Virus Project 1/ Generic2.EXO / Backdoor.Generic3.SAT

How to Remove MSN Virus Project 1/ Generic2.EXO / Backdoor.Generic3.SAT

This MSN virus is a new virus which spreads via MSN Messenger. Once a computer is infected it will send copies of itself to every online contact on the infected users contact list.

A new MSN Virus removal tool has been created. It is recommend you try this first by downloading and running this before trying the instructions below. You can download the tool HERE. Please let us know if it worked for you so we can keep improving our products.

The message says (or similar to):

“is that u on that photo http://lollypics.xx.funpic.org/pictures.php?photo656.jpg” (link edited to prevent people getting further infected)

Other links may include:http://www.picture-database99.com

Once clicked, it will open Internet Explorer and prompt you to download a file called photo656.pif or another file with a similar name (note: it is now a .pif file being downloaded, not a .jpg). Once run, the computer will be infected.

This virus also installs a toolbar into Internet Explorer called “Toolbar888”.

AVG Antivirus Detects this threat as:
- Trojan horse Generic2.EXO
- Trojan horse BackDoor.Generic3.SAT

How to Remove MSN Virus Project 1/ Generic2.EXO / Backdoor.Generic3.SAT:

Goto: Start > Control Panel > Add/Remove Programs.
Find Toolbar888 and click the “Change/Remove” button to uninstall it

Press CTRL+ALT+DELETE all at the same time so you are viewing the “Process” Tab.

If you find any (or all) of the following (don’t worry if you cant find all of them):

Update.exe
goll.exe
loadadv455.exe
drsmartload.exe
goll.exe
two.exe
vcncr.exe
rorjxk.exe
eyewblbby.exe
cgqrvrva.exe

Highlight the name and click the button “End Process” to each of the above you find in the list.

Find and Delete The Following Folders and their Contents:

C:\Program Files\Common Files\{28676FB5-0AE9-3081-1205-03030930003d}\
C:\Program Files\Common Files\{38676FB5-0AE9-3081-1205-03030930003d}\

Find and Delete the Following Files with the Folder (NOT the folder itself):

In the folder: C:\Windows\system32\ (don’t worry if you cant find all of them)

Find and Delete:

goll.exe
drv.exe
loadadv455.exe
one.exe
two.exe

In the folder: C:\Documents and Settings\[current user](replace [current user] with the name you are currently logged on as, don’t worry if you cant find all of them)

Find and Delete:

goll.exe
drv.exe
loadadv455.exe
one.exe
two.exe

In the folder: C:\ (main level of C drive, be careful here, don’t worry if you cant find all of them)

Find and Delete:

goll.exe
drv.exe
loadadv455.exe
one.exe
two.exe
drsmartload.exe

Update your Antivirus with the most current virus definitions and run a full system scan to clean up any remaining files. If you do not have any antivirus software. AVG Free is a great option.

You may need to reinstall MSN Messenger again.