What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Block-Checker

Pages: (7): « First « 1 2 3 4 [ 5 ] 6 7 » Last »
Block-Checker
Author: Message:
Sunshine
Elite Member
*****

Avatar

Posts: 5142
Reputation: 122
– / Female / Flag
Joined: Mar 2004
Status: Away
RE: Block-Checker
After helping out Paul Frome (Idium) with this virus (i've send him an e-mail with links to instructions), he decided to make a small txt file you can send to your contacts who got infected. It seems to be spreading fast as he already helped out 8 people with this aswell.

I attached the txt file here for your use.


Edit: attached new version, corrected by CookieRevised

.txt File Attachment: How to remove Block-checker Malware.txt (3.73 KB)
This file has been downloaded 521 time(s).

This post was edited on 08-25-2005 at 08:56 PM by Sunshine.
[Image: 25dr3o9]
08-24-2005 10:12 AM
Profile E-Mail PM Web Find Quote Report
Idium
Junior Member
**

Avatar
MPSounds.net

Posts: 72
41 / Male / –
Joined: Aug 2005
RE: Block-Checker
i thought that a txt file would help ppl out so they can have a set of insrtructions which can be sent to anyone who was infected.
08-24-2005 10:34 AM
Profile E-Mail PM Find Quote Report
saralk
Veteran Member
*****

Avatar

Posts: 2598
Reputation: 38
34 / Male / Flag
Joined: Feb 2003
RE: Block-Checker
Is this a virus that connects to a botnet?

If it is, then can't someone find out what channel all these viruses are connecting to, find out the password of the virus, and then tell all the bots to download a tool that will uninstall the virus.
The Artist Formerly Known As saralk
London · New York · Paris
Est. 1989
08-24-2005 10:47 AM
Profile PM Find Quote Report
Idium
Junior Member
**

Avatar
MPSounds.net

Posts: 72
41 / Male / –
Joined: Aug 2005
RE: Block-Checker
possably but i dont think this is one
Proud Member of the Linkin Park Underground Join the LPU

MP!L & WLM = go together like WKD and beer

[Image: userbar397951ze.gif]
08-24-2005 02:15 PM
Profile E-Mail PM Find Quote Report
ShawnZ
Veteran Member
*****

Avatar

Posts: 3146
Reputation: 43
31 / Male / Flag
Joined: Jan 2003
RE: Block-Checker
Um thats all well and good but you don't need to download process explorer, just use ctrl+alt+del...
Spoiler:
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
08-24-2005 02:29 PM
Profile PM Web Find Quote Report
segosa
Community's Choice
*****


Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: RE: Block-Checker
quote:
Originally posted by saralk
Is this a virus that connects to a botnet?

If it is, then can't someone find out what channel all these viruses are connecting to, find out the password of the virus, and then tell all the bots to download a tool that will uninstall the virus.


No, and no.

Botnets have far better protection from outsiders than that.

First the channel is set +u (if the IRCd is UnrealIRCd) so that anyone who isn't an op (all the bots, and you if you joined the channel) can only see ops in the channel. If you joined the botnet channel you'd only see people who were op, and that'd be only a couple of people.

Then there's a password to login to the bots, that is easily found if you have the trojan's exe, but it is almost useless in a case like this because the bots will only allow people with a certain hostmask to login.

A hostmask is something like this:

myles@dsl181-113-076.dfw1.dsl.speakeasy.net

That's ident@hostname and hostname is something your ISP will give you. The problem is, since the bot owners own the server and are administrators of the IRC server, they can set their hostname to be anything they want. Usually it's something stupid like fbi.gov, something no one could get.

So no, it's not that easy...

ShawnZ: Windows' task manager won't give you any clue which csrss.exe is the trojan one.

This post was edited on 08-24-2005 at 02:51 PM by segosa.
The previous sentence is false. The following sentence is true.
08-24-2005 02:50 PM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15519
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Block-Checker
quote:
Originally posted by ShawnZ
Um thats all well and good but you don't need to download process explorer, just use ctrl+alt+del...
yes you do....

Windows Task/Process Manager refuses to kill "csrss.exe" as it could think it is a system process... Also, not all Windows versions offer a process killing ability like in XP...

Everything written in the "uninstall guide" (every word and sentence) and also the order it has been written in, is important and have underlying meanings and purposes...

This post was edited on 08-25-2005 at 04:44 AM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
08-24-2005 03:34 PM
Profile PM Find Quote Report
Fergy
Full Member
***

Avatar

Posts: 164
Reputation: 7
35 / Male / Flag
Joined: Nov 2004
RE: Block-Checker
quote:
Originally posted by Sunshine
After helping out Paul Frome (Idium) with this virus (i've send him an e-mail with links to instructions), he decided to make a small txt file you can send to your contacts who got infected.

I liked this idea, but i don't like reading .txt files, so i made an HTML version, it's not that much bigger.

.htm File Attachment: How to remove the Block Checker malware correctly.htm (5.03 KB)
This file has been downloaded 327 time(s).

This post was edited on 08-25-2005 at 04:28 AM by Fergy.
I should change my sig ay?
08-24-2005 04:34 PM
Profile E-Mail PM Find Quote Report
Idium
Junior Member
**

Avatar
MPSounds.net

Posts: 72
41 / Male / –
Joined: Aug 2005
RE: Block-Checker
thanx cookie for correctin my write-up. ive got the new one now
Proud Member of the Linkin Park Underground Join the LPU

MP!L & WLM = go together like WKD and beer

[Image: userbar397951ze.gif]
08-24-2005 05:50 PM
Profile E-Mail PM Find Quote Report
kipper2258
Junior Member
**

Avatar

Posts: 96
Reputation: 6
Joined: Aug 2005
RE: Block-Checker
as a note is there any way someone could make a removal tool, since contacts i give instructions to seem to be struggling
[Image: w2m/]
Yeah - Im a kipper - A salted fish...
The fish inside me's Blog.

World domination!
08-24-2005 09:35 PM
Profile E-Mail PM Find Quote Report
Pages: (7): « First « 1 2 3 4 [ 5 ] 6 7 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On