imsexy.exe

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Visited a friends house yesterday, and the grandkid somehow through
msmessenger was sent the worm from someone else's PC, and then opened an
attachment. He did not have a very good explanation of how it happened and I
don't use MSM so am not totally sure.

Anyway, when they boot the PC they get a popup saying imsexy.exe is running,
he closes the window and everything seems to work ok except he has MSM
disabled.

I did some searching and could not find out much about a removal or repair
without a lot of registry editing.

We downloaded and ran spybot but it did not find it.

Will trendmicro sysclean.com find it, or is there another suggestion I can
email him.

Thanks
Bob

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

The program is a Trojan virus so spyware removers will probably not remove
it. If he has antivirus software he will need to make sure it is updated.
More about the virus

http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.cg.html

Turn OFF system restore
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

Reboot in SAFE mode

ALWAYS use safe mode when doing a full disk virus scan as it prevents many
viruses fro running and hiding.

Make sure when you run the AV software it is set for CLEAN and if that fails
DELETE.

If they do not have AV software there are several good program out. I
recommend AVG for my friends that don't have it
run the scan in Safe mode. AV software

http://www.grisoft.com/doc/40/lng/us/tpl/tpl01

For instructions, read the document: How to start the computer in Safe Mode.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

Once you have restarted in Safe mode, run the scan again.

After the files are deleted, restart the computer in Normal mode.

"Leanin' Cedar" <Nospam@nospam.org> wrote in message
news:nnGme.10652$M36.4899@newsread1.news.atl.earthlink.net...
> Visited a friends house yesterday, and the grandkid somehow through
> msmessenger was sent the worm from someone else's PC, and then opened an
> attachment. He did not have a very good explanation of how it happened and
> I don't use MSM so am not totally sure.
>
> Anyway, when they boot the PC they get a popup saying imsexy.exe is
> running, he closes the window and everything seems to work ok except he
> has MSM disabled.
>
> I did some searching and could not find out much about a removal or repair
> without a lot of registry editing.
>
> We downloaded and ran spybot but it did not find it.
>
> Will trendmicro sysclean.com find it, or is there another suggestion I can
> email him.
>
> Thanks
> Bob
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"Leanin' Cedar" <Nospam@nospam.org> wrote in message
news:nnGme.10652$M36.4899@newsread1.news.atl.earthlink.net...
> Visited a friends house yesterday, and the grandkid somehow through
> msmessenger was sent the worm from someone else's PC, and then opened an
> attachment. He did not have a very good explanation of how it happened and
> I don't use MSM so am not totally sure.
>
> Anyway, when they boot the PC they get a popup saying imsexy.exe is
> running, he closes the window and everything seems to work ok except he
> has MSM disabled.
>
> I did some searching and could not find out much about a removal or repair
> without a lot of registry editing.
>
> We downloaded and ran spybot but it did not find it.
>
> Will trendmicro sysclean.com find it, or is there another suggestion I can
> email him.
>
> Thanks
> Bob

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Thanks for the quick reply;

I will send him the link
Bob

"Nick Cleevely" <postmaster@127.0.0.1> wrote in message
news:GpGme.47521$g12.27116@fe3.news.blueyonder.co.uk...
>
> "Leanin' Cedar" <Nospam@nospam.org> wrote in message
> news:nnGme.10652$M36.4899@newsread1.news.atl.earthlink.net...
>> Visited a friends house yesterday, and the grandkid somehow through
>> msmessenger was sent the worm from someone else's PC, and then opened an
>> attachment. He did not have a very good explanation of how it happened
>> and I don't use MSM so am not totally sure.
>>
>> Anyway, when they boot the PC they get a popup saying imsexy.exe is
>> running, he closes the window and everything seems to work ok except he
>> has MSM disabled.
>>
>> I did some searching and could not find out much about a removal or
>> repair without a lot of registry editing.
>>
>> We downloaded and ran spybot but it did not find it.
>>
>> Will trendmicro sysclean.com find it, or is there another suggestion I
>> can email him.
>>
>> Thanks
>> Bob
>
> http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Thanks for the info and links,
I will forward this message to him

Bob
"wayne" <komon@dgdg.sss> wrote in message
news:_uqdnSDm3oNEqwbfRVn-3w@comcast.com...
> The program is a Trojan virus so spyware removers will probably not remove
> it. If he has antivirus software he will need to make sure it is updated.
> More about the virus
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.cg.html
>
> Turn OFF system restore
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
>
> Reboot in SAFE mode
>
> ALWAYS use safe mode when doing a full disk virus scan as it prevents many
> viruses fro running and hiding.
>
> Make sure when you run the AV software it is set for CLEAN and if that
> fails DELETE.
>
> If they do not have AV software there are several good program out. I
> recommend AVG for my friends that don't have it
> run the scan in Safe mode. AV software
>
> http://www.grisoft.com/doc/40/lng/us/tpl/tpl01
>
> For instructions, read the document: How to start the computer in Safe
> Mode.
>
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
>
> Once you have restarted in Safe mode, run the scan again.
>
> After the files are deleted, restart the computer in Normal mode.
>
> "Leanin' Cedar" <Nospam@nospam.org> wrote in message
> news:nnGme.10652$M36.4899@newsread1.news.atl.earthlink.net...
>> Visited a friends house yesterday, and the grandkid somehow through
>> msmessenger was sent the worm from someone else's PC, and then opened an
>> attachment. He did not have a very good explanation of how it happened
>> and I don't use MSM so am not totally sure.
>>
>> Anyway, when they boot the PC they get a popup saying imsexy.exe is
>> running, he closes the window and everything seems to work ok except he
>> has MSM disabled.
>>
>> I did some searching and could not find out much about a removal or
>> repair without a lot of registry editing.
>>
>> We downloaded and ran spybot but it did not find it.
>>
>> Will trendmicro sysclean.com find it, or is there another suggestion I
>> can email him.
>>
>> Thanks
>> Bob
>>
>
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"Nick Cleevely" <postmaster@127.0.0.1> wrote in message
news:GpGme.47521$g12.27116@fe3.news.blueyonder.co.uk...
> http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm


I tried that link for myself, everything downloaded OK, but could not run
the scan, kept getting error on page.
IE 6.0
zonealarm pro (java script, activeX enabled for that site)
NAV 2005

Is it a problem on my side or theirs at this time?

Thanks
Bob

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Panda software wants to do a scan across the internet so it needs to use
active X your software is blocking it!

Wayne'

"Leanin' Cedar" <Nospam@nospam.org> wrote in message
news:m2Jme.10742$M36.2664@newsread1.news.atl.earthlink.net...
>
> "Nick Cleevely" <postmaster@127.0.0.1> wrote in message
> news:GpGme.47521$g12.27116@fe3.news.blueyonder.co.uk...
>> http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
>
>
> I tried that link for myself, everything downloaded OK, but could not run
> the scan, kept getting error on page.
> IE 6.0
> zonealarm pro (java script, activeX enabled for that site)
> NAV 2005
>
> Is it a problem on my side or theirs at this time?
>
> Thanks
> Bob
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"wayne" <komon@dgdg.sss> wrote in message
news:9badnVt6sLKR5AbfRVn-sg@comcast.com...
> Panda software wants to do a scan across the internet so it needs to use
> active X your software is blocking it!
>
> Wayne'

I enabled activeX, java script, popups etc in ZoneAlarm for the site,
disabled NAV, after
the file download completes and I get to the active scan popup, there are no
errors until I click on an item, then I get an error "other" in the status
bar. the message is "object doesn't support this property or method"

I get all of the activeX notices during the download and click yes on all of
them.

Not quite sure what else needs to be disabled or enabled

Bob

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

try these

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan/licence.php

http://www.ravantivirus.com/scan/

http://housecall.antivirus.com/housecall/start_frame.asp

http://www.kaspersky.com/scanforvirus

http://us.mcafee.com/root/mfs/default.asp?cid=9435

One of these should work

Wayne


"Leanin' Cedar" <Nospam@nospam.org> wrote in message
news:IqLme.12975$w21.5987@newsread3.news.atl.earthlink.net...
> "wayne" <komon@dgdg.sss> wrote in message
> news:9badnVt6sLKR5AbfRVn-sg@comcast.com...
>> Panda software wants to do a scan across the internet so it needs to use
>> active X your software is blocking it!
>>
>> Wayne'
>
> I enabled activeX, java script, popups etc in ZoneAlarm for the site,
> disabled NAV, after
> the file download completes and I get to the active scan popup, there are
> no
> errors until I click on an item, then I get an error "other" in the status
> bar. the message is "object doesn't support this property or method"
>
> I get all of the activeX notices during the download and click yes on all
> of them.
>
> Not quite sure what else needs to be disabled or enabled
>
> Bob
>
>
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"wayne" <komon@dgdg.sss> wrote in message
news:wZGdna5q39dcFgbfRVn-qQ@comcast.com...
> try these
>
> http://housecall.trendmicro.com/
>
> http://www.bitdefender.com/scan/licence.php
>
> http://www.ravantivirus.com/scan/
>
> http://housecall.antivirus.com/housecall/start_frame.asp
>
> http://www.kaspersky.com/scanforvirus
>
> http://us.mcafee.com/root/mfs/default.asp?cid=9435
>
> One of these should work
>
> Wayne

Thanks for the links, I will give them a try.

Bob