Point Zero: Redefining Otaku

Payload filename
photoalbum.zip

Malware type
Trojan horse

Malware name
Variant of Backdoor.Win32.IRCBot.aaq (according to CISRT)

Infection vector
MSN live messenger (Other versions of MSN i m not sure)

How it looks like

NOTE: Some others have different kinds of messages, but they contain persuasive texts tempting you to open the file. There are some which does not have any message, only the file is on the conversation windows.

How it works
Once you download the file from a infected PC, the ZIP file will automatically install itself into your system without any clicking on your part, based on my observation.

What should you do
-Cease all activities.
-Exit MSN to stop the infection from spreading to others.
-Update your anti-virus, anti-spyware program
-Scan your system

Solution (Updated!)
I tested the solution found in the CISRT web page, it worked for me. So it should work for those infected.
Before you start, please make sure you have scanned your PC with a Anti-virus or Anti-spyware program.

WARNING: THE BELOW STEPS REQUIRE YOU TO USE REGEDIT. MESSING AROUND WITH THE REGISTRY WILL RENDER YOUR SYSTEM UNBOOTABLE!
SEEK PROFESSIONAL HELP IF YOU ARE NOT FAMILIAR WITH REGEDIT!

Step 1)
-Go run
-type regedit in the run box
-Find: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad”
-Find these registry entries
: “rdfhost”
: “rdihost”
: “rdshost”

NOTE: According to my observation, only one of the 3 entries will be present
:Find the entries/filename without the quotes

Step 2)
-Run the search function
-Depending on which one of the 3 entries you found, search for the file that you found in the registry
: “rdfhost.dll”
: “rdihost.dll”
: “rdshost.dll”

Note: Find the entries/filename without the quotes

-Use this guide at your own risk
-I will not be responsible for loss of data, hardware malfunction, corruption of files
-Seek professional help if you are not confident in removing the malware