Windows sucks
Moderator: General Mods
-
- Transmutation Specialist
- Posts: 724
- Joined: Tue Feb 08, 2005 5:17 pm
- Location: Colombia (and no, not on the jungle)
- Contact:
Windows sucks
Allright I have this werm in my pc. I'm not mispelling, it will ACTUALLY turn my pc off if I write anything that gives off it's name. It loads some programs into the PC (lsass, winlogon, services and another one I forgot) and doesn't let me change the settings to view hidden files.
Anybody here know this worm? It seems it shares the emails I have in Messenger and also deleted previous checkpoints in the PC by copying and renaming the admin account to administrador.000 and administrador.001, so I can't just get a previous checkpoint.
Anybody know this thing or has any idea how to delete it?
It's bronstab
Anybody here know this worm? It seems it shares the emails I have in Messenger and also deleted previous checkpoints in the PC by copying and renaming the admin account to administrador.000 and administrador.001, so I can't just get a previous checkpoint.
Anybody know this thing or has any idea how to delete it?
It's bronstab
[size=67]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
-
- Veteran
- Posts: 743
- Joined: Tue Aug 10, 2004 4:38 pm
-
- Transmutation Specialist
- Posts: 724
- Joined: Tue Feb 08, 2005 5:17 pm
- Location: Colombia (and no, not on the jungle)
- Contact:
click start, run, msconfig, go to the startup tab. write down anything that sounds weird. reboot, keep pressing F8, and go into safe mode with networking. try searching the net for those things.
I had some sort of thing AVG kept catching, but it kept coming back. the net was no help. I saw something in ie's add-ons that looked weird. I believe I logged in as an admin, uncheck "use simple file sharing" in windows explorer, right click properties on the file, go to the security tab, and I set the permissions of the file so nobody could execute it (admin, myself, system, everybody) and I was able to delete the file.
I had some sort of thing AVG kept catching, but it kept coming back. the net was no help. I saw something in ie's add-ons that looked weird. I believe I logged in as an admin, uncheck "use simple file sharing" in windows explorer, right click properties on the file, go to the security tab, and I set the permissions of the file so nobody could execute it (admin, myself, system, everybody) and I was able to delete the file.
[url=http://www.alexchiu.com/affiliates/clickthru.cgi?id=phonymike]ultimate immortality[/url]
[url=http://www.sloganizer.net/en/][img]http://www.sloganizer.net/en/image,zsnes,white,purple.png[/img][/url]
[url=http://www.sloganizer.net/en/][img]http://www.sloganizer.net/en/image,zsnes,white,purple.png[/img][/url]
-
- Transmutation Specialist
- Posts: 724
- Joined: Tue Feb 08, 2005 5:17 pm
- Location: Colombia (and no, not on the jungle)
- Contact:
It's in memory even in safe mode... it's unbeateable.phOnYmIkE wrote:click start, run, msconfig, go to the startup tab. write down anything that sounds weird. reboot, keep pressing F8, and go into safe mode with networking. try searching the net for those things.
I had some sort of thing AVG kept catching, but it kept coming back. the net was no help. I saw something in ie's add-ons that looked weird. I believe I logged in as an admin, uncheck "use simple file sharing" in windows explorer, right click properties on the file, go to the security tab, and I set the permissions of the file so nobody could execute it (admin, myself, system, everybody) and I was able to delete the file.
[size=67]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
-
- Transmutation Specialist
- Posts: 724
- Joined: Tue Feb 08, 2005 5:17 pm
- Location: Colombia (and no, not on the jungle)
- Contact:
I think playing Counter Strike 1.6 in a chinnesse server, Twins clan I recall.darkbenny wrote:how did you catch this??
[size=67]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
-
- Seen it all
- Posts: 2302
- Joined: Mon Jan 03, 2005 5:04 pm
- Location: Germany
- Contact:
You mean, like fdisk?Metatron wrote:Isn't there a DOS command to kill it even if it's in memory?
vSNES | Delphi 10 BPLs
bsnes launcher with recent files list
bsnes launcher with recent files list
-
- Transmutation Specialist
- Posts: 724
- Joined: Tue Feb 08, 2005 5:17 pm
- Location: Colombia (and no, not on the jungle)
- Contact:
That's my best guess... now I have to buy a pirated copy of Xp for 5000 pesos... *sigh*... that's like US$2.Metatron wrote:...You caught malware playing on a game server.
[size=67]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
Playing:
[color=green]Blur, Front Mission DS, Fire Emblem: Shadow Dragon, The Last Remnant[/color]
In Line:
[color=red]Far Cry II, Final Fantasy XIII, Revenant Wings[/color]
[/size]
-
- Hazed
- Posts: 76
- Joined: Sat Jan 28, 2006 7:21 am
There is a tutorial here
http://www.trendmicro.com/vinfo/virusen ... C&VSect=Sn
and here
http://www.bleepingcomputer.com/startup ... 12770.html
P.S. The overview states it is sent as a e-mail w/ Kangen.exe
http://www.trendmicro.com/vinfo/virusen ... C&VSect=Sn
and here
http://www.bleepingcomputer.com/startup ... 12770.html
P.S. The overview states it is sent as a e-mail w/ Kangen.exe