another new virus (W97M.Killboot)
Results 1 to 6 of 6

Thread: another new virus (W97M.Killboot)

  1. #1
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553

    another new virus (W97M.Killboot)

    W97M.Killboot
    Discovered on: December 31, 2002
    Last Updated on: December 31, 2002 11:33:03 AM

    W97M.Killboot is a macro virus that infects the currently active document and the Microsoft Word Normal.dot template when an infected document is closed. So, once the Normal.dot is infected, clean documents will be infected when they are closed.

    W97M.Killboot creates the file C:\Setver.exe, which the Symantec antivirus products detect as Trojan.Killboot. If Trojan.Killboot is run, it writes the viral code into the Master Boot Record (MBR); this code can overwrite the MBR on all the physical hard drives with zeroes. Symantec antivirus products detect the viral code in the MBR as Killboot.145 (b)
    Found @ Symantec Here

    I just thought I would send a heads up, maybe prevent a few messed up MBRs and some headaches.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  2. #2
    Banned
    Join Date
    Sep 2002
    Posts
    26
    Does anyone know where i can get that virus? is there like a virus archive or something on the internet?
    uhh fdisk /mbr

  3. #3
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    Kerms > Hmm, fdisk would work, as long as you had a copy of the mbr somehwere to restore it. Heh, reminds me of a teacher of mine at my college, he keeps a live virus similar to Killboot on a floppy, so when we are finished with our assignments, he wipes the mbr so the next class can't use our work.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Originally posted here by Kerms
    Does anyone know where i can get that virus? is there like a virus archive or something on the internet?
    uhh fdisk /mbr
    Now WHY would you want this???? *coughcoughKIDcoughcoughIDcoughcoughIOTcoughcough*
    *ugh*
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Now WHY would you want this???? *coughcoughKIDcoughcoughIDcoughcoughIOTcoughcough*
    avenger_jcc: I understand you for thinking that Kerms would use this with malicious intent... but...

    I have been known to play with a virus or two. I have a couple of "test" boxes that I don't keep on my network and off the internet and I let them loose on that box(s). Just to see what happens. I always rebuild it for the sole purpose of messing it up. If the virus propagates through network shares... I put those two boxes on the same "network" and let them run to see how it works.

    I understand that viruses are a major threat to us. Thats one reason I try to understand them better. I'll even play around with the permissions first on two boxes. Make one "out of box" config, and then lock down the file system on the other. Then I'll compare the damage.

    I guess its just to see how much damage they actually cause and in what amount of time.
    Maybe its just to kill some time when I'm bored.

    I'm not aware of any "virus repository" but so many people get them and a couple people from school will forward them to a spare account I have for stuff like that. I don't want to infect my good boxes... I'll download them to floppy and transfer over.

    Like I said... I keep them off the internet and network, so I'm not "hurting" anyone but me.

    BTW: I don't condone the act of writing viruses, let alone setting them loose... but since they are there and they aren't going away any time soon... you might as well understand them.

    Oh, congrats on becoming an AO Addict! Just saw that you passed the mark!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Yes, you are right Phish, but usually thats stated in the post... but at least I didnt neg him

    and OMG I didnt even know I was close to Addict status!!

    WOOHOO
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •