How to fix is this you on this pic virus on
Windows Vista
Is your pc infected with a annoying virus/spyware (worm) which
constantly tries to distribute itself over Skype or the other
messangers you're using?
The virus spreads around the message similar to the message
is
this you on this pic? http://zp.rs/photo88.php
The second part of
is this you on this pic? consists of an URL
which is actually randomly generated
The virus behaviour is that it sends a link to a random hostname
which does contain the spyware itself and gets infected the Windows
PC of the person who is naive enough to open the link.
What is really annoying about this virus is that it sends around to
random people in the skype contact list advertisement the virus
like shown in the paste below directly from my Skype program:
[Sun Dec 19 2010 12:18:55] salinuriev: is this you on pic?
http://icanhaz.com/photos8.php etc.
The virus uses an old cracker's trick "provoking the people's
curiosity by initiating personal message with the link to a
picture".
I should say the Virus creators has done a good job since the first
time I saw the virus I was stupid enough to open the link, as it
was naturally part of one of my conversations in Skype.
Luckily I'm using GNU/Linux and an old skype version and therefore
my PC couldn't get infected by the malware.
Recently the family which lives in the same house as me herem, had
their notebook infected with the virus and since they're not too
much computer literated asked me to help them in fixing their
Windows Vista from this sticky virus.
It took me a while to find out the solution, but eventually I
cleared it up!
In this article I'll describe step by step what I did to clean up
the virus:
1. Make sure you have some kind of Antivirus software
installed;
If you do not have an antivirus software installed on your PC you
should get one:
I personally prefer
Avira as it's a freeware for personal
use, other Antivirus softwares you might use is
AVG or if
you can afford to buy one, then I would advise you to pick up
NOD32.
Another option of yours is to use one of the
NOD32 cracked
versions with the
FixIt crack file applied.
The cracked NOD32 can easily be find in
thepiratebay.com or
some other major torrent racker, however be aware that using a
cracked version of NOD32 might endanger your PC. Many of the
available distributed NOD32 said to a cracked ones are actually
contains viruses or spyware attached to either the crack or the
NOD32 main executable or ldd (libraries).
2. Install MalwareBytes and check your PC for spyware/malware
software
Check out my previous post about the Malwarebytes
3. Download and run Oldtimer's TFC.exe
TFC will close ALL open programs including browser etc. It's
necessary that the file is run with Administrator in Windows
Vista.
After the program starts up press the
Start button to begin
the cleaning process and let the program complete.
The moment TFC prompts you for a reboot you will have to
agree.
What TFC does is it does check all the Temporary Files folders in
your Windows and deletes all the junk and old files.
This is very nice actually since many of today's viruses, spyware
and malware keep themselves copies in the
Temporary Files
folders and execute themselves from there during boot.
One more thing to know some antivirus softwares including
TrendMicro's Housecall will consider the TFC to contain a Trojan,
however you can safely ignore this warning since the detection is
incorrect.
4. Use trendmicro's housecall Online Virus Scan
HouseCall - Free Online
Virus Scan
This is quite handy tool, the disadvantage is that you leave an
external program over the internet to mess up with your files,
however if you really want to get rid of the
Skype spamming worm
virus , you have no other choice.
Download either the Housecall for a 32bit or for 64bit in
accordance to your Windows platform and the program will scan your
system for you and hopefully clean up the trojan.
Following this 4 steps cleaned up the PC from the
is this you on
the pic? infection!
I hope that all has been cleared but with closed proprietary
systems like Windows you never know ... If there are some further
problems I'll try to post about them in the comments here.
Users feedback on how well this article helped is also mostly
welcome!