Home > Bila neagra, Etc, Tech, Web, Windows > Picture_dl.exe – beware of viruses being spread via Facebook

Picture_dl.exe – beware of viruses being spread via Facebook

August 7th, 2008 Leave a comment Go to comments

If you received a notification email from Facebook, notifying you that your friend “SOME FACEBOOK FRIEND” left a new message for you. This seemed to be OK until if you read the message:

“hello ‘USER“, hehe.. you could be tht naughty i didnt know… really hard to see taht from my eyes lol :-)
have a luk urself…
http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn/gallery.php?id=dd82hikzt&auth=9490559&cyua=iy2qpfgelm
(click open or run when prompted)”

The contents of the message apeat suspiciously similar to the virus messages. Another look at the URL revealed  that this is not a Google url,

site is:

http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn

( CN = China domain )

but a phishing site. If you followed the url, the link goes to a download page of Picture_dl.exe, which is some kind of a virus/worm or spyware.

Categories: Bila neagra, Etc, Tech, Web, Windows Tags: , , , , ,
  1. el_nacho
    August 15th, 2008 at 13:18 | #1
    Reply | Quote

    @Afro,

    I definitely got this virus but I can’t find the splm folder or the ncsjapi32 file anywhere.

  2. Afro83
    August 9th, 2008 at 23:45 | #2
    Reply | Quote

    delete this file on your computer.
    C:\windows\system32\splm\ncsjapi32.exe
    then search for any instance of picture_dl and delete them too. you are cured.

  3. razor
    August 7th, 2008 at 13:05 | #3
    Reply | Quote

    I was half asleep and did click on the link.
    It showed me some sort of e-card greeting and then the system started to semi-crash.

    Running virus scanners now to clear it.
    Hopefully it works. I’ll keep updated.

  1. No trackbacks yet.
GoCache - ByREV-Cache v1.0 - live served in : 0.143175 sec (gzip)