Jump to content
Sign in to follow this  

Problemas No Messenger

Recommended Posts

W32.Funner is a worm that spreads using Microsoft's Windows Messenger instant message program and modifies the hosts file.

The worm MSN-Worm.Funner sends IM messages with URL links of the following form:


When W32.Funner is executed, it performs the following actions:

Copies itself as:






and executes the first three files listed.


The three files make sure that the other two are running and will restart them if any are stopped.

These files require the MSVBVM60.DLL file, which is a component of the Microsoft Visual Basic run-time environment.

%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Creates a log file named %System%\bsfirst2.log.

Adds the value:


to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

so that the userinit32.exe runs when you start Windows.

Adds the value:

"MMSystem"="%Windir%\rundll32.exe "%System%\mmsystem.dll"", RunDll32"

to some of the following registry keys:




so that the rundll32.exe runs when you start Windows.

May add the line:

Shell = %System%\explorer.exe

to the [boot] section of the SYSTEM.INI file.

Attempts to send c:\funny.exe to contacts in the Windows Messenger instant message program.

May contact the www.78p.com domain and download various components.

Adds the following entries to the Hosts file to point to an external IP address: www.wo365.com cmfu.com www.cmfu.com 9i0.com www.9flash.com 9flash.com www.nowok.net

The following links provide more details on this worm:

http://www.trendmicro.com/vinfo/virusencyc...e=WORM_FUNNER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FUNNER.A>

http://securityresponse.symantec.com/avcen...w32.funner.html <http://securityresponse.symantec.com/avcenter/venc/data/w32.funner.html>



Share this post

Link to post
Share on other sites

Esse link da Symantec nao da em nada

Mas eu não me consigo ligar desde as 18h !!!

Já cporry o AdAware e o SpyBot, que nada encontraram.

Tou a sacar as novas definições e ver se resolve este Bug :eek:

Luke > :luke: <

Share this post

Link to post
Share on other sites

Além disso corri o Stinger também para ver se tinha trojans, mas estou limpissimo... problema geral da rede.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.