Wednesday, February 02, 2005

Portaboat

I just got hit by the same virus that crippled my computer during the DVID assignment.
I assumed one of my files was trojanised. And in fact it was. While doing a scan i found out that a few of my other files were infected with a different virus, and they weren't official files if you get what i mean. Bastards, I say. This virus that i got hit with is totally unautomated till you click it. The cheeky bastard works in the background under the process of the executable file so slightly advanced WINDOWS users would be none the wiser. Then the moment you shutdown your computer, your dead in the water. This sneaky little thing logs you off the moment you sign in. How can you even do anything to fix it? You can't even edit your registry. Now supposing there was an easy way to delete all the trojan executable files there is one critical, or made to be critical DLL, or a Dynamic Link Library, that just can't seem to be deleted while i'm logged-in. I have no idea if it's locked or plain out of my authorization range. The thing is, the moment you log out, watever redundancies that remain will kick into action to see if any of their brothers are missing, and, well... u noe... The cycle never ends.

Now i'm a believer, not neccessarily a firm one mind you, of not using any form of "heavy-duty" bloated AVs like stupid Norton. And true to my guess the asinine program didn't even detect that blooming TROJAN!!! Troajn trojan hello!!! Only Trend Micro detected it. Furhermore, trend micro is very quick to load, a plus poitn for an impatient poweruser like me. The redundancies incorporated in the Trojan and the image protrayed by it is tremendously clever i must say. You should see the registry keys and the number of seemingly randomly scattered fully trojan files laying in the computer.

I had a suspect though. The infected file was not even identified by ANY AV as a virus file. But when i clicked on it, infected files were detected everywhere but in that file. That's solid encryption for you. Polymorphism at it's best.

Why does this happen to me? Am i downloading some illegitimate files that send some kind of homing signal... to... the... .
The sneaky little bastards...

And oh yea. Throughout the process, i learnt how insecure Windows is. Give me admin rights and i can be a king. Even higher than the Highest Admin.

You should see the number of SVCHOST processes running on my computer. I have yet to identify their veracity but... oh, well... :-)

posted by FusionStream @ 10:37 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)