GABSharkY

Discussion in 'GBAtemp & Scene News' started by Costello, Jul 20, 2004.

  1. Costello
    OP

    Costello Headmaster

    Administrator
    12,388
    5,595
    Oct 24, 2002
    A few hours ago, we announced here the release of a new tool, GABSharkY.
    If you have downloaded this program, please do NOT open it.
    It might contain malicious code - which should not cause damage to your computer.
    We should be able to give you more details when we can talk to the author.

    Thanks,
    the staff.

    Update a la Mole -

    This program contains a very nasty worm called SDBOT, more info can be found, including removal instructions, at -

    http://it.trendmicro-europe.com/enterprise...DBOT.ER&VSect=T

    This is a REALLY nasty virus. If you have ever run this program, immediatly do a virus scan.
     


  2. amy test

    amy test Advanced Member

    Member
    68
    0
    Jul 4, 2004
    nomad
    Huh..? Now that's sneaky.. [​IMG]
     
  3. - Wrath of God -

    - Wrath of God - God

    Member
    975
    0
    Nov 8, 2003
    United States
    well is it a virus, or was it intentional?
     
  4. santakuroosu

    santakuroosu GBAtemp Fan

    Member
    429
    1
    Mar 1, 2004
    Boobtown in Titland.
    Well thank god i'm always the last one to read those things.
     
  5. Xanthious

    Xanthious Scratch & Sniff

    Member
    751
    0
    Sep 19, 2003
    United States
    Go Notre Dame !!
    Thanks much for the heads up. I put it in my download manager to get tonight. Looks like I wont be needing it afterall. Will there be a clean version do you know ?
     
  6. kiczek

    kiczek Advanced Member

    Member
    60
    0
    Mar 1, 2003
    United States
    Middletown, NJ
    i would like to say SORRY FOR HOSTING THIS SITE ppl

    I was very entusiastic about this new tool and offered him hosting but there is no way I will allow mondayz to use my website anymore

    http://gabsharky.kiczek.com

    PS fuck you mondayz you piece of shit!
     
  7. Mega_Mizzle_X

    Mega_Mizzle_X Music and Me...

    Member
    547
    0
    Oct 29, 2002
    New Zealand
    What a tricky way to get people... And it prays on the trust we have at this community. Bast##d

     
  8. Zero01

    Zero01 Advanced Member

    Member
    85
    0
    May 20, 2004
    United States
    [​IMG] I d/l it in my d/l folder, luckily I didn't open it phew, now it's the recycle bin for that file.
     
  9. Opium

    Opium PogoShell it to me ™

    Former Staff
    8,191
    43
    Dec 22, 2002
    Australia
    There's no reason for you to appologize kiczek, there's no way you could have known.

    Well I did download GABSharkY but i didn't get around to opening it and running it. Strange how being busy pays out in the end [​IMG] funny old world we live in.
     
  10. Gaisuto

    Gaisuto Lose 2 Levels.

    Former Staff
    5,925
    2
    Oct 27, 2002
    United States
    Palm Coast
    Do you guys really know if he did it on purpose?
     
  11. Outrager

    Outrager GBAtemp Regular

    Member
    102
    2
    Dec 28, 2003
    United States
    Wait... so it "It might contain malicious code" but that doesn't matter because it "should not cause damage to your computer."
    Or was that just worded totally wrong?
     
  12. WrathofGod

    WrathofGod GBAtemp Regular

    Member
    180
    0
    Jul 16, 2004
    United States
    I know it dropped the files mentioned on your website but what do they do. By chance have you figured out what there exactly doing?
     
  13. mole_incarnate

    mole_incarnate Watermelon!

    Former Staff
    2,596
    0
    Nov 3, 2002
    Perth,WA
    Heres a tidbit on the winupdate.exe (one of the files it drops), knew I had seen it before -

    http://it.trendmicro-europe.com/enterprise...DBOT.ER&VSect=T

    Behold, the worm.

    This can be fairly nasty, so if you've run this proggy, immediatly do a virus scan.

    More info on other files coming.

    Okay, all the other files are just normal files to run the program, not malware of any kind, cept maybe loadex.exe, pretty sure ive seen that one before.

    This cannot be accidental, this little punk did it deliberatly.
     
  14. WrathofGod

    WrathofGod GBAtemp Regular

    Member
    180
    0
    Jul 16, 2004
    United States
    Does the program actually work? If so liked to see someone remove the virus [​IMG]
     
  15. cerberus

    cerberus GBAtemp Regular

    Member
    167
    0
    Apr 2, 2004
    Here!
    What a sly bastardo! people like that need shooting.

    If you want an easy way to remove it use the Stinger tool from NAI. Get it here. Its a great tool, and will scan for 43 major viruses. Get it to be safe.
     
  16. Gandalf515

    Gandalf515 Member

    Newcomer
    11
    0
    Jul 18, 2004
    Netherlands
    I opened that tool, and now I'm infected. Íf it was up to me, I'd hang him up with his own balls, that F*****g b*st*rd
     
  17. djgarf

    djgarf I Am A Raver

    Former Staff
    2,955
    32
    Oct 24, 2002
    England U.K.
    These instructions are for Windows XP ONLY!

    1. Close all open programs.
    2. Press Win+R. This brings up the "Run" dialog.
    3. Type "taskmgr" and press enter.
    4. Click "Processes."
    5. Highlight "winupdate.exe," then click "End Process," followed by "Yes."
    If you do not see this file, skip this step.
    6. Highlight "explorer.exe," then click "End Process," followed by "Yes."
    Your desktop will disappear.
    7. Go to "File" and select "New Task (Run)."
    8. Type "cmd" and press enter.
    9. Type the following commands, pressing enter after each one.
    Ignore any 'File does not exist" warnings.

    cd windowssystem32
    del explorer.exe
    del wpa.dbl
    del pnbak.dll
    del pnupd.dll
    del pnstrt.dll
    del winupdate.exe
    del native.exe
    del loadex.exe
    cd windows
    del explore.exe
    del explorer.exe
    exit

    10. Go to "File" and select "New Task (Run)."
    11. Type "explorer" and press enter. Your desktop will be restored.

    At this point your system should be cleaned.
    To verify that explorer.exe is correct, run Windows Explorer, browse to
    c:windows, highlight explorer.exe, right click it and select properties.
    Verify that BOTH the "Created" and "Modified" dates say either
    "August 29, 2002, 04:41:24" or "May 11, 2003, 21:12:10."

    big thanx and shouts go out to qoop on irc for taking the time to install this crap on his pc to work out how to remove it properly

    none of the registry entries listed on the trendmicro page were actually present in the registry too
     
  18. mondayz

    mondayz Member

    Newcomer
    37
    0
    Jul 16, 2004
    Netherlands
    Guys, I did not do any virus in the exe! Seriously! [​IMG]
     
  19. skubbe

    skubbe Advanced Member

    Member
    58
    0
    Nov 14, 2002
    What was the original filename of GABSharkY, don't remember where i put it on my hd [​IMG]
     
  20. _Pie_

    _Pie_ GBAtemp Regular

    Member
    175
    0
    Nov 6, 2002
    Italy
    GBARL.it
    gabsharkyv1-0.zip