This post has 2 parts:

Part 1 is a tech-support question.

One of my IM friends sent me a suspicious message today, along with a zip file. I downloaded it, and 2 seconds after starting, I realized that it was a virus. I didn't open it, but instead shredded the file using a file shredder that overwrote it 7 times with random data. My question is, can a zip file open completely by itself, without the user clicking on it? Because if it can, then the virus is already on my computer. If it is, how do I get rid of it?

Here are all the facts:

The message sent was:
The file's name was g8997.zip. It was 172 KB in size.
After the file finished downloading, I saw a command prompt pop up for about 0.3 seconds. I didn't get the chance to see what was on it.
I never opened the file, and instead shredded it. I am now currently shredding my free space, so that no files can be recovered.

The person sent it again, this time named g9002.zip. Same size.

Part 2 is a general discussion question.

What is your opinion in IM worms? How often do they happen to you, and what do you do to prevent them? How annoying are they, really?

First off I block your friend or send him a message of what is going on and stuff, because most likely your friend is completely infect, and in away a zip file can be opened automatically if the virus is programed to do that, however, in order to do that you need to download the file first. Of course you should have realized that something was up the moment your friend sent the file because really your friend would have just sent you an image, and not a zip file. Of course my googling came up zilch about that particular zip file, and I wouldn't doubt you got tagged by the Storm worm, but I haven't heard much about Storm Worm going after IM clients, but knowing your "friend" they might have got hit by Storm. So I would get in contact wit ha security team and let them know about these files, and when ask you might have to send it to them so they can analyze it and see what you have.

As for your second question IM worms are rare these days, though they still exist everyone goes after emails just because it is easy and more efficient to spread.

I did realize that something was up... 2 seconds after I started downloading the file. There was no way to cancel it. I never touched the file after it finished downloading, and I shredded it, along with all my free space, immediately. I also did an antivirus scan and it came up with nothing.

Also, I just did a Google search about the message that they sent and it seems to have affected quite a few people. What I'm talking about is, if I never clicked on the zip file at all, would it open completely by itself?

Another search result turned up the worm Backdoor.Win32.IRCBot.ayc/Image-005.JPEG_escudrinado-MSN.com. I think the virus was the one shown there. No, it wasn't. The file that I received wasn't a JPEG file at all.

There's nothing in my root directory (C:) either. This is a common behaviour of most viruses.

This post has been edited by tricky77puzzle: Mar 25 2008, 01:28 AM

Command prompt, eh? I would assume that was the virus setting itself up; but i can't say for sure. However, have you been logged in to your IM client? If so, have you randomly seen "yourself" send files to other users on your list(s)? Or has anyone asked you, "What's this you're sending me?"? I've had a couple of friends that got infected by those "I think this is you in this picture" messages, which i was IMed once by it. Mostly people that go on social websites like MySpace are likely to get infected by these kind of IMs, i would assume.


Is your anti-virus software up-to-date? Or perhaps i should say, is the name of that worm you found in their database?

---

If you dual-boot with another OS, perhaps you should switch over to it for the time being until you can figure out if you're clean.

---

[1]They're pointless.
[2]Only got IMed by one, once.
[3]Use "common" sense, and convert to Linux.
[4]I can't really answer this one.

It sounds strange that autmatically upon receiving a file, it would start itself... What IM client was it? MSN?

No file can start itself on its own... Something or someone has to start it the first time... MSN doesn't do that by itself... Unless you clicked on open, or something... Do you have a option for AV to check infoming files? If you have, then maybe command prompt was AV software starting and scanning that file...

And to answer your questions:
[1] Rather annoying, and as rvalkass said, pointless, they do nothing but annoy you
[2] They happen now and again... But I'm safe
[3] First of all, I don't download them... Second, I'm on Linux
[4] Extremely annoying, for my taste

Someone I IM alot got that virus and so his IM ended up trying to send it to me. The fact he was showing a picture was convincing, as he is a pixel artist. However, the message I got included some information that he wouldn't know (Forget exatly what it was) so I'm like, uhh, no thank you. Then there was the fact it was named Image-005.jpeg, and someone who has as many pictures as him names nothing "Image" XD

Don't confuse the penguins. His isn't as round, more curvaceous, and doesn't have a Christian Cross on it.

I do not usually use instant messengers because they re very unsafe, and i prefer to use a phone with camera or not.

Thanks for sharing your situation, i will keep not using instant messengers, which by the way, whe i rarely use, i prefer to use the google talk messenger instead of the msn/live messenger.