[AccessD] Oops, wrote my own virus! <Grin>

Drew Wutka DWUTKA at marlow.com
Fri Aug 29 12:20:58 CDT 2003 

We were hit by the MSBlast Virus on Monday.  It was a nightmare.  We had
been receiving emails for weeks containing that virus, and our email scanner
was working like a charm.  However, someone brought in an infected laptop,
and we didn't know our client scanner (Office Scan) hadn't been updating
clients, so it ripped through our network, using the RPC port, like wild
fire.  In fact, both my co-worker and I setup a new machine (one each), and
as soon as the OS was loaded, they were immediately infected.  Lots of fun.

Anyhow, after getting it mostly under control, OfficeScan was continuously
kicking out virus warnings, because the infected file was still there, since
it couldn't be removed unless the cleaner was run in safe mode.

So being an enterprising programmer, I wrote a VB program that edited the
boot.ini file, so that the machine automatically booted into safemode with
network.  I then wrote two batch files.  One that caused every Win2k machine
to boot into safe mode, and one that caused all of those machines to run the
virus scanner, then reboot into normal mode.  I goofed though.  I ran the
first process, ran fine.  Ran the second process......and the machines still
booted into safemode.  I had made a slight change in the VB program, which
caused the 'set back to normal' routine to not work right.  So I fixed the
.exe and sent it back out to all of the W2k machines.  Ran the cleaning
process again, and whalla, they were all cleaned, and booted back into
normal mode.  (Did this on about 100 machines...saved a LOT of time).

Unfortunately, some of the machines were laptops, and they had gone into
standby after the first clean run, so they never got the new .exe, and thus,
they were forever stuck in safemode.  I left work that night at about 4 in
the morning, so I didn't get back in until about 2 in the afternoon.  My
boss was the only one in, and he was completely clueless since he had
several laptop users complaining that they were stuck in safemode.

So, I wrote my own virus, one that boots a machine in safemode, and prevents
them from booting into normal mode (cause they ALL tried, VERY HARD, mind
you.....<evilgrin>).

Oh well, it's not my fault my co-worker and I weren't there, and that our
boss doesn't know how NT works! <grin>

Drew

More information about the AccessD mailing list