Just so you all know right now, No,
this is not a hoax... if it was a hoax I would not have just spent the last hour
talking Tara's mom through the removal process... nor would I be posting it (ask
around... I don't send hoaxes). So if you are a MSN Instant Messenger
user, I HIGHLY suggest you read up on this...
TAKEN FROM http://virus.com/article/index.php?article=943 (includes
removal instructions)
Name: W32/Choke
Aliases: I-Worm.Choke, Win32.Choke, W32/Choke.Worm
Type: Win32 worm
Comments: W32/Choke is
a worm which attempts to send itself through the MSN Messenger instant messaging
program.
The worm can send itself through MSN Messenger using a variety of
filenames, including ShootPresidentBUSH.exe and Choke.exe.
It copies itself
to c:\choke.exe and sets a Registry key HKCU\Software\Microsoft\Windows \CurrentVersion\Run\Choke
in order to run automatically when Windows is started.
When first
executed the worm displays two dialog boxes. The first dialog box says:
"This program needs Flash 6.5 to run!"
The
second displays the message:
"Cannot run program!,
Quitting"
The worm creates a
file called about.txt in the root of the C: drive which contains the following
text:
Choke , Copyright ® 1886 ... A MAD CHRISTIAN
--------------------------------------- Go talk swearwords about God You all
will die, stupid humans. You fools didn't see what you have done Bye slut, go
talk shit about me. (Call me a 'psychophatt', but I respect the Creator of
life...) ' Consider your earth '
***SAMPLE, TAKEN FROM EARLIER
CONVERSATION*** (more info at
bottom)
KEY:Purple=Actual text from Tara's mom, Red=Notes, Grey=transfer request, Blue=Actual text from me, Green=Virus
talking
¤?X?X?X?X?X?
says:
Hey Scott. It's Mom. How's it going?
¤?X?X?X?X?X? says:
"President bush shooter is game that allows
you to shoot Bush balzz" hahaha (this will be in a
different font from the person you are chatting with, showing that they did not
type it, and it is infact the virus "talking")
¤?X?X?X?X?X? would like to send you the file
"ShootPresidentBUSH.exe" (41 Kb). Transfer time is less than 1 minute with a
28.8 modem. Do you want to Accept (Alt+T) or Decline (Alt+D) the
invitation?
¤?X?X?X?X?X? says:
;)
Scott-NightStorm-]\[][G}{T§TÖ®]v[ says:
not too bad... just about to go
get food
¤?X?X?X?X?X? says:
;)
You have declined to receive file
"ShootPresidentBUSH.exe".
¤?X?X?X?X?X? would like
to send you the file "choke.exe" (41 Kb). Transfer time is less than 1 minute
with a 28.8 modem. Do you want to Accept (Alt+T) or Decline (Alt+D) the
invitation?
¤?X?X?X?X?X?
says:
;)
The
person you are talking to will wink ( shown as ;)... that's a
wink) everytime you are showing as typing, so this is a pretty good clue
in itself that they are infected, and I suggest you send them to the site listed
above immediately, because they will no know they are infected unless you tell
them (they are totally unaware that any of this is happening). Another
hint is that when the ;) are scrolling, the info bar at the bottom of the window
will show "President George W. Bush" as typing... so PLEASE watch
carefully for this... and I hope none of you ever have your computers infected
by it.
¤]\[][G}{T§TÖ®]v[¤