Picture_dl.exe - beware of viruses being spread via Facebook
If you received a notification email from Facebook, notifying you that your friend “SOME FACEBOOK FRIEND” left a new message for you. This seemed to be OK until if you read the message:
“hello ‘USER“, hehe.. you could be tht naughty i didnt know… really hard to see taht from my eyes lol
have a luk urself…
http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn/gallery.php?id=dd82hikzt&auth=9490559&cyua=iy2qpfgelm
(click open or run when prompted)”
The contents of the message apeat suspiciously similar to the virus messages. Another look at the URL revealed that this is not a Google url,
site is:
http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn
( CN = China domain )
but a phishing site. If you followed the url, the link goes to a download page of Picture_dl.exe, which is some kind of a virus/worm or spyware.
3 Responses to “Picture_dl.exe - beware of viruses being spread via Facebook”
@Afro,
I definitely got this virus but I can’t find the splm folder or the ncsjapi32 file anywhere.
delete this file on your computer.
C:\windows\system32\splm\ncsjapi32.exe
then search for any instance of picture_dl and delete them too. you are cured.
I was half asleep and did click on the link.
It showed me some sort of e-card greeting and then the system started to semi-crash.
Running virus scanners now to clear it.
Hopefully it works. I’ll keep updated.