Need Help Destroying my XP install

sxesynesthesia

sxesynesthesia

Limp Gawd
Joined
Feb 5, 2005
Messages
408
Ok here is the situation. I am running XP in VM workstation and i need a few virus' and stuff to destroy it.

I need to do this because I need to teach myself to fix it. I have rarely used XP. I need to do this for a job.

Link me to things that will download all kinds of trojans, virus, malware, anything to mess it up so much it hardly runs at all.

Thank you

I know this is a really weird request but any help would be much appreciated
 
You don't really need to "teach" yourself how to clean up malware. What you need to do is learn the names of tools that help you fight them, such as Malwarebytes Anti-malware, ComboFix, HiJackThis, etc.

Each malware infection is different, so as long as you have the right tools, you'll be fine.
 
Just start downloading random crap on Limewire and visiting warez sites.
lol
 
thanks guys I have Limewire going already.

I know most of the tools that help combat them. I just didnt know if when i go do this test for this job if they have me do things on XP that i havent done before such as reg hacks and stuff.
 
Eh, I'd watch out for limewire as not to download some copywrited material and really fubar yourself, but...

... make sure the firewall is off and are in an admin session (not critical, but it is slightly easier to get infected). Surf online 'till you find those shaddy sites that say "click here to redeem your prize". There, you got your nice little infection of a prize :p
 
Just visit a lot of porn websites. Go to serial websites. Crack/warez websites.
 
lol..i already now i can fix anything a user is gonna bring to a computer repair shop. Knowing that they are probably illiterate and thats why they are bringing it in. Im thinking that most of the systems i have to repair are just gonna be virus removal and OS install and basic stuff.
 
Put the VM on an IP address that is in your router's DMZ, turn off the firewall.

If you just want it dripping with stuff, install the XP RTM with no patches and no AV. Put that in your DMZ. Wait about 15 minutes.

Try and fix the carnage. Enjoy!
 
sxesynesthesia said:
Im thinking that most of the systems i have to repair are just gonna be virus removal and OS install and basic stuff.
Click to expand...
And that's why i said there's nothing to learn. You just arm yourself with the tools, keep them handy, and that's all you need to worry about. The process for removing them is generally the same as Vista and Windows 7.
 
nessus said:
Put the VM on an IP address that is in your router's DMZ, turn off the firewall.

If you just want it dripping with stuff, install the XP RTM with no patches and no AV. Put that in your DMZ. Wait about 15 minutes.

Try and fix the carnage. Enjoy!
Click to expand...

i have a legit xp key on an old dell case but i cant find the XP RTM......
 
DeaconFrost said:
And that's why i said there's nothing to learn. You just arm yourself with the tools, keep them handy, and that's all you need to worry about. The process for removing them is generally the same as Vista and Windows 7.
Click to expand...

got the stupid geek squad utilities on a thumb drive i should be ok.
 
DeaconFrost said:
And that's why i said there's nothing to learn. You just arm yourself with the tools, keep them handy, and that's all you need to worry about. The process for removing them is generally the same as Vista and Windows 7.
Click to expand...

So your just saying load up a thumb drive with malwarebytes & super antispyware?
Are there any other good ones i should put on there?
 
sxesynesthesia said:
I need to do this because I need to teach myself to fix it. I have rarely used XP. I need to do this for a job.
Click to expand...

(Emphasis mine)

Stop RIGHT there!

It's thinking like this that leads to data breaches in supposedly secure organizations.

Once a machine is compromised from an account with administrator level privileges (default in XP) the ONLY 100% safe recovery is to do a ground-up re-install/restore from non-writeable media.

ANY other recovery mechanism exposes you to the potential for root-kits or intercepted system calls that prevent any "fix" from having an effect.

Technically if you boot off external media and make the correct changes you can eliminate a root-kit or other malware, but that requires a much higher degree of knowledge, typically takes longer (corporations can just re-image from a standard install) and if you screw it up (and people DO screw up, no matter how good they are or what they know) you're still exposed.

Even if you're attempting to fix a machine that was infected via a user-level account you have to be 100% sure that no escalation of privilege possible.
 
Torq said:
(Emphasis mine)

Stop RIGHT there!

It's thinking like this that leads to data breaches in supposedly secure organizations.

Once a machine is compromised from an account with administrator level privileges (default in XP) the ONLY 100% safe recovery is to do a ground-up re-install/restore from non-writeable media.

ANY other recovery mechanism exposes you to the potential for root-kits or intercepted system calls that prevent any "fix" from having an effect.

Technically if you boot off external media and make the correct changes you can eliminate a root-kit or other malware, but that requires a much higher degree of knowledge, typically takes longer (corporations can just re-image from a standard install) and if you screw it up (and people DO screw up, no matter how good they are or what they know) you're still exposed.

Even if you're attempting to fix a machine that was infected via a user-level account you have to be 100% sure that no escalation of privilege possible.
Click to expand...

No worries its just some mom and pop pc repair shop. Thanks for the info a quick wiki search gave me all the more info i needed on rootkits and their detection and removal. :) (must be detected before windows boots, i believe)
 
Last edited:
Just for fun...and a good learning lesson. Make sure you infect the machine with the latest variant of "Security Central" It disables most anti-viruses bans most all exe, com and bat files from running. It also teminates most programs used to uninstall it. Fun stuff!

One more limitation.....don't use safemode to remove it. There's a variant out there that breaks safemode. I removed this particular version this past Sunday.

Fun stuff eh?
 
If you know what your looking for, but cannot remove said virus due to it being a running service and cannot stop it, you could always use a live Linux CD to gain access to the C:\ partition and clean out the System32 folder and Documents&Settings from user profiles. Many times I've found those rogue AV files stowed away in there.

I'm not sure how practical that is in a corporate situation for malware removal, but its proved to be a useful tool in my kit.
 
Mackintire said:
Just for fun...and a good learning lesson. Make sure you infect the machine with the latest variant of "Security Central" It disables most anti-viruses bans most all exe, com and bat files from running. It also teminates most programs used to uninstall it. Fun stuff!

One more limitation.....don't use safemode to remove it. There's a variant out there that breaks safemode. I removed this particular version this past Sunday.

Fun stuff eh?
Click to expand...

Is this that Kaspersky Antivirus 2010 app?
 
As stated above, I would just turn off the firewall and search some adult entertainment sites. From there just start clicking on everything and anything.

But since you stated it is a mom and pop shop I would not be surprised if they do the same thing and just reformat the machine, since it is quicker and a easy way to make more money.
 
sxesynesthesia said:
No worries its just some mom and pop pc repair shop. Thanks for the info a quick wiki search gave me all the more info i needed on rootkits and their detection and removal. :) (must be detected before windows boots, i believe)
Click to expand...

I don't think it being a mom and pop PC repair shop makes bad/ineffective practices any more acceptable ;)

People bring in their machines trusting that they'll be properly fixed, and doing anything less than the right thing is inappropriate. Those people stand to have their identities stolen as a result of using a machine they THINK is clean (not that they probably aren't already fucked, but that's a different issue).

And yes, for root-kits or other malware that intercepts system calls, you have to boot from something other than the infected media/device. A Linux (or other OS) boot CD with the right tools and knowledge can recover a root-kit infected machine.

The moment you run code from the infected device in your recovery process you're potentially hosed.

Reformatting the machine is the single safest solution. The additional cost that might incur over a "virus removal" service is piddly change compared to fixing issues associated with identify theft.
 
Mackintire said:
Just for fun...and a good learning lesson. Make sure you infect the machine with the latest variant of "Security Central" It disables most anti-viruses bans most all exe, com and bat files from running. It also teminates most programs used to uninstall it. Fun stuff!

One more limitation.....don't use safemode to remove it. There's a variant out there that breaks safemode. I removed this particular version this past Sunday.

Fun stuff eh?
Click to expand...

This one is an excellent illustration! :)

It goes by various names, and at least one of the variants looks exactly like Microsoft Security Essentials.

And it is a sneaky fucker.

One variant of it is setup so that if you "remove" it in SafeMode it sits dormant for a few days, lulling you into the belief it is gone, and then suddenly pops up again seemingly out of nowhere.

Fun indeed! :)
 
Torq said:
And yes, for root-kits or other malware that intercepts system calls, you have to boot from something other than the infected media/device. A Linux (or other OS) boot CD with the right tools and knowledge can recover a root-kit infected machine.
Click to expand...
I've been a fan of UBCD4Win for this purpose for a long time.
 
Torq said:
This one is an excellent illustration! :)

It goes by various names, and at least one of the variants looks exactly like Microsoft Security Essentials.

And it is a sneaky fucker.

One variant of it is setup so that if you "remove" it in SafeMode it sits dormant for a few days, lulling you into the belief it is gone, and then suddenly pops up again seemingly out of nowhere.

Fun indeed! :)
Click to expand...

can i have a link i cannot find it any where. all i can find is how to remove it but i dont care about that i need the infection first
 
Mackintire said:
Just for fun...and a good learning lesson. Make sure you infect the machine with the latest variant of "Security Central" It disables most anti-viruses bans most all exe, com and bat files from running. It also teminates most programs used to uninstall it. Fun stuff!

One more limitation.....don't use safemode to remove it. There's a variant out there that breaks safemode. I removed this particular version this past Sunday.

Fun stuff eh?
Click to expand...

Oh yeah. I had to deal with one of these on my client's computer. Took me approx. 5 hours straight to finally break the stranglehold, and an additional 3 hours weeding out the last of the rogue files.

Real fun. :rolleyes:
 
finally got the right one...cant open anything, IE says its open but wont show anything..thanks guys. been awhile since i had to deal with something like this. renders the system almost totally useless.
 
A few quick tips for nasty viruses:

- try manually restoring the registry hives from a previous restore point with a PE disc to be able to start the process of removal for paralyzed or corrupted systems

- if a virus has taken control of executables such that the registry editor won't run, apply modifications with a reg file instead

- use Autoruns to easily examine all the different registry locations where rogue software initializes at startup

- Google is the best tool for researching the particular virus to understand its effects and how to remove it

- if possible, make an image of the drive before repairing it to allow restoration in the event of catastrophic damage to system files in the process of cleaning
 
http://www.joyunbound.com/?p=601

Also, combating virii that aren't as easy to remove is fun and interesting.

When MSBlast first hit, I managed to be able to remove that by myself without any help (small pride thing :D). It was a cool and fun feeling after I successfully removed it manually. Couldn't have done it if I didn't know how to operate services.msc, msconfig, and knew stuff about how Windows is structured and stuff. Fun times!

There was one virus on my dad's old computer though that was impossible to remove (never found any solutions, but I didn't know about ComboFix at the time, so I don't know if that would have fixed it). What it would do is replicate itself with random filenames every second and stuff, and each replication was an individual instance and whatnot. I forgot what it was called, but from what I found, it was impossible to remove due to the nature of that virus. Reinstalling Windows worked, but I suppose this also means I failed to remove it successfully. :(

EDIT: I know of a website that does offer viruses for download (for the purpose of debugging and stuff). Let me see if I can find it...

http://www.offensivecomputing.net/ - Offers downloadable live malware from its database, use only if you know what you are doing

I think http://isc.sans.org/ might have something too.
 
Cerulean said:
http://www.offensivecomputing.net/ - Offers downloadable live malware from its database, use only if you know what you are doing

I think http://isc.sans.org/ might have something too.
Click to expand...

THANK YOU THIS IS WHAT I HAVE BEEN ASKING FOR! :D

I also enjoy debugging, it does give you a sense of accomplishment. ;)

And once again thank you guys for your help in this. I missed the whole XP era in PC's. I went from 2000 to Vista to 7. :rolleyes:
 
You must log in or register to reply here.
Back
Top