Worms
I never really had a lot of trouble with viruses or other malware, mainly because I know how to avoid them and/or know how to manually remove them but this little fellow really frustrated me, because it was designed to be impossible to remove manually apparently.
The worm didn't spread through the internet, but it took a slower approach: it infected all my USB devices that had some kind of storage space, so that's also the way it got into my computer: I lend a portable harddrive from a friend a couple of weeks ago.
The worm/trojan's executable was "AdobeR.exe", and is designed by some genius or very bored person. It has a very simple approach:
- Copy myself to register (startup keys, you know)
- Create autorun.inf file on all hard disks
- Copy myself to all hard disks
- Repeat
It's that simple. The problem now became that every time you tried to insert an infected USB stick, it would completely reinfect pretty much everything: thing's a bitch. I had to write a quick Perl script to remove all AdobeR files from the portable things because they were hidden in both Explorer and Command Prompt (yes, trying to "del adober.exe" got me saying "File not found"). The major design flaw in the worm was that it had only one process running, so users could manually shut it down and start deinfecting things.
With the design flaw in my head, I started writing my own (yes, for educational purposes, source code will most likely not be published) based on the same structure of AdobeR. It was easier than I thought actually, and I also made sure no one can shut down the process without help from an antivirus or a script by having two processes running (at least) that constantly check if their little brother is running too.
The pain in the ass of removing AdobeR only makes me scared of what would happen if there was some kind of *really, really evil* payload bound to it. Now it was "just" a trojan apparently that hadn't made a single connection to any server in the two days I monitored it, maybe Symantec should put a new label on it and just accept the fact some things aren't made for damaging.
(or my firewall is just too damn good, if I had one)
del adober.exe” got me saying “File not found”
iron j00 n00b, u should have tried del AdobeR.exe
CMD prompt is case sensitive. Its really unlikely it would infect command prompt core. Windows automatically replace cmd, notepad, etc when deleted/modified by user.
Then again it could look for the title cmd.exe, but I think you just fux0red teh case sensitive, j0!
Fuck off I was giving an example :P