Here we go again. For all facebook users we have a new worm spreading right now starting from facebook in-page messenger, then via Yahoo Messenger message that is looking like this:
haha foto http://bit.ly/AndZM3?Facebook.com-IMG221580.JPG
The link, in fact will download an archive named [Picture19.JPG.zip] into your computer (see the screenshots). The archive has a single file named [Picture19.JPG_www.facebook.com] which, according to Kaspersky Internet Security 2012 contains two threats:
- worm: pdm.worm.p2p.generic
- virus: IM-worm.Win32.Yahos.bgh
If you managed to activate the virus into your computer, on Windows start the mdm.exe crash warning will show and your antivirus, if is ESET NOD32, will poorly crash. As an aside, it’s sad to see a powerful antivirus like ESET NOD32 v5.0 knelt by an second hand virus/worm. Anyway lets get back to our virus/worm, as stated above if the mbm.exe is already active in your sistem will try to spread using Yahoo! Messenger. Will send, without the knowledge and authorization of users, a message identical to that described above, the only difference that will contain the link where to download the archive containing the two threats. Are two solution for this threat:
- download and install Kaspersky Internet Security 2012, activate with 30 days trial licence. Then run full scan, clean and reboot … or …
- open Startup Manager from run box type [msconfig] and select the Startup Tab. From here you can uncheck the applications you wish to stop from loading with windows, in our case [c:\windows\mbm.exe] under name of [Microsoft Fireval Engine]. Now go to the [c:\windows\] look for [mbm.exe] and delete it, restart the system (see the screenshots).