hey guys there is a active x worm affecting myspace accounts I got it when I went to brians myspace it asked to run active x and froze my comp here is a e-mail I got on how to get rid and identify it. ----------------- Bulletin Message -----------------
From: Tito Ortiz
Date: Dec 2 2006 10:03 PM


ACTIVE X VIRUS!!!! PLEASE REPOST
Body: From: SOKO
Date: Dec 3 2006 12:49 AM


IF YOU HAVE ACTIVE X, U HAVE A VIRUS

WARNING ABOUT THE ACTIVE X WORM:
Body: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXX

WARNING ABOUT THE ACTIVE X WORM:



EVERYONE READ THIS:

My site got hit with the ACTIVE X worm last night. You can get infected by it in many ways. With me it happened when someone (spammers) posted a generic comment. Actually, it gets posted automatically by the worm. Mine was from a Beautiful Brunette but it could be from anyone of your friends or even a stranger. The worm uses another person's identity to post the comment, message, or bulletin. And it could say anything like "have a nice weekend, etc". The worm insersts a code into your profile page without you knowing it and it enables spammers to send tons of messages, bulletins, and comments with your name on them that also contain the WORM (Virus). Then you can get flagged and your account gets frozen. It can even be totally deleted.

Everyone, You need to go to the end of your "about" me section as well as the end of your "Movies" section and check the code there to see if you have it.




The clue that you have it is that you will see: http : // www. david draftsystem .com /images /login. html . (without the spaces) In the code. If you see that, you have it. Whatever you do, don't go to that page and log in. It's a "Phishing page." If you put your e-mail and password there, they can take over your account completely.



If you go to that page you'll see what I mean. JUST DON'T PUT IN YOUR INFO. You'll see on that page a part that says:

"This has been put on this server by unauthorized personnel. Please ignore this page! It shall be removed shortly."

I'm not sure if that's true, or if that site is actually owned by the hackers (Spammers). I went to www . daviddraftsystem .com and it looks like a phony website for a draft beer system. All it has is a log in and password section. This might be the home of the hackers. Not sure though.



Another tip off is if your profile page looks weird or different. If it's all messed up. That could be from the WORM.

HERE'S A BIG CLUE: If you go to your profile page or another persons profile page and a small box pops up that says:

------------------------------------------------

"Click to run an Active X control on this web page"

"click OK'
------------------------------------------------


THEN YOU ALMOST CERTAINLY HAVE THE WORM. OR IF IT'S A FRIENDS PAGE, THEN THEY HAVE IT.


Everyone should check out their code. I think this WORM goes to all of your friends, so since I have it, you might too. You'll see stuff on your Bulletin Board, as a Message, or as a COMMENT. And if any of those has the Worm in it GUESS what? You're infected. The COMMENTS will automatically infect you and you may not even know it. You have to delete your comments up to the point where the infected COMMENT is. If you don't know which one it is, I suggest you delete them all. Otherwise, the worm will still be there and will come back.

If you click on a Bulletin, or Message that has the WORM in it, YOU GET INFECTED right then. And it's hard to tell which ones might have it. And even if you're infected, you might not even know about it unless you check your code.

THIS THING IS LIKE THE AIDS VIRUS. IT'S SPREADING AND WE HAVE TO FIGHT IT.

THINGS like this can kill My Space.

If you haven't already done so, You must back up all of the sections from your Profile page. GO to EDIT MY PROFILE and then copy each section into a Text file and save them in case you get hit by this worm. Then if you do, you can easily delete everything and put it all back with the back up copies. Make sure you're not infected before you back everything up. Otherwise you'll be copying the worm.

You have to be careful. Otherwise your site could get frozen, or even worse, completely deleted.

NEVER, EVER, EVER, EVER, log in to ANY PAGE EXCEPT www.myspace.com ) EXACTLY. Not ( tom...) , or anything else. MOST OTHER LOGIN PAGES ARE PHONY SPAMMER ONES!!!!! IF A PAGE LIKE THAT COMES UP ASKING YOU TO LOG IN AGAIN. DON'T DO IT. TYPE IN www.myspace.com instead!!!!

I spent hours trying to fix my site. Then one of my friends told me about this Active X worm. I got FLAGGED by My Space for Spamming from it. When that happens, you can't do anything on your account at all. You can't post bulletins, send or recieve messages, add people, etc. Until they check your site. And you could even be totally deleted.

EVEN WORSE THAN THAT: If you use the same E-mail and password for My Space as you do with AOL, Yahoo, MSN, etc, the spammers will spam those e-mails too. Then AOL freezes your account and you can't log in. You have to contact customer service.

NEVER USE THE SAME PASSWORD FOR MY SPACE as you do for AOL etc. If you want to learn more, go to the help section and read about this stuff.

AND CHANGE YOUR PASSWORD OFTEN.

Hope this helps people. If I got this worm, then you might have it too. And if you have it, all of your friends might have it. Please repost this for your friends and maybe we can fight the people who made this thing.

MAYBE THIS BULLETIN CAN VACCINATE EVERYONE AGAINST THIS ACTIVE X WORM. SO PLEASE REPOST IT ON YOUR BULLETIN.



The worm is in two parts. The first part is at the end of your "About" section. The second part is at the end of your "Movies" section or one of the other sections. Click on Edit Profile to see if you have it. If you see this, delete it. Or better yet, if you have a back up of your entire page on file, you might be better off re-doing it all.


It was extremely difficult ot get this code to show up here for you. It really likes to stay hidden. So I had to alter it and remove parts of it. I removed all of the >'s and <'s and some of the other letters so it won't be exact. I had to do that to make this visible to post in this bulletin. Otherwise it all stays hidden. But if you see something similar to this, you have the worm.

Note: YOU MUST DELETE BOTH CODES TO REMOVE THE WORM. THEN YOU MUST CHECK YOUR COMMENTS. DELETE THE ONES THAT YOU THINK MIGHT HAVE THE WORM. OR EVEN DELETE THEM ALL. AND KEEP CHECKING THE CODE AGAIN TO BE SURE YOU'RE NOT RE-INFECTED!!!!

HERE'S THE APPROXIMATE CODE FOR THE ACTIVE X WORM. IF YOU HAVE ANY PART OF THIS CODE YOU ARE PROBABLY INFECTED:



================================================== ================
This is the beginning of the worm code in the Movie section:
================================================== ================


html div style='width: 1px; height: 1px; overflow: hidden; text-indent: -9999px' embed allowScriptAccess="never">

================================================== =================
End of Worm code in the movie me section or one of the other sections..
================================================== =================


NEXT:

================================================== =================
This is the beginning of the worm code in the About Me section:
================================================== =================

style type text/css
div table td font display: none
div div table tr td a.navbar, div div table tr td font display: none
testnav position: absolute top: 136px left:50% _top: 146px
style div style= z-index:5 background-color ..6698CB margin-left:-400px width: 800px" align="center" class="testnav" div style
a href="http://www.../images/login.html target= class navbar Home
a href="http://www.../images/login.html" target= class="navbar Browse href="http://www.../images/login.html" target= class="navbar Search /a a href="http://www.../images/login.html" target= class="navbar Invite href="http://www.../images/login.html" target= class="navbar Film /a href="http://www.../images/login.html" target= class="navbar Mail /a a href="http://www.../images/login.html" target= class="navbar Blog a href="http://www.../images/login.html" target= class="navbar Favorites /a a href="http://www.../images/login.html" target= class="navbar Forum href="http://www.../images/login.html" target= class="navbar Groups a a href="http://www.../images/login.html" target= class="navbar Events /a a href="http://www.../images/login.html" target= class="navbar Video a href="http://www.../images/login.html" target= class="navbar Music a href="http://www.../images/login.html" target= class="navbar Comedy /a href="http://www.../images/login.html" target=
class = 'navbar' Classifieds /a /div /div




================================================== ==================
End of Worm code in the About me section.
================================================== =====================

NOTE:

PLEASE RE-POST THIS TO ALL YOUR FRIENDS. TO DO SO, HIT "REPLY" AS IF YOU'RE REPLYING TO THIS MESSAGE. THEN COPY EVERYTHING BETWEEN THE XXXXXXX LINES INCLUDING THE XXXXXX LINES. AND PASTE IT INTO A NEW BULLETIN SO YOUR FRIENDS WILL SEE IT TOO. AND KEEP RE-POSTING IT UNTIL WE GET RID OF THIS WORM FOR GOOD!!! You can also read more about it in the Forums, or go to Help.

YOUR FRIEND,

Johnogen

PS. I also posted this on my site. The address of my profile is:

http://profile.myspace.com/index.cfm...endid=88255373
================================================== ==================




XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXX