Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Samples To Play With


  • Please log in to reply
13 replies to this topic

#1 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 10 July 2013 - 08:03 PM

I have 5 samples of the FBI virus (that elude most antivirus/malware scanners) if anyone cares to study the workings and figure out how to remove them from a machine that is physically present. No need for antivirus/malware removal software once one knows the files/folders created and reg entries that need to be reset to default. I am not posting this to infect anyone and will be okay if this thread is deleted.

Bllepingcomputer is looked at by the world community at large as a malware forum; maybe I can contribute to a higher rate of removal success.

If this is not allowed, please do not ban me;  just an admonishment will do.

Thanks



BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:08:17 PM

Posted 10 July 2013 - 09:22 PM

Submit the files to http://www.bleepingcomputer.com/submit-malware.php?channel=3



#3 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 10 July 2013 - 09:33 PM

Thanks, Queen-Evie. Will do.

 

Edit: Typo

 

Edit2: Files were successfully sent.


Edited by bludgard, 10 July 2013 - 09:42 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:17 PM

Posted 10 July 2013 - 10:20 PM

Got em. Thanks!

Will install them tomorrow.

#5 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 11 July 2013 - 12:12 AM

No problem. Hope you have as much fun as I did. :guitar:   LOLz



#6 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 13 July 2013 - 10:20 PM

\Will install them tomorrow.

Anything interesting?

Edit: Only MSE caught the Dirty` file and allowed it (user preference).

MBAM, SAS, ClamWin, ESET online  and others fail....

What;s up? :nono:

 

Edit2: Spoiler alert

I Kill it with Puppy Linux.... LOLz


Edited by bludgard, 14 July 2013 - 02:55 PM.


#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:17 PM

Posted 14 July 2013 - 09:22 AM

Yeah, I found the dirty decrypt. I couldn't get the others to kick off. Working on the dirty decrypt one now.

#8 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 14 July 2013 - 03:33 PM

Weird; these samples no longer throw up the FBI page and lock the machine up. They disable firewall, security center, task manager and a couple other things.... I don't get it.



#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:17 PM

Posted 14 July 2013 - 07:50 PM

Sometimes they go dead after a while.

#10 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 14 July 2013 - 08:53 PM

I'll have to find some more. :crazy:

The only thing I can think is that whatever server they access disables the files connection after some time to keep from being traced back to owner?

I have got to find out what is going on....

Thanks for your time and will submit some fresh as soon as possible.

 



#11 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 16 July 2013 - 12:04 AM

Sometimes they go dead after a while.


Failures within the allocation of Internet resources due to the Internet's chaotic tendencies of growth and decay....

http://en.wikipedia.org/wiki/Dark_Internet

Caos & decay? LOLz

Edit: I'm on it boss

Edited by bludgard, 16 July 2013 - 12:06 AM.


#12 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 22 July 2013 - 07:41 AM

A coupla more fresh to play with have been uploaded.
Cheers

 

Edit: Noticed the Spyware and Malware Removal Guides and Reading Room last night. Awesome stuff, guys. Been at this for quite some time, eh?

Thanks


Edited by bludgard, 22 July 2013 - 07:48 AM.


#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:17 PM

Posted 22 July 2013 - 11:46 AM

Thanks. This is the Mandian Urausy version:

http://www.bleepingcomputer.com/virus-removal/remove-mandiant-usa-cyber-security-ransomware

#14 bludgard

bludgard
  • Topic Starter

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:08:17 PM

Posted 22 July 2013 - 04:36 PM

Bingo!

cache.dat file was created 4/14/2008? This one is a bit dated; just wrapped in a new package?

I feel like I've been juked! LOL

I'll check file dates and only upload what I consider zero-day.

Thanks again and thanks for the link to another part of this forum that I have heretofor passed by. Will check what I find agains what is here before uploading.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users