Administrators Jon Posted October 11, 2005 Administrators Share Posted October 11, 2005 I've had a monster wave of hatemail this week from people who've picked up some trojan that begins with wc_....... Trying to get hold of a copy to decompile and maybe some help of a regular to write a script to undo the damage if possible so I can at least reply with something helpful. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
seandisanti Posted October 11, 2005 Share Posted October 11, 2005 Thanks for all the help and your patience with me. Especially Bob.Once again thank you all.i'm glad you got help and were able to resolve your situation... i'm sorry, who's bob? Link to comment Share on other sites More sharing options...
/dev/null Posted October 11, 2005 Share Posted October 11, 2005 I've had a monster wave of hatemail this week from people who've picked up some trojan that begins with wc_.......Trying to get hold of a copy to decompile and maybe some help of a regular to write a script to undo the damage if possible so I can at least reply with something helpful.I have one. Where shall I send it to?CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
/dev/null Posted October 11, 2005 Share Posted October 11, 2005 (edited) i'm glad you got help and were able to resolve your situation... i'm sorry, who's bob?who's bob? Well, actually that's me. I created a hotmail account to contact grizzlyoflight, as I was not sure if he is a real person or just a spammer in need for some e-mail addresses. Just for fun and to cover my tracks I called myself bob Sorry, grizzlyoflight !! It was just a measure of precaution. Now I know that your intention was to get help.CheersKurt Edited October 11, 2005 by /dev/null __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
seandisanti Posted October 11, 2005 Share Posted October 11, 2005 who's bob? Well, actually that's me. I created a hotmail account to contant grizzlyoflight, as I was not sure if he is a real person or just a spammer in need for some e-mail addresses. Just for fun and to cover my tracks I called myself bob Sorry, grizzlyoflight !! It was just a measure of precaution. Now I know that your intention was to get help.CheersKurtlol, nice. Link to comment Share on other sites More sharing options...
BigDod Posted October 11, 2005 Share Posted October 11, 2005 who's bob? Well, actually that's me. I created a hotmail account to contant grizzlyoflight, as I was not sure if he is a real person or just a spammer in need for some e-mail addresses. Just for fun and to cover my tracks I called myself bob Sorry, grizzlyoflight !! It was just a measure of precaution. Now I know that your intention was to get help.CheersKurtVery clever idea, wish I had thought of that. Time you enjoyed wasting is not wasted time ......T.S. Elliot Suspense is worse than disappointment................Robert Burns God help the man who won't help himself, because no-one else will...........My Grandmother Link to comment Share on other sites More sharing options...
/dev/null Posted October 11, 2005 Share Posted October 11, 2005 Very clever idea, wish I had thought of that.I thought it's better to loose a "totally dummy" account than my "semi dummy" account. CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
Valuater Posted October 11, 2005 Share Posted October 11, 2005 (edited) I've had a monster wave of hatemail this week from people who've picked up some trojan that begins with wc_.......Trying to get hold of a copy to decompile and maybe some help of a regular to write a script to undo the damage if possible so I can at least reply with something helpful. And the last six posts are about Bob.... HmmmmI am so glad I have found Autoit and wish I understood enough to....JUMP ON THIS... ...RIGHT NOW!!!!....8)Bob huh?We have something tangible and totally Awesome... the Guy who Brings us this Awesome program for "Free" asks for a little help...No we pass his post as if it does not exist!!andWe garble about an 'Untangable person.... come onMost of you guys are alot sharper than i amSorry this just bothers me "MUCHO!"8( Edited October 11, 2005 by Valuater Link to comment Share on other sites More sharing options...
/dev/null Posted October 11, 2005 Share Posted October 11, 2005 And the last six posts are about Bob.... Hmmmmwhat's wrong with bob? It's not a complete surprise, that there is some spyware circulating, built with AutoIT. Just read the posts of some forum members and you'll know what they intended to do!CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
KXM Posted October 11, 2005 Share Posted October 11, 2005 (edited) Just a clarification. AutoIt is not designed to auto run. AutoIt is a scripting language and as such it basically does nothing at all unless somebody instructs it to do something. Obviously somebody has written something malicious using AutoIt and that person has instructed it to set up auto run entries as part of its payload. This is in no way, shape, or form AutoIt's fault any more than it's the fault of C++ for all the virii written in it or the fault of VBScript for virii written in it or the fault of language <insert language X> with any virii written in it. I understand your ignorance of what AutoIt is due to your less than ideal introduction to the software but since you've already received helpful advice and people are trying to help you remedy this problem you've contracted, please be quite mindful that it is not our fault that somebody chose to use the software we wrote maliciously. Please stop speculating and assuming what has be done to your system is AutoIt's fault.http://linuxmafia.com/~rick/faq/plural-of-virus.html Edited October 11, 2005 by KXM Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now