Thursday, October 05, 2006

Watch out for that PIF

Today I got lucky.
and stupid I'm sorry to say. I friend of mine IM:ed me on msn with a message that went something like this: "Hey, Is that you on that picture!!" and a link to a what appeared to be a jpeg image file. Now, I should've been suspicious about this, but the person I got it from was likely to send a silly picture so I fell for it. What it did was to try to open a file named "photo211.pif". Lucklily for me, I was using Linux Ubuntu, and pif is a windows command file for dos applications, which Ubuntu didn't know what to do with. I thought it was a misspelling, my friend has a tendency to do that, so I tried renaming it to .gif, but didn't work here either. So, I googled it. Huh, I barely got away from the new msn plague called bropia. Well, new is a gross overstatement. It's been around for 2 years at least, starting it's crusade from South Korea working it's way through Japan and then , the world. This is a worm that tries to make your computer into a zombie. It infects msn, forwards itself to all your msn contacts, and tries to disable your futile attempts to disable it. You could kill the process, if you're fast. But the easist thing is to make a cold reset, yanking out the power plug. Then you need to follow these instructions and hopefully you'll be fine and your precious documents might survive...
1. Restart to Safe Mode
2. In %programfiles%\msn messenger\ or \messenger\ depending on your version. Delete msnmgrs.exe and msgs.exe
3. In your %windir%\system32\ folder, delete alfa.exe & sprY.exe
4. Delete the pif file, could be in "my documents\received files\ or on the desktop
5. Make a complete antivirus scan.
6. Reboot.

If youre lucky you'll survive, if youre not, well it was time for systemwipe anyway wasn't it?

No comments: