The Virus
This virus is getting around pretty quickly - it sends messages like "is this u? :p http://oliphotos.something.com/2038.jpg". If you see this link, DO NOT click it. If you already have clicked it, or seem to be sending it around, follow the steps below.
The Solution
1. Uninstall Windows Live/MSN Messenger from Add/Remove Programs
2. Go to Start>Run and type "cleanmgr" (without quotes), and select only the following to be deleted:
- "Downloaded Program Files"
- "Temporary Internet Files"
- "Temporary files"
- "Offline Pages"
3. Delete Messenger "registry keys" - go to Start>Run and type "cmd". Then type these commands:
- "REG DELETE HKCU\Software\Microsoft\MSNMessenger"
- "REG DELETE HKLM\Software\Microsoft\MSNMessenger"
4. Delete:- All files named "winstall.exe" (probably in C:\Documents and Settings\Your name\, maybe also in C:\windows\system32)
- These, if you have them: C:\WINDOWS\system32\qlk.dll
C:\WINDOWS\system32\SMANTE~1\regsvr32.exe
C:\WINDOWS\system32\S?mantec\m?hta.exe
(If they won't delete, press Ctrl+Alt+Del, go to the "Processes" tab, and kill the programs)
- C:\Program Files\Common Files\{LONG STRING OF NUMBERS AND LETTERS}\Update.exe (this one might not be able to be deleted - do not try to go into Ctrl+Alt+Del, but use this and make sure you select "Delete on reboot"
5. Reboot your computer
In the future
1. If anyone sends you a link you're not sure is safe, ask them if they actually sent it.
2. Download HijackThis, which creates a log file of stuff on your system, which you can post in a forum like this and get some pros to look over, and find dodgy stuff.
3. On a bit of a side note, if you have any file called svhost.exe, it's most likely a virus. BUT ANY FILE CALLED SVCHOST.EXE IS AN IMPORTANT SYSTEM FILE. So if there's no c in it, it's probably bad. This is unrelated to the other virus, but it's a popular one.
4. If there's a single file you want to check, try this. It's very good for checking files, it does it with a whole bunch of virus checkers - and you don't have to download anything.