Yahoo Messenger Michael Jackson virus

dead_smiley A friend of mine got infected via Yahoo Messenger. The virus, spreads via mass messaging the following message:

HAHA Michael Jackson Gay 😀 » http://looool.machiaeljack**

The link takes you to something that looks like a picture, but because the file name ends with what appears to the user as a web adress the final extension is .com not .jpg - and so you get tricked into running an executable.

Automatic removal can be done with the Kaspersky Virus Removal tool.

Manual removal is as follows:

Remove these files (use unlocker if needed)

C:\Documents and Settings\<user>\Local Settings\Temp\174094.exe
C:\Documents and Settings\<user>\Local Settings\Temp\MichaelJackson_SUCKS.PIF (or any other similar file .pif and containing Michael Jackson in the name)
C:\Documents and Settings\<user>\Local Settings\Temp\svchost32.exe
C:\Documents and Settings\<user>\Local Settings\Temp\vshost32.exe

The last two will be on every partition your system has. Reboot and after starting go to My computer and DON'T double click the disks; Right click and choose explore and erase vshost.exe and autorun.inf from every partition in your system.
Also remove the following registry key:

`[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]` `"BootMgr"="C:\DOCUME~1\\LOCALS~1\Temp\svchost32.exe"`