Great i just got my first virus ever per Email

it's a ziped message.txt.scr

does somebody now a good deassembler or somthing like this where i can get out what it makes ?

DllRegisterServer dll exe CLSID\{2716A60E-3B39-11D8-81AB-444553540001}
this is in clartext in it so it will register some service (backdoor i think)

if i let the scaner (AVG) run on the ZIP it find nothing if i scan the
file it say SCR warning virus but nothing specific if i change the ending to EXE
it find no virus

shoud an scr not also run whit exe ending ?

will check tomorow a round whit
MS virtual PC :confused: is there any danger that it infects the host system ? :mad: :mad: :mad: :mad: :mad:

any tip woud by great
how can i now what it make (i now it's not so easy but i learn fast) not exactly but at least where it send informations if so

this is flash :d27cdb6e-ae6d-11cf-96b8-444553540000
the file :2716A60E-3B39-11D8-81AB-444553540001 what a hap :eek:

thanks a lot

hah "I-Worm Mabutu"

mus by somthing new my AVG was mayby a week old after update it realize it even in the zip

EDIT ------

or older :) just realize the version which is runing on this machine is a bit older (mayby a month)

just get something like Semantic or norton, will kill it in 2 sec.
advice: don't u ever touch any .scr files

Hi farafiro

i don't touch anything in an atachmant if i not know from how it is especiali if the mail hase no content and the ending is Filename.TXT.somthingelse

my system isn't infected

i just was superly suprised because this was the first attached virus ever in my life

heheeeeee
let's pray it's the last as well

get mcafee... norton sux... after my computer's file system got trashed and forced to use "command lines" to extract vital information i decided ill never use anyting made by norton's creators (dono what their name is)

add ons:
the best combanation for me is mcafee and zone alarm (never got infected by anything unless i'm trying to see how the virus works)

@Dark Element: The answer to who makes the norton products is "Symantec" ;) I personally love Norton, especially my brand spankin new "Norton Internet Security 2005" :D :D It's never failed me before, and I love how it doesn't bother me when it does it's updates, it just installs them in the background, then when it's all done a tiny box shows up at the bottom right corner of the screen saying it's done updating, then disappears a few seconds later :D The only thing I dislike is the fact that you have to pay to keep getting updates :( But still, well worth it considering how well it works :) Don't know how you got a virus using Norton, kinda weird :confused: I trust 'em since there first antivirus programs were put on floppy discs, which just proves that they've been around since Bill Gates invented the virus, hehe :D

Of course I'm not one to complain about other products, I've never even seen a McAfee program and I only used ZoneAlarm for about 3 days, then I uninstalled it cause Norton did everything ZoneAlarm did...

Eric :)

Ok mate...
Just my two cents, but use Kaspersky.
The best one I ever seen. A bit heavy (I mean slow down your system at the startup) but it rocks. Never been affected by virus.
In fact I have Kaspersky, search and destroy and sygate personnal firewall.
Never had any problem

C ya

Hmmm

i was instaling norton antivirus on my system a couple of years ago it was definetly the last time it's trash the only product from Peter Norton which was great is NC
i was not long ago by a guy whos computer had some sort of a trojan or what ever you call it it was an EXE i thin GB.exe not sure it was capturing the clicks on IE and on which ever link you was cklicked you cam on a rubish side norton whit 1 minute old update was meaning the file is fine
norton sucks !!!

i use AVG it's fine for me and also siting behind a proxy
i see that evere body here prefer his own scaner which is good because non of them find 100% but all together :)

P.S

still not now from how the virus coming from but i was speaking whit most of my MSN contacts exept 2-3 and i think i now the one out of this 3 who coud it by
last time we speak he just instal norton internet security

eeerm pi mcafee does that too... you just need to set it to automatically download and install updates (by default its that way so you dont really need to change anything)... Mcafee's updates are free (i think so at least, cos they don't ask for a cd key)

Zone alarm pro rules!!! its like a silent assassin. most program dont even detects it nor do they conflict with it. zone alam also automatically configures itself to fit into the enviroment that its running by. in addition to that its also a privacy service as well (eliminates the use for mcafee privacy service). and last of all zone alarm co-operates with the anti virus to determin whats a virus infected package

The only problem i ever had with mcafee is extra large ISOs... they seem to "nuke" the scanning service and it kinda gets annoying... but it only happens once per file (unless its changed) so i mostly make mcafee scan the file for over 1 hour while sitting at couch watchin simpsons (in australia simpsons gets played for at least 1 hour each day)

Great i just got my first virus ever per Email


dont use outlook or outlook express, they the only clients that will give u a virus just by opening an email

especially my brand spankin new "Norton Internet Security 2005"

i wish i could appreciate a product like that but then again there no need for it on my OS :p

i wish i could appreciate a product like that but then again there no need for it on my OS :p

How come you don't need it on your OS??

hehe, something funny happened the other day...

My dad just bought a really nice Dell desktop (19" ultrathin flat screen monitor, 3.2 ghz processor, X800 ATI graphics card, 2 Gig RAM, 160 Gig harddrive). Anyway, he was hooking up his home network and he had just set up the internet. He told me that no more than 4 minutes after he got the internet hooked up, he ran Spybot Search & Destroy AND Ad-Aware virus scan. In about 10 minutes it was done (because he hadn't installed any big programs, just those 2), and it had found 6 adware programs!!! :eek: How the hell is that possible?? I started wondering, if you bought a computer WITH an antivirus program already installed, and never connected it to the internet, would it find any adware or virus's?? If it did, I would like to have a serious talk with Mr. Bill Gates :D

Eric

lol its proberbly cos of the large distros of infected TCP packages... i given it a test once, i left a windows XP installed computer on and connected to the internet with no firewall or anti-virus and had made no true request to any internet sites... i was planned to have the computer on for 5 hours but it was infected by over 20 different viruses at the first 2 hours and RPC terminated so it was needed to restart!... this just shows how important firewalls are! lol

How come you don't need it on your OS??


1 is os X, 1 is freebsd, other is SuSe Linux

no virii for os x, a couple of worms for linux (around 40 or so for out of date programs) and none for freebsd, all have firewalls capable of packet sniffing so no need to buy 1

ahh...lucky stealthelephant ;)

That's kind of why I like MAC's, not as many people use MAC's as Windows computers, and out of those that do use MAC's, not many of them are so mean that they want to make viruses, so there are hardly any viruses for the MAC. :D I also like the way MAC's run, very smooth and the just look awesome. For example, if you have a slow windows computer and you minimize it, it get's all messed up and you can see the border of the open program windows start to "interlace" with the window that's minimizing. And the way a window minimizes, it looks like you chopped the window into several rectangles, and each one of those rectangles disappears separately, not all together like they should. A MAC on the other hand does none of that stuff, you can minimize a window and it will do some cool "squeeze to minimized" effect while it minimizes the whole whindow :D

I think Microsoft and Apple should join up and make a super-computer, with the colors and reliability of a MAC, along with the features of a Windows computer, like the start menu, the taskbar, and the 2-Button mouse, and the way the maximize/minimize windows works (which apple tried to do, but couldn't quite pull it off :().

Eric :D

errh dont you mean intell and apple? cos microsoft only makes operating systems and softwares... though each of em are just only $hit bundle of crap in different wrappers...

That's what I was talking about...the layout of microsoft Windows XP, and the look and reliability of the Macintosh software :p

Eric :D

Hmmm it's much easyer (was at least) to build a stabel MAC

why --> one manufacturer

pc --> 1000 and more manufacturer

a couple of years ago you wasn't abel to change anything or put anything in a MAC what was not from appel !!! (and i think it's not much better now /mayby i am wrong on this)
but can somebody name a second CPU on which X os is runing ?? (i can name at least 3 on which Xp is runing )
how many TV cards can you put in a MAC ?
how many WLAN cards .........
so it's easy
but by my pc aren't 2 parts from the same manufacturer and they have all to work whit each other !!!

I think that might be part of the problem Xeef, too many different parts that don't like each other in a PC :(

I like the fact that you can swap out hardware in a PC, but don't like the fact that the hardware sometimes isn't compatible. I only have a Mac laptop so I don't know how easy it is to swap out hardware on a Mac desktop, but I don't really like that if you ever want to upgrade the hardware in a Mac, you can't just drive down to Best Buy and pick up a new processor for it, you would most likely have to send the computer to the manufacturer and have them upgrade it. So it kind of sucks that upgrading a Mac is pretty much out of the question, your pretty much stuck with the Mac you buy until you buy a new one :(

Eric :)

ahh...lucky stealthelephant ;)

That's kind of why I like MAC's, not as many people use MAC's as Windows computers, and out of those that do use MAC's, not many of them are so mean that they want to make viruses, so there are hardly any viruses for the MAC. :D For example, if you have a slow windows computer and you minimize it, it get's all messed up and you can see the border of the open program windows start to "interlace" with the window that's minimizing. And the way a window minimizes, it looks like you chopped the window into several rectangles, and each one of those rectangles disappears separately, not all together like they should. A MAC on the other hand does none of that stuff, you can minimize a window and it will do some cool "squeeze to minimized" effect while it minimizes the whole whindow :D

there is not 0 viri for macs because people don't write them or because they are less popular, take mac 9 for instance, it had the same number of viri as windows did at the time and it only had 5 % market penetration. Better security model used in OS X and the MS email clients are the only 1s that can give you a virus simple by reading/viewing the email.

the new version of windows is going to use the same sort of trick apple now use, the old version stored 1 windows template in memory - all other windows were copies of this (less memory used) - in the aqua interface (mac) every window is stored in memory to get that effect - this can seriously eat memory though

Hey Guys,

How are virii (or viruses if you like) downloaded to my computer just from visiting a website? I went to ratemy**obs.com once (kind of like hotornot) and got a virus, but how?

When I visit a page my browser downloads and caches images,html, and swfs, right? So then how does a virus get in the mix?

Just wondering.
Thanks!

virus can be written into the meta data of an image file and executed under windows..... it was set up as a feature a few years back, now it is blessing us as the wmf virus.

norton is notorious for not working well with other software on windows.... mcafee is not much better (especially with the suites). karpinski is really good, i use avg, really good also.
i once ran my box for 3 years with no av software, never once got a virus.... just got to be paranoid enough not to do anything stupid, like opening attachments (even from folks you know).

virus can be written into the meta data of an image file and executed under windows..... it was set up as a feature a few years back, now it is blessing us as the wmf virus.
I once read that you could insert php code into the meta data of an image, although i never could get it to work. Is this the same concept, to write a huge code in C++ all in the meta data of an image? Isn't there an "easier" or more intuntive way? Like so:

<head><body> <?php include(c++program); ?>


Have you ever got the meta data thing to work? Any examples?

I just don't understand it at all :(

Dear Mods,
If this is on the verge of Black Hatting or break the rules here please feel free to remove.

Hey Guys,

How are virii (or viruses if you like) downloaded to my computer just from visiting a website? I went to ratemy**obs.com once (kind of like hotornot) and got a virus, but how?

When I visit a page my browser downloads and caches images,html, and swfs, right? So then how does a virus get in the mix?

Just wondering.
Thanks!

there is no such word as virii ;)

en.wikipedia.org/wiki/Plural_of_virus

In the English language, the normal plural of virus is viruses. This form of the plural is correct, and used most frequently, both when referring to a biological virus and when referring to a computer virus. The forms viri and virii are also used as a plural, although less frequently. There is disagreement among users of the Internet over whether these forms should be considered correct. No reputable printed dictionary includes them as correct forms.
en.wikipedia.org/wiki/Viri
http://en.wikipedia.org/wiki/Viri

;)

http://en.wikipedia.org/wiki/Viri

;)

hey i'm right ur wrong!! :p

:rolleyes:

back on topic: tg Xeef
Do you guys know of a article that I can read about this (without getting a virus or virii)?

It just seems weird to me, how the browser is able to download it.

You might be able to find something about it on Astalavista.com (http://www.astalavista.com/), certainly worth a look.

it's like nearly all bugs a buferoverflow

it's something like


P=program
D= data
V=Virus

the madeiaPlaeyr looks something like this in the memory :

PPPPDDDDDDPPPDDPPDDDDDDD

now you load a picture

wich say i am 5 long (but in real it's 7 long)

after load in the memory it look like :
PPPPDDDDDVVP

but player think :

PPPPDDDDDPPP

PPPP DDDDD VVP

PPPP --> Show title
jump to next step render picture
VVP --< virus activated



something like this in wery simple tearms

http://en.wikipedia.org/wiki/Buffer_overflow

Xeef,

Have you read the famous article "Smashing the Stack"? I can't even begin to comprehend it. Where would you suggest I start? Are buffer overflows the kind of stuff you worry about in program lanuages, not scripting languages? (although there is a php virus. "Pirus" I believe it is called).

Where would you suggest I start?

start whit what ? :p

if you wana make a virus (a proper one not a script one or a wurm)

then you need to learn assembler !

Well, I'm not really try to make a virus ;) (but seriously)

I guess without any knowledge of programing language stuff like buffer overflows just go right over my head.

So basically do most viruses get on a computer because of buffer overflows in the browser??? I guess that is all I'm really after, is how they get downloaded just by browsing.

EDIT: I'm gonna shut up here pretty soon. I don't want to get labeled an SK l33t H4x0R or anything. If anyone has seen my script skills you can surely know that :) .

By me saying "Where do you suggest I start" I simply meant, that I can't even begin to comprehend buffer overflows. I don't have to worry about them in Flash. I was just looking for a basic begining.

shutting up for now :(

in the browser and other parts of the system

apache coud also have a bufer overflow or the ping ,MSM ,the clock sysncronisation .....

all parts of the system wich are geting data from outside or reacting to such
(Mainly the reacting part is critical because you won't syncronice the clock form www.Hacker.net )


So basically do most viruses get on a computer because of buffer overflows

yes and no

if there is a link "download Virus" (after download PLS dubleclick to execute)
and you do so you also can get a virus whit out any overflow ;)


it also depends what you call a virus

script virus
troijan virus (or horse)
macro virus
backdoor
....
...


i remember when i had my AMIGA whit bootviruses they was MAX 512 byte long and in this was DOS included (NOT MSDOS)

to day there are viruses wich are a couple of MB's

Thanks for the extra effort Xeef (and everyone else of helped),

but I give up. I'm just not that advanced with computers to really comprehend how there get there. The most important part is I know how to keep them off of my computer: don't click banners that say "Click Here to see Britney Spears Nude!!!"

it's a bit constructed but here we go


function CheckPass(Pass) {
PassOK = "QQQ";
AccessPass = {D:"0", L:1};
Access = (PassOK == Pass.T) ? 1 : 0;
AccessPass.D = Pass.T+Access;
AccessPass.L += Pass.L;
return Boolean(Number(AccessPass.D.substr(AccessPass.L-1, 1)));
}
//
//corect length
Pass = {T:"QwQ1", L:4};
trace(CheckPass(Pass));
//corect length
Pass = {T:"QQQ", L:3};
trace(CheckPass(Pass));
//incoret lenght
//EDIT !!!!!!!!
Pass = {T:"QQ1", L:2};
//!!!!!!!!!!!!!!!!!!!
trace(CheckPass(Pass));

I always learn something new everytime I look at your codings....gezzzzz

!!!!!!!!!!!!!!!!!!!

//incoret lenght
Pass = {T:"QQ1", L:2};

QQQ was incorect need QQ1 to work !!!!

!!!!!!!!!!!!!!!!!!!

I'll study the coding syntax for a while just to fully learn what you did, but I think I have a clue.
This syntax is new to me: Pass = {T:"QwQ1", L:4}; trace(CheckPass(Pass)); but i think i got it.

:)

Xeef,

I though you lived in Germany, not Spain. Did you move recently?

hungary : 0-11
garmany : 12-25
spain : 26 ->

which is your favorite place?

I'd like to see Spain someday.

where i am :p

Before beginning to write programs in assembler, you need to know a few things about the chip for which you are writing the program.
What the heck it assembler? I have been reading a bit (not too much). Is it the language the Intel processor use to communicate with the Operating System? What why anyone (except super freak genious) write with assembler?

As always, I'm clueless.

Assembly is the language that processors understand...for example, C+ code is compiled to assembly..

Assembly is the language that processors understand...for example, C+ code is compiled to assembly..
So people write code that can screw with your processor. Oh...that is just wrong....wrong wrong wrong.

For example, DirectX has commands that will demand processor time and prevent other processes from running..

Luckily, FF doesn't have DirectX (or so I think).

I just caught a FUC***G virus look at saxophone pictures. "Exploit-MWF".

SOB's

The worst part is its always some little 14 year old punk kid copy code and unleashing these things...

Give em a virtual kick in the teeth..... somehow.....