Self-destructing virus kills off PCs

teoti ^ | 9:38 pm 05/05/2015 | tricpe

[Still Thinking]

Self-destructing virus kills off PCs

Stop talking about Windows like that!

[dayglored]

> Done it many times when doing bare-metal upgrades. The downside is having to re-install all the software.

True, but doing in-place upgrades has its downsides too. I believe in ripping out the OS about every two years regardless, and reinstalling everything, because:

• Windows (and most OSes) gets stale after a couple years, sooner with heavy use.

• Windows updates can cause applications to get weird, settings to drift, assumptions to go bad.

• It makes you find all your app install media and license keys, which is a good thing.

• It's a chance to clean out all the stupid cruft and programs you installed that you ended up not using>

and so on.

[tacticalogic]

At this point Rombertik will first run anti-analysis checks to determine whether it is running within a sandbox. If it isn’t, it will then decrypt and install itself, which then allows it to launch a second copy of itself and to overwrite the second copy with the malware’s core functionality.

Need to get it in a sandbox it doesn't recognize.

[Billthedrill]

Oh, no argument at all, I just get a little irritated at these DoomDoomKerboom articles. I last used testdisk about three weeks ago to bring back a partition table on a machine somebody had trashed "irrecoverably". CS major, too. The guy blushed scarlet when he saw how easy it was.

You are, of course, completely correct that the average user might not know about this stuff, more's the pity. So, 'fess up - could you write a script and put it on a bootable medium that would take care of this in a single operation? Yes, you could. Haha - admit it! ;-)

[dayglored]

> Need to get it in a sandbox it doesn't recognize.

Tricky. It's a lot easier to detect that you're in one, than to build one that can't be detected.

[tacticalogic]

I believe in ripping out the OS about every two years regardless, and reinstalling everything,

I do it about every 3 years, and start with a new MB, CPU, memory, and HD. A good case and PS will usually be good for 2-3 cycles of that.

[dayglored]

> So, 'fess up - could you write a script and put it on a bootable medium that would take care of this in a single operation? Yes, you could. Haha - admit it! ;-)

"Guilty, Your Honor!!"

[Excuse_My_Bellicosity]

Destroying your computers runs completely counter to the purpose of watching your habits and stealing your personal data. This "article" is written like a junk e-mail ("destroys your computer!").

"involves reinstalling Windows, which could mean important data is lost"
This does not make logical sense, I've reinstalled Windows many times with no loss of data.

[SWAMPSNIPER]

This will continue until we bring back public hanging.

[Excuse_My_Bellicosity]

I just get a little irritated at these DoomDoomKerboom articles

Yup. The virus may be for real but this "article" reads like a junk e-mail. We've all seen those before: "indestructible virus", "completely destroys your computer", "intelligently evades detection".

[dayglored]

> This will continue until we bring back public hanging.

Problem: hanging is too quick and reliable.

Writing malware should be punishable by something slow and uncertain. Maybe the honey and fire-ant-hill thing, and THEN hanging.

[tacticalogic]

Tricky. It's a lot easier to detect that you're in one, than to build one that can't be detected.

Figure out what tests it's running and then figure out how to lie to it.

[bicyclerepair]

Wont affect my awesome linux pc ha

[doomtrooper99]

public void alwaysDo()
{
User user = new User();

user.keepOriginalSoftware();
user.knowHowToInstallOriginalSoftware();
user.backupYourData(USB_DRIVE);

// for good cloud backup goto http:www.crashplan.com
user.backupYourData(CLOUD);
}

[dayglored]

> Figure out what tests it's running and then figure out how to lie to it.

Well, yes, of course. ;-)

The problem is that if it's smart, it won't let you intercept the fact that it's running a test. That's somewhat more challenging in these days of multiple cores and threads, but it can usually be done.

A very interesting problem in either direction.

[Squawk 8888]

Restoring a PC with its MBR deleted involves reinstalling Windows, which could mean important data is lost.

Wrong. Restoring a corrupted MBR is child's play; I've done it several times for clients.

[doomtrooper99]

…Taliban Justice???...

[tacticalogic]

The problem is that if it's smart, it won't let you intercept the fact that it's running a test. That's somewhat more challenging in these days of multiple cores and threads, but it can usually be done.

I think you should be able to mitigate some of that by running it in a VM.

[doomtrooper99]

I HAVE to reinstall Windows once every 2-3 years.

I reinstalled MAC OSX, only once, when I took my MAC Mini to work and wanted to scrub personal data and software..

[doomtrooper99]

I use VMWare’s Player all the time.

www.vmware.com