Posted: 05:15 hours (GMT+8)
Virus alert. Someone on my friendslist fell for the scam. Assuming there are only 6 degrees of separation… Thought I’d write something up really quick before someone else I know falls victim. I’m up this late because I was doing my Final Year Project.
How it tricks people: A hacker enters your MSN account, advertising a block checker with a trademarked company. It will come up as an offline friend logging in, talking to you with the ad, possibly changing the screen name, then soonafter logging out. Your friend will include a link to either “www.you-are-blocked.com” or “www.youareblocked.com“, saying you can check out who has blocked you on MSN by using this site.
The overexcited/curious unsuspecting person CLICKS THE LINK and GIVES THEIR PASSWORD without checking things out with their friend first.
Consequences: From what I’ve heard (on the interwebs), downloading the software will cause your computer screen to start spazzing. Then it dies. Permanently. I’m sorry.
Otherwise, it’ll just send the link to your friends, pretending to be you.
Damage control:
1) Change your MSN password – NOW! GO GO GO
Eventually you should be able to log into MSN. If MSN is too unreliable, sign in through another website that uses the MSN Passport or Windows Live ID, such as Hotmail/Windows Live Mail. It will be at a section that says something like “Settings”, “Account” or “Edit your info”.
***If you can’t figure out how to change your password, please step away from the computer now and get someone who does because the likelihood you will cause your computer to die an even worse death as you continue following these steps is very, very high.***
(Edit: After reading some comments from readers, I believe you can stop at Step 1 if your computer is not acting weird.)
2) Disable system restore
This ensures a thorough clean-up and that the virus won’t be backed up.
Windows XP instructions
Windows ME instructions
3) Reboot computer in Safe Mode
Press the F5 or F8 key down as soon as you turn on the computer and hold it there until you hear a beep, see a startup menu (a list of the computer’s various startup options) appear, or safe mode loads. You’ll know you did it right if you see the words “safe mode” at the corners of your screen.
4) Run a thorough virus check
Ensure your anti-virus software is up-to-date. If it isn’t, download the latest updates from its website before running it. Need help? Check out this tutorial.
5) Remove MSN Messenger completely
Uninstall it from the Add/Remove Programs control panel to remove its program directory from your computer (to make sure everything is removed). If you can’t find it, it should be under “Windows Live Messenger” (too tired to check now, using common sense).
6) Reinstall MSN Messenger
Go to the official website and reinstall it.
7) Learn from it
Warn your friends and don’t do it again.
Information Sources:
Posts by “CookieRevised” – Website 1, Website 2
(Note added 4 Sep 2009: These two websites do not seem to exist anymore, or have restricted access. So although I can credit the original source, no one can see the sites.)
(Added 4 Sep 2009) You can also link to this page with WordPress permanent shortlink: http://wp.me/p2SuF-Z
Friday, 4 January 2008 at 8:52 pm
Thanks a lot. I had been attacked by this virus. And i sincerely thank you for writing these. I am now going to complain about these websites.
Wednesday, 9 January 2008 at 12:38 am
Cool, didn’t think anyone else would find this useful. Hope it helped!
Saturday, 12 January 2008 at 8:27 pm
Thanks for this, Like an idiot i clicked on a similar link yesterday and as i type this, i am on stage 4 of the process.
Thanks, I am confident that i will get rid of it…and yes (number 7) Learn from it!
Dave
Saturday, 9 February 2008 at 2:07 pm
It is my understanding that this site is just a Phishing site, ie it collects you MSN username and password, so it can spam all your contacts to get their username and password, but I don’t think it installs anything (though I haven’t gone as far as testing this theory).
So changing your password MSN password is imperative, but I don’t think uninstalling and reinstalling MSN is necessary.
For more nifo read: blockdelete.com is a scam!
Monday, 11 February 2008 at 11:07 pm
@ Leefe: Thanks for your post. I haven’t tested the theory out either and hope I don’t get to that stage ever. It’s troublesome as it is either way.
Monday, 7 July 2008 at 10:33 am
Thank you so much! My sister nearly clicked the link but it seemed fishy so I told her not to and researched it first. You probably just saved her comp.
Thursday, 10 July 2008 at 1:16 am
@MB: YOU saved her comp. I sure didn’t force you to check it out first. :P Ah, the power of second thoughts…
Thursday, 31 July 2008 at 4:32 pm
Thanks alot! I knew it was a scam but i fell for it after a month of ignoring my pesky friends “lniks” on msn =…….= i quickly did a google and ur blog came up.. changed my pass immediately xD thanks again
Friday, 10 July 2009 at 2:38 pm
[...] Do you want to know who blocked you? “You Are Blocked” MSN virus/scam Chocolatefan’s Blog __________________ Need Help? – To view links or images in signatures your post count must be [...]
Tuesday, 18 August 2009 at 9:34 pm
thanks alot for this post, like an idiot i entered my details into are you blocked.com, i have changed my password immediatley after finding out that emails have been sent to all my contacts, hopefully it will stop now!
Wednesday, 19 August 2009 at 10:09 am
One of my contacts must have hit the link, because one of those emails showed up in my inbox tonight — Being more technically inclined than some of my acquaintances, I am generally suspicious of such emails, and immediately I recognized it for what it is…
I’ve posted the link to this blog, to keep other friends informed, before they have to deal with the hassle as well… Thanks !
Wednesday, 19 August 2009 at 1:05 pm
I’m surprised after so long, people are finding this useful. Glad it helped anyway! :)
By the way, I do read every comment that’s posted, even if I don’t reply to them individually, and even after moving to a new site.
Take care, folks!
Friday, 21 August 2009 at 6:01 pm
thank you so much , i was silly to check the post.
nothing wired happend to my computor, but i can’t sent email anymore. it was enclosed virus automatically whenever i sent email, and the post was blocked by the system.
Friday, 21 August 2009 at 8:26 pm
Oh dear. Are you at least able to save your contacts from the affected account? Then perhaps you can set up a new email account if you can’t solve the problem.
Is anyone else unable to save their account with the steps listed? Do let me know, so I can figure out how effective it is.
Friday, 21 August 2009 at 8:38 pm
yes, no effection on my contacts and computor.
it seems need several minutes to show information when you open it.
i simultaneously close that website, and changed the password.
i put your blog address on my space, so it can help more friend.
Tuesday, 25 August 2009 at 8:21 pm
Thx u saved me from a horibly computry death gald i read this first befor i went ahed and did it :P
Tuesday, 25 August 2009 at 8:34 pm
No idea if my email reply worked, So I’ll do it again here.
Glad you found my post useful! :) I imagine your computer is glad to be safe too hahaha.
Wednesday, 26 August 2009 at 3:09 am
I just don’t open anything from msn as i find them annoying.
All I use live messenger for is chat and for you pittheads that think there are applications like this about then ur stupid!!
as msn has strict privacy rules
Wednesday, 26 August 2009 at 10:19 am
When you say “applications like this” I assume you mean applications that let you check who has blocked or deleted you.
MSN may have strict privacy rules, but it’s not as strict as one would hope. As long as a site has your account details (for any kind of account, not just msn), they could do a lot with it. It’s up to each person to decide which site is trustworthy!
There are actually real, legit, virus-free websites that allow you to check who has blocked or deleted you. I have personally experimented with http://www.msngeeks.com/ in the past and it has worked perfectly with no virus, no hacking, no problems like that. Of course, it needed my sign-in information to do that. But that was ALL they needed.
TLDR summary:
1) There are legit applications about that DO allow you to do that.
2) Yes, you do have the best way: Simply avoid clicking suspicious links. Check it out before doing anything.
Friday, 4 September 2009 at 12:14 am
THANK YOU! My ‘friend’ at school was trying to get me to use a website like this and before i did i researched it. I found that it was a complete virus and minutes after i researched it her msn name popped up and started having links to it. I got an email from a different friend last night and this website showed up and i thought it might be better – it said it was secure… but the link itself didn’t say ‘https’ so i googled it and found this!
Just a reminder when ever a msn window pops up about any website – tell the friend about it. They probably don’t realize they have the msn virus so warning them is a huge help.
Friday, 4 September 2009 at 10:46 am
That’s true. When the virus sends links over msn to other people, I don’t think a window pops up on the affected account or email doesn’t appear in sent folder. So the only way they find out is when other people tell them about it. It never hurts to check things out with them first!
Monday, 14 September 2009 at 6:34 am
Thanks alot. I Was gonna write my password, but then I said I Would search some info about it first.
thanks for saving me
Tuesday, 15 September 2009 at 2:00 am
Great to know that you managed to not get tricked by it!
Thursday, 24 September 2009 at 1:03 am
omg, i can’t even get into my affected hotmail account right now, but my other is perfectly fine!!!!!!!! wowsers…i did change my password…the page is currently unavailable, it wont connect!
Friday, 25 September 2009 at 7:44 pm
Hi Tara, how is the situation now? Have you tried clearing your cache? I’m not a computer/IT expert so the advice I can give is really limited.
Saturday, 26 September 2009 at 3:57 am
I just got an email from a friend with a link to one of these sites. I clicked it and entered information (Yea i know it was stupid, I was tired) right after i knew i had been scammed, so I changed my password. But is there really NO chance of getting my good ol’ password back? :/
Sunday, 27 September 2009 at 10:51 am
I’ve never thought about that. I have no idea how long they would keep the information in their database. I guess one way is to make a fake account to experiment?
Wednesday, 7 October 2009 at 9:02 am
Hello,
I received this email to my hotmail address, opened it and entered my info. Within minutes I changed my password. I later closed my account. I did not have any contacts in my contact list. I spoke with a buddy of mine and he had recieved the email from my address. Why did he recieve the email? A while back, I deleted all of my contacts from my list. They may still have me on theirs. Is it possible that the email is sent to anyone who has my email as a contact on their list?
Friday, 9 October 2009 at 10:44 am
Do you have those contacts on Messenger?