A friend received a pic on MSN chat.  She opened the pic.  Now when
she chats: Http://192.1.1.124:8180 shows up on the person's computer,
in the chat box, to whom she is chatting with in both MSN and Yahoo
Messenger. It takes various forms:  for example:  Hmmmmm
http://192.1.1.124:8180 or like...Look at this;
http://192.1.1.124:8180...What is this..and How can this be removed
from her computer?  She has Norton Antivirus and apparently Norton
didn't pick anything up.  Please advice.

Hi,

This may not be anything at all if its normal for MSN or Yahoo chat,
however I have never used these.  If it is not normal, then continue.

As far as I know all 192.*.*.* IP addresses are in your local network.
 This means any persons trying to access one of those IP addresses
can't reach your computer as its trying to reach a computer in their
network.

There is a great possibility as this is a trojan, and the person who
created this wasn't a talented programmer.  Instead of getting your
internet ip address, it got your network one, which just so happens is
good for your friend.

To remove this on Win9X/WinME:
1. start -> run -> msconfig
2. goto the startup tab
3. there should be a list of many files, all of the ones with a check
next to them are loaded at startup.  If you see any suspicious files
which are being loaded, uncheck them.  Please be sure to consult a
person who knows which files should be ran at startup before
unchecking them.

ALSO-some files place themselves in the win.ini file.
1. start -> run -> win.ini
2. there should be a run= and load=. make sure nothing is followed by
these lines.

Win2K/ME:
1. start -> run -> regedit
2. HKEY_LOCAL_MACHINE
3. SOFTWARE
4. Microsoft
5. Windows
6. Current Version
7. Run
This displays the list of everything that is loaded at startup.  Just
delete the key to remove it from starting up.

I hope this helps your problems out.  If you notice something funny
going on while your on the computer and connected to the internet,
goto start -> run -> command.com.  Then type in netstat, which will
return a list of all ip addresses connected to your computer and which
port.  This may be of use if you wish do something about the person
who is attacking you.

Good luck,

br

insp...

Here's a newsgroup post about the same problem, dated 9/11/02:
http://groups.google.com/groups?q=g:thl1251890302d&dq=&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3d7ea526.17862511%40news-server.optonline.net

and the response:
"Whois says:
 BBN Communications BBN-CNETBLK (NET-192-1-0-0-1)
                                  192.1.0.0 - 192.1.255.255
 Bolt Beranek and Newman Inc. BBN-WAN (NET-192-1-1-0-1)
                                  192.1.1.0 - 192.1.1.255"
http://groups.google.com/groups?q=g:thl952716607d&dq=&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=almv8l%24oq4%241%40pinah.connect.com.au

That's called Klez. You need to get the Klez removal patch. It's a
relatively harmless virus though, doesnt do much aside from send that
link to everyone on your buddy list.