Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Damn it, does anyone listen?


  • Please log in to reply
6 replies to this topic

#1 Psykostx

Psykostx

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:06:58 AM

Posted 23 July 2009 - 01:10 AM

WHY WON'T YOU RESPOND THIS IS SERIOUS!!! THIS IS NOT MEDIA HYPE!!!

I know I don't have a lot of posts. Normally I can fix things on my own, I am an expert with over 18 years experience with computers and windows and code. This is very serious and it is not a hoax. I am a veteran, I have seen it all, from monkey.B to CiH to DYFUCA.

This is entirely new and seems to be absolutely invisible to the Windows Native Kernel and the API. Also boot tools cannot detect it as anything more than a warning, flagged for nearly every file on your drive.
The only way to detect it is to know what files you have. If you have any audio warez from 2008 onward, this virus is embedded in almost everything. This is why you think you are getting away with having virus free pirated software. ABSOLUTELY NO SOFTWARE TOOLS CAN DETECT IT. If you have any warez by the hacker AIR, you must continue reading. This is a horrible trojan, that once activated, is PERMANENT to your soundcard, hardisks, and GPUs. It was activated through PM by someone with the utmost knowledge of VST and other audio tools, and I will admit it was one of the most interesting conversations I have ever had...but while we were talking this guy was triggering his trojan. i should have known when he said "no I don't write code" and sent me a PM full of info on the PCM .wav file format, and machine level instruction algorihms. Shortly aftter the PM, a myspace page popped up with the title "WORM Audio," then my storage drive dismounted and remounted with two new folders on it, Folder.htt and Desktop.ini. These were not the normal system folders and they were linked to a remote network drive. Spyware Doctor detected "hidden files" inside these folders which were named with some type of asian character set. Further research revealed the files to belong to the Redlof.A virus. SD immediately removed the files, but shortly after, the real symptoms began (which I will get to shortly). I would like to have the proper authorities use my gearslutz.com account to catch this SOB. I have spent days trying to swap hardware components to try and find it, but no matter what when I reinstall, THE SYMPTOMS RETURN BUT NOTHING CAN BE DETECTED. I apolgize for being all over the place, this has been one of the most eyeopening and absolutely horrifying computer experience I have ever had. Oh yes, symptoms are very simple...obvious botnet activity...when windows starts and shuts down, along with frequent DrWatson Error reports ...except nothing crashes, IE8 just reloads the page. The worst thing is, you are apt to believe nothing is wrong, because everything else works fine, except for GPU and Soundcard related crashes randomly (not repeatable) and rarely. Yes I have tested every component in my computer and now it is just shut off...for the first time in over 5 years. I will no longer be found anywhere near a P2P network, and I certainly will no longer believe in warez as "try before you buy," because almost every major plugin manufacturer now offers exensive full featured trials.
It is certainly strange how researchers just found you could change your BIOS ACPI features to hide a trojan. I'm guessing this only happens on ACPI equipped motherboards. Also, on my other ASUS board, there is a driver called AsusAI that has been frequently exploited throughout the years in much the same manner...

No I don't work for Biostar or American Megatrends or any other hardware or software manufacturer...actually, I'm unemployed. I am just somebody who was born at the right time in history to know how computers work without someone pulling the veil over my eyes.... ALL HARDWARE CAN BE PROGRAMMED IF YOU KNOW THE INSTRUCTION SETS!!!!!!
HEADS UP, "Chernobyl 2" is here.... maybe 3-Mile-Island is a good name... the 3MI virus...hmm...that works, cuz its like leetspeak for BMI...you know, the people who own the rights to all the music you listen to. Buy your plugins this time!!! You were warned.

I am NOT asking for help in removal, because as far as I can tell, it can't be stopped from spreading back onto your disks and right back into hardware.
I am asking WHO DO I GO TO TO GIVE MY FORUM ACCOUNT SO THEY CAN REEL THIS SCUMBAG IN??!!!

ALSO: It seems to have turned my dither off on my soundcard and may have turned up the heat on my GPU ... however there really is no way to prove this WITHOUT THE PROPER AUTHORITIES GETTING INVOLVED. WHO ARE THE PROPER AUTHORITIES, I HAVE NEVER FELT A HACKER NEEDED TO BE APREHENDED, BUT THIS GUY IS MERCILESS AND VERY SPITEFUL!!! I AM NOT MAKING THIS UP !!! PLEASE HELP ME CONTACT THE AUTHORITIES !!!

Edited by garmanma, 23 July 2009 - 09:18 AM.
Moved to a more appropriate forum


BC AdBot (Login to Remove)

 


#2 QQQQ

QQQQ

  • Members
  • 387 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 23 July 2009 - 08:46 AM

I believe you can contact the FBI for help. But unless you can prove someone has caused you personal damage of a least $5000 worth they aren't interested. We were being attacked (denial of service) and my boss alerted them and they took the info, but that's about it. I seem to remember him saying it had to be over 5 grand before it was considered criminal. Your best bet is to contact Grinler here (Lawrence I believe) and see what he has to say. Possibly he can lead you in the right direction anyway.

Recently my friend got infected with something that changed his router DNS settings to something other than his ISP's DNS. Basically all 3 of his computers became infected because of it. His router was wide open and he didn't even know you could log into it, much less change the password to access it.

#3 MishY

MishY

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:58 AM

Posted 23 July 2009 - 12:53 PM

You want AIR try IRC to find him/her.
Steve Gibson found the hacker or rather the script kiddie that brought his site down a few years back tracking him down on IRC.

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:58 AM

Posted 23 July 2009 - 02:58 PM

Related thread here, by member: http://www.bleepingcomputer.com/forums/t/243630/reformat-clean-instal-sp3-immediately-ie8-crash-randomly/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Psykostx

Psykostx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:06:58 AM

Posted 23 July 2009 - 03:44 PM

You want AIR try IRC to find him/her.
Steve Gibson found the hacker or rather the script kiddie that brought his site down a few years back tracking him down on IRC.


Thanks guys, I really thought I was going to be thrown in the BleepingComputer loonie bin.... I appreciate you reading this thread.

If he could PM this garbage, I dare not think what he could do through IRC !!! lol... oh yea and as a follow up, it seems to infect the onboard sound, somehow disabling (maybe overheating?) hardware dither... needless to say, now all of my onboard chips sound like a chainsaw... with the classic 5-11khz digital aliasing that every audiophile on the planet has complained about since the 80's. Hello tinnitus! Also the drivers won't install properly anymore, they work, but the "AV Rack" won't load to change "hardware" settings...

SO YES PLEASE BE CAREFUL, AND PLEASE BUY SOFTWARE SO THESE JERKS DON'T GET THEIR JOLLIES ANYMORE.
YOU CAN GET REALLY NICE SOUNDING PLUGINS FOR AROUND $200 THAT WILL DO ANYTHING A DECENT HARDWARE RACK FX UNIT WILL DO.
YOU DON'T NEED TOP OF THE LINE PLUGINS UNLESS YOU ARE WORKING WITH TOP OF THE LINE A/D D/A CONVERTERS, SUPER PREAMPS AND AT LEAST $3000 WORTH OF MONITORING EQUIPMENT!

You won't hear the difference on your computer speakers. However, if AIR turns off your dithering, you will notice that!!!!
Also, Reason is only about $300, just buy it before these software manufacturers start jacking up there prices even more....

If you need it, BUY IT OR WRITE YOUR OWN CODE, NEVER TRUST A HACKER/REVERSER, NOT EVEN IF HE'S YOUR BEST FRIEND.

Edited by Psykostx, 23 July 2009 - 03:49 PM.


#6 QQQQ

QQQQ

  • Members
  • 387 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 24 July 2009 - 08:52 AM

Well we all know warez will get you infected, so I won't go into this any further.

What about disabling your onboard sound and going with an addon card? I believe someone could alter the bios on your hard drive, audio card, GPU card, but not without adverse effects. (which you mentioned you are having). I just can't believe this guy knows THAT much about the bios on everything in your computer. And to flash your bios while the system is up and running on your GPU, hard drive, audio card and whatever else just seems impossible to me. I would guess maybe he altered your audio cards bios with something that will infect your operating system. Try disabling just the audio on your motherboard and do a format and reload from an original Windows CD. I too have been working on computers since 1985 and am considered an expert by others. But to me I know I don't know it all and am not afraid to say it. Even experts get stumped by everyday stuff, it happens. If you don't pursue this and try and solve it, I will have security revoke your geek card at the door!!! LOL

Seriously, never give up on a problem. Take as many breaks as you need and walk away from it temporarily, just not permanently.

GOOD LUCK!!

#7 the_patriot11

the_patriot11

    High Tech Redneck


  • BC Advisor
  • 6,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming USA
  • Local time:04:58 AM

Posted 30 July 2009 - 08:57 PM

it happens, my dads been doing computer programing since well before I was born (im 24) and is pretty much an expert in his field, and the place where he works a virus went rampant throughout dozens of computers, they did everything they could to get rid of it, my dad and a team of like 5 experts in his department, but everytime they erased the virus it came right back. they ended up flying in someone from california and paying him truckloads of money to get rid of the virus. Some of these hackers out here are pure geniuses when it comes to computer code, its to bad their not not smart enough to put that genius to work for something positive instead of destroying other peoples stuff. I mean seriouse, look at it, Bill Gates and Steve Jobs might be out of business right now if some of these moronic hackers were to start writing operating systems. . .

picard5.jpg

 

Primary system: Motherboard: ASUS M4A89GTD PRO/USB3, Processor: AMD Phenom II x4 945, Memory: 16 gigs of Patriot G2 DDR3 1600, Video: AMD Sapphire Nitro R9 380, Storage: 1 WD 500 gig HD, 1 Hitachi 500 gig HD, and Power supply: Coolermaster 750 watt, OS: Windows 10 64 bit. 

Media Center: Motherboard: Gigabyte mp61p-S3, Processor: AMD Athlon 64 x2 6000+, Memory: 6 gigs Patriot DDR2 800, Video: Gigabyte GeForce GT730, Storage: 500 gig Hitachi, PSU: Seasonic M1211 620W full modular, OS: Windows 10.

If I don't reply within 24 hours of your reply, feel free to send me a pm.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users