How to remove the ‘funpic’ MSN Messenger virus

Many of you have probably encountered this MSN messenger virus/worm/trojan. It has no official name as far as I’m aware, so I’m just calling it the funpic virus (and yes, I know that this name is wrong since it is a computer worm, and not actually a virus, but if mineral water that has been flowing in brooks/springs for decades can suddenly have an expiration date, then I’m entitled to use erroneous names) since that’s the one constant in the links the virus spreads around on MSN messenger. Most recently, the link looks like this:

http://mypics4you.my.funpic.org/ViewImage.php

For obvious reasons, you should not click this link, but in case you do, I’ll teach how the virus spreads from your computer and how to remove it.

How the virus works

Despite the virus having been around for a while (at least 2 months), there’s little to no info about it. Why? Because people usually don’t even know they’re infected. The virus doesn’t actually seem to do anything to your computer, other than trying to spread to other computers, but it does it in a simple, yet brilliant way.

Unlike most MSN Messenger virus, this one only sends out the link in ‘real-time’, by intercepting a message you wrote and replacing it by the link, however, it doesn’t show up in your chat screen! Let’s make an example, since that might make it easier to understand. Say two friends, John and Peter, are chatting (John has the virus). From John’s perspective, the first three messages look like this:

Peter says:
Hey John, how are you?

John says:
Hey, I’m fine, thanks.

John says:
What about you?



However, from Peter’s perspective, it looks like this:

Peter says:
Hey John, how are you?

John says:
Hey, I’m fine, thanks.

John says:
http://mypics4you.my.funpic.org/ViewImage.php



As you can see, John has absolutely no way of knowing that the link was sent to Peter, and by the time John figures out he has the virus, he may have spread it to dozens of his friends. EDIT: It would also appear that if you try to use a smiley in a single line (no text, just the smiley), your PC will send a .rar file with the virus instead (the same file you will be prompted to download, when you click the link). The concept remains the same, the infected person has his/her smiley overwritten on the other persons computer, and has no idea that s/he is sending it.

How to remove it

I would first like to emphasize that while many anti-virus will detect the virus and say that it has been removed, they rarely, if ever, succeed in actually doing it. So here is a step by step instruction on how to remove the funpic virus.

  1. Download the following two free programs to your desktop: MSNcleaner and MSN Photo Virus Remover by forospyware and MiCCAS, respectively.
  2. Open MSN Photo Virus Remover so that it can update its database. Once it has updated, CLOSE it, do NOT press ‘Start’.
  3. Reboot your computer in ‘safe mode’ (when your computer starts up, mash F8 like a miniac until this screen shows up, then select ‘safe mode’).
  4. When your computer has fully booted in safe mode, run MSNcleaner first!! When it has finished scanning, run MSN Photo Virus Remover. When MSN Photo Virus Remover finished scanning, it forces your computer to reboot after 2 minutes, which is why it is crucial to run MSNcleaner first.
  5. Just let your computer reboot normally, and you should now be virus free.

Alternative removal suggestions found on the web

  • Format your computer. This one obviously works, but you delete everything else on your computer along with the virus, and why would you want to do that when there’s such an easy fix?
  • Change your password. This one is total BS since the virus doesn’t attach to your ID, but to your system and programme files. Changing your password won’t do a damn thing.
  • Run some updated anti-virus programme. This is a bit of a shot in the dark, since I ran two independent updated programmes (one anti-virus, the other an adware/spyware-remover), and while both found the problem, neither was succesful in removing it. So it might work, it might not. In my case, it didn’t, therefore, use the method described in the above section, since that worked perfectly for me.
  • Uninstall MSN Messenger, delete all related folders, reboot, and re-install. Theoretically, this should work, but it doesn’t. One of the responcible files is actually not even located in any of the MSN Messenger folders, but somewhere in your Windows folder. So even uninstalling and then re-installing MSN Messenger won’t do much good.

Leave a Reply

Your email address will not be published. Required fields are marked *