This one's a beauty, I take my hat off to whoever wrote it :thumbsup:

It's disabled the task manager, I can't view my temporary internet files, I can't run regedit, none of the icons in the bottom right are appearing and AVG keeps seeing it but can't sort it.

I've been working on it for about 5 hours and it's bloody annoying, but I do admire a work of art :thumbsup:

Riiiiight....

Got a name for it?

Well, I've just cracked it :thumbsup:

AVG sees it as Trojan horse Downloader.Generic7.AUU.
Then it turned up as Trojan horse Generic10.XQ, 6 times
And finally Trojan horse Generic10.DBN.

They may be known, but it certainly made me work.
I can normally crack them in a few mins.

I love the way it stops you browsing the usual places.
I deleted all the temporary files, using clean up, but AVG was still seeing them in a virus search.
The virus was being listed in the system32 folder, but whenever I browsed it, it wasn't there.
It also changed it's name to winlogon.exe.
Point is, this was healed and sent to the virus vault a few times, but it didn't work.

If that is your sense of fun.....


(unless your job is in that sector, or you make viruses yourself)

It's fun to me, because I love a challenge, it keeps me on my toes.
Which is extremely hard to do nowadays as most of what I experience, I just ignore as total rubbish or hype. It takes a fair bit to challenge me nowadays.
That was what I call a proper virus, which did what it's supposed to do, ie cause mayhem.
To me, that was the equivalent of the Times crossword :)

Knowing that I cracked it, where a lot of younger people wouldn't, makes me feel extremely good, as it goes :grin:

But then, I wouldn't wish it on people who can't get their head around it.
It'd cost a fortune if you took it to the likes of PCWorld :thumbsdow

Perhaps I'm just getting old and perverted :grin:.............................

And just when I thought I'd cracked it, it's just turned up again :eek:

Oh well, once more into the breech :rotfl:

Get a Rubiks cube and try to do it behind your back ;)

I can't even do it face on mate :(

A good man know his limits and all that :grin:

This virus is a killer, seriously.
I've got all my functionality back, but it's come up again.

Which was the point of my original post, even though I love it.
Extremely tricky, this one.

I should probably explain how I got it.

I went on to Limewire to D/L Kraftwerk's "Tour de france" (which I have on vinyl, but no record player).
It was a WMA file, which I ran in winamp.
It didn't work, so I ran it in WMP, which directed me to a codec site of some sort.
That was the source.

I know, I know, I deserve it :)
But IMO, if you own the original, you should be allowed to get a copy.

Don't you use a Live Boot disc? That way you can do a clean boot to an OS that you know is not compromised in any way. Some Linux Live CD's are marketed as Windows recovery discs. That way, you stand a better chance of the virus not popping back up when you think you've obliterated it.

If you don't like dabbling with Linux, you can actually build your own Win XP Live CD and put on your own favourite recovery tools, try a google search for "Bart PE". You can actually find ready compiled Bart PE boot discs but then you can't be sure if they contain anything dubious and they won't be legit either as you'd be using a copy of Windows as opposed to creating a disc from your own XP install disc.

S.

hey badger.. i have the same virus now. look for this folder C:\documentsandsettings\(YourUserName)\! .. you probably wont be able to see it, but type it into the address bar.. i did and found 6,727 WMA's.. 22gb's worth, all the same size duration and bit rate.. the names were names of all different songs.. also my shared folder on limewire had been changed to this directory. Now i still havnt gotten rid of this virus.. but thought id share that with you because chances are you will have the same thing.

Cheers guys, I'll bear those comments in mind for when I get back home on friday :smashin:

Send me it when you have finished with it m8 :smashin:, I like these sort of puzzles to its a lot more fun than surfing the internet. This is my second favourite thing to do, comes a close second to scraping other peoples dog **** of my shoes.





































That was my go at sarcasm BTW, :lease: have fun ;)

where did you pick it up from ??

where did you pick it up from ?? ... I should probably explain how I got it.

I went on to Limewire to D/L Kraftwerk's "Tour de france" (which I have on vinyl, but no record player).
It was a WMA file, which I ran in winamp.
It didn't work, so I ran it in WMP, which directed me to a codec site of some sort.
That was the source ...

S.

You sound clued up Badger (and in a strange perverted way I understand what you mean about enjoying the challenge) but what on earth were you doing downloading codecs from what I assume was a random website.

good old p2ps - virus heaven

:rotfl:

Well, this one beat me and that's a first :eek:

When it started flashing my desktop on and off every 5 seconds and having killed my internet connection, it started getting really tiresome. It's cost me another 4 hours tonight. That's time I don't really have, unfortunately.
The good news is, you can get things to work using task manager :)

I did another AVG scan and I got 98 infected files in the temporary internet files folder.
I healed and deleted them, to no avail :(

So I got the internet going again and just did a search.

I D/Led "Vundofix"
and it did the job :grin:

I doubt whoever wrote this one was a small isolated group.
My dough is on the RIAA or similar.
It's extremely impressive, as has been said, in my own perverted opinion :grin:

You sound clued up Badger (and in a strange perverted way I understand what you mean about enjoying the challenge) but what on earth were you doing downloading codecs from what I assume was a random website.

I am mate, normally :smashin:
I just got caught out for once and it probably serves me right. You know how it is, you hit hundreds of websites a day with no problem, thinking you're safe and then bam, you get caught :) :(

It's still flashing the desktop on and off, so I haven't cracked it yet :mad:

hey badger did you try the address i was talking about? though i havnt gotten rid of this virus, it doesnt seem to be doing anything to my computer.. i jsut get the infected .dll files and they dont do anything :S

Yes, I did have a look at that, but didn't see anything unusual.
I do however have thousands of temporary internet files in the content.ie5 folder that nothing would remove.
I've just deleted them in a dos box.
AVG sees nothing wrong, along with MSs spyware removal tool and adaware.
The strange part is that I even lose explorer in safe mode, which is a little disturbing.
I suspect it's embedded in Winlogon.
Hmmm, time for a live CD, I think.

Hmm I've finally cracked it :thumbsup:

2 files were causing the problem:

Ddabc.dll and cbxwuts.dll, both in the system32 folder.

The former links to Lsass, winlogon, firefox amongst others :eek:

So the culprit can't be deleted or unregistered.

Fortunately, I found a little program called "freefixer" that can delete them :smashin:

Going back a step, I downloaded "spyware doctor", which gives a free scan.
That was the program that found the virus' for me. I was going to pay online to register it, but it wouldn't let me.
But I thought that now that I know what they are, a simple net search found freefixer.

This time it really is sorted :smashin:

Still a work of art though, as it embeds itself into the only services you can't turn off.

I guess I'm just a masochist :grin:

I was going to pay online to register it, but it wouldn't let me.

You were going to put your payment details on a computer that is affected by some sort of virus :eek:.

It did cross my mind, but I was getting desperate and as soon as it blocked it, I cottoned on :grin:

It's interesting though, in that everything I tried didn't work.

Spyware doctor was the only one that worked.
Worryingly, it also found a load of other stuff that I now have to research :(

My weekend is being eaten up by this :thumbsdow

Can you or anyone please Mail me the song. I would love to try and get through this :smashin:

Or use it against people i dont like.
mwhahaahahahahahaha
I am joking of course, i want this for educational purposes for myself.


Thanks a bunch if ya will please.

You seriously think I still have it? :eek:

Go onto limewire and search for Kraftwerk's "tour de france" in WMA format.
It's 23Mbish.
When it won't play in your normal player, try WMP and it'll send you to a codec site. D/L the codec and it'll go boobs up from there.

Well, it did for me anyway.

Trust me, you don't want this one mate.

Not being able to run a program without a world of grief isn't funny, unless you're kinky, like me :rotfl:

weird, i have neither of those two dll files :S and unfortunately iv moved a necessary system file to the virus vault and it looks like im gunna have to format.. ah well i should get a new power supply in the next fortnight so ill do it then...

WMA should never need any sort of codec using windows media player and neither should WMV because they are windows media player files, but often people do include a sort of DRM in wma and wmv that will ask you to install something so you can watch/listen to what you have downloaded and most of the time this will be some sort of malware unless you paid for what you downloaded from a reputable website, you should never install anything lke this from a file sharing website.

weird, i have neither of those two dll files :S and unfortunately iv moved a necessary system file to the virus vault and it looks like im gunna have to format.. ah well i should get a new power supply in the next fortnight so ill do it then...

Get the spyware doctor program and scan your comp.
I'll be very surprised if that doesn't find it mate.