Jump to content
Sign in to follow this  
Followers 0
Acerz492

Block Checker Malware

By Acerz492, in Off-Topic Discussion

Recommended Posts

Acerz492    1

Acerz492
Posted

There's a tricky bugger of a worm out there.

 

Well, I'm not sure it's new, but it's been passed around a couple of times. I got it the other day, and only just got rid of it. What it does, is mess around with MSN Messenger, AOL Instant Messenger, and Yahoo! Messenger and basically gives out a message saying something along the lines of:

or something like that . It can also send a link saying something along the lines of:

Did they block you too? Download a free MSN Block Checker http://www.block-checker.com

Do yourself a favour and don't bother with this program. It dosen't do anything at all. It's retarded and redundant, I mean, who cares if someone blocked you? It's not your problem, and if you're the reason as to why someone blocked you, well, don't make a big song and dance about it. :roll:

 

(note for the slow: the first link isn't a real site, so don't click the link or copy-paste it into the address bar and hit 'enter' mk? And, like I said, don't bother with the second link. It'll only cause ya grief in the end.)

 

Anyways:

 

Of course we've all fallen for it because we clicked on it, and as soon as it does that the worm activates. It also runs a fake version of the Windows program, 'csrss.exe'. I'm not sure what the Windows one does, but it's important. Hell, I'm not sure what the fake one does either. :lol:

 

Anyway, if you ever have had this happen to ya, then here are the steps to get rid of it. For good.

 

 

Step 1: Killing the processes

 

* Download Sysinternals' "Process Explorer" here and install it. (note: that link's legit, don't worry. :P)

* Open Process Explorer and kill "csrss.exe" first.

To avoid killing the wrong csrss.exe process, look at the "User Name" column which lists who has started the process.

If it is "SYSTEM" or "NT AUTHORITY" or the likes, then it means it is the legit windows process started by Windows itself and shouldn't be killed. If it is your username/computername then it means the csrss.exe process has started up as a normal user program and thus is not legit and the fake one. This is the one you need to kill...

* While still in Process Explorer, kill "block-checker.exe" if it is still there.

 

 

Step 2: Removing the files

 

 

* Uninstall the block checker by going to "Add/Remove Programs" in the control panel.

* Go into "C:Program Files" and delete the folder labelled "Block Checker" (where C: is the drive you installed Windows on) if it is still there.

* Delete the "exclusion_AOL.ini", "exclusion_MSN.ini" and "exclusion_Yahoo.ini" files located in windows' system folder (C:WindowsSystem). (note: if they're there, that is.)

* Clean out your recycle bin to totally remove the files from your HDD.

 

 

Step 3: Fixing the registry

 

 

* Open your registry editor (Start > Run > regedit.exe) and navigate to "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" and delete the key named "block-checker".

 

Special credit goes out to my mate Bodie who found the site where it tells us how to get rid of the worm. Why didn't I just make a link to the URL? Eh, well, first of, there isn't a point in reading through a ton of forum crap and pointless posting in the thread as to where I got it from to find it.

Second, as the aforementioned thread had it explained about 34563541 times already, you wouldn't want to read the same method over and over again, now would you? :P

Share this post

Link to post

Guest Rabbit   

Guest Rabbit
Posted

Is that the thing you were warning me about that other day?

Share this post

Link to post

Guest Rabbit   

Guest Rabbit
Posted

Well, I'm glad you figured out the problem, you seem so confused at first when you got it...

 

you know what though? I actually clicked that lilnk when it popped up on MSNM but lucky me i was smart enough to click "don't run"

Share this post

Link to post

Acerz492    1

Acerz492
Posted

:bang: Yeah.....I know I'm a dumbass...shaddup.... :haha:

Share this post

Link to post

Luk3us    63

Luk3us
Posted

Alas... My elite computer was not infected in the slightest... ahh.... :P

Share this post

Link to post

Acerz492    1

Acerz492
Posted
Cloud Hawkeye says:

lol. how uberish is your comp?

lûk3û§ Kîwî Dêvîl says:

Pretty crap to be honest.

 

Your 'elite' computer? :roll: Dream on dude, l33t computers still get affected by worms and viruses regardless.

 

Wasn't my fault that I had a blonde moment... :lol:

Share this post

Link to post

Luk3us    63

Luk3us
Posted

Pff... You're just jealous you got infected and I didn't. :P

Share this post

Link to post

Guest Rabbit   

Guest Rabbit
Posted

Hell, I don't like infections, but I'd like to see what happened, just for the hell of it...

Share this post

Link to post

Acerz492    1

Acerz492
Posted
Pff... You're just jealous you got infected and I didn't. :P

 

Nah...not really...why would I be jelous over something as pointless as that? :wink:

 

Hell, I don't like infections, but I'd like to see what happened, just for the hell of it...

 

Go ahead...don't come crying to the thread when your computer blows up.. :wink: I started the thread for a reason ya know:

 

So idiots wouldn't annoy other people when this process has been explained a bilion times before.

 

And also because there are people out there who will see a big red button with a sign saying, "Do not push", and will push it anyway. Every single time. :lol:

 

Just trust me in saying that you don't really want to find out as to what it does. Leave that to the programmers amoung us.

Share this post

Link to post

Guest MadBadger   

Guest MadBadger
Posted

pffft it aint that bad dunno what the problem is YOU CAN REMOVE IT THROUGH ADD REMOVE PROGRAMS FFS ITS A N()()B VIRUS...... not that hard to stealth programs so they dont turn up on add/remove programs or task manager...... cant remove it from prosseses just aplications :P ....... ive done it to generals ........ for some reason.

Share this post

Link to post

Scorpio XIII    0

Scorpio XIII
Posted
Pff... You're just jealous you got infected and I didn't. :P
LoL

Share this post

Link to post

Doctor Destiny    41

Doctor Destiny
Posted
Sorry, downloading a MSN virus is just n00bish. Another good reason to use Trillian :)

Not quite what he was saying. :roll:

 

Acerz is explaining how to remove and avoid this virus. :roll:

Share this post

Link to post

Acerz492    1

Acerz492
Posted
Sorry, downloading a MSN virus is just n00bish.

 

Well excuse me for trying to help people. :roll: You obviously haven't read my posts properly either:

 

Not quite what he was saying.

 

Acerz is explaining how to remove and avoid this virus.

 

Exactly. Thank you, Fenring, for understanding.

 

 

:roll: What's the world coming too? I get flamed for trying to help people? Jeez....

 

Another good reason to use Trillian :)

 

No. :P

Share this post

Link to post

Cygnus X-1    12

Cygnus X-1
Posted

My comp took down a grand total of 3 the other day

 

but i dont trust it, so I went in and manually deleted all the bad stuff

 

but it might still be there :shock: ya neva kno these days

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Off-Topic Discussion

  • Recently Browsing   0 members

    No registered users viewing this page.

×