AIM, Virus Removal

From ITS Wiki - Information Technology Services - University of Rhode Island

Jump to: navigation, search
Poke.png Malware

This page is part of a category. To see more pages like this, go to the Malware index.

General Information

While a virus cannot infect a computer through an instant message alone, it can be infected through attachments sent through instant messenging programs as well as profile links. Instant messengers can also promote virus infestation via links that redirect users to websites designed to take advantage of security vulnerabilities in various operating systems and browsers.

There are currently a number of viruses that affect AOL's Instant Messenger. Links to anything with a .scr or .exe file should be avoided. These are executable files and more than likely contain viruses. The same is true for .pif files and anything related to Block-Checker.

Symptoms of Infestation

  • When exiting AIM, a message appears that reads: 'The AIM hyperlink you've clicked on may require you to be online to work. Please log in first.' Users are then re-logged into AIM.
  • Random links appear in buddy profiles or in Instant Messages. These links can be to places such as engagingphotos.com, christianmovies.com, realphx.com, fals.net or profilesbyte.com. They sometimes also link to sites at geocities.com and entice the reader to click by promising song lyrics, pictures (sometimes nude), jokes or gibberish.
  • Programs such as regedit, Windows Task Manager (Ctrl+Alt+Del), and msconfig will not remain open.

Browser Termination

Recently, there has been a trend to write viruses that close web browsers when a user attempts to visit a remediation page. In the case of AIM Viruses, http://www.jayloden.com/VirusClean.htm will help users whose browser terminates upon attempts to visit the AIMFix page.


Related Links:

 http://www.aim.com/help_faq/security/faq.adp