Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 26
Members Online: 0

Registered Members: 82850
Newest Member: hardstylurr
Latest Articles
View Thread

HellBound Hackers | Computer General | General Computer Problems

Author

School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 02:16
I don't know what's with this virus.... Our school district caught something bad alright. This virus is able to think for itself and morph accordingly to protect itself.

It deletes all antivirus software including installs, locks out of all administrative tools such as cmd, taskman, msconfig, registry, and everything else. It was able to recover after a system restore and proceeded to infect the older restore points (The dates all changed to 2078 or something similar) and it even got past web scanners.

How the devil do you deal with something like this?

I tried an alternate for the registry and all other admin tasks but it deletes them before they install, safe mode is frozen out as well somehow, and the virus morphs every time we get a solid signature on it and pulls a Houdini...

Never seen anything like this before.


Author

RE: School Virus is smart

rex_mundi
☆ Lucifer ☆



Posts: 1458
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 09-04-09 02:43
korg is your man for this one dude .


U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 03:03
I've personally never heard of anything like that happening before, but my guess is there isn't much to do unless there is a patch or straight up clearing your hard drive. I could be wrong but your safest bet with a virus like that is to reformat


Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 03:44
Umm.... Really dude, at this point I' am just thinking you should shut down the server and all internet access connecting the computers together. Wipe alll information, something like a massive d-ban, and start over. It'll be in maintenance forever anyway.
Idk if you were actually looking for a solution, as this one doesnt really let you understand whats going on.
On that note though, I doubt its learning by its self. It sounds more like its having contact with someone, reporting home if you will and somebody else is merely pulling the strings. Sounds more sensible, but not very intelligent (who the hell would put that much effort in a school system?).




Edited by on 09-04-09 03:45
Author

RE: School Virus is smart

p4plus2
Member

Your avatar

Posts: 167
Location:
Joined: 31.03.08
Rank:
Newbie
Posted on 09-04-09 03:51
Have you tried zerowave yet? It is highly efficient at killing processes(even many system protected processes)

http://www.softpedia.com/get/System/System-Miscellaneous/ZeroWave.shtml


INSANE Termination (INSANE mode)

The last termination available on ZeroWave is exclusive of this program and exploits the power of a kernel mode driver to destroy any process-being.

Warning: ZeroWave requires Administrative Privileges to perform this operation!

The insane termination is not meant to be used in any circumstance, that should be used only with processes which cannot be killed in any other way. ZeroWave performs ring zero operations (and it takes its name 'ZeroWave' by that), in case of critical errors probably the entire system will crash (blue screen).

Therefore use it at your own risk and intelligently.

To realize the third termination you need to right-click on a process and choose the last option and confirm this operation from a security screen:

If confirmed, the operations will take a few seconds to terminate any kind of process on Windows.



"You can't be something your not,
Be yourself by yourself
Stay away from me" ~Walk, Pantera

"Playing an acoustic guitar is like having sex with your clothes on" ~Dave Mustaine

Edited by p4plus2 on 09-04-09 03:52
p4plus2@hotmail.com
Author

RE: School Virus is smart

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 09-04-09 03:56
Hey Lemur, This sounds like one I removed from a college campus just a bit ago. It will keep restarting and creating more as you let it go.
Get a copy of Combofix and hijackthis. Run them in that order. (you may need to rename the exe for each, The virus in question will stop them from running). Post the hijackthis log when your done and we can cook up a registry fix.



i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 04:49
Lemur, please post it in this thread and not PM or IM so that we can learn from your experience.


Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 10:31
Without stealing the thread too much..
Just wondering if anyone's ever thought of making an anti-virus virus? That spreads and infects, exactly like a virus would, but instead it kills viruses & trojans etc.. rather than causing problems.
Could be pretty powerful, could it not?

but yeah, sounds like you've got the help you need from korg :]


Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 13:32
Well, I have a 30.5kb cracked registry tool that doesn't need any administrative privilege to run. I use it a lot when fixing infected PCs. I repair like 7PCs/week.
About the virus that can disinfect other viruses, I think it is nearly impossible to make one who's effective for all viruses since each virus has its own places on the PC and the registry. Even if it is possible and you want it to act like an anti-virus, It will be very big in size which is unsuitable.


Author

RE: School Virus is smart

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Apprentice
Posted on 09-04-09 14:00
Doesn't sound too smart.

*cause shit cause shit* *o hai time to download a new virus from home to replace me*


*cause shit cause shit*


▲▲

end.



Mb
javascript:alert("hi")
Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 15:06
MoshBat wrote:
x_5631 wrote:
Without stealing the thread too much..
Just wondering if anyone's ever thought of making an anti-virus virus? That spreads and infects, exactly like a virus would, but instead it kills viruses & trojans etc.. rather than causing problems.
Could be pretty powerful, could it not?

but yeah, sounds like you've got the help you need from korg :]

No.
It's still illegal, and anti-virus companies would kill you. Literally.


Just to point out before I ask, I'm not contradicting you.. it's an honest, curious question.. what'd be illegal about it?

454447415244 wrote:
About the virus that can disinfect other viruses, I think it is nearly impossible to make one who's effective for all viruses since each virus has its own places on the PC and the registry. Even if it is possible and you want it to act like an anti-virus, It will be very big in size which is unsuitable.

Well, it could frequently update.. just like actual anti-virus programs.
The size thing's a good point.. I never thought of that




Author

RE: School Virus is smart


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-04-09 15:33
Yeah, like mosh said, it is illegal since it is a virus by itself and viruses are illegal whatever was their purpose.