Infected :(

Anyone know about the resycled/boot.com trojan? I executed a supposed-
to-be-keygen in non-admin account, then the trojan was activated. It
managed to hook into spoolsv.exe (Printer Service) and began creating
[All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
if they're deleted.

This is what I have found [url]http://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-322ab2e8cff5[/url]
but it doesn't say how the trojan can install itself without
administrator permission, and the temp files it mentions don't exist
in my system!

Now I have removed all these autorun crap and process explorer cannot
find anything weird, including c:\windows\system32\dll.dll (which is
just gone - I didn't kill it)

I'll reboot to check again. It's really weird......

rebooted, everything clean. But the trojan disappeared without me
removing it, something must be wrong......

On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:
[color=blue]
> rebooted, everything clean. But the trojan disappeared without me
> removing it, something must be wrong......[/color]

Make certain you have "System Restore" turned off or it will hide in there
and come back to haunt you....
--
Moshe Goldfarb
Collector of soaps from around the globe.
Please visit The Hall of Linux Idiots:
[url]http://linuxidiots.blogspot.com/[/url]
Please Visit [url]www.linsux.org[/url]

Moshe Goldfarb. wrote:[color=blue]
> On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:
>[color=green]
> > rebooted, everything clean. But the trojan disappeared without me
> > removing it, something must be wrong......[/color]
>
> Make certain you have "System Restore" turned off or it will hide in there
> and come back to haunt you....[/color]

It's off, but I'm wondering how it can infect without uisng some admin
account? Most trojans I have seen cannot do that and if they do it'd a
big security hole...... They can put files but there is no way to
modify system registry and hook up themselves..

AqD "contributed" in alt.os.windows-xp:
[color=blue]
> Anyone know about the resycled/boot.com trojan? I executed a supposed-
> to-be-keygen in non-admin account, then the trojan was activated. It
> managed to hook into spoolsv.exe (Printer Service) and began creating
> [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
> if they're deleted.
>
> This is what I have found
> [url]http://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-322[/url]
> ab2e8cff5 but it doesn't say how the trojan can install itself without
> administrator permission, and the temp files it mentions don't exist
> in my system!
>
> Now I have removed all these autorun crap and process explorer cannot
> find anything weird, including c:\windows\system32\dll.dll (which is
> just gone - I didn't kill it)
>
> I'll reboot to check again. It's really weird......[/color]

I thought you were running some Linux flavour? And Linux cannot be
infected, right? So after all, you switched back to Windoze because Linux
was too difficult for you?
BWAHAHAHAHAHAHAHAHAAA!!!! You little yellow cunt.

--
<snip>

On Sep 27, 3:34*am, AqD <aquila.d...@gmail.com> wrote:[color=blue]
> Anyone know about the resycled/boot.com trojan? I executed a supposed-
> to-be-keygen in non-admin account, then the trojan was activated. It
> managed to hook into spoolsv.exe (Printer Service) and began creating
> [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
> if they're deleted.
>
> This is what I have foundhttp://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-3...
> but it doesn't say how the trojan can install itself without
> administrator permission, and the temp files it mentions don't exist
> in my system!
>
> Now I have removed all these autorun crap and process explorer cannot
> find anything weird, including c:\windows\system32\dll.dll (which is
> just gone - I didn't kill it)
>
> I'll reboot to check again. It's really weird......[/color]

Funny, I don't have trouble with trojans on my Linux machines----or on
my Mac either. Seems that only Windows gets them.

<nessuno@wigner.berkeley.edu> schreef in bericht
news:93be1027-72fd-4203-be92-7268ee215119@a19g2000pra.googlegroups.com...
On Sep 27, 3:34 am, AqD <aquila.d...@gmail.com> wrote:[color=blue]
> Anyone know about the resycled/boot.com trojan? I executed a supposed-
> to-be-keygen in non-admin account, then the trojan was activated. It
> managed to hook into spoolsv.exe (Printer Service) and began creating
> [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
> if they're deleted.
>
> This is what I have
> foundhttp://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-3...
> but it doesn't say how the trojan can install itself without
> administrator permission, and the temp files it mentions don't exist
> in my system!
>
> Now I have removed all these autorun crap and process explorer cannot
> find anything weird, including c:\windows\system32\dll.dll (which is
> just gone - I didn't kill it)
>
> I'll reboot to check again. It's really weird......[/color]
[color=blue]
> Funny, I <bitchslap>[/color]

[url]http://www.wired.com/politics/security/news/2007/11/mac_trojan[/url]
[url]http://www.symantec.com/security_response/writeup.jsp?docid=2003-062018-4739-99[/url]
Your such a moron, Mr. Robert Littlejohn.
[color=blue]
> don't have trouble with trojans on my Linux machines----or on
> my Mac either. Seems that only Windows gets them.[/color]

"AqD" <aquila.deus@gmail.com> schreef in bericht
news:a2772dc9-4310-440f-bcf7-e8409450bb4f@z72g2000hsb.googlegroups.com...[color=blue]
> Moshe Goldfarb. wrote:[color=green]
>> On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:
>>[color=darkred]
>> > rebooted, everything clean. But the trojan disappeared without me
>> > removing it, something must be wrong......[/color]
>>
>> Make certain you have "System Restore" turned off or it will hide in
>> there
>> and come back to haunt you....[/color]
>
> It's off, but I'm wondering how it can infect without uisng some admin
> account? Most trojans I have seen cannot do that and if they do it'd a
> big security hole...... They can put files but there is no way to
> modify system registry and hook up themselves..[/color]


Install linux and your fine!
Windows is much too complex for you!
--
Clogwog, resident yap-yap dog of alt.os.windows-xp & alt.os.windows-vista
[url]http://www.angelfire.com/psy/doctorbill/yap-yap_dog.jpg[/url]

Appil Corporation asstroturfing fraudster pounding the sock Moshe Goldfarb
wrote on behalf of Half Wits from Appil Corporation Department of Marketing:
[color=blue]
> On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:[/color]
[color=blue]
>[color=green]
>> rebooted, everything clean. But the trojan disappeared without me
>> removing it, something must be wrong......[/color]
>
> Make certain you have "System Restore" turned off or it will hide in there
> and come back to haunt you....[/color]


Really? You never told us before how bad micoshaft OSen is beforehand!

I'm going back to DOSEMU and WINE under Linux. Sounds a lot safer
developer environment.

AqD wrote:
[color=blue]
> It's off, but I'm wondering how it can infect without uisng some admin
> account? Most trojans I have seen cannot do that and if they do it'd a
> big security hole...... They can put files but there is no way to
> modify system registry and hook up themselves..[/color]

This is a Linux group and you're off topic.

--
Regards,
[tv]

....*/ --Tribble with a lightsaber

Owner/Proprietor, Cheesus Crust Pizza Company
Good to the last supper

On Sep 27, 5:05*pm, Tattoo Vampire <sitt...@this.computer> wrote:[color=blue]
> AqD wrote:[color=green]
> > It's off, but I'm wondering how it can infect without uisng some admin
> > account? Most trojans I have seen cannot do that and if they do it'd a
> > big security hole...... They can put files but there is no way to
> > modify system registry and hook up themselves..[/color]
>
> This is a Linux group and you're off topic.[/color]

Hey, it's yet another brilliant example of Windows "Security". :-D

Great argument for switching to Linux.

On Sep 27, 10:21*am, "Clogwog" <BWAHAHAH...@BWAHAHAHAAA.LOL> wrote:[color=blue]
> <ness...@wigner.berkeley.edu> schreef in berichtnews:93be1027-72fd-4203-be92-7268ee215119@a19g2000pra.googlegroups.com...
> On Sep 27, 3:34 am, AqD <aquila.d...@gmail.com> wrote:
>
>
>[color=green]
> > Anyone know about the resycled/boot.com trojan? I executed a supposed-
> > to-be-keygen in non-admin account, then the trojan was activated. It
> > managed to hook into spoolsv.exe (Printer Service) and began creating
> > [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
> > if they're deleted.[/color]
>[color=green]
> > This is what I have
> > foundhttp://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-3...
> > but it doesn't say how the trojan can install itself without
> > administrator permission, and the temp files it mentions don't exist
> > in my system![/color]
>[color=green]
> > Now I have removed all these autorun crap and process explorer cannot
> > find anything weird, including c:\windows\system32\dll.dll (which is
> > just gone - I didn't kill it)[/color]
>[color=green]
> > I'll reboot to check again. It's really weird......
> > Funny, I <bitchslap>[/color]
>
> [url]http://www.wired.com/politics/security/news/2007/11/mac_trojan[/url][/color]
[color=blue]
> [url]http://www.symantec.com/security_response/writeup.jsp?docid=2003-0620[/url]....[/color]
<quote>
Threat Assessment
Wild

* Wild Level: Low
* Number of Infections: 0 - 49
* Number of Sites: 0 - 2
* Geographical Distribution: Low
* Threat Containment: Easy
* Removal: Easy
</quote>
[color=blue]
> Your such a moron, Mr. Robert Littlejohn.[/color]

You should READ your citations a bit more carefully.

Grand total of LESS than 49 infections, on less than 2 sites.
And this is your "proof" that Linux is as vulnerable to Trojans and
Malware as Microsoft?

Appearantly, to be infected, you have to pretty much deliberately run
the installer as root to actually do damage (to send the huge TCP
packets to ports below 1000).

Compared to the 250,000 known viruses that infect about 800 million
Windows computers every year, that have cost $trillions in damages,
including people working unpaid overtime to compensate for work lost
due to Windows failures, and the best you can do is a come up with a
trojan that requires a special setup and configuration just to
demonstrate.

You're just a regular GENIUS.

Please, feel free to post to this group as often as you like,
especially with brilliant observations like that.

Rex Ballard

[color=blue][color=green]
> > don't have trouble with trojans on my Linux machines----or on
> > my Mac either. *Seems that only Windows gets them.[/color][/color]

"Tattoo Vampire" <sitting@this.computer> schreef in bericht
news:gcndnugct4xi$.dlg@this.domain.or.that...[color=blue]
> AqD wrote:
>[color=green]
>> It's off, but I'm wondering how it can infect without uisng some admin
>> account? Most trojans I have seen cannot do that and if they do it'd a
>> big security hole...... They can put files but there is no way to
>> modify system registry and hook up themselves..[/color]
>
> This is a Linux group and you're off topic.[/color]

So you will never post something about windows again in cola, you hypocrite?
And your going to tell Roy, HPT, Marti, Mark Kent, Liarnut, P.I.K. (Peter
Idiot Kohlmann), 7, a.s.o., that they are off topic when they are ranting
windows?
lol , let's wait and see!

On Sep 28, 4:43*am, 7 <website_has_em...@www.enemygadgets.com> wrote:[color=blue]
> Appil Corporation asstroturfing fraudster pounding the sock Moshe Goldfarb
> wrote on behalf of Half Wits from Appil Corporation Department of Marketing:
>[color=green]
> > On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:[/color]
>[color=green][color=darkred]
> >> rebooted, everything clean. But the trojan disappeared without me
> >> removing it, something must be wrong......[/color][/color]
>[color=green]
> > Make certain you have "System Restore" turned off or it will hide in there
> > and come back to haunt you....[/color]
>
> Really? You never told us before how bad micoshaft OSen is beforehand!
>
> I'm going back to DOSEMU and WINE under Linux. Sounds a lot safer
> developer environment.[/color]

I agree, but what can you do with it, if you dont have a real windows
or virtual machine to run one? I used to run windos on vmware, but I
finally figured my linux is nearly useless for my daily stuff - I
can't run vs.net, or sql server, or iis/asp, or stock analysis apps/
platforms I need. But if I change to windows, I could have all the
crapwares I have to use, // PLUS EVERYTHING YOU HAVE ON LINUX //, too.

After takin' a swig o' grog, AqD belched out
this bit o' wisdom:
[color=blue]
> On Sep 28, 4:43*am, 7 <website_has_em...@www.enemygadgets.com> wrote:[color=green]
>> Appil Corporation asstroturfing fraudster pounding the sock Moshe Goldfarb
>> wrote on behalf of Half Wits from Appil Corporation Department of Marketing:
>>[color=darkred]
>> > On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:[/color]
>>[color=darkred]
>> >> rebooted, everything clean. But the trojan disappeared without me
>> >> removing it, something must be wrong......[/color]
>>[color=darkred]
>> > Make certain you have "System Restore" turned off or it will hide in there
>> > and come back to haunt you....[/color]
>>
>> Really? You never told us before how bad micoshaft OSen is beforehand!
>>
>> I'm going back to DOSEMU and WINE under Linux. Sounds a lot safer
>> developer environment.[/color]
>
> I agree, but what can you do with it, if you dont have a real windows
> or virtual machine to run one? I used to run windos on vmware, but I
> finally figured my linux is nearly useless for my daily stuff - I
> can't run vs.net, or sql server, or iis/asp, or stock analysis apps/
> platforms I need. But if I change to windows, I could have all the
> crapwares I have to use, // PLUS EVERYTHING YOU HAVE ON LINUX //, too.[/color]

At least we don't have the malware that Infected :( you! :)

And, although the overlap in functionality is high, the relative
freedom, flexibility, and speed of Linux makes me prefer it, by a large
margin. Windows is confining.

--
"We scientists, whose tragic destiny it has been to make the methods of
annihilation ever more gruesome and more effective, must consider it our solemn
and transcendent duty to do all in our power in preventing these weapons from
being used for the brutal purpose for which they were invented."
-- Albert Einstein, Bulletin of Atomic Scientists, September 1948