AIM Malware
If
you think you have installed malicious software (malware) propagated through
AIM, use the following instructions to detect and delete it. Make sure
to have current, updated antivirus software running at all times. Don't
let your virus defintions become outdated or your antivirus software will not
protect you from the latest threats. You may also want visit our page on removing adware and spyware
from your computer for more information not included here.
(Note: Only Windows-based PCs are vulnerable. Macintosh, Linux, and
UNIX-based computer users can ignore this alert.)
RealPhx (a.k.a.
SinKin)
If
you clicked on an AIM profile link, or have a link in your profile that reads
"Happy Holidays Everyone!! New Years 2003 Partayy!" you may
have the RealPhx virus, also known as SinKin. This virus steals your AIM
password, displays pop-up ads on your screen, and changes your homepage to
realphx.com. Update your antivirus software and run a full system scan to
detect and delete this virus. Make sure to change your AIM password when
you're finished (if you subscribe to the paid AOL service also change your AOL
password -- they are independent passwords though they may be the set the
same).
Buddylinks
If
you clicked on a link in an instant message from a buddy that said
something like "We Captured Osama! Check this out!" then you
may have installed the Buddylinks malware.
Here is information from the AIM Online Safety/Security
FAQ:
A
number of AIM users have received Instant Messages from someone on their Buddy
List asking them to check out the following links:
http://www.wgutv.com/osama_capture.php?dII5
OR http:www.buddylinks.net OR http://www.gamesandquizzes.com/nightraptor/
IF
YOU RECEIVE THIS MESSAGE, DO NOT CLICK ON THE LINK, EVEN IF IT COMES FROM
SOMEONE ON YOUR BUDDY LIST.
This link takes you to a web site that asks you to download a game. If you
agree to download the game, the web site also installs a secret
"adware" program on your machine that can deliver unwanted
advertisements and promotions. The adware program will also send the same link
out to every person on your Buddy List -- spamming your friends and associates with
a link to the same adware.
Please note: Buddylinks is NOT considered a virus by the
major antivirus companies and unlike RealPhx, it is often not detected by
antivirus software. It is not currently picked up by Ad-aware. You can only
remove it using the instructions below.
HERE'S THE FIX: If you have already clicked on the link and downloaded that
software, you can remove the adware program from your machine by clicking on
Start --> Control Panels --> Add/Remove Programs and
then removing the applications related to:
• BuddyLinks
• PSDT Messaging Integration
• PSD Tools ChannelUp v1.0 (remove only)
Additionally, if you have downloaded this program, you may want to alert
friends and associates on your Buddy List how they can remove this software.