So i downloaded https://mega.nz/#!uZR0XJgD!9dOV5JnJsgsLnC2mVIcAmXMvPdZiVJY_BQZ3BAllo54
Obviously its a virus, but i really wanna know what does it do, so anyone with a win emulator wanna try?
>>681894336
U thoughts it was cp
>>681894468
Fbi coming for me.
>>681894336
why don't you have show extensions for known file types enabled?
why would anyone not have that enabled?
it's literally the first thing I do on a new computer
>>681894836
>.flv
>why would anyone not have that enabled
ok
>>681894836
It's my browsing and emulating laptop i only use it to play old videogames and browse for a while.
>>681895042
well check the last file...it suposedly is .flv but obviously it's a .scr
>>681894336
Will try it in a sandbox, gimme two minutes will post results.
>>681894468
to be fair, the image said it was a leak.
Bump for interest
>>681895670
yeah, I DLed out of curiosity, saw FLV extention, stopped giving a shit
Tryin it right now, get back to ya
>>681896069
many thanks!
bump
>>681896069
bump bidi bump
Virus total says the .scr is a crypted file, so it's gonna do something
I ran it in sandboxie, it ran for a few seconds and then it closed, I'm checking the contents
fyi advanced virus can jumped from an os on a virtual machine onto the actual os.
Downloaded it on my phone, too much of a pussy to open it.
Bumping for interest.
>>681897119
if you've got networking enabled maybe, I doubt an scr would
File says it's a Demoshield time player
It looks like it might create a reg hive folder
Guy's pc died
Bumperino
Any reaction?
0149-Cute_mulato.flv = a ZIP file.
0150-Cute_mulato2.flv = some DLL file
0151-Cute_mulato3.flv.scr = the EXE (renamed to .scr but still works) for the Virus.
see screenshot for ZIP contents.
>>681899510
>>681900103
nice, actually kinda surprised that AVG didn't flip shit when I scanned the files
>>681900319
AVG is shit lol, use Kaspersky
>>681900702
Thing is: Money
>>681900702
>Kaspersky
>>681900103
holy fuck that looks bad
>>681900896
>Avast is free and good too (you can purchase Pro license)
>Kaspersky -> 17€ = 1 year license
>>681900103
run that shit nigga
>>681900103
What's the Hash?
>>681901477
>avast
>good
Nigga are you high
>>681903194
Anti-virus; an oxymoron if I've ever heard one.
>>681894336
>Download virtual box
>Download win image
>run virus in virtual machine win image
>>681894336
I already got it on a flash with the rest of the malware I've collected on 4chan and other sites and steam from the past couple years, I'll run it tomorrow and post results maybe.
>>681901477
MBAM pro or its no go.
Bitdefender Free > Avast Free btw
so what happens if i downloaded it?
>>681906001
its a virus someones earlier said it killed pc so mybe system 32 virus dunno
>>681906357
>[
even for macs?
op's pc is kil
>>681900103
What if i unzipped the first file?
i unzip this file yesterday, windows defender detected as virus. but don't kill my pc. i just delete. (i don't opened the file.)
>>681901537
fuck that shit nigga
>>681901845
i don't know, deleted that shit.
>>681906801
i unzipped it and took a look at all of the file(s) earlier but it came to nothing. (never ran the files)
I downloaded it, tried playing the .flv, virus scanner was like, "dafuq is this shit", computer acted a bit weird, so I deleted everything and also emptied the recycling bin. Now only time will tell what will happen to my computer.
somebody open the src... and post what happened... in a virtualmachine obviously. sorry for bed english
Jesus fucking Christ are you retarded?
upload it to Malwr.com wait for the report then post the link to the analysis FFS
>>681906543
No, nigger.
>>681907836
...
>>681908437
cont.
u dun goofd
https://www.virustotal.com/en/
I use this to check files, pretty good site, I have no AV installed they usually do nothing useful.
>>681907836
I knew the consequences. Fuck it.
downloaded it, thought screensaver was fishy, extracted only the .flv file and played it after scans said all clear. Looked like it installed some .dlls on my comp but virus scan isn't coming up with anything and when I check for the files in >>681900103 There's nothing with any of those names that's been installed in the last two weeks. Did I dodge a bullet on this one?
>>681894336
system restore dude
>>681908681
You might have to actually click on the scr file.
>>681900702
Seriously, did you felt when your brain stopped working?
Moral of the story is,
Dont dowload shit of the darkweb. And why anyone would want to spend a year in prison for every picture is beyond me.
>>681909143
lololwuuut? Darkweb? It was on mega.
>>681895260
Windows (maybe only pre-7?) screen savers can be any video or image type. The fact that it's a screen saver is stored in its file header.
>>681909308
It doesn't mean that you should download everything that's posted on the webz, especially on /b/
>>681909308
You thought you could find cp on mega? You deserve a virus. Its going to be malware. dont do any banking or purchusing online with that computer
>>681909717
lol, I'm not OP and who said it was CP?
>>681909143
>Darkweb
apparently the darkweb is beyond you too
>>681909435
u obviously don't know how filetypes are determined in windows -_- ever hear of file extensions???
Not working
>>681910629
holy shit, nigger you're so bad at life you can't even infect yourself.
jesus, kill yourself.
>>681910629
Use the VLC player to open the video file maybe. Download that shit, hurry, the anticipation
>>681910810
>use VLC to open Screen Saver
>>681910629
http://www.videolan.org/vlc/index.html
>>681910874
It's a video file
>>681910874
.flv = video file
Or are you pretending to be retarded?
>>681910629
Install VLC to open FLV files, scr file (last one) is probably set up to run on win7 and up tho... use win7!
>>681900103
it's already been posted that it's a zip and exe file too... rename the scr file to exe and try running if u wanna try it in winXP
>why are you not showing file extensions?!?!
>>681911013
It's not a flv file, it's a scr file.
>>681911162
Nigger, wut
It clearly says ".flv"
>>681911162
there's 2 flv files and 1 scr
In the archive there are two .flv files and one which is .flv.scr. None work properly in VLC and cause a lot of HD activity. It tried to open command prompt too.
>>681911264
holy shit faggot, ur the kinda person that ppl like this target.
An hero now
i opened the screensaver, then shredded it. I fully expected my antivirus (AVG) to keep on top of it if it was bad. I was a bit cocky because i actually know a bit about computers although that's hard to believe and i had disabled any scripts i thought it could utilise.
After opening it, nothing happening, and then about ten seconds some line of code is asking non stop for administrator access to command prompt.
Can somebody tell me what kind of virus i've opened?
>>681911456
Dumbass faggot can't even make a virus you execute correctly, you shouldn't have to convert the shit to execute it yourself. It should do that after successfully opening the file with a video player.
>>681911264
If there's an actual video in there someone should extract that shit, clean it, and upload it, but I ain't clicking that shit nigger.
>>681911554
who said anything about 'converting'? u literally just have to click on the .scr file faggot
>not knowing there's an scr file in there = an hero
>>681911456
.exe nor .scr doesn't execute on my kind of operating system
>>681911961
I hope that's because ur running linux
ITT: people who play vidya and post on twitter suddenly have IT Masters Degrees
>>681910629
lol will run this on native Windows because YOLO
Link?
>>681912114
Exactly, only Unix-based, and Linux distros
Come on Windowsfags, extract that video for us, I think I know that girl.
CONT.
Found deleted 'lolicon' vids in recycling bin. Apparently this virus is using my computer to download lolicon shit via torrent.
>>681911504
>some line of code is asking non stop for administrator access to command prompt.
Kek
>>681912446
But what would be the purpose of that?
>>681912179
Ok, gj linuxfag sticking to windows tho, I'd miss too much
server-wise tho, linux all the way
>>681912446
lmao
>>681912446
No anon the loli was already there, you deleted it yesterday
>>681912576
yeah anon, u need to cover ur tracks better
>>681911504
>>681912446
What language is the script coded in?
>>681912484
I know.
>>681912507
Not entirely sure. I imagine it's not the end of the story.
>>681912703
Actually not sure, because the code is being ran remotely.
>>681912528
I don't miss Windows. I do have a copy of Windows 10 just for things like this thread, but it would take a buttload of time for me to install it on a virtual machine, don't feel like doing it right now.
>>681912703
English
>>681912873
kek
>libGlesv2.dll
>>681912855
>Actually not sure, because the code is being ran remotely.
Run some commands in command prompt, like:
>tasklist
>>681910365
Windows also uses MIME types in some cases, though not often. Mostly for files used by the OS with multiple possible extensions, such as screen savers. However, it seems flv was not a known filetype to his machine due to the lack of thumbnail and being listed as a FLV File, so hide known extensions was probably enabled.
>>681912869
all the games I play only run in windows. Adobe stuff like photoshop: Windows n OSX (which id never use).
Also program in C# n C++ only in windows, so it would be too hard for me to run linux only
>>681913206
Have you tried WINE or dual booting?
>>681913066
have you noticed any effects? check out this anon up here >>681912855
dubs chooses wheter i run it or not
Ps: work's PC
>>681913420
nope
>>681913066
go to run - cmd
Do a netstat -a.
Run the first flv file again. Allow the network connections and stuff.
Do another netstat -a
Gogo.
>>681913066
try making a visual basic gui to reverse engineer the script
>>681913206
There's open source and free software that can do all that and more for Linux, and Mac to a lesser degree.
>>681913528
Your fucking workspace, still runs xp ?
Run that shit.
>>681913590
I'm not doing this nerd shit
>>681913588
libGlesv2.dll is related to all the Chrome.exe
>>681913611
checked
If i downloaded it on my phone???
>>681913611
op please deliver
>>681913611
Well that was fast, on it.
>>681913655
You have no idea how fucking cheap the owners are
>>681913528
Do it
>>681913528
>>681913611
>>681913655
>>681913670
it was a joke fam
also you are probably a babby
>>681913850
>implying
>>681913731
What antivirus are you running ?
Please do a
run -> cmd
net user /domain
post content.
>>681913588
>>681913692
OP, the script kiddie might be deep in your ass through Google if you're signed in to a Google account.
>>681913117
it does and it doesn't. First the OS checks the extension to see if it's 'known', if it is then it delegates the rest to the target program. Like having winzip.exe handle a zip file, etc...
The OS part will check headers and MIMES mainly on EXE, DLL, SCR, SYS files bc i needs to determine how to handle them when u click em.
>>681913347
Yes anon, but i hate going back and forth... I like to personalize my system and honestly im too lazy to set up shares to access my files, etc...
>>681913588
>The script kiddie may be in your bootyhole right now after infecting your computer
>>681913610
open source games? open source .net framework and visual studio? adobe programs maybe, but when ur working with others they expect u to use certain programs and know how to use em
>>681914353
I hear you.
>>681913731
Results?
8632 My present for /b/ Enjoy http://wikisend.com/download/861492/NEW.zip Will remove in a few minutes
>>681914248
having multiple chrome processes doesnt mean u got a virus
http://www.howtogeek.com/124218/why-does-chrome-have-so-many-open-processes/
>>681914527
lololol, this fucking guys. :
>>681914527
Kekmfao, he's still posting this shit, even in this thread
>>681914527
>http://wikisend.com/download/861492/NEW.zip
oh shit, downloading now! thanks anon
>>681914527
>>681914562
>>681914666
Ok Satan, we get the joke. Checked.
>>681913528
Well... literally, my computer fucking died.
Sorry for the delay, i was trying to make it work but it wont even boot on safe mode, sorry for the big pile of nothing.
Will have to format, this is the only reason i needed to install arch on it i guess.
>>681914562
Google Chrome IS the virus
>>681914751
Topkek
>>681914751
Are you posting from a cellphone or something then? Take a photo of your sinking battle station and post it.
>>681914562
Also, in his pic, he has an Firefox icon, so he probably might not even have Google Chrome, hey but now he does! >>681914751
>>681914751
Choose 'use last working configuration'. That's what worked for me.
>>681914248
Am I right in thinking I shouldn't be able to find the guy using currently connected hardware to my account because he is using mine?
>>681914751
Maybe it was so effective on yours because you're running old windows? Could just be an old virus or something. Not my area of expertise.
>>681914975
Netstat in command prompt, record all the IPs connected if you can
>>681914751
hope u have an XP disc handy
>>681914751
You should be able to use the "Recovery" partition, by restarting and holding a key down, right? Or do you need the CDs to reinstall the operating system?
>>681915059
http://whois.ipchecker.info/192.229.233.25
some dude in los angeles
>>681915287
Could just be a decoy, no?
>>681915180
if its corporate and he has it installed on a domain, etc.. then he most likely doesnt have a recovery partition. If it's OEM then he prob does
anyone actually revving this shit?
I'm kinda curious but I already have several projects going.
>>681915368
Can he just go and buy a recovery disk then, worst case? Or does he have to explain why that file is on his comp to IT? Lol.
>>681915287
i think this thread is slowly turning into something interesting :)
>>681915391
OP and >>681913528
went for it. Glorious bastard delivar'd
>>681915287
LOIC to help OP out? We could also go after the spammer, he is pissing me off with this bullshit.
>>681915362
Yeah. I'm out of my depth here. What do you think I should do? My firewall is not doing a thing.
>>681915464
You want some lurker in the thread to hunt down the guy and dox him or something? Lol.
>>681915452
he can just d/l an xp install disk, as long as it's the same (home/pro/corp) then he should be able to run a recovery from it
Dude it's a fucking R.A.T. 'Most likely putting your computer into a botnet for DDOSING, mining crypto currency or selling traffic. Are you fucking dense?
>>681914882
This is literally the only thing I see after it runs the company logo
Like I said, it won't even boot on safe mode
>>681915542
Honestly, I don't know any more than you mate. I'm the guy who told you to do it, so I feel almost responsible. Just spend a few bucks to get a XP recovery disk, and fix your toaster.
do you guys think windows defender and not being a retard is enough to stay safe? I haven't got a virus in years
>>681915287
https://www.youtube.com/watch?v=hyquiA8RL1Q
>>681915651
Goodnight, sweet prince. You weren't actually a faggot. Care to post a time stamp with that?
>>681915287
im on it faggots
>>681915663
No. Windows Defender is the bare minimum and ineffective protection.
Hey guys how did you like my virus?
>>681915663
>not being a total retard
This is key
>>681915287
>>681915523
LOIC LOIC LOIC LOIC DOX DOX DOX DOX
>>681915827
hi EFG!
>>681915067
I dont, will download it from KAT or something.
Either that or ill put Arch instead like i said before, since pretty much im the only one who uses this PC anyways (its so shit that everyone rathers to bring their own laptops)
>>681915859
Huehuehue
>>681915723
>>681915859
YOU HAVE MY AXE
>>681915651
That's a nasty piece of work he had in there. Fuck. I'm getting butthurt about this, I was already sick of seeing that spammer. The spammer seems to be foreign though.
>>681914994
Could be, XP is particulary bad when it comes to security.
Welp, RIP computer, i guess.
>>681915827
pretty obvious and lacking in taste. rate 0/10 bc of its delivery...
ooh wait, then its not really a virus, it would be a trojan... -1/10?
>>681915859
YOU HAVE MY BOW
>>681912703
Times New Roman
So... raid?
Right then.
Someone set up mission control and let's get this shit rolling.
>>681913834
This IP just came up in my netstat.
http://www.ipgeek.net/74.125.105.202
So there's an IP in los angeles and one in california.
It's a ghost hacker with a dynamic IP address.
I seriously doubt anybody here can trace that. This guy is real.
>>681915915
It seems I forgot to flip the switch to turn on the virus. Should I do it?
>>681915918
what did u have? I'm guessing PRO...
DL XP Pro SP3, then as its running make sure to pay attention at the bottom when it says 'press r to repair' u can try running sfc /scannow to check ur files or press 'enter' to install, it will tell u it will do a 'repair install', kinda like the modern 'reset this pc' option.
>>681916296
That's Google dude
>192.229.233.25 (192.229.233.25)
>Country : United States (US) Area Code : 310,EdgeCast Networks ISP : EdgeCast Networks
>City : Santa Monica Zip Code : 90405 Longitude : -118.468201
State : California Metro : Los Angeles CA Latitude : 34.011902
34.011902 118468201
>>681916239
>>681916282
lets do dis shit
>>681916390
meh.. i needed to reinstall windows for a while now, go ahead.
>>681916446
thank fuck, let's kill the los angeles guy
>>681916390
do it dude
>>681916486>>681915744
>9
me by the way
Can someone give me a quick explanation of what's going on?
>>681916517
Oh boy. But what's the real IP?
>>681916586
Read the fucking thread, like the rest of us, mongtard.
>>681915742
I have the shittiest handwriting you'll ever see, I know
>>681916586
first post and all pics
>>681916587
ugh, let me confirm, brb anon... keep thread alive
>>681916586
There's a virus being spammed on /b/.
Some brave soul has downloaded it and ran it to see what it does. He found where the hacker is running the scripts from. We have him in our sights.
>http://www.bvog.com/?post=IDIIzcyyVusSizqUz
Related?
>>681916587
Who knows.
It's the hunt that's gonna be fun. And if we manage to order a couple of tons of rocks or a few hundred pizzas and maybe even a couple gay prostitutes at the end, all the better.
>>681916296
that IP address is owned by Google. The other IP address is running Linux and only has a few open ports. (HTTP, HTTPS, bnetgame, rtmp)
>>681916775
On it
>>681916775
>http://www.bvog.com/?post=IDIIzcyyVusSizqUz
nice try nigger google had no results
>>681916791
>74.125.105.202
duh, that's bc it IS google -_-
http://74.125.105.202
>>681916390
Shit I broke it.
>>681916691
Someone needs to screencap your epic sacrifice, /b/rother.
>>681916791
connect to port 80 and post pics.
did you scan it yourself?
any idea what OS?
I NEED INFORMATION NIGGER
>>681916733
Thankyou kind anon. Enjoy tits in return
>>681916994
Fix it, faggot
>>681916733
>He found where the hacker is running the scripts from.
I seriously doubt it. There are any number of ways to spoof an IP. Now, unless someone here can take over the IP we DID find and repeat the process used to find the first one again and again until it leads us to a dead end (The source IP) I don't think we're gonna get anywhere with this. Right now we're just encouraging him.
>>681916691
Press F to pay respect, fuckers
F
BLACKTOWN, AU
MILTON KEYNES, GB
LONDON, GB
NORTHVILLE, MI, USA
MOUNT LAUREL, NJ, USA
ツ
>>681916994
try hitting it gently
>>681916968
im talking about 192.229.233.25
>>681917165
It didnt work with your mom, doubt it'll work here
>>681917098
please spare me
>>681917098
PHOENIX, AZ, USA
CENTRAL DISTRICT, HK
Get in here fags I see you
>>681917283
...........................
>>681917069
Here goes nothing!
http://www.fakemailgenerator.com/inbox/superrito.com/Acque1974/
>>681917098
oh shit where you getting this from
>>681917087
>There are any number of ways to spoof an IP
and he could be routing his crap through previously infected bots.
What we need to do is to find yuri igorovich's central command and steal the bots.
>>681917283
>Hong Kong
this is getting interesting
>>681917363
Im the hacker widely known as 4chan
>>681917347
This thread got interesting. make sure to link the next thread before 404 (300 posts is bump)
>>681917404
i have windows 10 so be careful with your actions. There is network surveillance on my computer they trace everything.
>>681917189
>192.229.233.25
Fine. I'll look in to it.
I swear to fucking god if this is some LAPD smtp server I'll find you and rape you.
>>681917570
Ain't clickin' that shit nig
web server for sure, gave 404... time to find vulnerabilities
>>681917656
keep fighting
>>681917656
forgot to attach
>>681911162
It's a fucking container. Learn some fucking computer science you fucking retard.
>>681917283
OH SHI-
>>681917750
Your asshole is a fucking container. Faggot.
>>681917547
dont rape me I got it from this guy. use proxies and be careful
>>681894336
Someone archive this thread! FOR GREAT JUSTICE!
>>681917715
share what you find and what you're running so we don't do the same shit pls.
>>681917752
Hunter watching hunted or hunted watching hunter?
Would it be smart to disguise a virus as chrome.exe since it creates a shitload of processes?
>>681917715
thats the ip logger you dumbshit
>>681917752
lol
headers say server is: ECS (lcy/1D54)
>never seen these headers before
>>681917902
When was the last time you used 4chan, dude?
>>681917981
yep
>>681917715
also if you scanned it upload report ty
>>681918032
Im not your dude, buddy
>>681917981
it would, but something like explorer.exe would be best since it is always running..usually
>>681917933
I have to hide from the Ion Cannons! But how???
>>681918084
I'm not your buddy, faggot.