What should I do if my computer is infected with an instant messaging (IM) Trojan?

Important:
To avoid viruses spread via instant messaging (IM), think before you click; if you receive a message out of the blue, with nothing more than a link and/or general text, do not click it. For more, see Best practices for computer security.

If your computer is infected with an instant messaging (IM) Trojan, the remote attacker can, among other things, control chat sessions, send the Trojan to people on your buddy list, and perform Denial of Service (DoS) attacks using your computer.

If you're notified that your computer is sending a virus or participating in DoS attacks, immediately unplug the network cable and reformat and reinstall your operating system. Additionally, if you were running IM software while logged into your computer with administrative rights, any infection contracted through that software will have administrative rights also, and you will have to reformat and reinstall the operating system. It is not sufficient to simply remove the infection, because doing so will not remove any programs that may have been installed with administrative rights while the computer was compromised. For help reformatting and reinstalling your system, see:

It is safest to run IM software without administrative rights, as outlined in What is the principle of least privilege? If you were following the principle of least privilege at the time of infection, University Information Security Office (UISO) at Indiana University may consider using a cleaning tool or deleting your profile instead of wiping your computer.

Following are examples of infections that can be spread via IM applications:

Note:
For personal computers running Windows 8.x and higher, UITS recommends the Windows Defender antivirus suite, which comes as part of the operating system. For Windows 7, UITS recommends Microsoft Security Essentials, available free of charge from Microsoft. Be sure to have only one antivirus program installed.

This is document aqhm in the Knowledge Base.
Last modified on 2015-07-08.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.