Forum Overview :: Tansin A. Darcos's Alter Ego
 
Examining a trojan/virus on my computer by Commander Tansin A. Darcos 03/11/2018, 12:50pm PDT
I decided to try getting (what I would suspect would be) a computer virus just to get a look at one. I picked the most likely potential source: a crack program (claiming) to generate the serial number for a software program.

First thing I did was download a disk imaging program. I had it create an emergency boot disk for Windows and I burned that to flash media as a bootable object. Second, I imaged my current drive on that computer. It uses about 30 GB of about 200 available and takes about am hour-and-a-half. I had it store this image on a portable drive, a 3TB WD My Book, a USB 3 external drive.

Having done that I tried running the cracker. It pretended to die without doing anything. But it was busy. Watching from Task Manager it was starting extra processes to tie up system resources. So I rebooted the machine. As I expected, it had placed itself - probably through the Run key in the registry - was spawning processes, connecting to websites and other things. Finally it gets to the point where it keeps restarting the side process so often you can't kill them - essentially the equivalent of a fork bomb - it brings up either a window or a web page,informing you that it has detected that your computer has been infected with a virus, and that the people who put it in have stolen your banking information, collected your credit card information, sent out spam emails and other things, and that you should not do anything except call a toll-free number shown below so they can assist me.

Yeah, assist me in taking money out of my account. So anyway, I shut down the runaway computer, insert the USB media, connect the external hard drive, start it and bring up boot menu, selecting the USB jump-drive equivalent a 16-gb cartridge in an adapter. It starts up the emergency disk and allows me to do a restore. It works, so I switch over to this computer - I'm not stupid, I'm not going to pull a stunt like that on my primary computer, and discover it restored the partition much faster than it saved it, about 1/2 hour.

It's completely back to the state it was before I let the virus loose on it. This was actually kind of fun. And has given me some ideas.
NEXT REPLY QUOTE
 
Examining a trojan/virus on my computer by Commander Tansin A. Darcos 03/11/2018, 12:50pm PDT NEW
    Dude. by Ice Cream Jonsey 03/11/2018, 1:20pm PDT NEW
        Re: Dude. by Commander Tansin A. Darcos 03/14/2018, 7:20pm PDT NEW
    Imagine getting the credentials of Tdarcos by Kirahu Nagasawa 03/11/2018, 1:21pm PDT NEW
        Re: Imagine getting the credentials of Tdarcos by well worth it 03/12/2018, 6:58am PDT NEW
    Foolish by Orange Devil Bat 03/19/2018, 7:21am PDT NEW
        Re: Foolish by Ice Cream Jonsey 03/19/2018, 9:20am PDT NEW
            Re: Foolish by Orange Devil Bat 03/21/2018, 7:39am PDT NEW
            Re: Foolish by Commander Tansin A. Darcos 05/16/2018, 6:29pm PDT NEW
                Re: Foolish (follow up) by Commander Tansin A. Darcos 05/16/2018, 6:36pm PDT NEW
        Turn off SMB 1.0 at least by laudablepuss 03/19/2018, 3:23pm PDT NEW
            Nonsense. You can't get hacked if you're running Super Mario Brothers. by blackwater 03/19/2018, 9:39pm PDT NEW
 
powered by pointy