That virus : FYI
Oct. 11th, 2004 02:14 pm![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
jahbulon.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryThat nasty bastard of a virus I had was the Tibick.A
For all you ISP support peeps :
Symptoms : Cannot browse to antivirus sites, window closes.
Cannot search for antivirus products, window closes.
Cannot access Processes window in task manager, it comes up blank.
Cannot access msconfig.
Cannot access regedit.
Cannot access SP2 firewall or security settings.
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39924
Spreads via P2P file-sharing. Smart little bastard.
For all you ISP support peeps :
Symptoms : Cannot browse to antivirus sites, window closes.
Cannot search for antivirus products, window closes.
Cannot access Processes window in task manager, it comes up blank.
Cannot access msconfig.
Cannot access regedit.
Cannot access SP2 firewall or security settings.
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39924
Spreads via P2P file-sharing. Smart little bastard.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Spreads via P2P file-sharing. Smart little bastard
Date: 2004-10-11 02:20 pm (UTC)Smart people also use an OS other than WinDoz. =D
Re: Spreads via P2P file-sharing. Smart little bastard
Date: 2004-10-11 02:27 pm (UTC)Re: Spreads via P2P file-sharing. Smart little bastard
Date: 2004-10-11 02:39 pm (UTC)Re: Spreads via P2P file-sharing. Smart little bastard
Date: 2004-10-11 02:33 pm (UTC)I hadn't spotted that regedit was blocked - if it was by the policy setting, my favourite trick is to hex-edit regedit.exe to remove that ability (search for the registry key and mangle the name so it doesn't get found. Don't forget to update/remove the file checksum as well else windows won't run it). The same trick can also be done with taskmgr.exe and cmd.exe. I've got copies of all three mangled for Win2k and WinXP, and they come in handy occassionally.
a better answer
Date: 2004-10-11 02:46 pm (UTC)Re: a better answer
Date: 2004-10-11 03:42 pm (UTC)Elitist wanker mac user?
Or Super-geek Linux preacher?
Either way, how about, Stow it.
Its not like we haven't heard this crap over and over and over and over and over.
People use windows. Make Linux better or shutup.
Re: a better answer
Date: 2004-10-11 04:14 pm (UTC)You attitude is disheartening (http://www.amishrakefight.org/gfy/), as a ignorant, biased windoz zealot. Het over it will ya? Your life & stress level will be much better for it.
(You clearly did not see the sarcasm in the original comments posted, and the flame war commenced. You can get over it now - I am.)
Re: a better answer
Date: 2004-10-11 04:16 pm (UTC)And no, I didn't see the sarcasm in the original comments posted. Perhaps you should have stated it more clearly.
no subject
Date: 2004-10-11 02:53 pm (UTC)no subject
Date: 2004-10-11 03:44 pm (UTC)I just reinstalled windows, for the umpteenth time, due to weird hardware/driver issues. Forgot to install anti-virus this time as this laptop doesn't generally use the net.
Went online at work to get a crack, didn't install AV. Stupid, but hey, we all make mistakes.
no subject
Date: 2004-10-11 03:53 pm (UTC)no subject
Date: 2004-10-11 03:55 pm (UTC)I knew it was a virus : I tried to network it to another machine, but got the 'limited connectivity' crap that the SP2 firewall causes.. I went to turn it off and the screen closed on me. And again.
Instantly I knew it was a virus and I got that sinking feeling as I realised I had no AV on the damn thing.. Hours later and... yeah, I've learnt my lesson hehehe
no subject
Date: 2004-10-11 03:36 pm (UTC)Not the OS, I mean the windows themselves. Get PSkill from foundstone and use that rather than the task manager.
no subject
Date: 2004-10-11 03:43 pm (UTC)no subject
Date: 2004-10-11 05:01 pm (UTC)no subject
Date: 2004-10-11 05:03 pm (UTC)Plus I do support for an ISP.. One day some fourteen year old is gonna call up with the same symptoms and I'll get this strange feeling I know what the problem is..
no subject
Date: 2004-10-11 05:09 pm (UTC)no subject
Date: 2004-10-11 09:25 pm (UTC)This has to do with running arbitrary executable files without first verifying their authenticity beyond a file name.
The same thing could happen on any OS with any file transfer method. Including private transfers between friends. It only takes one person stupid enough to run it the first time...
no subject
Date: 2004-10-11 09:55 pm (UTC)The worm attempts to spread via P2P file sharing networks by initially checking the affected machine for installations of several popular file sharing applications. If these applications are found, the worm makes several modifications to registry entries and/or configuration files to share copies of itself.
The worm creates a directory, %Windows%\msview, and copies itself to this directory multiple times using many different enticing filenames
Anyone else got any comments pertaining to the fact that viruses spread via an executable that must be run? Because I didn't know that already and I forget it every ten minutes.
no subject
Date: 2004-10-11 10:01 pm (UTC)But, OTOH, you're the one who got infected.
Antivirus software is nice, but, well, to use a bad metaphor, the flu vaccine isn't going to protect you for very long if you dig through dumpsters and stick every needle you find into your arm.
no subject
Date: 2004-10-11 10:05 pm (UTC)You're like the fortieth person to try to turn this to their own agenda.
I've been told to use firefox to solve the problem, to stop using windows and now someone who works for a p2p company comes along and says "its nothing to do with p2p".
I'm a tech support rep. I forgot to install AV on a machine that isn't even supposed to connect to the net. I'm posting this here for everyone's info , that's it. I don't need help with it anymore, and I don't need people who think they know everything coming along and telling me things I've known since I was twelve.
So thanks for your input.
Well said
Date: 2004-10-12 03:52 am (UTC)no subject
Date: 2004-10-12 09:41 am (UTC)This has nothing to do with any agenda I may or may not have. The fact is that you're focusing on the wrong problem, and blaming the messenger (P2P in this case).
The basic problem is allowing stuff to run on your computer without knowing what it is. We see it when people open random attachments, we see it when people download warez. Hell, if some stranger walked up to you on the street, handed you a floppy disk (or unlabeled CD-ROM) and said, "Dude, run this on your computer," would you? You may as well, because you did the same damn thing when you ran that program you downloaded.
That's why I say this has nothing to do with Windows, warez, or P2P. You could easily download a cracked copy of VMWare for linux, and have it turn out to be a linux virus/worm, for example.
There have been documented cases of professional software products shipping with viruses on the CD-ROM. However, people don't call you stupid when that happens, because a supposedly reliable organization vouched for the disk when you bought it.
Who vouches for warez?
That's why I say this has nothing to do with P2P. P2P is just the transport.
Next point: there is a distinct and non-zero amount of time between when a new virus is released into the wild and when the latest AV software update can detect and stop it. So claiming that you forgot to install AV software as your excuse is meaningless. You could have had AV software installed and updated, and still have caught this thing. Why? Back to my fundamental point: you allowed stuff to run on your computer without knowing what it is.
I'm not even trying to help you, and I never was. I saw from the original message that you had fixed the problem. I was curious as to how a virus could spread through P2P, so I read the linked article and concluded, "P2P is a red herring; this is another stupidity virus, just like I Love You, Klez, Blaster, and a thousand others." So I thought I'd post a clarification, both to you, and to everybody here who said to run Linux (which I do at home) or Firefox (which I do exclusively): it doesn't matter what OS or browser you're running if you still run random executables. Yeah, Linux and Firefox and Thunderbird etc. will protect you from most exploits, and certain kinds of mistakes, but there has not been a program written yet that can stop a determined user from screwing themselves over if they really want to...
Next point: Obviously, the things I'm telling you are not things you've known since you were twelve, or else you never would have been infected in the first place...
That's enough - rant off. I'm done.
no subject
Date: 2004-10-12 06:41 pm (UTC)Obviously, the things I'm telling you are not things you've known since you were twelve, or else you never would have been infected in the first place...
This is a non-sequitur without basis in reality. I had a lapse of judgement, that is all.