Far and few between.
Ok, I know - I shouldn't have probably be on that crummy site with all of the 'file sharing' and open source type aquisitions. I must admit, they got me, and they got me good this time.
I was running wXPpro 500mhz pII, 384 mb, cable modem, digital camera, and old glazed donught on top of the machine. I downloaded the culprit .exe which I don't remember right off hand the name. I scanned the file after downloading to ensure it was not a nasty virus. SAV came up with zilch. Ran the program, and obviously you know the rest if I'm here right now. My CPU immidiatly showed signs of a massive bog down, and I tried to look at the processes(ctrl-alt-del) to determine what exactly I had just installed on my machine. (I KNOW ALREADY! HOW LONG ARE YOU GOING TO KEEP THROWING THAT IN MY FACE!?!?!?)
Anyway to make a long story short, all the sudden SAV's system tray icon dissappeard, and it started picking up all sorts of .exe files attempting to run from %system%/system32/ directory, Reg entries that shouldn't be in there, a program called spy-shredder or somthing like that. (junk) etc...etc... I ran Ad-Aware, just to get a feel for how big of a problem I was dealing with. Now, the last time I ran Ad-Aware was about 1 month ago, when I tried to update the program today, the prog told me that my definitions were 1,201 days outdated.
So then my buddy comes over and demands that $55.00 I owe him, you know. With nothing else running, and SAV was done either quarantined or deleted any files, I opened up IE and typed paypal's address in. http://www.paypal.com/
Thats when this page came up. The first thing I noticed besides the obvious changes to the web page was the spelling mistake of the word "organize." How, they made the address bar appear to be at the correct address of "https://www.paypal.com/" I HAVE NO CLUE. It's definitely a neat and scary trick.
After I calmed down from all the shock and curiosity, I was bouncing through my prog files directory and noticed a folder entitled "fastpush." Inside I found several different subdirectories with an assortment of VNC flavors, installed and stealth, with a bunch of reg entries that had already been used. (i checked the registry for the strings)
And the last thing I noticed....... The O/S will not get passed the menu screen on boot now, so to o put it simply-it won't restart.
Luckily I have another old pentium2 that didn't get hit throught the network, but that data needs to be ghosted or something if the drive needs to be blown away.
Any suggestions would be great, I'd like to not have to yank the drive and scan it in a different machine, but I guess if I have to, I have to.
Edited by Tech A1, 28 December 2005 - 08:23 AM.