Was working on a friend's computer when I came across this strange file, located in C:\windows\repair. Its contents were:
@echo off
Rem: Brought to you by: By the best, The only
Rem: people that did it.
Rem: AngelDeath, Epyx, Slanchoca, DopeWeasel, Meph.
Rem: The now Famous 5.
batch.cmd
inuse.exe security %systemroot%\system32\config\security /y >nul
I did some googling and found inuse.exe is a windows utility that allows you to replace files in system memory. Is this some new spyware exploit? Has anyone seen this before?
"Those who make peaceful revolution impossible will make violent revolution inevitable."
- John F. Kennedy
knofun
*overstating the obvious*
For one, it comes from the Resource Kit, so it doesnt just "show up"
Secondly, the bat credits as having been created by crackers.
I wouldnt leave that OS on for 5 more minutes.
I am attaching the readme files that come from the actually installation under C:\Program Files\Resource Kit.
What kind of symptoms lead you to examine the system to begin with? What were you attempting to do? Did you examine the list of all installed programs to see if this could be slipped in with a "warez" somewhere?
.
It is actually an exploit used to reset a trial period for xp back to "000" so the trial period never expires. That is as good as i can do. lol
Grow old along with me, the best is yet to be.
I read your links in PM Hunter
Yah thats what I was hinting at, especially with it in the \repair folder. If its only for resetting product activation, thats one thing, but when you dont know what processes get altered, or how your system GOT a hack, can you trust it?
Its the game you play, mess with warez, risk getting burned.
Good research Hunter
.
thats why i wouldnt post how i can to that conclusion here, i didnt want to risk anyone trying those links.
Grow old along with me, the best is yet to be.
warez site are seldom friendly, these werent either . . . heheeh im too locked downOriginally Posted by The Hunter
.
The first clue is when the site automaticly tries to send you the file without you asking for it.
Grow old along with me, the best is yet to be.
When dub sees this, if he requests i will send him those links, but make sure your pc is really locked down before using them.
Grow old along with me, the best is yet to be.
His comp was riddled with spyware and pretty much unusable.. I ended up just reinstalling, and it did turn out he had a warez copy of xp... thanks for the replies.
"Those who make peaceful revolution impossible will make violent revolution inevitable."
- John F. Kennedy
knofun
u can close this thread now
As long as it all worked out, and i hope you told him he better start coming here and listening to all the warnings we post about spyware, and addware.
Grow old along with me, the best is yet to be.
spyware is evil
but malware is worse
with spyware it can be removed
butwith malware it messes up your puter
Oh how true CJ, and that is why i didnt close this thread. It may still prove usefull to someone.
Grow old along with me, the best is yet to be.
Posting Permissions
Reply With Quote
Bookmarks