So...

A few weeks ago I started letting my nephew and my wife use my XP machine as I beefed it up a bit, put extra HDs in, etc. In all the moving of data from the older PCs to this one, I created shares for all the things I wanted to keep:

Games
Software
Documents
Music

I had about 25G of Music, so that stayed on my 30Giger while everything else was in my profiles My Documents on my 40G IDE that I used for my Primary HD.

At some point, I figured that I'd leave the Music folder available for them to access, since I figured music is music right. I showed them winamp and how to use it, and let it be at that.

I use AVG Free edition, and a week ago I began noticing that it would catch Xi.exe in the bi-weekly scan. I would delete it and be done with it.

Well...

Come to find out that Xi.exe is a beeotch.

I decided to burn a cd for some travelling that I have coming up here. I open up my burning prog, ad look for the files to add.

Nothing.

I'm like, o'tay. Maybe I have it in another folder. Nope. Er.....maybe there's a physical problem with the drive. Nope.

I'm pissed. I start thinking of how the hell they could have deleted my shizzle. I decide to run some extra Spybot catching shizzle. Clean. I run Anti-Virus again and clean. I look back in the history of AVG and see that Xi.exe again.

I do some Google on this, and at first (because I'm an idiot that can't spell exe) there is almost NOTHING out there. Then, I figure out what I did wrong, do a search, and get this:

http://www.trendmicro.com...AB&VSect=T


Basicly...this trojan gets on the machine, copies a file over using default passwords (which I totally forgot to reset my guest user account name and pw when I refreshed my machine), then copies itself into all the shares it can get into. Then it opens a line to irc and lets kids and assholes run whatever commands they want on the pc.

Since I have my shit locked down almost all the way, they couldn't access anything. In fact, my Primary drive is so well locked out that the Xi.exe couldn't even get into those shares.

Just the Music share that I left open to everyone on my extra hard drive.

Well, since they couldn't do anything to my PC, it's apperant that they just decided to delete everything they could in the share.


23G of Prince shit gone. (the other 2 gig is just ripped cds of other music I have)

All my NPGMC Files.
All my rips of 12" Albums that was a bitch to setup.
All my rips of borrowed live shows and outtakes
All my videos that many of you here have so graciously donated bandwidth for
Rips of CDs like The Family, Madhouse, Come Test Pressting, The Undertaker...

Gone.



Beware Xi.exe folx. And remember to safeguard your shit. And Baby Jesus loves good firewalls (I'm setting up a SuSE server to front my shit to the internet now). And for gods sake, limit the hell out of people who share your computer with you. They'll click on ANYTHING and sign up their email for ANYTHING.
[Edited 9/6/04 20:40pm]

Damn. I am so sorry this happened to you! Ugh! Thank you for being so kind as to warn others about this. That is great of you. If I can be of any help in replenishing your collection, please org note me.

Thanks for the warning.

Just updated my anti-virus software.

Check your email.

A while back my anti-virus software let me know there was a trojan running on my pc, but it couldn't actually delete it.

That's the trouble with anti-virus software, new virus's can slip past it before it knows to look for them.

The trojan was a key-logger - that is, it records your keyboard strokes and secretely passes this infomation down the internet to who knows? So for example, say you log into a bank account, you have to type in your card details and passwords - which would enable someone secretly getting this information to tap into your account and steal all your money.

Nobody seems to make a big deal out of key-logger viruses, but potentially they are an incredibly scary danger.

To get rid of this virus I looked up anti-spyware software - which many companies sell - however to buy them online I would have had to use my credit card details which I didn't want to do since I knew I had this virus on board already!

Besides, I resent having to buy this sort of software. It occurs to me that it is in the interests of these companies that new viruses keep appearing - how do we know they themselves aren't responsible in some way for creating them? A self perpetuating business?

It is like a modern day protection racket - they create the danger and then take money for protecting you from the danger.

To get rid of this particular virus, I followed some complicated instructions I found on an anti-virus website, involving booting up in Safe Mode. I could delete the offending lol.dll but everytime I restarted normally, it instantly reappeared, which was very frustrating.

In the end I came up with an idea - I deleted the file out in Safe Mode, then created my own lol.dll by renaming a txt file, and made it a protected file. This fooled the virus into thinking it was installed when it wasn't and stopped it working.

Awfully clever of me, I thought, and I didn't have to shell out 20 quid for some software that probably wouldn't have worked anyway...

Why do these people create viruses anyway? I can only think some people get their kicks out of creating things and some get their kicks out of destroying things. Some kids like to build sandcastles while others only like to knock them down...

I recently had to re-format and re-install cuz of of a virus (mine was 'jeefo' ) Within 24 hours, my drive got so corrupted, I could not save ANYthing, including my music and videos



I know how ya feel

Thanks for the heads-up!



You get a cookie: