AIM: Best Friends / Away Message AIM Virus, Trojan, and Backdoor

Contributed by MickeyMouse  
Tagged: Instant messaging  

msnguyen.exe, aolmsngr.exe, and msginav.exe are examples of process names used in this new AIM trojan. Here’s what it does.

You went to a web page and downloaded what appeared to be a screensaver file that ends in *.scr

Windows warned you, but you downloaded it anyway.

Now your AIM client is acting crazy. You have installed a trojan and here’s how to get rid of it.

This program may do it automatically for you. Even if the program works, you should go through the manual steps below to remove any traces.
http://elon.edu/student/jaleman/BestFriends.htm

Here is the manual way:

Hit CTRL-ALT-DEL to open the task manager
Select the processes tab
select aolmsngr.exe by left clicking on it
hit the end process button at the bottom of the task manager
say Yes to the warning
This should turn it off.

The bugger hides in c:\windows\system32\aolmsngr.exe.
You should be able to delete it from there.

You’ll also want to remove aolmsngr.exe from following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

You should also do a search for hilarious.scr and delete it whenever you find it.

Why is this bad? aolmsngr.exe opens a backdoor into your system and allows other people to gain access at will.

You had to accept several warnings in order to download this. Don’t do this again. I hope this helps.

SP2 would have automatically blocked the download, by the way.

Once you are done, update and run your antivirus and an antispam program like spybot. Hopefully, these will clean up any additional programs that the backdoor might have installed on your system.

For other spyware related problems, try this recipe too…