Shoutbox

After helping out Paul Frome (Idium) with this virus (i've send him an e-mail with links to instructions), he decided to make a small txt file you can send to your contacts who got infected. It seems to be spreading fast as he already helped out 8 people with this aswell.

I attached the txt file here for your use.


Edit: attached new version, corrected by CookieRevised

i thought that a txt file would help ppl out so they can have a set of insrtructions which can be sent to anyone who was infected.

Is this a virus that connects to a botnet?

If it is, then can't someone find out what channel all these viruses are connecting to, find out the password of the virus, and then tell all the bots to download a tool that will uninstall the virus.

possably but i dont think this is one

Um thats all well and good but you don't need to download process explorer, just use ctrl+alt+del...

quote:

---

Originally posted by saralk
Is this a virus that connects to a botnet?

If it is, then can't someone find out what channel all these viruses are connecting to, find out the password of the virus, and then tell all the bots to download a tool that will uninstall the virus.

---

No, and no.

Botnets have far better protection from outsiders than that.

First the channel is set +u (if the IRCd is UnrealIRCd) so that anyone who isn't an op (all the bots, and you if you joined the channel) can only see ops in the channel. If you joined the botnet channel you'd only see people who were op, and that'd be only a couple of people.

Then there's a password to login to the bots, that is easily found if you have the trojan's exe, but it is almost useless in a case like this because the bots will only allow people with a certain hostmask to login.

A hostmask is something like this:

myles@dsl181-113-076.dfw1.dsl.speakeasy.net

That's ident@hostname and hostname is something your ISP will give you. The problem is, since the bot owners own the server and are administrators of the IRC server, they can set their hostname to be anything they want. Usually it's something stupid like fbi.gov, something no one could get.

So no, it's not that easy...

ShawnZ: Windows' task manager won't give you any clue which csrss.exe is the trojan one.

quote:

---

Originally posted by ShawnZ
Um thats all well and good but you don't need to download process explorer, just use ctrl+alt+del...

---

yes you do....

Windows Task/Process Manager refuses to kill "csrss.exe" as it could think it is a system process... Also, not all Windows versions offer a process killing ability like in XP...

Everything written in the "uninstall guide" (every word and sentence) and also the order it has been written in, is important and have underlying meanings and purposes...

quote:

---

Originally posted by Sunshine
After helping out Paul Frome (Idium) with this virus (i've send him an e-mail with links to instructions), he decided to make a small txt file you can send to your contacts who got infected.

---

I liked this idea, but i don't like reading .txt files, so i made an HTML version, it's not that much bigger.

thanx cookie for correctin my write-up. ive got the new one now

as a note is there any way someone could make a removal tool, since contacts i give instructions to seem to be struggling