Jump to content

Problemas No Messenger


Recommended Posts

W32.Funner is a worm that spreads using Microsoft's Windows Messenger instant message program and modifies the hosts file.

The worm MSN-Worm.Funner sends IM messages with URL links of the following form:


When W32.Funner is executed, it performs the following actions:

Copies itself as:






and executes the first three files listed.


The three files make sure that the other two are running and will restart them if any are stopped.

These files require the MSVBVM60.DLL file, which is a component of the Microsoft Visual Basic run-time environment.

%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Creates a log file named %System%\bsfirst2.log.

Adds the value:


to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

so that the userinit32.exe runs when you start Windows.

Adds the value:

"MMSystem"="%Windir%\rundll32.exe "%System%\mmsystem.dll"", RunDll32"

to some of the following registry keys:




so that the rundll32.exe runs when you start Windows.

May add the line:

Shell = %System%\explorer.exe

to the [boot] section of the SYSTEM.INI file.

Attempts to send c:\funny.exe to contacts in the Windows Messenger instant message program.

May contact the www.78p.com domain and download various components.

Adds the following entries to the Hosts file to point to an external IP address: www.wo365.com cmfu.com www.cmfu.com 9i0.com www.9flash.com 9flash.com www.nowok.net

The following links provide more details on this worm:

http://www.trendmicro.com/vinfo/virusencyc...e=WORM_FUNNER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FUNNER.A>

http://securityresponse.symantec.com/avcen...w32.funner.html <http://securityresponse.symantec.com/avcenter/venc/data/w32.funner.html>



Link to comment
Share on other sites

Esse link da Symantec nao da em nada

Mas eu não me consigo ligar desde as 18h !!!

Já cporry o AdAware e o SpyBot, que nada encontraram.

Tou a sacar as novas definições e ver se resolve este Bug :eek:

Luke > :luke: <

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.