AIM: Best Friends/Away Message AIM Virus, Trojan, and Backdoor

msnguyen.exe, aolmsngr.exe, and msginav.exe are examples of process names used in the new AIM Trojan. The following tutorial explains what it does and how to get rid of it.


You went to a web page and downloaded what appeared to be a screensaver file that ends in *.scr. Windows warned you, but you downloaded it anyway. Now, your AIM client is malfunctioning.

You have installed a Trojan, and you need to get rid of it.

The following program may get rid of the Trojan automatically for you. Even if the program works, you should go through the manual steps below to remove any traces.
http://elon.edu/student/jaleman/BestFriends.htm

Use the following steps to manually remove the Trojan:

1. Hit CTRL-ALT-DEL to open the Task Manager.
2. Select the processes tab.
3. Select aolmsngr.exe by left clicking on it.
4. Hit the End Process button at the bottom of the Task Manager.
5. Choose Yes at the warning.
This should turn it off.

The Trojan hides in c:\windows\system32\aolmsngr.exe.
You should be able to delete it from there.

You will also want to remove aolmsngr.exe from following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

You should also do a search for hilarious.scr, and delete it whenever you find it.

Why is this Trojan bad for your system? aolmsngr.exe opens a backdoor into your system and allows other people to gain access at will.

Once you are done, update and run your antivirus and an antispam program such as spybot. Hopefully, these will clean up any additional programs that the backdoor might have installed on your system.

For other spyware related problems, try this tech-recipe, too.

The Conversation

Follow the reactions below and share your own thoughts.

  • 55

    88

  • Anonymous

    I dont get this so how do u create ur own code name well find it ?