My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


(JS/Exploit-Messenger, JS_Menger.Gen, JS.Menger.Worm)


- The script sends messages to users in MSN Messenger contact list.

Removal instructions:

The virus doesn't produce any damage, it doesn't install itself, so removal is not necessary. It is required to close all opened Internet Explorer windows.

Analyzed By

Mihaela Stoian BitDefender Virus Researcher

Technical Description:

The script exploits an Internet Explorer vulnerability. It is executed when a HTML page is loaded from one of the addresses:
http://www.rjde……../cool,………tx1.htm, etc.
These pages have been removed by now.

The message "Please Wait…" appears on the center of the page and another Internet Explorer page is opened. This page is minimized, with the title "Please Wait…". Through this page, the script sends messages to users in MSN Messenger contact list if the messenger is installed.

The text of the message could be:
Hey Go to /……./teztx1.htm plz or
ATTeNT!oN - Go to:….. /teztx1.htm or
URGENT - Go to http://www.rjde…… /cool Now

Through a hidden form, it sends an email to an address using a script from a public site.