Messenger Blocker
Messenger Blocker may arrive on the computer by means of spam email messages or links from Instant Messaging applications. When executed, Messenger Blocker will display excessive pop-up alerts and advertisements. The program will install a 7-day trial period. After that it will continously spam user by showing excessive pop-ups. To stop the annoyances, this rogue program will offer its registered version to block and stop pop-ups that it said are coming from Messenger service.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can Messenger Blocker do to infected computer?
- It periodically asked user to obtain the licensed version of the program
- Modify registry to start itself during Windows boot-up.
- May come bundled with other security threats.
Malicious Files Added by Messenger Blocker
%CommonProgramFiles%\System\csrss.exe
%CommonProgramFiles%\System\lsass.exe
%CommonProgramFiles%\System\ntsvc.ocx
%CommonProgramFiles%\System\services.exe
%CommonProgramFiles%\System\smss.exe
%ProgramFiles%\MBlocker\MBlocker.exe
%ProgramFiles%\MBlocker\MessengerBlocker.url
%ProgramFiles%\MBlocker\TranImg6.ocx
%Temp%\~[RANDOM CHARACTERS].tmp
%Temp%\~[RANDOM CHARACTERS].tmp
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\SystemData: “C:\Program Files\MBlocker\MBlocker.exe -c”
Messenger Blocker – Removal
Removing Messenger Blocker Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Antivirus Tools
In order to completely remove the threat from a system, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean PC and rename the executable file before executing on the infected machine.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run SuperAntiSpyware Portable Scanner.