Unpatched Windows XP for 4 years, no root password: 250+ infected files

Discussion in 'malware problems & news' started by wearetheborg, Jul 31, 2010.

Thread Status:
Not open for further replies.
  1. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    \rant

    So I had set up a computer for my parents 4 years back; after that they never pactched it. The root account has no password. Today I ran MBAM on it.
    250+ infected files
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Folders Infected: 13

    1 trojan
    2 worms
    2 backdoors
    250+ rogue software files (all related to smartbridge)

    :doubt: o_O

    I installed MBAM using a USB key. Now, the USB key has autorun.inf file. Is this malware?
    autorun.inf:
    Code:
    [autorun]
    UsEaUtOpLaY=1
    SHeLl\opEN=Open
    OPen=storage\sys.exe
    SHElL\opeN\coMmand=storage\sys.exe
    There is also now a new Storage\sys.exe file in the USB key
    The new Storage directory has has a desktop.ini file:
    Code:
    [.ShellClassInfo]
    CLSID={645FF040-5081-101B-9F08-00AA002F954E}^@
    EDIT: Uploaded the exe file to virustotal. Here is the report(preanalysed):
    ~ Virus Total Results Removed per Policy ~
     
    Last edited by a moderator: Jul 31, 2010
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    In a heavily infected situation such as this, and on top of that, a 4 year old PC that's not been maintained, wiping would be my first thought.

    Start fresh - build from there.
     
  3. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Yes, that is the sane course of action. I'm giving him another computer, so I'm thinking of just letting this infected computer be, especially as we have low speed internet (512kbps).
    But I know my dad will do the same thing to the new computer. I just know it. I'm gonna install Sandboxie on the new computer, and use LUA+SRP. I'm not sure he will bother to user Sandboxie. So I gotta try to lock the new computer down before he uses it.
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What about Defensewall or Geswall for them?
     
  5. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Is GesWall better than Sandboxie?
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I know he's you're dad, but if he hasn't learnt from this, then :( Hope he hasn't been doing online banking, and/or ANY financial transactions :eek:
     
  7. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    No, fortunately not. At least not on windows. The computer is dual boot with linux; but linux too has not been patched for 4 years. Firefox is 4 years old on it. Even there, he does not have online finance accounts.

    And he goes about bashing windows saying it is so insecure, it gets viruses etc :rolleyes:

    The cake on top --- he teaches at an IT institute :p (some engineering courses though, not core IT)
     
    Last edited: Aug 1, 2010
  8. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
    that makes me very :(
     
  9. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Yeah me too. At least he only teaches some engineering courses, not core IT.
     
  10. wat0114

    wat0114 Guest

    At least wipe the drive.

    That should do it and don't give them the administrator password. If he needs help he contacts you because you are the administrator. Also enable automatic updates so none are missed.
     
    Last edited by a moderator: Aug 1, 2010
Loading...
Thread Status:
Not open for further replies.