How to remove the ‘foto’ virus – Y!M and MSN

Posted at May 9, 2010 // Tips and tricks

For a week or so, I’ve got tons of instant messages (on Yahoo Messenger) including a link to a getimage.php file or image.php files. Nothing odd till my antivirus started giving alerts of virus presence when I wanted to open those links. Actually I didn’t but some friends of mine does :P

photo virus yahoo messenger YM and MSN

Palevo is a computer worm which spreads through vulnerabilities in a computer. Although this malware isn’t that dangerous you better be prepared for it and stay alert to do not open any instant message which is sending you to any of these pages, getimage.php file or image.php.

If you already got it (wondering if you can open any webpage, especially if you can get to this page) you have to follow next steps to remove Palevo from your computer:

1. press CTRL+ALT+Del and hit end precess for Infocard.exe.
2. go to Search for files and folders and look for the following files and delete them:
C:\Windows\mds.sys
C:\Windows\mdt.sys
C:\Windows\winbrd.jpg
C:\Windows\infocard.exe

Now your system should be clean. Try next time do not open up all the links coming on your screen, and as you already know a picture can be in one of the following formats: .gif, .jpg, .png, .jpeg, .bmp. No way to be .php which is a webpage format and can’t be an image!

Another possible ways to get rid of this malware are (I’m not guarantying for any of these!):
1. download and run HJTInstall.exe
2. download and run MsnCleaner.exe
3. download and run ComboFix
4. download and run Malwarebytes Anti-Malware

Or, if nothing works you can try to download a free antivirus software and remove the malware without paying a buck. How does it sound? However if you know another good method to remove this malware please share with us :)

Tags : , , , , ,

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

4 Comments

Leave Comment