Heads Up! Christmas Day Virus Attack, from Facebook and TMZ.

Also associated with it seems to be a file named

mike148.exe

Some info on mike148...

[link to www.threatexpert.com]

Rumor is, the thing is originating from Russia...

Maybe someone with some tech savvy can try to decipher this link...

[link to www.antivirus365.org]

I can tell from glancing at it that it mentions mike148 in association with facebook...

Had one last night right after midnight.. it was a bitch to get rid of too

There are always virus's from facebook. Even more reason not to use it.

This worked fixing my mom's computer...


Ok, here are the offending files...

tmzyc.exe, and mike148.exe.

These were most likely attached to a video from the tmz website.

The removal has a few steps but isn't too tricky...

Restart your computer.

Start Task Manager: press (ctrl, alt, delete, at the same time).

Select the Applications tab, if you see Security Shield running, then
slect it, and choose end task.

Sometimes the virus will have a couple of small pop-up windows that get
in the way of the confirmation box for Task Manager, either minimize them
or move them out of the way to uncover the confirmation prompot/box.

This should remove the pop windows from the desktop, and prevent the virus
from starting up.

Now you can delete the two files.

Use search for both mike148, and tmzyc, and delete any copies you find.
You do this by slecting any of these offending files, right click, open
containing folder, and delete the file that appears in that folder

Remove these copies from the recycle bin, select empty recycle bin.

Also...

Goto Start ---> Run ---> type "msconfig" in the box, hit enter.

This will bring up the system configuration program.

Select the start-up tab.

If you see a copy of mike148, tmzyc, or simply a blank entry, then
unselect any of those, and close the configuration program.

You are ready to restart, and your computer should clean and
ready to go.

Last Edited by DanfromtheHills on 12/25/2010 12:19 PM

The virus is delivered to your computer via mike148.exe.

It got on my mom's machine at 7:30pm est, yesterday, by viewing a link to a video posted on facebook from the tmz website.

Yep, that's when my mom got it also.

I'll check in a couple more times to see if anyone has questions.

Stay safe browsing everyone, and have a Merry Christmas!

Malware Bytes Antimalware software removed the "Grinch" Trojan files from my computer infected on Facebook on Christmas Day, and found the following: Final scan by Malbytes showed nine infected files, including PUM HKEY Local, koobface, TrojanFile, PUB.Fbsearch, Trojan Agent: file, registry, value and memory. All were successfully deleted. Thanks to Dan in the Hills for making the public aware of the attack. The Facebook Help Team was on vacation from Christmas Eve until Thursday December 30, 2010 and could not help Facebook users.

Four more infected files were identified by an additional full search by Malbytes AntiMalware software: all had the designation Pap FB Search. These infected files were all successfully removed by Malbytes.

Four more infected files were identified by an additional full search by Malbytes AntiMalware software: all had the designation Pap FB Search. These infected files were all successfully removed by Malbytes. [Sorry I did not manually enter my name the first time: I am new to your excellent site.]

Right, the whole thing seems to be a malware/adware scheme.

She wound up downloading malware bites, ran it, and found 93 separate files! Alot of them are the same as your list.

EDIT: Facebook offers a fix at their site if you have wound up with this junk.

Last Edited by DanfromtheHills on 12/28/2010 09:12 AM