Topic: Are you a worm/trojan/virus expert? (Read 4881 times)

Download this .iso http://thepiratebay.se/torrent/7180951/Windows_XP_Professional_SP3_32-bit_-_Black_Edition_2012.4.12

Install virtualbox
Create VM, install XP black edition .iso in it, then save it as a snapshot.
Now feel free to play around with sketchy xbox pirate code generators and other malware because who cares, just reload from snapshot if something happens. Or use RollbackRX if the system doesn't have enough memory to run a vm stable.

No problem.  At work I am much more security minded, not so much for my personal stuff.  I have a couple systems that I'm running currently that were once infected, however none of those systems contain anything very sensitive.  If you do banking or have bitcoins on an infected computer I'd recommend wiping it to be sure.  If you aren't too paranoid about it I think you'll be fine installing Microsoft Security Essentials, Malwarebytes and a rootkit scanner (GMER or sophos? haven't looked at it in awhile).  If they all come up clean make sure you scan periodically and it's unlikely you'll have any issues in my opinion.

Also after a malwarebytes scan be sure to read what it found.  Often times it'll find some adware that isn't nearly as concerning as finding trojans/keyloggers etc.

Thanks Amencon.  What happened was, I was setting up one of my towers for my son in-law, he got excited when I was at work thinking the system was complete and starting trying to download code generators thru utorrent.  When I got home he was in the middle of two downloads, I killed them but too late.  I found 7 malware with malwarebytes.  

I eradicated them, as far as I can tell, but I have 3 drives on this comp.  c, d and a mirror back up.  I really don't want to wipe it out.  I have windows 7.  Do you guys think I'm ok?

I have heard of piratebay .  I just don't usually get my programs this way, that is why I had to ask.

EDIT:  4 of the infections were found in the registry

Hmm forgot to check back on this.

Tiptop I assume your issue has been long resolved however for the symptoms you described (BSOD and the error message) I'd try running cmd prompt as administrator, putting XP OS CD in drive and run command "sfc /scannow".  If it finds any system files that appear to have compromised integrity it will replace them with the original versions.

After that reboot and load off the XP CD, on the first screen choose "R" to bring up the recovery console and from the command prompt run "CHKDSK C: /R" (assuming you use C as primary drive).

As others have said it's sometimes best to just nuke it from orbit (wipe/reload XP) but with these issues I hate doing it as it feels like admitting defeat.  There are a few other things you can try if the above don't help.

Bitcoin113: Very interesting that ComboFix deleted bitcoin related stuff and good to know for the future.  Glad you didn't lose more than a fraction of a coin.

Freeway: uTorrent is as safe as the files you download with it.  Since all the files you get are shared P2P there are no guarantees that they aren't infected.  A way to mitigate the risk is only download torrents from thepiratebay.org from "trusted" users (they'll have a skull icon near their name ironically).  Another thing that will help is after every download prior to launching the downloaded file scan it with malwarebytes.  You can do this easily by browsing to it and right clicking the folder or file and the option should show up in the menu options.  

Thanks. 

code generators and activation 'patches' are almost always identified as viruses, particularly if you enable heuristics in the AV. And yet often they arent, but how can one know? 

If you only need the code generator, run it in a VM.  If you need to patch your app, well,.. buy it. Or find a free alternative.

Thank you.  I had never heard of Rollback Rx.  I know this is prob a silly question.  Malwarebytes removed 7 infections.  Should I still do these other procedures?

I know.  Prob yes.  Just trying to save a few hours.  

EDIT:  Is there a safe way to obtain a code generator or are they always a virus?

If you running windows no reason you can't be running a rollback software like RollbackRX or some such similar.
SandboxIE for your browser.
WinMHR to scan for non rootkit files, kicks any individual AV's arse.
Delete/Remove Java, Flash, anything Adobe.
Create a new profile in Firefox.

Okay.  Malwarebytes is running now.  So far 7 infections just on Chrome.  Guess it will be a long night.

Malwarebytes
MSE
CCleaner

Clear all your webbrowsers (chrome, IE, firefox, all of them) of cookies, history, and everything! Then run all three programs.

And what is emule???  I found it and deleted it, but???

So if you are running Windows 7, would you have to re-install?  Or no?  I am curious because my son-in-law started playing/downloading stuff for x-box gold and micro-soft points, attempting to get "free codes" on one of my computers that is not partitioned nor protected, using utorrent.   

I am running scans now, (517 errors ), was awesome to find the malwarebytes link, thank you, I will run that next.

I guess my question is, is utorrent safe?  Is bittorrent better?  What about freenet or darknet?  Or should I tell him just stay the f... off of there and go to? .... He is trying to find codes for free or discounted.  Is this even legal?  If not, and he continues to use my computer, if I partitioned of an area off the hard drive just for him, would it affect me?

Any info is appreciated.  Thank you

Seriously, fuck XP - it is slow as dog shit and just as insecure. Uses admin accounts with full privs by default, which is likely how you got infected to start with.

Windows 7 is leaps and bounds better than XP, even if only from a security perspective.

you a L33tHackers.com forum member by chance?

I'm just going to answer the first part of the OP:

Are you a worm/trojan/virus

Yes.

kicked .02 your way. now i can say I put my 2 cents in!

Haha, I wouldn't worry about it but it would be my first donation. Send here if you like:

19x2RUBSXzgBsD5HVsW5HZHiGvMzjuReF7

no idea, but if it makes you feel better, ill kick a bitcent your way!

Does anyone know why it would do this?

any one want to bet that the file share program (emule) is being used as a bot communication relay to communicate with the botmaster hijacking his computer