Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Virus "pwnd" me twice today

  1. #1
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Virus "pwnd" me twice today

    I had to do some demo teaching today. I don't have a printer at home, so they said I could use the office computer to print off my lesson plan.

    So on my laptop at home, using Linux, I typed up my lesson plan in Open Office. Then I took a USB stick and formatted it to FAT32. Then, in Open Office, I did "Export as PDF" and saved it on my USB stick.

    So then I went to the school, printed off my lesson plan, everything went fine.

    I get home and put the USB stick back into my Linux PC. There's more files on it than previously... one of them being "autorun.inf" and also a ".exe" file. A Microsoft Windows virus had been copied to my USB stick.

    So next time I went to the school I was like "yeah, by the way, that office computer has a virus on it". To be a good Samaritan, (and also to get them to like me ), I tell them I'll fix it for them. First of all, I wanted to be sure that it was this particular computer that copied the rogue files to my USB stick, so I tested it out. I inserted my USB stick, and then a few seconds later, there was some new files on it. So I was sure that it was this computer that had the virus.

    So I open up Windows Explorer to view the USB stick. I have to go into the settings to makes sure that hidden files are shown, and also that file extensions are shown. OK so now I see a folder called "secret.exe" on my USB stick. My first thought was "They're trying to trick me into thinking this is an executable file, when really it's just a folder". So I double-click on the folder, and nothing happens.

    ...pwnd. It was actually an executable file whose icon was identical to the Microsoft Windows folder icon. But not to despair, this computer was already infected, I didn't do it any more damage.

    So I say to them, "I have the installation file for AVG on my laptop at home, I'll go home and get it". So then I arrive home. I suspected that my AVG installation program might be out of date (or maybe an expired license, something like that), so I booted into Windows XP to make sure that it would install properly.

    So there I am at home on my own computer in Windows XP. I plug in the USB stick, but everything's OK because I have "Autoplay" disabled. I go into Windows Explorer, and I double-click my USB stick drive to open it.

    ...pwnd. The double-clicking actually resulted in Autoplay, so now my own machine is infected. The icon for Autoplay is exactly the same as the normal USB drive icon in Microsoft Windows XP. (I usually tell an Autoplay CD from the icon).

    Anyway, this story is just another example of how human stupidity can be relied upon. Whoever designed that virus was quite the con man. I mean I've been using Microsoft Windows since Windows version 3.1, but I was still fooled.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    If you can anticipate the human mind, it leaves nothing to chance.
    That quote is quite true.
    Tiocfaidh ár lá

  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Important thing to remember when dealing with virii in Winders, do everything from the command line, that way, you're not distracted by flashing lights and sirens.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Important thing to remember when dealing with virii in Winders, do everything from the command line, that way, you're not distracted by flashing lights and sirens.
    I just use my Mac to do virus removal on thumbdrives.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    I just use my Mac to do virus removal on thumbdrives.
    Mac's have USB!?!
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I've also got the TPS reports for you streaker

    A Linux livecd is also nice to remove infections from windoze boxes.
    Tiocfaidh ár lá

  7. #7
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Mac's have USB!?!
    Even the boat anchor iMacs you have, have usb.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #8
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Quote Originally Posted by Barry View Post
    Even the boat anchor iMacs you have, have usb.
    Nice comma usage
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Virchanza View Post
    Nice comma usage
    I type like a talk. Sometimes it makes sense, sometimes not.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Senior Member Shatter's Avatar
    Join Date
    Jan 2010
    Posts
    192

    Default

    Quote Originally Posted by Virchanza View Post
    So there I am at home on my own computer in Windows XP. I plug in the USB stick, but everything's OK because I have "Autoplay" disabled. I go into Windows Explorer, and I double-click my USB stick drive to open it.

    ...pwnd. The double-clicking actually resulted in Autoplay, so now my own machine is infected. The icon for Autoplay is exactly the same as the normal USB drive icon in Microsoft Windows XP. (I usually tell an Autoplay CD from the icon).
    That's exactly the same thing that bugged me about explorer a long while ago. You doubleclick a device icon, expecting to open it and explore the contents, but instead the autorun gets executed. I know there is a workaround to disable the autorun completely as I remember fixing it on my own laptop. Give this article a read.
    I have the card in me head, but you have the memory problems?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •