For the lulz...

T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,193
Reaction score
10,233
Location
Nkaaaaandla
Got a PC from a client. Copied virusupdates etc to flash disk.

Inserted flash disk into client's PC.

Explorer window opened with the contents of my flash disk.

All of a sudden all the directories is now *.exe's and I've got three extra folders - porn.exe, secret.exe and sexy.exe, and also what purports to be a x.mpeg movie clip :mad:

:D:D:D:D

Opened a DOS command prompt, and was able to copy the virus update package over by using DOS commands.

Feh. Quite interesting :D

Not gonna put that flash disk into a winders PC - it will have to wait for a Linux PC... :D
 
wow!

Boot disk antivirus FTW.

Tho I been fighting that virus/trojan (or one very similar) on a couple of friends pc's over the last few months and MSSE deals with it just fine.
 
My brother in law is first line support and this sounds exactly like the latest virus he is battling throughout their userbase. Cant recall the name >.< Funny tho ;p
 
The_Librarian said:
it will have to wait for a Linux PC... :D
Click to expand...
Solution right there!

I was hit by something similar. All content on a USB disk had their hidden bit set and shorcuts with names resembling former files and folders created. The shortcut obviously performed some sinister activity. Resetting the 'hidden' bit in windows - no dice. Attrib didn't help either. Enter sir Ubuntu.
 
Righty-o

Contents of "autorun.inf" of said USB disk :

Code: 
[jWvtTVBqwmCwkP]

YqrOJp=acgkRwNHHwYF

kYJbnBEEIypk=amWjSGWoq

tNDXIFqnptOmKaI=nLOOg

PoLXUKTJjXf=nAfZfiYKYIyWxMF

eCZOMLfXL=aXUVAMqR

[autorun]

ICoN=rwkiug.exe,0

YOZXjdDegHRKLJ=TBxYySxOeoFQws

MFDEXTfB=phJBdFQ

dMzULCyjcDrk=FCmutGhf

gCvgeJRutAsDVOO=bbvokNjV

SWnXFyd=5970

DhyTOjVzxXd=232

BMFYGSVTWTawurQ=9159

open=rWkIUG.EXE

GMmFoLCp=9863

OrRMW=5446

xBurBkr=783

ACtion=8925

eybyaS=4775

RDnIQNeHgDAt=1656

KjuXZCxpihgMii=6952

USeaUtopLay=1

dMfPpGRdrGeTAZ=4072

TgVwDADJn=4220

wWhXs=4238

[uUJBEQiWSyUwuR]

KaHbnaJL=ErrNarbBm

wanSXrjIl=NWUoivpYJUFWz

XmcoBB=pTWruAWBl

vokxsBz=ciQcyEG

o_O
 
Directory listing (in DOS)

Code: 
 Volume in drive E is Transcend

 Volume Serial Number is 0409-4694



 Directory of E:\



11-06-2012  11:33              200,704 Alcohol.exe

11-06-2012  11:33              200,704 Allycad Home.exe

11-06-2012  11:33              200,704 antivirus.exe

11-06-2012  11:33              200,704 avupdate.exe

11-06-2012  11:38                    0 huh.txt

11-06-2012  11:33              200,704 Microsoft.exe

11-06-2012  11:33              200,704 Passwords.exe

11-06-2012  11:33              200,704 peerguardian.exe

11-06-2012  11:33              200,704 Porn.exe

11-06-2012  11:33              200,704 Secret.exe

11-06-2012  11:33              200,704 Sexy.exe

11-06-2012  11:33              200,704 System Volume Information.exe

11-06-2012  11:33                    0 x.mpeg

              13 File(s)      2,207,744 bytes

               0 Dir(s)  13,906,059,264 bytes free

Directory listing under Linux Mint :

Code: 
ook@TravelMate-5610 /media/Transcend $ ls -l
total 2365
drwx------ 1 emil emil      0 2011-12-16 18:48 Alcohol
-rw------- 1 emil emil 200704 2012-06-11 11:33 Alcohol.exe
drwx------ 1 emil emil      0 2012-05-18 11:23 Allycad Home
-rw------- 2 emil emil 200704 2012-06-11 11:33 Allycad Home.exe
drwx------ 1 emil emil   4096 2012-06-08 13:45 antivirus
-rw------- 2 emil emil 200704 2012-06-11 11:33 antivirus.exe
-rw------- 1 emil emil    601 2012-06-11 11:48 autorun.inf
drwx------ 1 emil emil      0 2012-06-11 11:01 avupdate
-rw------- 1 emil emil 200704 2012-06-11 11:33 avupdate.exe
-rw------- 1 emil emil    886 2012-06-11 11:38 huh.txt
drwx------ 1 emil emil   4096 2012-05-18 10:08 Microsoft
-rw------- 2 emil emil 200704 2012-06-11 11:33 Microsoft.exe
-rw------- 2 emil emil 200704 2012-06-11 11:33 Passwords.exe
drwx------ 1 emil emil      0 2011-12-28 19:25 peerguardian
-rw------- 2 emil emil 200704 2012-06-11 11:33 peerguardian.exe
-rw------- 1 emil emil 200704 2012-06-11 11:33 Porn.exe
-rw------- 1 emil emil 200704 2012-06-11 11:33 rwkiug.exe
-rw------- 1 emil emil 200704 2012-06-11 11:33 Secret.exe
-rw------- 1 emil emil 200704 2012-06-11 11:33 Sexy.exe
drwx------ 1 emil emil      0 2012-06-08 12:37 System Volume Information
-rw------- 2 emil emil 200704 2012-06-11 11:33 System Volume Information.exe
-rw------- 2 emil emil      0 2012-06-11 11:33 x.mpeg
ook@TravelMate-5610 /media/Transcend $

I see what the pox did there... :erm:

By the by, huh.txt is the DOS directory listing I made :D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X