I know I don't have a lot of posts. Normally I can fix things on my own, I am an expert with over 18 years experience with computers and windows and code. This is very serious and it is not a hoax. I am a veteran, I have seen it all, from monkey.B to CiH to DYFUCA.
This is entirely new and seems to be absolutely invisible to the Windows Native Kernel and the API. Also boot tools cannot detect it as anything more than a warning, flagged for nearly every file on your drive.
The only way to detect it is to know what files you have. If you have any audio warez from 2008 onward, this virus is embedded in almost everything. This is why you think you are getting away with having virus free pirated software. ABSOLUTELY NO SOFTWARE TOOLS CAN DETECT IT. If you have any warez by the hacker AIR, you must continue reading. This is a horrible trojan, that once activated, is PERMANENT to your soundcard, hardisks, and GPUs. It was activated through PM by someone with the utmost knowledge of VST and other audio tools, and I will admit it was one of the most interesting conversations I have ever had...but while we were talking this guy was triggering his trojan. i should have known when he said "no I don't write code" and sent me a PM full of info on the PCM .wav file format, and machine level instruction algorihms. Shortly aftter the PM, a myspace page popped up with the title "WORM Audio," then my storage drive dismounted and remounted with two new folders on it, Folder.htt and Desktop.ini. These were not the normal system folders and they were linked to a remote network drive. Spyware Doctor detected "hidden files" inside these folders which were named with some type of asian character set. Further research revealed the files to belong to the Redlof.A virus. SD immediately removed the files, but shortly after, the real symptoms began (which I will get to shortly). I would like to have the proper authorities use my gearslutz.com account to catch this SOB. I have spent days trying to swap hardware components to try and find it, but no matter what when I reinstall, THE SYMPTOMS RETURN BUT NOTHING CAN BE DETECTED. I apolgize for being all over the place, this has been one of the most eyeopening and absolutely horrifying computer experience I have ever had. Oh yes, symptoms are very simple...obvious botnet activity...when windows starts and shuts down, along with frequent DrWatson Error reports ...except nothing crashes, IE8 just reloads the page. The worst thing is, you are apt to believe nothing is wrong, because everything else works fine, except for GPU and Soundcard related crashes randomly (not repeatable) and rarely. Yes I have tested every component in my computer and now it is just shut off...for the first time in over 5 years. I will no longer be found anywhere near a P2P network, and I certainly will no longer believe in warez as "try before you buy," because almost every major plugin manufacturer now offers exensive full featured trials.
It is certainly strange how researchers just found you could change your BIOS ACPI features to hide a trojan. I'm guessing this only happens on ACPI equipped motherboards. Also, on my other ASUS board, there is a driver called AsusAI that has been frequently exploited throughout the years in much the same manner...
No I don't work for Biostar or American Megatrends or any other hardware or software manufacturer...actually, I'm unemployed. I am just somebody who was born at the right time in history to know how computers work without someone pulling the veil over my eyes.... ALL HARDWARE CAN BE PROGRAMMED IF YOU KNOW THE INSTRUCTION SETS!!!!!!
HEADS UP, "Chernobyl 2" is here.... maybe 3-Mile-Island is a good name... the 3MI virus...hmm...that works, cuz its like leetspeak for BMI...you know, the people who own the rights to all the music you listen to. Buy your plugins this time!!! You were warned.
I am NOT asking for help in removal, because as far as I can tell, it can't be stopped from spreading back onto your disks and right back into hardware.
I am asking WHO DO I GO TO TO GIVE MY FORUM ACCOUNT SO THEY CAN REEL THIS SCUMBAG IN??!!!
ALSO: It seems to have turned my dither off on my soundcard and may have turned up the heat on my GPU ... however there really is no way to prove this WITHOUT THE PROPER AUTHORITIES GETTING INVOLVED. WHO ARE THE PROPER AUTHORITIES, I HAVE NEVER FELT A HACKER NEEDED TO BE APREHENDED, BUT THIS GUY IS MERCILESS AND VERY SPITEFUL!!! I AM NOT MAKING THIS UP !!! PLEASE HELP ME CONTACT THE AUTHORITIES !!!
Edited by garmanma, 23 July 2009 - 09:18 AM.
Moved to a more appropriate forum