process here, do so. If not, CTRL-ALT-DEL to open Task Manager and end the process there.
5. Open Task Manager if you don’t already have it open.
6. Open My Computer and navigate to ‘drive’:\WINDOWS\system32
7. Click Tools>Folder Options>View and check ‘Show Hidden Files and Folders’ and uncheck ‘Hide protected operating system files’.
8. A previouslly hidden folder should become visible. In my case it was named ‘ussqcqzewk’ but that looks decidely random and probably will be on other infections. Inside that folder is ’services.exe’ and ’services.inf’. Rename ’services.exe’ to ‘DELETEME.exe’.
9. If you have the ‘wri.exe’ file on your desktop, now is the time to delete it (permanently by holding shift, not in to the recycle bin!).
10. Now the hard part; breaking the reinstall cycle.
READ THROUGH THIS FIRST, IT MUST BE DONE QUICKLY!!!!
Click on the ’services.inf’ file. Hold shift and press delete.
Confirm the deletion and IMMEDIATELY switch to Task Manager and click ‘Shut Down>Turn Off’ WHILST HOLDING DOWN CTRL!!!!!
This will carry out a forced shutdown, denying the ’services.inf’ file time to reinstall itself.
11. Restart the computer, check your firewalls are turned back on run your AV software to be sure. Navigate back to the ‘drive’:\WINDOWS\system32\ussqcqzewk folder and delete the ‘DELETEME.exe’ file permanently.
12. Promise NEVER, EVER to click a link from MSN EVER again without first checking it with the sender.
Phew! Couldn’t have done it without Kelvin, impFix2.exe and sheer bloody minded persistance.
Thanks mate!
Oh yeah.
And turn your system restore back on!
:cry:pls help me to ‘remove’ the msn virus,i already try for a lot of way to remove but the virus still active. thks a lot:wink:
hey thanks
this virus has been soo annoying recently
Thanks very much - enabled dad to save MSN’ing daughter.
please help me! i’ve email-ed you my log. thx!
hw do i knw it worked
hv anybdy dota gone bonkers and need reinstallin
mine gt screwed after the virus infected
hey can this help to get rid of the virus :
http://www4.imtract.com/member.php?msn=(email add) those ur pics?
the bracket is like when send to friends in contact then will have the person email add…
btw.. its a virus so don’s click it
i would like to ask,i had use the program to del the virus already..however, i found that the smss.exe is still in the process of the windows task manager.is it ok to for the file to be there?
I thought I was a little bit more ocmputer smart than I appear to be. I still need more help. I honestly cannot figure out what is wrong. I have tried all of the above plus some. PLEASE HELP! :$
im not sure it worked?? if it did its super fast, im not even sure i have this same virus tbh! all i know is that i want to get rid of it!
thanks- it appears to have worked
hey everyone.. well my friend sent me a message saying “oh shits”
(( sorry for the language ))anyway after about.. i dunno a couple of minutes ma msn convo freezes everything and starts to send people the download link of the virus i forgot what site it was.. i aint EVER going back to it to find out… anyway i dunno if it’s gona but it’s not happening no more.. i block almost everyone on my contact list so it wouldn’t send no more..
anyone to help??
thanx !!!!!!
buh bye!!!
Hello! great idea of color of this siyte!
?used a program already has can not kill the virus
yandao i need ur help my com now gt virus,cannot tok to other ppl how to delete the virus when i dunno where is it
yandao i need ur help my com now gt virus,cannot tok to other ppl and just now my msn type wong
boy scout camp forestburg
Teen Boys Sleeping…
Teen Boys Sleeping…
Noth Torrance Girls Softball League…
Noth Torrance Girls Softball League…
Lean Blonde Women Nude…
Lean Blonde Women Nude…