Fun with viruses - Antionline Forums

*brokencrow* · January 15th, 2010, 11:07 PM

This one's anew wrinkle. Got a laptop infected with twunk_32.exe and wscsvc32.exe,
both of which seem pretty new. Anyway, this laptop has two partitions, a 76gb fat32
c: drive and a 75gb fat32 d: drive (yes, fat32!).

Windows won't boot and bluescreens instead. Both partitions are mountable from a PE
disk, and the data is there. So I'm running a backup right now and look to convert the
c: drive back to ntfs.

Never seen this chit though. Anyone else?

BabyNet · January 16th, 2010, 10:06 PM

I never seen it before. I haven't used a windows box for while.

I mostly use Linux. But it is kind of weird how you have two partitions which are the same.

My two cents, install Linux on your laptop. It's more secure. That way you won't get any viruses that threaten to destroy your computer. Even on Linux you have to be careful but it's not as easy as Windows to get viruses.

***gore*** · January 17th, 2010, 12:42 AM

I bet Baby got spanked for that one. lol.

OK, now that I'm done with my dumb pun, I have seen something close once:

I was working on a machine for a customer where I used to work once, and the guy had an XP Laptop where the machine could barely load Windows. Basically I had no idea what I could do to start fixing it because I didn't have admin (I called the guy myself, asked him if he knew the admin password.... He didn't of course) so I had a task of getting admin on the machine so I could fix it.

After some Straight up Wizardy (Seriously it's not like I could use an exploit or something and tell it "Install this Spybot and AVG for me now" I had to do everything by hand) and finally got it to scan.

I think you may want to do the back ups you're doing, and then, SCAN THE BACK UPS! because if you accidentally back up that, you'll be in this again.

Anyway, once you're done, don't just format and call it a day if you can, have some fun. I like to run deltree C: *.* /y so I can watch a file system die sometimes (It's relaxing), or, del C: *.* /S /Q for NT based, again, very calming to let the machine know who's the boss

Anyway, one thing I kept seeing from a similar scenario, was a very specific fake security center. I looked up the Security Centers crap online, and the ones I found weren't what this was. It was a different one.

AVG, with Heuristics enabled, finally found it, but then I couldn't get rid of it. Basically had to open DOS and do it from there, and then, run AVG, And Spybot again, and finally got it.

So the point is, the thing I found was actually some weird fake security scanner, but I couldn't find it on google at all. The ones you find on there are well known, and easy to find, but a pain. The one this thing had, was different and at one point Windows wouldn't even boot.

Anyway, again, check your back ups when you're done.

The-Spec · January 17th, 2010, 05:55 PM

deltree *.* only deletes all files within that directory so everything up or down from the specified path would go uneffected. System files won't be touched and neither will global libraries since so many processes use them at once. You can't delete running applications either. You wouldn't be able to automaticly delete read only and hidden files... even as admin.

I've explained this to you on more than one occasion... we've both been using computers for how long?!

***gore*** · January 17th, 2010, 09:08 PM

Quote:

Originally Posted by The-Spec

deltree *.* only deletes all files within that directory so everything up or down from the specified path would go uneffected. System files won't be touched and neither will global libraries since so many processes use them at once. You can't delete running applications either. You wouldn't be able to automaticly delete read only and hidden files... even as admin.

I've explained this to you on more than one occasion... we've both been using computers for how long?!

I left out, intentionally, the C:WINDOWS part of that command, and there is no admin on Windows versions that it works on. I know it works because I've done it like I said. I even made a batch file out of it to prevent having to type to much.

The first time I did it, I had rebooted Windows 98 into MS-DOS mode, and once I had it typed out, I looked at the clock, hit enter, and watched a screen fill with deletes. It doesn't boot when it gets done, which is why I said I knew it worked.

I've done the same thing with rm -rf / as root. Jinx made it into a roulette game that would roll a number and if it was like 1 or something it ran that.

*D0pp139an93r* · January 18th, 2010, 02:58 PM

Gore, are you still pretending to be a technician? AVG? Worst heuristic capabilities on the market, application incompatabilities, and weak removal capabilities.

BrokenCrow, do a repair installation first. Don't **** with NTFS conversions until it's done by the live system. You risk ****ing up some of the metadata and file ownerships. Once the core files are replaced, boot the machine and run MalwareBytes to remove any critters. Fix the LSPs and any winsock issues, and then convert the drives to NTFS.

***gore*** · January 18th, 2010, 10:23 PM

Do I seem like a techie to you? I'm not pretending to be a tech, I'm good at being a bastard

*D0pp139an93r* · January 19th, 2010, 06:26 PM

Quote:

Originally Posted by gore

Do I seem like a techie to you? I'm not pretending to be a tech, I'm good at being a bastard

It's just hard to make fun of you now that you're not fat.

WTF happened to this place? It's a ghost town.

Linen0ise · January 19th, 2010, 08:08 PM

Quote:

Originally Posted by D0pp139an93r

WTF happened to this place? It's a ghost town.

Yeah look at the other forum sites I-world operates. Admins ban people for stupid reasons. People who actually help people on this site do not get their green dots (I want my Jerry beeds!). Only people who post massive amount of crap get rewarded. As far as ghost town comment, this is why I post viral videos so google junkies will click on it. This board has history and the archives are golden like Phrack and 2600.

***gore*** · January 19th, 2010, 08:41 PM

Quote:

Originally Posted by D0pp139an93r

It's just hard to make fun of you now that you're not fat.

WTF happened to this place? It's a ghost town.

I know, I'm sorry, I should have warned you I was dropping weight fast. The funny part is that I didn't take anything to help and managed to piss off some of my bigger family members because they asked how I managed to lose literally 160 pounds without dieting or pills.... I said I ate Chocolate and drank Cherry Pepsi.

My guess is it was the energy drinks. I down more Caffeine than most people have in a week. Caffeine DOES help with that. And I do lift weights because of my spine because it's either that or be fat... And I LIKE looking down every day and going "Ah there you are!"

The Ghost Town part is because everyone who's logging in, isn't posting. Same number of people are online.

And no one here has been banned for anything stupid since JP stopped being the admin. (The Founder, who banned a lot of people for very stupid reasons, Doppie probably knows about that).