Everytime i sign on instant messenger, in my AIM profile it says: Whoaaa....look at what I found, click here. WHen i click on it, it brings me to a site that says: This Account Has Been Suspended. I can't get it out of my profile. I can see at the bottom of my browser it says www.talkstocks.net when trying to load up. Someone please help me.

See if this helps:

http://www.computing.net/security/wwwboard/forum/6937.html

hello/ sue
d/l spybot search and destroy,update it,run it. d.l ad-ware do the same. try these links
free trojin scan
http://www.trojanscan.com/trojanscan
panda scan
http://www.pandasoftware.es/activescan/
housecall
http://housecall.trendmicro.com/housecall/start_corp.asp
nrav av
http://www.ravantivirus.com/scan/
virus scan
http://www.bitdefender.com/scan/licence.php
avast cleaning tool
http://www.avast.com/i_idt_171.html
mcafee avert stinger
http://vil.nai.com/vil/stinger/
scans for open trojin ports
http://scan.sygate.com/pretrojanscan.html
test my sheilds grc
https://nanoprobe.grc.com/x/ne.dll?bh0bkyd2
dsl port scan
http://www.dslreports.com/scan
pest patrol scan mediocre
http://www.pestscan.com/Scan.asp
security scan
http://www.it-sec.de/index/inhalt/vulchk.php/?sid=2eb8ea121e57434616fa2c6f283c63b7

Dave, bless you if you can help her.

did you figure out how to get rid of it? i have it, too.

yea.. i just got it too.. i tried a symantec.com virus scan and it said I had no viruses, so I don't know what else to do! if you figured out how to get rid of it could u please email me? kimzaprncess@hotmail.com... thanks!

I have the talkstocks.net virus also and i tried going to the registry to delete the value but it keeps coming back. I dont know what else to do. I dont know how I even got it cuz I had just gotten rid of the realphx virus. But the procedure I used for the realphx virus didnt work. so please email us infected people if you figure out how to get rid of it please! thanks!

try this, it appears to be a fix

http://digitalmatter.net/index.php

I just got it as well. Right when I got it and THEN read the disclaimer [stupid me] and saw it was Ad-ware, i immediatly ran Spybot S+D, restarted and more spyware came back. I d/led ad-aware6, ran it... 10minutes later decided to check again, another 26 spyware comes up. I've been killing all the programs that seem fishy to me only then i am able to run AIM. before that AIM would freeze and I would have to restart.

Spy/Adwares seems to reproduce itself even after Spybot S+D and Ad-aware removes it. I was able to shutdown most of the 'fishy' looking programs and search for it on the computer and remove it. [I found programs like "vvlouit.exe" "rwhyliwf.exe" "WinFavorites" "SafeSurfing" "BargainBuddy" that never ran before]

Another thing, WScript.exe startsup now, and I understand it comes with Windows or something but it used to never auto-startup. I'm guessing it's using WScript to carry out some of the infections. If you try and delete WScript it re-creates itself since it's a windows file. It's a program to run scripts, so... i duno, seems fishy. Never auto-started and now it does after www.talkstocks.net

Ran 'The Cleaner', it found "BargainBuddy" to be a trojain. Hope this somehow helps people to find a fix for the adware reproducing itself.

i don't know what method it uses to infect, but i tried as hard as i could to find out, the site's source is too cryptic and full of crap to really be informative, but

1) change your homepage to something else
2) ctrl+alt+delete and end task "b" / "b.exe"
3) go into start>run>"msconfig">startup tab>uncheck "b" / "b.exe"
4) delete the file c:\windows\b.exe

it will be gone

send me an im at 'magisterofmayhem' if you need any more help

I think i got rid of it. There's more then just 'b.exe'. I belive these are some too that I got rid of:

Ctrl+Alt+Dlte these, then use Win's Search and find these files and remove it.
vvlouit.exe
rwhyliwf.exe

Use Spybot S+D and Ad-Aware to try and remove these:
WinFavorites
SafeSurfing
BargainBuddy

I think it installs more, i'm not too sure though.

hey everyone i found the fix! (i think...) delete your info, then hit ctrl alt dlt and under processes, end b.exe if its there, and most importantly gmt.exe. after you end these, search for them and delete them, along w/ the .pf file if there is one. then start menu, run, msconfig, and make sure there isn't anything strange that is checked under startup, including these programs. i think thats it... im almost positive the virus was gmt.exe. hope it works for u too...

The name of the virus is W32/Alphx.worm

Its not a new virus, but it is definately an annoying one. There's a nice article about it from October (found via Google news) here:
http://www.inform.umd.edu/News/Diamondback/archives/2003/10/22/news8.html

The web site mentioned in that article is the one that actually infected your system (it was loaded via javascript from the talkstocks.net page)

The University of Maryland has some fairly straightforward removal instructions at:
http://www.helpdesk.umd.edu/virus/alerts/proxybots.shtml

Just look under the "Realphx/Alphx" heading.

It would probably be nice if you linked to the rmeoval instructions in your profile for all your friends who may have been infected after you get yours cleaned up.

Good luck,
Nathan

do control alt delete and find b.exe and close that. and then search all files and folders for b.exe and if it comes up delete it. now go to ur profile and makes sure its working properly
i hope it works for you, i had it and it worked for me!
-cocobutter

The virus discussed in the Maryland webpage is for an older version I think. This one has been modified. The b.exe method will work. I dont know of any gmt.exe. Hope you didnt delete somethin important :P. I love you all

Ummm..I don't have the RealPhx virus, but some version of it. ON my proflie it says "Whoaa...look what I found!" I was just wondering what I should do to remove it. Thanks

I clicked on the link that said Whoaaa....look at this and it downloaded porn on to my computer, but I never got the link in my AIM profile. Any suggestions on how to get rid of it? I have noticed when I turn on my comp. a box pops up and asks for my zip code for a weather update