 |
|
|
|
Next: Security Admin: Is this e-mail from "microsoft" genuine or junk?
|
| Author |
Message |
Joined: Apr 05, 2006
Posts: 1
|
(Msg. 21) Posted: Wed Apr 05, 2006 9:09 am
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
|
|
|
About Me:
MCSE
A+
Visual Studio Developer
Batch File Scripting
Windows Command Shell
MSC WMI MANAGEMENT
Good Evening, its like a nuclear bomb hit my state and its been 6 months since ive seen a living soul.....its refreshing to know that someone else out there has described the exact same problem i cant seem to kick...
My Theories.....
1) Virus Was Modeled Around United States Holidays
a.) Many Files "created" on 11/25/05 at 11:43 PM, on Macintosh, Windows XP, and Windows Mobile, that ive seen, although on these systems i have also seen coding that implies more versitility of the virus.
b.) Virus Overall Goal Remains the same: TOTAL CONTROL AND
EXPLOITATION of any means of data collection possible on all
c.) The knowledge level of people who recognize this virus/exploitation of configuration setting have a higher level of knowledge the the tech support reps they contact.(duh...wtf do we do now?)
d.) the geometry of hard drives(including external media devices) becomes altered permenantly by encrypting the partition information within an existing ligetimate partition, thus everytime the drive is fdisked, it is still of no affect, due to the fact that the partition is accesed through the modified bios chip before all operations.
e.)the virus propogates via ALL communication means, including powerline networking systems, bluetooth,wifi(gets reconfigured to a hacked bluetooth emulator, so to speak), tcp/ip, ipv6(microsoft REFUSES to provide any support for ipv6 whatsoever)(big factor somehow), telnet, terminal services, 1394 & serial(emulated?) connections.
f.)performs a function i have never been aware of in the past "enumeration", which i notice when i install and uninstall software, the name of the software becomes (software name) & "- enu".
g.) windows system files become lowercase
h.)programs such as taskmanager no longer display session id's other than "0" although you can clearly sort the processes by session id, and get different ascending/descending values that are NOT ascending/decesending because of anything but the TRUE value of the session id. in some ocassional times, the taskmanager will not even display a username/well known ssid/built in accout as a user... it will be completely blank for user!...... the filemenu dropdowns back color does not match the filemenubar's backcolor.... light grey on top of dark grey.
i.)many "extended windows services" and even the "standard" windows services (viewed in the microsoft management console) have different titles, different descriptions, but strangely enough have the same exact startup file name, with the same exact switches, with the same exact parameters..... wierd..... manipulation of the windows services system?
(svchost -k netsvcs) or something like that.
j.)Registry entries are ruined terribly, all file extensions are associated through a modified/non-microsoft DLL file, significant files are associated as follows (virusdllfile windowsdllfile filename additionalparameters/switches), this can be viewed in explorer.tools. folderoptions.
k.) believed to be running on java virtual pc.... but not sure.....
l.) uses python for something.....
m.)uses perl scripts ....
n.) uses unix heavily.
o.) installs via any available connection to the internet, despite permissions, displayed connectivity, and conventional means.
p.) a "unnamed" networkconnectoin is invisible from the normal PC, but can be seen from a play station portible.(crazy huh?)
q.) does remind me of an article ive read about osama bin laden.....supposedly, osama utilized a espionage technique known as stegnagraphy to actually hide files inside of files and be virtually undectable, i believe that some versions of this virus can propogate a control system using a standard ipod and modifying the internal workings of the media player system to process commands that are executed from embeded(stegnographic commands) music/media files, how?.....ive read an article where someone took a standard ipod and recorded several extremely small wav files of different unmodulated frequencies, which can somehow change the voltage reference applied the the metal backcase of an ipod and create a very limited transmitter out of the intended "chasis ground", the size of the ipods back case certainly would accomodate the minimum of 1/4 wavelength necessary to broadcast on reasonable(2.4ghz) frequencies, although it may be noted that this virus likes to obey the law as best as possible, and instead manipulate the grey areas of the law.....which leads me to the conclusion that it may actually be using the LEGAL monitering means (family frequencies) see the fcc regulations on that on, i think its like 462hz to 467hz, which would also explain the extremely slow propogation of this virus.,,,
r.) you may want to note that if you ran a disassembler on almost every executable/dll file on your computer(windows xp) you may find that the version of the file has been changed, and a $chicago entry now exists within the dll, which is a microsoft standard(and the only way to update a microsoft file after development)the coding would be in XML.i have noted that these virus related updates are associated with the number 1033.
s.) in older versions, i was able to locate a updated and manipulated version of the end user liscenese agreement, ridiculously making you a violater (with lots of words) of every aspect of "the software".
t.)BLUE TOOTH. BLUE TOOTH. this virus makes non-bluetooth devices into bluetooth devices(only for its purposes, provided the device has a transmitter, storage device, and known processor)
u.) this virus runs windows within a shell..... this virus is its OWN operating system, once it has taken control of the bios, it can emulate a pc using a virtual pc type of program that runs on its operating system, then it can make its partition invisible, then when you run dos,windows, or anything else, when you format your drive, it controls what you format,partition and see, it is invisible to you that it is running, but must make some modifications to what you thought was the operating system.
A message to all the non-believers.......
this is real.
just because you havent found it yet, you will
keep an open mind, and try to fix this problem.
i really think the goal of this virus is to obtain a worldwide topmost level administrative account, that will be able to access any computer any where, but fallen in the wrong hands(like a terrorist organization) could mean any range of unthinkable consequences for the blind eye.
if you understand what this is, we need to collaberate to find a solution, there are too few of us out there. |
|
| Back to top |
|
 | |
Joined: May 12, 2006
Posts: 1
|
(Msg. 22) Posted: Fri May 12, 2006 2:26 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
|
|
|
|
| I have been trying to get to the root of this trojan for over a year and just recently discovered one of its secrets, entirely by accident! It is really within the setup if you pay attention and makes entire sense. I found it installed on a 98 system, seems it was trying to convert that system to a winnt 5.1 terminal server. (yes I know, no such nt release) That would be the xp version converted to windows nt5.1, it is built off windows98. I have seen a 98 computer take control of this trojan - unknown if it was with help or not. Once I found it, it was very easy to reverse. the system is corrupt in windows 98/95 causing it to change setup path. look in config and autoexec settings in win98. also get rid of the corrupt exe files within 98. I have also seen a reference to os2, I think the correction of path in windows 98 and changing uninstall permission for web folders in outlook will allow you to remove windows 98 from xp and you should be able to correct this. Please note, it does make 5 backups and has several traps in Java folder residing in windows 98. make sure you correct the lines in config about the exe files running in high mem, the traps, rename backups/corrupt exe and correct the path. you should then be able to get it out easily.
|
|
|
| Back to top |
|
| |
Joined: May 16, 2006
Posts: 1
|
(Msg. 23) Posted: Wed May 17, 2006 8:58 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
|
|
|
I hate to say it, but there is definitely something about this. I discovered it recently after inadvertantly tweaking some registry settings.
I have been going crazy, literally questioning my sanity as I go from one link to another.
We need a centralized forum where we explore what this is. I have found many government and company records, including patents, darpa contracts and other .ppt's and such which look frighteningly like what this looks like. |
|
| Back to top |
|
| |
User: inactive
Posts:
|
(Msg. 24) Posted: Tue Jul 04, 2006 9:38 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
|
|
|
Ok, count me in. What can I do to help solve this problem? I have spent this past weekend battling one of my five machines which shows precisely the same symptoms that have been described in this thread. What I seem to note is the existence of the tsoc.log file in the c:\windows directory which is almost verbatim what is shown in the log samples in this thread. Unfortunately, this is so far behind where it must have embedded itself I don't know what else to look for. This is definitely some scary stuff so I am eager to dig into the root cause of the infection. What can I look for and how can I help diagnose this problem?
On another note, the bugger made it to another of my machines but seems to be dormant at this point as both my Virus Scanner and Spyware Detector seem to have been able to put it to sleep for now. Unfortunately, I fear based upon reading this thread that it will certainly awaken again at some point in the near future. Are there any specific symptoms I need to look for?
JR |
|
| Back to top |
|
| |
Joined: Feb 28, 2007
Posts: 1
|
(Msg. 25) Posted: Wed Feb 28, 2007 6:33 am
Post subject: Hexa-Dimentional Objects & Bayesian Belief Networks [Login to view extended thread Info.]
|
|
|
Greetings,
A few more tips and tricks for beating this, or should I say ""[th"(I.S.S.)]"" thing that we have been fighting since August of 2004.
RULE_001 - Always read every license agreement for software you install. Always use notepad and be sure to use or try different font styles and language encodings. An example would be HPś OEM license that says Windows XP Professional in one encoding but says Windows Whistler Beta in another.
RULE_002 - Install all language packs and complex script capabilities. If you do not install them, characters show up as a square or as white space (which is compressed up to the tabs by thISS thing). Do not assume that text you see on your screen is oriented properly. It an be ordered locigally, visually, left aligned, right aligned, or layered and folded in a multi-dimensional; multi-depth screen layout.
RULE_003 - Check the registry to determine if the window dimensions, document borders, and 3-D settings are correct. You might find that they are all way off. While youŕe checking that be sure to look at the colors too. Make sure that they all have a positive integer value for the hue, saturation, RGB, and contrast because if they are set improperly they are transparent.
RULE_004 - One the language packs are installed. Learn all of the special unicode characters and their usefulness by right clicking. Also try changing you keyboard to a DVORAK or Brazilian ABNT or IBM Arabic. It is hard at first but use little stickers if you have to. For some reason, the standard US (United States?, Uzbekistan?, Chinese Simplified?) just doesn´t seem to be mapped correctly. It can be fixed by running EUDCEDIT.EXE but there are so many Special characters that ADOBE has put onto our PCs that you may find it too time consuming to fix them all.
RULE_005 - Remove the file extensions for all sounds, videos, streaming media, and any other multimedia type file ( I leave Bitmaps and JPGS) including the PC BEEP. This will speed up your PC 10 times. They are also the primary attack/infection vector. I used to be a document management system administrator and we had to configure every file type and associate an executable. Something happened in 2004 that has got them all messed up. Oh yeah, and Emotiocons hijack you browser by changing the http
I will post more this week. Oh one last thing... use characters in your passwords that a password cracker app will take weeks to decipher. In Windows,::
Press and Hold the ALT key and then press any combination of digits on the keypad, then let up.
Example:: ALT+507 = square root symbol
ALT+0160 = Non Beaking Space
Just be sure to remeber what you use. You can also make your computer (to most other PCs with no language packs installed) invisible by naming it with a special character such as a smiley face (ALT+1) or a heart (ALT+4)..
More later... I have tons of info and will teach you how to beat it but want to make sure that you get the theory and information on how it does what it does.
One last thing - Just because you bought it at the store, doesn´t mean that it is genuine software (Best Buy, Ciruit City...). Microsoft doesn;t warrant that the CDs are virus free and they forgot to tell us that DRM software will break and assume you have violated the copyright laws if the date of your system gets rolled back to say the year 1492 or you get e-mails that have embedded arabic Hiriji holiday appointments or calendar items attached. Most of my registry hives were dated 12/31/1969. One day before SQL bases its date calculations.
one note - thISS thingś creators are following mainstream media and movie plots very closely as well as TV. So most of the time, if you try to report this, you get nowhere. And please be sure to turn off the autocorrect in Office - have you seen what all it replaces as you type???
J |
|
| Back to top |
|
| |
External
Since: Mar 13, 2007
Posts: 2
|
(Msg. 26) Posted: Tue Mar 13, 2007 7:07 pm
Post subject: Re: Re:HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: microsoft>public>windowsxp>security_admin (more info?)
|
|
|
Looks like no posts for awhile - I have been dealing with this for 4 months
and was just ready to hire a P.I. for alot of miney - Most of your symptoms
sound familiar and I have already spent 3,000 on fees and new computers. Did
anyone find a cure for this? Pleas help - I have a business that has
suffered! Thanks |
|
| Back to top |
|
| |
External
Since: Mar 13, 2007
Posts: 2
|
(Msg. 27) Posted: Tue Mar 13, 2007 7:07 pm
Post subject: Re: Re:HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Looks like no posts for awhile - I have been dealing with this for 4 months
and was just ready to hire a P.I. for alot of miney - Most of your symptoms
sound familiar and I have already spent 3,000 on fees and new computers. Did
anyone find a cure for this? Pleas help - I have a business that has
suffered! Thanks |
|
| Back to top |
|
| |
External
Since: Feb 11, 2005
Posts: 139
|
(Msg. 28) Posted: Wed Mar 14, 2007 5:18 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Wallie Green wrote:
> Looks like no posts for awhile - I have been dealing with this for 4 months
> and was just ready to hire a P.I. for alot of miney - Most of your symptoms
> sound familiar and I have already spent 3,000 on fees and new computers. Did
> anyone find a cure for this? Pleas help - I have a business that has
> suffered! Thanks
The thread you're posting to has expired on the server, so there's no way for us
to tell what you are talking about. Please create a new post describing the
problem you are having.
Harry. |
|
| Back to top |
|
| |
External
Since: Apr 10, 2007
Posts: 1
|
(Msg. 29) Posted: Tue Apr 10, 2007 4:09 am
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
4 Machines and 2 SOLID weeks into it I might just resign to living off
of Bart PE boot disks for the rest of my life. I thought I was nuts as
well scouring the web trying to find others with the same problem so I
could track down a fix.
I see snippets here and there of the same symptoms but only the people
on this thread really understand what's going on. I see some of these
spyware helper forums just ignore requests for help when people list
the symptoms of this worm as you never see a thread follwed through
where it was actually cleansed from the system.
I have spent the last 3 days manually cleaning out a registry on this
machine and I don't feel even half way done. The references made by the
OP are the exact same symptoms I have. It has installed IIS, SOAP, Fox
Pro, Olap, SUS, Access, etc.... Now that I read it's hiding code in
jpegs I feel that I will never get rid of it.
Has anyone made any progess at all on this or know if there are active
threads on how to deal with this? I mean do I just throw away my years
of data as I'm sure I'll just re-infect if there isn't a tool to
actually kill this thing.
Sigh...I'm just rambling now.
Help!
Eidolen
--
eidolen
------------------------------------------------------------------------
eidolen's Profile: http://forums.techarena.in/member.php?userid=24457
View this thread: http://forums.techarena.in/showthread.php?t=232567
http://forums.techarena.in |
|
| Back to top |
|
| |
External
Since: Apr 17, 2007
Posts: 1
|
(Msg. 30) Posted: Tue Apr 17, 2007 8:26 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Thank you for the reply.
Unfortunately I am on the cusp of being out of steam to continue
persuing this anymore. As far as which tools I've tried I'd have to
respond..All of them. I have honestly tried every thing I can think of
so far but it's no good. I beleive that all of my Bart disks were
probably infected so I've never really had a clean environment to work
with in the first place.
My last hoorah attempts in obtaining a clean environment went like
this.
Backed up all my data on a 500gb usb drive.
Used Bart's Boot N Nuke with the DoD optioon.
Removed CMOS battery for an hour.
Installed Windows from factory CD.
No good!
Pulled CMOS battery again.
Went out and bought a new drive.
Disconnected old drives completely.
Disconnected all but monitor, ps2 KB & mouse.
Replace battery.
Set BIOS from scratch
Booted and installed from factory CD again.
No Good!!!
Last attempt went like this.
Installed NLite.
Used autopatcher to slipstream latest patches.
Unchecked every option in NLite that I thoght I could get away with.
Installed Nlite version.
(This option seems to have at least crippled the trojan in the amount
of software it was able to install on my machine though it still
managed to install SQL server again.)
Upon first boot I installed Kerio 2.15 and it seems to be catching some
of the attempts to "call home" when I connect to the web. It tried to
pull windows updates from a redirecteded unknown.xeex.net for instance.
It also was trying to communicate with a private IP which I assume is
yet another zombie.
Well now that I have such a small footprint on my drive I re-ran all
the virus scanners yet again with most of them finishing in less than 5
minutes. I ran the ones I could from the BARTPE disk though not all of
them work completely like that so I ran the others in RescueMe or safe
mode. I also ran all of the spyware blaster type programs to avail.
Lastly I made a Knoppix CD and ran F-Prot from a Linux environment but
still nada.
The list of Antivirus progs I've tried:
Antivir - Avast - Sophos - McCaffee - Comodo - Kaspersky (AOL ver) -
F-Prot - ClamWin - AVG - Trend Micro - DrWeb - Maybe others I forgot.
The list for spyware detection software I ran is just as comprehensive
so I won't list them. I am afraid to try any web based scans as they
all require IE with ActiveX enabled and I believe I would be
compromised further enabling that functionality.
I ran what I could via Bart or ResueMe within Bart but no joy. In their
defence they did find a buch of viri when I first started this but I
believe I have this last Worm/Virus/Trojan narrowed down but it refuses
to be identified.
I have also run every rootkit detector I could get my hands on but...
The last malware I did catch was only seen by System Virginity Verifier
but it doesn't actually tell you what the malware is.
Now, the real question remains....
Where is this thing living? I can understand that all of my machines
were compromised before I began, making it near impossible to work from
a clean environment but my attempt involving a new drive should have
worked unless it lives somwhere inside my BIOS or video card memory.
What baffles me is all the research I've done basically says that no
one has managed to make a virus with those capabilities yet. (Black Hat
has a proof of concept BIOS rootkit supossedly) That there are only a
few out there that deal with the BIOS at all and all they do is
manipulate it or destroy it but never live and survive there. So what
does this mean?
Well anyway...I'm not sure how much steam I have left for this thing. I
guess I'll go post a HiJack this log somewhere and see if anyone can
figure it out but that log never shows anything fishy that I can see.
Once again, thanks for your reply and I did pick up some useful tips
from your post that I might try out as well. I just wish this thing was
better documented so I knew more what to look for but it seems I have
some home-made strain that just isn't wide spread enough.
Best Regards,
Eidolen
--
eidolen
------------------------------------------------------------------------
eidolen's Profile: http://forums.techarena.in/member.php?userid=24457
View this thread: http://forums.techarena.in/showthread.php?t=232567
http://forums.techarena.in |
|
| Back to top |
|
| |
External
Since: Feb 11, 2005
Posts: 139
|
(Msg. 31) Posted: Thu Apr 19, 2007 11:59 am
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
eidolen wrote:
> Backed up all my data on a 500gb usb drive.
> Used Bart's Boot N Nuke with the DoD optioon.
> Removed CMOS battery for an hour.
> Installed Windows from factory CD.
>
> No good!
You're not being very specific about what exactly goes wrong at this point, so
it's hard to advise you.
It is possible that the Windows CD you are using is compromised. According to
news reports counterfeit CDs are turning up in shops.
What sort of network are you using? Could it be compromised?
Harry. |
|
| Back to top |
|
| |
External
Since: Mar 06, 2005
Posts: 825
|
(Msg. 32) Posted: Tue Apr 24, 2007 11:08 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Tue, 17 Apr 2007 20:26:52 +0530, eidolen
>Unfortunately I am on the cusp of being out of steam to continue
>persuing this anymore. As far as which tools I've tried I'd have to
>respond..All of them. I have honestly tried every thing I can think of
>so far but it's no good. I beleive that all of my Bart disks were
>probably infected so I've never really had a clean environment to work
>with in the first place.
OK, that's a problem if the Bart is built from an infected PC 
I'm really asking, in case you have some tools Bart'd that I haven't,
heh heh. Firth says "you can never have enough lice pictures", but
for me, I can never have enough Bart'ed tools 
>Backed up all my data on a 500gb usb drive.
>Used Bart's Boot N Nuke with the DoD optioon.
>Removed CMOS battery for an hour.
>Installed Windows from factory CD.
>No good!
At this point, I'd suspect:
- bad installation disk
- bad hardware
In fact, there's not a lot else in the frame... unless by "no good",
you mean you're getting a stable installation that's streaming out
malware traffic before anything else is installed.
In that case, I'd want to ensure you really are dealing only with the
PC, i.e. don't have a router exposed to WiFi, etc.
>The list of Antivirus progs I've tried:
>Antivir - Avast - Sophos - McCaffee - Comodo - Kaspersky (AOL ver) -
>F-Prot - ClamWin - AVG - Trend Micro - DrWeb - Maybe others I forgot.
>The list for spyware detection software I ran is just as comprehensive
>so I won't list them. I am afraid to try any web based scans as they
>all require IE with ActiveX enabled and I believe I would be
>compromised further enabling that functionality.
IKWM. The only way I'd use an online scanner is to submit a suspect
file to the server to be scanned there.
>Now, the real question remains....
>Where is this thing living? I can understand that all of my machines
>were compromised before I began, making it near impossible to work from
>a clean environment but my attempt involving a new drive should have
>worked unless it lives somwhere inside my BIOS or video card memory.
What's your router like? Many routers are in fact miniture Linux
boxen, and hackable accordingly.
>------------------------- ---- --- -- - - - -
I'm on a ten-year lunch break
>------------------------- ---- --- -- - - - - |
|
| Back to top |
|
| |
External
Since: May 18, 2007
Posts: 1
|
(Msg. 33) Posted: Fri May 18, 2007 6:13 am
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi all from beautiful NZ.
I was relieved to find this thread which has articulated the same
problem I am having a problem which has obviously been devised by a
dedicated team of programmers.
Here is what I have found: opened computer in safe mode applied all
admin privileges to my profile, renamed built-in the system admin
profile, then opened windows explorer, found that
c:\windows\provisioning\schemas had an unknown user ( S-1-5 . a
long string of digits) as owner of the folder with full access. Also
unknown processes running in the system admin profile, and a host of
other irregularities.
Rootkitrevealer and Hijackthis found many files it can't open (host and
system files), and the msconfig folders on all drives had unreadable
files starting with $, and windows/system32/appmgt/ has empty files
that correspond to the unknown user name.
Even with full permission, HLM/policy/security/secrets has 2 folders
that I cannot open, that are apparently owned by the worm which allows
remote logon to the backdoor user (unknown user starting with S....)
In attempting reinstallation, apparently the worm/virus keeps
re-installing from the partition. I have tried 2 reinstallations, the
first of which was all .exe files and regedit would not run.
Quoting others in this thread, "Regs set up which disallow the format
to wipe the partition. It is in protected storage regs. Partition is
set up with persistent regs which it won't allow me to delete". So I
thought I would try to set up the bios to read the Cdrom as suggested
on the thread.
My question is how to "flash" or check the validity of my bios, and
secondly, if I take my original C drive, and move it to a different
"slot", put in a fresh drive in C and format that, will the infected
DRIVE cross contaminate other drives IF it is removed from ACTIVE
status?
Your opinions would be very much appreciated!
Ant.
--
anthonys
------------------------------------------------------------------------
anthonys's Profile: http://forums.techarena.in/member.php?userid=25742
View this thread: http://forums.techarena.in/showthread.php?t=232567
http://forums.techarena.in |
|
| Back to top |
|
| |
External
Since: Feb 11, 2005
Posts: 139
|
(Msg. 34) Posted: Fri May 18, 2007 8:14 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
anthonys wrote:
> My question is how to "flash" or check the validity of my bios, and
Probably not necessary. If you decide you need to, you'll need to consult the
documentation or web site provided by your computer vendor. The procedure is
specific to each model of computer.
> secondly, if I take my original C drive, and move it to a different
> "slot", put in a fresh drive in C and format that, will the infected
> DRIVE cross contaminate other drives IF it is removed from ACTIVE
> status?
Unlikely. Technically possible, e.g., if there is an unknown security fault in
the Windows file system drivers, but unlikely. It is possible that some of your
documents are infected and might infect the computer if they are opened, though
the potential damage would be limited if you open them using a
non-administrative user account which you can delete if necessary.
Harry. |
|
| Back to top |
|
| |
External
Since: May 28, 2007
Posts: 2
|
(Msg. 35) Posted: Mon May 28, 2007 2:17 am
Post subject: Re:HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Way Cool!!! Finally I found you guys. Where to begin?.... Phew, Let's just say it's been 1 year, 5 months, 3 weeks, 6 days, 2 hours, and 13 minutes, I've been analyzing, dissecting, mapping every move of your so called Terminal Trojan. That’s no, joke, and accurate to the very second, as I distinctly remember discovering the varmint at exactly one minute before Midnight, December 31, 2005, when I noticed certain files already having a date stamp of 2006, before the computer bios clock had changed from 2005. Yes, happy f----ing New Years to Me. I have spent every agonizing, waking moment since, following the same steps each of you mention.
To give you a bit of my background, my first computer ran the Z80 processor, built sometime in the Mid to late 70’s. I have a BS in computer science and have held engineering / computer science professional roles in the business community for over 20 years. Let’s just say, I’m not exactly a novice.
You’ve pretty much nailed it. Yes, each of you has in some form or fashion, described in detail, any one of its various manifestations or identities. But yes, there is much, MUCH more. I too, have mounds and MOUNDS of documentation, diagrams, notes, dates, times, lifecycles, etc. And if one more person tells me to low-level format, I’ll rip their head off. You see, this “thing” is much more than just a computer virus. It lives, spreads and feeds as a micro organism and is transmitted to any piece of hardware that can hold a bit of data for more than a micro second and everything that contains a battery. That’s right; printers, faxes, switchboxes, cdroms… yes, that’s correct, not just your hard drive, it infects disk controllers, video controllers… the list goes on and on.. Linux boxes are not safe either; it establishes a non existent fd0 device where it takes its first foothold. That’s actually the most easily recognizable sign, but by then it’s actually too late to win the game on that box, you’re already toast.
Now, do I have the answer? I have a few, but I can assure you, I do NOT hold the magic key and in fact, to this day, am still uncovering miniscule details of its inner workings and consider it to be one of the most incredible, ingenious, single pieces of human marvel, I have ever seen, or will ever see in MY lifetime. Come on Microsoft, cough up some bucks, we need the best of the best on this ASAP!
Although I would hang its creator by his (or her) balls till death, for the world to see, I can’t help but be amazed at the codes ability for utter survival. A truly astonishing feat for the most veteran programmer and or engineer. So if you’re out there… reading this, tickled to death; keep in mind the fact that all good things must come to an end, and while you may still have the upper hand, your day will come, and those of us on the bandwagon of your destruction will be fierce, un-relentless, unforgiving unrivaled by your wildest imagination. So, go ahead, laugh all you want, you’re day WILL come.
Oh, and for everyone else, hit me up, we can chat. Maybe I can help you, maybe you can help me, but either way, I can assure you, no one will defeat it alone.
I’ll be back, let’s keep this going. I haven’t spent the last two years of my life for nothing and yes, I’m in the same boat with thousands and thousands, and THOUSANDS of lost dollars in hardware, software, business, data, time… you name it, I’ve lost it.
For now, I’m out; it’s late, and I’ve already spent yet another 16 hours puzzled over the very item of discussion. Rest assured you’re NOT alone!
-S |
|
| Back to top |
|
| |
External
Since: May 28, 2007
Posts: 2
|
(Msg. 36) Posted: Tue May 29, 2007 6:33 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Is this topic still open? |
|
| Back to top |
|
| |
External
Since: Mar 06, 2005
Posts: 825
|
(Msg. 37) Posted: Mon Jun 18, 2007 12:12 pm
Post subject: Re: HELP! Terminal Service Trojan?? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Tue, 29 May 2007 18:33:40 -0500,
"Steve"<goingcrazy.DeleteThis@phastlinknospam.com> wrote:
>Is this topic still open?
Yep 
>--------------- ---- --- -- - - - -
I'm baaaack!
>--------------- ---- --- -- - - - - |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum
|
|
|
|
|
|
|
Home
FAQ
Search
Profile
Private Messages
Log in/Register/Password
Microsoft Windows XP