new aim virus...please help!

December 1, 2003 at 14:24:04
Specs: Windows XP Home SP1, P4 2.00/512

well i figured out how to get rid of the talkstocks.net virus, but now i have another one! like the talkstocks.net, i got it from clicking on a link in a friend's buddy info on AIM. the text of the message and the link say:

"I can't believe I found %n's
Picture here
HAHAHA"
The %n is just to show the screenname of the person viewing the link, and the word 'here' is the link. It links to a page called www.buddypicture.net. Please help me get rid of this, i am so sick of these viruses.


See More: new aim virus...please help!

Report •


#1
Dylan R. December 1, 2003 at 15:03:21

Yo I got that too, I've dealt with other one's but I have no clue how to get rid of this one... anyone know?


Report •

#2
December 1, 2003 at 15:10:33

yea i dont know how to get rid of this one! grrr

Report •

#3
iceblue December 2, 2003 at 07:20:58

guys,
try this....
2nd item google
UPDATE! our removal tool now removes realphx, talkstocks and the new realphx
variant from www.buddypicture.net that has appeared.

TALKSTOCKS.NET AIM VIRUS REMOVAL

"Whoa....look what I found, click here"
or
"I can't believe I found 'yourScreenName' Picture here"

If this appeared in your profile and you cant get rid of it, you are infected with a virus. Read on for removal instructions.

**REMOVAL TOOL DOWNLOAD**

http://j.wftp.org/

go for it



Report •

Related Solutions

#4
skfeltis December 2, 2003 at 07:34:17

I've seen that virus except i have one that says "View My Buddy Profile" Does anyone know how to get rid of that one?? The address it takes you to is:
www.angelfire.com/dc2/going2/buddy.scr

Please help!


Report •

#5
iceblue December 2, 2003 at 12:39:19


if you read the last help;
it said - 2nd item Google >> self help is a wonderful thing- try it- you'll love it

And that helpscreen said go to
http://j.wftp.org/

on that website it says
UPDATE! our REMOVAL TOOL now removes realphx, talkstocks and the new realphx

variant from www.buddypicture.net

Most viruses can send out many variations of text; and redirect to several websites;
but it is still the same virus/or a generic one/or a minor variant
OFTEN the same removal tool works!

Try it-if it doesn't not work;
go looking for another one.


Report •

#6
zoot37 December 2, 2003 at 15:32:50

i went to the http://j.wftp.org/ website to get rid of the "I can't believe I found 'yourScreenName' Picture here" virus, but when i restarted my computer the link was still in my profile. HELP.


Report •

#7
Dylan R December 2, 2003 at 16:43:02

1) Press the CTRL ALT and DEL keys at the same time to bring up the task manager.

2) Click on the processes tab (windows 2000/XP), and find "b.exe" or "av.exe" and kill the process.

3) Go to C:\Windows and delete "b.exe" and "bbb.exe" or "av.exe" (If you are unsure where this is, gjo

to "My Computer, then click on "Local Disk C:" and then open the folder

called "Windows"or "Winnt" if you are on Windows 2000)

4) Click Start, then click on Run, type in "Msconfig" in the box and press ENTER..

When the box comes up, click on the "startup" tab and look for "b.exe" or "av.exe" listed (probably

labeled as "antivirus") then uncheck the box on the left of it. (Windows 98/XP only)

5) Finally, do not forget to remove the link from your profile.

It worked for me, it should for you, post if you have any problems...


Report •

#8
December 3, 2003 at 21:07:00

man i have the same problem!!!! please help me !!! i have the I can't believe I found "yourscreenname" Picture here
HAHAHA. please email me how to do this.


Report •

#9
ddaeschl December 4, 2003 at 06:25:44

Try this http://www.rsaisp.com/software.asp

Report •

#10
clay_c December 4, 2003 at 21:48:31

thanks for the link to Rsaisp
it worked for the most part, but it created it's own toolbar called "IE toolbar" and while i can make it invisible, I can't get rid of it or it's links to porn.
It erased my google toolbar.
Any idea how to fix this?

Thanks
Clay


Report •

#11
December 5, 2003 at 00:28:27

I deleted av.exe in 2 ways, first going to the task menu and ending the process and then deleting it/putting it in the recycle bin then emptying the bin out. Second I followed what "Dylan R"'s post instructed and went to System Configuration and unchecked it at "startup" tab. Now, there's just one minor concern...
It is of course completely gone (from my aim profile, from everything--you can't even search for it), but every time I restart my computer there's another window advising me to go back and use the default startup options. Should I just ignore this?

Report •

#12
RednoWCirabrab December 5, 2003 at 08:02:12

You can click the box that will make it never show up again, and it will still continue to have that program removed from startup, or you can let the box keep coming up, and closing it, the choice is yours.


Report •

#13
December 5, 2003 at 09:02:42

I got rid of the virus following those steps, yet it makes me uneasy that it still exists as an option for startup in system configuration. I have that box unchecked, but is there a way for me to completely remove that option?

Report •

#14
Stephen Sanders December 5, 2003 at 19:12:21

I just got that virus as well. I run Norton Antivirus and it was unable to delete it at first. I used Live Update on the software and then it was able to get rid of it without difficulty.


Report •

#15
Yana December 6, 2003 at 02:31:49

I have tried all these options and each have told me i'm not affected. however my profile consistently changes to "view my buddy profile"

any more suggestions?

thanks


Report •

#16
semper fi December 6, 2003 at 09:57:01

i somehow picked up a virus that says "tell me what you think about, http://24.92.57.88:8180" (the IP is a link)and when the recipient clicks it, they are infected also and it sends it to everyone...PLEASE HELP! I am using windows XP and the lastest version of AIM


Report •

#17
Ashur December 6, 2003 at 17:06:44

I No How To Get Rid Of IT..... if you have the adware thing that says "I can't believe I found %n's Picture here
HAHAHA" ok ONLY if you have it click on the site and when something pops up that says download something hit no then when something that says Download Aborted Click Yes hit ok then the download things pops up and hit no then keep doing that until it stops then when it does stop click on the thing that says click here.. then follows its directions then u did it!! and i found this out cuz i new i had it so i went to the site and i was playing around and iwas like oo i fixed it


Report •

#18
cdlaw December 6, 2003 at 21:11:00

I have Windows 98 on my computer. Everything I've read has been for 2000/XP/ME systems. Any ideas what I can do to get rid of this virus on 98?

Report •

#19
magisterofmayhem December 7, 2003 at 05:28:58

http://rush68.net/~dave/removal.php

Report •

#20
case December 8, 2003 at 13:10:16

i figured it out. www.digitalmatter.net to get rid of the b---tard, i have %n picture... but i also figured this out, the guy who made the web page to get rid of it made the virus, so make sure you drill him, his sn is nytefl and hes an , after he fixes your AIM he asks for a donation, this is his internet scam



Report •

#21
Dave Staff December 8, 2003 at 17:10:35

hey i have the virus too (of course), i was following dylan rs instruction to remove it, and when i found the file under my computer, i cannot delete it, it says...Cannot delete av: access is denied
Make sure the disk is not full or write protected and that the file is not currently in use. What should i do?


Report •

#22
December 8, 2003 at 20:44:44

run safe mode and delete there that wut i did when i tried to delete the left overs of b.exe virus safe mode is the best way to remove it if u have w2000 it gives u the option to start up when it says at the bottom f8 to start with another way or soemthing like that it safer to remove virus to



Report •

#23
December 9, 2003 at 03:00:50

the virus is a "Trojan.Sinkin" or "RealPhx worm" it will create a file named av.exe in your C:\Windows folder. then it will add the value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" to the registry so it runs on startup. go to start-run-msconfig then click the startup tab and look for antivirus (av.exe) uncheck it to disable it on startup. if you did not find antivirus in startup tab, go to start-run-regedit and look for "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" in the right pane look for "Antivirus" and delete it. it would of changed your homepage to realphx.net and read your AIM user information from registry and forwarded to realphx.net (screen name/login password)
make sure you change password and delete message ASAP
feel free to double check at a trusted anti virus website
- Bren


Report •

#24
December 9, 2003 at 08:46:29

I have a virus on my AIM profile that says "Slideshow from last weekend, Check it out!" I can temporarily delete it from my profile, but it ends up coming back, how do I get rid of it?



Report •

#25
rmsweetstar December 9, 2003 at 18:31:48

I had the virus... "Woah look what I found Click here" I would delete it out of my info but everytime id sign on itd be there again.

I 1st went to the file 'MyAim' then 'Save Buddy List' I saved everything except for my profile. Then I signed off. At the sign on window I deleted my screen name off the list. I then typed my name in the window and signed back on. I went to 'myaim' then 'load buddy list' to load everything back to normal. After I did all that the "Woah look what I found Click here" virus hasnt showed up in my profile since.

Try that before you download some program that could harm your computer or lock up some of your programs.... I dunno if the virus spread on to my computer from the beginning when i 1st got it (it doesnt seem like it) so i dunno if its gone completely IF it did spread but i do know that its no longer in my info.



Report •

#26
sweenner December 10, 2003 at 19:50:07

http://www.techexplained.com/answered/116.php ... that site helped me get rid of the buddypictures.net prob ... and i am sending all my friends there as well to get rid of it ... let me know if it works for ya's

Report •

#27
JakeWright December 11, 2003 at 20:19:02

I recently clicked on the buddy pic worm and as soon as i realized I couldn't say no to the software I rebooted rather than install it. I am using trillian so there is no its not in my profile, however, whenever I look at task manager my sytem idle process takes up 98-99 percent of cpu and as a result my comp runs slowly. I looked for av.exe or b.exe but i cant find either. Any advice would be welcome


Report •

#28
Fultonred16 December 18, 2003 at 14:33:50

Thanks a lot dude!!!!!!!!! that 5 step method beginnig with ctrl alt + del really does work...i finally got rid of that stupid virus...i recommend that method to anyone who has the new realphx virus (for people w/windows 98 or xp)...it's the way to go!

Report •

#29
Kerrbear03 December 22, 2003 at 13:46:30

Dylan's message might work, but after I did it, a few days later it popped right back up in there. So I went to : http://resnet.albany.edu/security/patches_tools.html

This should be an academically accredited site knowing it is .edu, so click the removal tool, then click 'Open'. Windows should then inform you to delete whatever you have in your profile...shouldn't pop back up in there...at least mine didn't hope this is some help! ~kerri


Report •

#30
GooseS2000 December 22, 2003 at 19:50:28

http://www.rsaisp.com/software.asp

Report •

#31
djnyte December 25, 2003 at 18:17:29

First of all, I'm not the one you need to be accusing of this virus. Second of all, by no means am I out to scam people, if I wanted to make money, I would put banners and popups on the site... and there aren't any there. I've had a total of US $27 in donations out of thirty four thousand unique visitors. I'm really banking off of this ingenius scam, really... not. I am about two seconds away from shutting down my site because of morons like "case" accusing me.

If you really need proof that I have nothing to do with the virus, go do a whois look up of the domains.

Merry Christmas, Happy Chanukkah.
Adieu.


Report •

#32
sb123 January 6, 2004 at 15:06:41

ppl who don't want the file even left on their computer....
type in msconfig and get back to the startup menu....then click cleanup

that gets rid of it and you wont have the selective startup thing load when you turn your comp on anymore


Report •

#33
Crazykorean602 January 9, 2004 at 14:27:30

ok this is screwed up. ok i pressed ctrl alt delete and ended av.exe but when i tried to search for av.exe it came up but when i try to put it in the recycling bin it says it's write protected. I look at the properties but it doesn't say anything about getting rid of the write protection or unwrite protecting it! so now i don't really kno what to do. some how it's protecting it's self this way and i dunno how to get rid of it!
-Ed Oh thx*


Report •

#34
December 17, 2005 at 02:25:34

Like you, im suffering from a similar virus, however mine differed in the fact that it said "How did you get your picture here ______" and in the _____ was a URL. naturally i thought it was an actual spot where someone put my picture and i clicked on it like a dumb a$$. i have located a number of files that keep reappearing in C:\ such as mt13u, drsmartdownload, and others with respective .exe files hidden in a folder in windows. i delete both sets of files and delete from the trash, however when i reboot i still am challenged with the same files. any help will be greatly appretiated, THANK YOU!

Report •

#35
December 21, 2005 at 13:58:04

I got a new AIM virus where one of my friends on my buddy list sent me an IM asking if it was okay to put my picture on facebook or his online journal. Then it had a link of the picture which I clicked on, and then could not open. When I tried to copy the link and send it to a friend, the link did not show up on the message on her computer. Now when I sign on AIM, after a few minutes it begins to IM people on my buddy list! I quickly sign off so not to IM my entire list. Can anyone help me?!?

Report •


Ask Question