Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Fun with viruses

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243

    Fun with viruses

    This one's anew wrinkle. Got a laptop infected with twunk_32.exe and wscsvc32.exe,
    both of which seem pretty new. Anyway, this laptop has two partitions, a 76gb fat32
    c: drive and a 75gb fat32 d: drive (yes, fat32!).

    Windows won't boot and bluescreens instead. Both partitions are mountable from a PE
    disk, and the data is there. So I'm running a backup right now and look to convert the
    c: drive back to ntfs.

    Never seen this chit though. Anyone else?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    Junior Member BabyNet's Avatar
    Join Date
    Oct 2003
    Location
    Underground base in the mountains.
    Posts
    18
    I never seen it before. I haven't used a windows box for while.

    I mostly use Linux. But it is kind of weird how you have two partitions which are the same.

    My two cents, install Linux on your laptop. It's more secure. That way you won't get any viruses that threaten to destroy your computer. Even on Linux you have to be careful but it's not as easy as Windows to get viruses.
    Salmos 23:4 Aunque ande en el valle de sombra profunda, no temo nada malo, porque tu estas conmigo; tu vara y cayado son las cosas que me consuelan.

  3. #3
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I bet Baby got spanked for that one. lol.

    OK, now that I'm done with my dumb pun, I have seen something close once:

    I was working on a machine for a customer where I used to work once, and the guy had an XP Laptop where the machine could barely load Windows. Basically I had no idea what I could do to start fixing it because I didn't have admin (I called the guy myself, asked him if he knew the admin password.... He didn't of course) so I had a task of getting admin on the machine so I could fix it.

    After some Straight up Wizardy (Seriously it's not like I could use an exploit or something and tell it "Install this Spybot and AVG for me now" I had to do everything by hand) and finally got it to scan.

    I think you may want to do the back ups you're doing, and then, SCAN THE BACK UPS! because if you accidentally back up that, you'll be in this again.

    Anyway, once you're done, don't just format and call it a day if you can, have some fun. I like to run deltree C: *.* /y so I can watch a file system die sometimes (It's relaxing), or, del C: *.* /S /Q for NT based, again, very calming to let the machine know who's the boss

    Anyway, one thing I kept seeing from a similar scenario, was a very specific fake security center. I looked up the Security Centers crap online, and the ones I found weren't what this was. It was a different one.

    AVG, with Heuristics enabled, finally found it, but then I couldn't get rid of it. Basically had to open DOS and do it from there, and then, run AVG, And Spybot again, and finally got it.

    So the point is, the thing I found was actually some weird fake security scanner, but I couldn't find it on google at all. The ones you find on there are well known, and easy to find, but a pain. The one this thing had, was different and at one point Windows wouldn't even boot.

    Anyway, again, check your back ups when you're done.

  4. #4
    Banned
    Join Date
    Jan 2008
    Posts
    605
    deltree *.* only deletes all files within that directory so everything up or down from the specified path would go uneffected. System files won't be touched and neither will global libraries since so many processes use them at once. You can't delete running applications either. You wouldn't be able to automaticly delete read only and hidden files... even as admin.

    I've explained this to you on more than one occasion... we've both been using computers for how long?!

  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by The-Spec View Post
    deltree *.* only deletes all files within that directory so everything up or down from the specified path would go uneffected. System files won't be touched and neither will global libraries since so many processes use them at once. You can't delete running applications either. You wouldn't be able to automaticly delete read only and hidden files... even as admin.

    I've explained this to you on more than one occasion... we've both been using computers for how long?!
    I left out, intentionally, the C:WINDOWS part of that command, and there is no admin on Windows versions that it works on. I know it works because I've done it like I said. I even made a batch file out of it to prevent having to type to much.

    The first time I did it, I had rebooted Windows 98 into MS-DOS mode, and once I had it typed out, I looked at the clock, hit enter, and watched a screen fill with deletes. It doesn't boot when it gets done, which is why I said I knew it worked.

    I've done the same thing with rm -rf / as root. Jinx made it into a roulette game that would roll a number and if it was like 1 or something it ran that.

  6. #6
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Gore, are you still pretending to be a technician? AVG? Worst heuristic capabilities on the market, application incompatabilities, and weak removal capabilities.

    BrokenCrow, do a repair installation first. Don't **** with NTFS conversions until it's done by the live system. You risk ****ing up some of the metadata and file ownerships. Once the core files are replaced, boot the machine and run MalwareBytes to remove any critters. Fix the LSPs and any winsock issues, and then convert the drives to NTFS.
    Real security doesn't come with an installer.

  7. #7
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Do I seem like a techie to you? I'm not pretending to be a tech, I'm good at being a bastard

  8. #8
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Quote Originally Posted by gore View Post
    Do I seem like a techie to you? I'm not pretending to be a tech, I'm good at being a bastard
    It's just hard to make fun of you now that you're not fat.

    WTF happened to this place? It's a ghost town.
    Real security doesn't come with an installer.

  9. #9
    Quote Originally Posted by D0pp139an93r View Post
    WTF happened to this place? It's a ghost town.
    Yeah look at the other forum sites I-world operates. Admins ban people for stupid reasons. People who actually help people on this site do not get their green dots (I want my Jerry beeds!). Only people who post massive amount of crap get rewarded. As far as ghost town comment, this is why I post viral videos so google junkies will click on it. This board has history and the archives are golden like Phrack and 2600.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by D0pp139an93r View Post
    It's just hard to make fun of you now that you're not fat.

    WTF happened to this place? It's a ghost town.
    I know, I'm sorry, I should have warned you I was dropping weight fast. The funny part is that I didn't take anything to help and managed to piss off some of my bigger family members because they asked how I managed to lose literally 160 pounds without dieting or pills.... I said I ate Chocolate and drank Cherry Pepsi.

    My guess is it was the energy drinks. I down more Caffeine than most people have in a week. Caffeine DOES help with that. And I do lift weights because of my spine because it's either that or be fat... And I LIKE looking down every day and going "Ah there you are!"

    The Ghost Town part is because everyone who's logging in, isn't posting. Same number of people are online.

    And no one here has been banned for anything stupid since JP stopped being the admin. (The Founder, who banned a lot of people for very stupid reasons, Doppie probably knows about that).

Similar Threads

  1. How do worms work?
    By djhuk in forum Newbie Security Questions
    Replies: 8
    Last Post: October 13th, 2004, 06:26 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. Learning to program from a security point of view
    By hellforgedangel in forum Newbie Security Questions
    Replies: 13
    Last Post: April 29th, 2004, 10:58 PM
  4. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 02:52 AM
  5. Viruses...What are They Part II
    By emrys in forum The Security Tutorials Forum
    Replies: 2
    Last Post: June 25th, 2002, 02:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •