Windows sucks

corronchilejano · Post by **corronchilejano** » Mon Jan 15, 2007 6:51 pm

Allright I have this werm in my pc. I'm not mispelling, it will ACTUALLY turn my pc off if I write anything that gives off it's name. It loads some programs into the PC (lsass, winlogon, services and another one I forgot) and doesn't let me change the settings to view hidden files.

Anybody here know this worm? It seems it shares the emails I have in Messenger and also deleted previous checkpoints in the PC by copying and renaming the admin account to administrador.000 and administrador.001, so I can't just get a previous checkpoint.

Anybody know this thing or has any idea how to delete it?

It's bronstab

casualsax3 · Post by **casualsax3** » Mon Jan 15, 2007 7:00 pm

Do yourself a favor and reinstall. What are the specs of the machine?

AntoineWG · Post by **AntoineWG** » Mon Jan 15, 2007 7:05 pm

Try HijackThis! If that can't remove it, re-install

corronchilejano · Post by **corronchilejano** » Mon Jan 15, 2007 8:50 pm

*sigh*

I don't have a copy of XP where I am.

PHoNyMiKe · Post by **PHoNyMiKe** » Mon Jan 15, 2007 9:06 pm

click start, run, msconfig, go to the startup tab. write down anything that sounds weird. reboot, keep pressing F8, and go into safe mode with networking. try searching the net for those things.

I had some sort of thing AVG kept catching, but it kept coming back. the net was no help. I saw something in ie's add-ons that looked weird. I believe I logged in as an admin, uncheck "use simple file sharing" in windows explorer, right click properties on the file, go to the security tab, and I set the permissions of the file so nobody could execute it (admin, myself, system, everybody) and I was able to delete the file.

corronchilejano · Post by **corronchilejano** » Tue Jan 16, 2007 1:51 am

phOnYmIkE wrote:click start, run, msconfig, go to the startup tab. write down anything that sounds weird. reboot, keep pressing F8, and go into safe mode with networking. try searching the net for those things.

I had some sort of thing AVG kept catching, but it kept coming back. the net was no help. I saw something in ie's add-ons that looked weird. I believe I logged in as an admin, uncheck "use simple file sharing" in windows explorer, right click properties on the file, go to the security tab, and I set the permissions of the file so nobody could execute it (admin, myself, system, everybody) and I was able to delete the file.

It's in memory even in safe mode... it's unbeateable.

darkbenny · Post by **darkbenny** » Tue Jan 16, 2007 1:53 am

how did you catch this??

Tallgeese · Post by **Tallgeese** » Tue Jan 16, 2007 1:56 am

Isn't there a DOS command to kill it even if it's in memory?

corronchilejano · Post by **corronchilejano** » Tue Jan 16, 2007 2:19 am

darkbenny wrote:how did you catch this??

I think playing Counter Strike 1.6 in a chinnesse server, Twins clan I recall.

Tallgeese · Post by **Tallgeese** » Tue Jan 16, 2007 2:29 am

...You caught malware playing on a game server.

creaothceann · Post by **creaothceann** » Tue Jan 16, 2007 2:33 am

Metatron wrote:Isn't there a DOS command to kill it even if it's in memory?

You mean, like fdisk?

corronchilejano · Post by **corronchilejano** » Tue Jan 16, 2007 2:35 am

Metatron wrote:...You caught malware playing on a game server.

That's my best guess... now I have to buy a pirated copy of Xp for 5000 pesos... *sigh*... that's like US$2.

bobthebuilder · Post by **bobthebuilder** » Tue Jan 16, 2007 6:22 am

There is a tutorial here

http://www.trendmicro.com/vinfo/virusen ... C&VSect=Sn

and here

http://www.bleepingcomputer.com/startup ... 12770.html

P.S. The overview states it is sent as a e-mail w/ Kangen.exe