Infected :( - Linux

This is a discussion on Infected :( - Linux ; Anyone know about the resycled/boot.com trojan? I executed a supposed- to-be-keygen in non-admin account, then the trojan was activated. It managed to hook into spoolsv.exe (Printer Service) and began creating [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them if they're deleted. ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: Infected :(

  1. Infected :(

    Anyone know about the resycled/boot.com trojan? I executed a supposed-
    to-be-keygen in non-admin account, then the trojan was activated. It
    managed to hook into spoolsv.exe (Printer Service) and began creating
    [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
    if they're deleted.

    This is what I have found http://www.threatexpert.com/report.a...e-322ab2e8cff5
    but it doesn't say how the trojan can install itself without
    administrator permission, and the temp files it mentions don't exist
    in my system!

    Now I have removed all these autorun crap and process explorer cannot
    find anything weird, including c:\windows\system32\dll.dll (which is
    just gone - I didn't kill it)

    I'll reboot to check again. It's really weird......

  2. Re: Infected :(

    rebooted, everything clean. But the trojan disappeared without me
    removing it, something must be wrong......

  3. Re: Infected :(

    On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:

    > rebooted, everything clean. But the trojan disappeared without me
    > removing it, something must be wrong......


    Make certain you have "System Restore" turned off or it will hide in there
    and come back to haunt you....
    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/
    Please Visit www.linsux.org

  4. Re: Infected :(

    Moshe Goldfarb. wrote:
    > On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:
    >
    > > rebooted, everything clean. But the trojan disappeared without me
    > > removing it, something must be wrong......

    >
    > Make certain you have "System Restore" turned off or it will hide in there
    > and come back to haunt you....


    It's off, but I'm wondering how it can infect without uisng some admin
    account? Most trojans I have seen cannot do that and if they do it'd a
    big security hole...... They can put files but there is no way to
    modify system registry and hook up themselves..

  5. Re: Infected :(

    AqD "contributed" in alt.os.windows-xp:

    > Anyone know about the resycled/boot.com trojan? I executed a supposed-
    > to-be-keygen in non-admin account, then the trojan was activated. It
    > managed to hook into spoolsv.exe (Printer Service) and began creating
    > [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
    > if they're deleted.
    >
    > This is what I have found
    > http://www.threatexpert.com/report.a...-4b16-bbce-322
    > ab2e8cff5 but it doesn't say how the trojan can install itself without
    > administrator permission, and the temp files it mentions don't exist
    > in my system!
    >
    > Now I have removed all these autorun crap and process explorer cannot
    > find anything weird, including c:\windows\system32\dll.dll (which is
    > just gone - I didn't kill it)
    >
    > I'll reboot to check again. It's really weird......


    I thought you were running some Linux flavour? And Linux cannot be
    infected, right? So after all, you switched back to Windoze because Linux
    was too difficult for you?
    BWAHAHAHAHAHAHAHAHAAA!!!! You little yellow cunt.

    --







  6. Re: Infected :(

    On Sep 27, 3:34*am, AqD wrote:
    > Anyone know about the resycled/boot.com trojan? I executed a supposed-
    > to-be-keygen in non-admin account, then the trojan was activated. It
    > managed to hook into spoolsv.exe (Printer Service) and began creating
    > [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
    > if they're deleted.
    >
    > This is what I have foundhttp://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-3...
    > but it doesn't say how the trojan can install itself without
    > administrator permission, and the temp files it mentions don't exist
    > in my system!
    >
    > Now I have removed all these autorun crap and process explorer cannot
    > find anything weird, including c:\windows\system32\dll.dll (which is
    > just gone - I didn't kill it)
    >
    > I'll reboot to check again. It's really weird......


    Funny, I don't have trouble with trojans on my Linux machines----or on
    my Mac either. Seems that only Windows gets them.

  7. Re: Infected :(

    schreef in bericht
    news:93be1027-72fd-4203-be92-7268ee215119@a19g2000pra.googlegroups.com...
    On Sep 27, 3:34 am, AqD wrote:
    > Anyone know about the resycled/boot.com trojan? I executed a supposed-
    > to-be-keygen in non-admin account, then the trojan was activated. It
    > managed to hook into spoolsv.exe (Printer Service) and began creating
    > [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
    > if they're deleted.
    >
    > This is what I have
    > foundhttp://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-3...
    > but it doesn't say how the trojan can install itself without
    > administrator permission, and the temp files it mentions don't exist
    > in my system!
    >
    > Now I have removed all these autorun crap and process explorer cannot
    > find anything weird, including c:\windows\system32\dll.dll (which is
    > just gone - I didn't kill it)
    >
    > I'll reboot to check again. It's really weird......


    > Funny, I


    http://www.wired.com/politics/securi.../11/mac_trojan
    http://www.symantec.com/security_res...062018-4739-99
    Your such a moron, Mr. Robert Littlejohn.

    > don't have trouble with trojans on my Linux machines----or on
    > my Mac either. Seems that only Windows gets them.











  8. Re: Infected :(

    "AqD" schreef in bericht
    news:a2772dc9-4310-440f-bcf7-e8409450bb4f@z72g2000hsb.googlegroups.com...
    > Moshe Goldfarb. wrote:
    >> On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:
    >>
    >> > rebooted, everything clean. But the trojan disappeared without me
    >> > removing it, something must be wrong......

    >>
    >> Make certain you have "System Restore" turned off or it will hide in
    >> there
    >> and come back to haunt you....

    >
    > It's off, but I'm wondering how it can infect without uisng some admin
    > account? Most trojans I have seen cannot do that and if they do it'd a
    > big security hole...... They can put files but there is no way to
    > modify system registry and hook up themselves..



    Install linux and your fine!
    Windows is much too complex for you!
    --
    Clogwog, resident yap-yap dog of alt.os.windows-xp & alt.os.windows-vista
    http://www.angelfire.com/psy/doctorbill/yap-yap_dog.jpg






  9. Re: Infected :(

    Appil Corporation asstroturfing fraudster pounding the sock Moshe Goldfarb
    wrote on behalf of Half Wits from Appil Corporation Department of Marketing:

    > On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:


    >
    >> rebooted, everything clean. But the trojan disappeared without me
    >> removing it, something must be wrong......

    >
    > Make certain you have "System Restore" turned off or it will hide in there
    > and come back to haunt you....



    Really? You never told us before how bad micoshaft OSen is beforehand!

    I'm going back to DOSEMU and WINE under Linux. Sounds a lot safer
    developer environment.

  10. Re: Infected :(

    AqD wrote:

    > It's off, but I'm wondering how it can infect without uisng some admin
    > account? Most trojans I have seen cannot do that and if they do it'd a
    > big security hole...... They can put files but there is no way to
    > modify system registry and hook up themselves..


    This is a Linux group and you're off topic.

    --
    Regards,
    [tv]

    ....*/ --Tribble with a lightsaber

    Owner/Proprietor, Cheesus Crust Pizza Company
    Good to the last supper

  11. Re: Infected :(

    On Sep 27, 5:05*pm, Tattoo Vampire wrote:
    > AqD wrote:
    > > It's off, but I'm wondering how it can infect without uisng some admin
    > > account? Most trojans I have seen cannot do that and if they do it'd a
    > > big security hole...... They can put files but there is no way to
    > > modify system registry and hook up themselves..

    >
    > This is a Linux group and you're off topic.


    Hey, it's yet another brilliant example of Windows "Security". :-D

    Great argument for switching to Linux.


  12. Re: Infected :(

    On Sep 27, 10:21*am, "Clogwog" wrote:
    > schreef in berichtnews:93be1027-72fd-4203-be92-7268ee215119@a19g2000pra.googlegroups.com...
    > On Sep 27, 3:34 am, AqD wrote:
    >
    >
    >
    > > Anyone know about the resycled/boot.com trojan? I executed a supposed-
    > > to-be-keygen in non-admin account, then the trojan was activated. It
    > > managed to hook into spoolsv.exe (Printer Service) and began creating
    > > [All Drivers]\resycled\boot.com and autorun.inf, and re-creating them
    > > if they're deleted.

    >
    > > This is what I have
    > > foundhttp://www.threatexpert.com/report.aspx?uid=c5b35a59-9fe0-4b16-bbce-3...
    > > but it doesn't say how the trojan can install itself without
    > > administrator permission, and the temp files it mentions don't exist
    > > in my system!

    >
    > > Now I have removed all these autorun crap and process explorer cannot
    > > find anything weird, including c:\windows\system32\dll.dll (which is
    > > just gone - I didn't kill it)

    >
    > > I'll reboot to check again. It's really weird......
    > > Funny, I

    >
    > http://www.wired.com/politics/securi.../11/mac_trojan


    > http://www.symantec.com/security_res...ocid=2003-0620....


    Threat Assessment
    Wild

    * Wild Level: Low
    * Number of Infections: 0 - 49
    * Number of Sites: 0 - 2
    * Geographical Distribution: Low
    * Threat Containment: Easy
    * Removal: Easy


    > Your such a moron, Mr. Robert Littlejohn.


    You should READ your citations a bit more carefully.

    Grand total of LESS than 49 infections, on less than 2 sites.
    And this is your "proof" that Linux is as vulnerable to Trojans and
    Malware as Microsoft?

    Appearantly, to be infected, you have to pretty much deliberately run
    the installer as root to actually do damage (to send the huge TCP
    packets to ports below 1000).

    Compared to the 250,000 known viruses that infect about 800 million
    Windows computers every year, that have cost $trillions in damages,
    including people working unpaid overtime to compensate for work lost
    due to Windows failures, and the best you can do is a come up with a
    trojan that requires a special setup and configuration just to
    demonstrate.

    You're just a regular GENIUS.

    Please, feel free to post to this group as often as you like,
    especially with brilliant observations like that.

    Rex Ballard


    > > don't have trouble with trojans on my Linux machines----or on
    > > my Mac either. *Seems that only Windows gets them.





  13. Re: Infected :(

    "Tattoo Vampire" schreef in bericht
    news:gcndnugct4xi$.dlg@this.domain.or.that...
    > AqD wrote:
    >
    >> It's off, but I'm wondering how it can infect without uisng some admin
    >> account? Most trojans I have seen cannot do that and if they do it'd a
    >> big security hole...... They can put files but there is no way to
    >> modify system registry and hook up themselves..

    >
    > This is a Linux group and you're off topic.


    So you will never post something about windows again in cola, you hypocrite?
    And your going to tell Roy, HPT, Marti, Mark Kent, Liarnut, P.I.K. (Peter
    Idiot Kohlmann), 7, a.s.o., that they are off topic when they are ranting
    windows?
    lol , let's wait and see!


  14. Re: Infected :(

    On Sep 28, 4:43*am, 7 wrote:
    > Appil Corporation asstroturfing fraudster pounding the sock Moshe Goldfarb
    > wrote on behalf of Half Wits from Appil Corporation Department of Marketing:
    >
    > > On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:

    >
    > >> rebooted, everything clean. But the trojan disappeared without me
    > >> removing it, something must be wrong......

    >
    > > Make certain you have "System Restore" turned off or it will hide in there
    > > and come back to haunt you....

    >
    > Really? You never told us before how bad micoshaft OSen is beforehand!
    >
    > I'm going back to DOSEMU and WINE under Linux. Sounds a lot safer
    > developer environment.


    I agree, but what can you do with it, if you dont have a real windows
    or virtual machine to run one? I used to run windos on vmware, but I
    finally figured my linux is nearly useless for my daily stuff - I
    can't run vs.net, or sql server, or iis/asp, or stock analysis apps/
    platforms I need. But if I change to windows, I could have all the
    crapwares I have to use, // PLUS EVERYTHING YOU HAVE ON LINUX //, too.

  15. Re: Infected :(

    After takin' a swig o' grog, AqD belched out
    this bit o' wisdom:

    > On Sep 28, 4:43*am, 7 wrote:
    >> Appil Corporation asstroturfing fraudster pounding the sock Moshe Goldfarb
    >> wrote on behalf of Half Wits from Appil Corporation Department of Marketing:
    >>
    >> > On Sat, 27 Sep 2008 03:45:34 -0700 (PDT), AqD wrote:

    >>
    >> >> rebooted, everything clean. But the trojan disappeared without me
    >> >> removing it, something must be wrong......

    >>
    >> > Make certain you have "System Restore" turned off or it will hide in there
    >> > and come back to haunt you....

    >>
    >> Really? You never told us before how bad micoshaft OSen is beforehand!
    >>
    >> I'm going back to DOSEMU and WINE under Linux. Sounds a lot safer
    >> developer environment.

    >
    > I agree, but what can you do with it, if you dont have a real windows
    > or virtual machine to run one? I used to run windos on vmware, but I
    > finally figured my linux is nearly useless for my daily stuff - I
    > can't run vs.net, or sql server, or iis/asp, or stock analysis apps/
    > platforms I need. But if I change to windows, I could have all the
    > crapwares I have to use, // PLUS EVERYTHING YOU HAVE ON LINUX //, too.


    At least we don't have the malware that Infected you!

    And, although the overlap in functionality is high, the relative
    freedom, flexibility, and speed of Linux makes me prefer it, by a large
    margin. Windows is confining.

    --
    "We scientists, whose tragic destiny it has been to make the methods of
    annihilation ever more gruesome and more effective, must consider it our solemn
    and transcendent duty to do all in our power in preventing these weapons from
    being used for the brutal purpose for which they were invented."
    -- Albert Einstein, Bulletin of Atomic Scientists, September 1948

+ Reply to Thread