LAN Scanning

Discussion in 'Computer Games and General Discussion' started by Zesu-chan, Apr 2, 2009.

Apr 2, 2009

LAN Scanning by Zesu-chan at 12:24 AM (1,335 Views / 0 Likes) 5 replies

  1. Zesu-chan
    OP

    Newcomer Zesu-chan Advanced Member

    Joined:
    Dec 3, 2008
    Messages:
    96
    Country:
    United States
    Alright, my friend has a virus. Apparently a foreign virus, because the google search results didn't turn up ANY English pages on it.

    It's called foza_orana.vbe, and it hijacks USB drives and messes with your system files so your icons and your right clicking ability go away. It tried to get my laptop, but it shot that varmint before it could even reach my e-porch. ^^ My system was just too tough for it.

    Now that I know what it is though, I know how to kill it. ClamWin from my USB drive couldn't detect it, and neither could his antivirus. But Trend Micro on my laptop can kick its ass. SO, I need to know one thing...

    Is it possible to establish an LAN connection with my friend and scan his computer with my laptop connected like that? How would I go about doing it?
     
  2. MicShadow

    Member MicShadow GBAtemp Fan

    Joined:
    Jan 28, 2008
    Messages:
    457
    Country:
    Australia
    Not very well. Just tell youf friend to hold shift (disable autoplay) and insert the USB drive.
    Either format the drive, of just delete the vbe file (Visual Basic Script)
     
  3. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,749
    Country:
    United Kingdom
    From what you have said it is just a crude visual basic virus, alas this also means it is probably down to heuristics to pick it up.

    Crude way: enable a shared folder (with write access) and map said folder to a drive,
    http://www.microsoft.com/windowsxp/using/n...n/mapdrive.mspx

    Better way: use a proper AV setup, probably involving a liveCD of some form, bartpe AV stuff:
    http://www.bootcd.us/BartPE_Plugins_Category/antivirus/

    Even better way but far complex is manual removal. You say it is a foreign virus (not that there really is such a thing) but http://www.pcentraide.com/index.php?showtopic=106275 has details on what it does (fairly minor league as far as things go). Safe mode is good, bartpe is better.

    Quick translation
    It uses autoplay.inf to trigger foza_orana.vbe
    It runs 3 instances of wuauclt.exe as well as wscript.exe et wscntfy.exe

    wuauclt is part of the windows update but it is occasionally used for malware purposes:
    http://www.spywareremove.com/removewuaucltexe.html

    wscript is not a core file but one used to run VBE flies.

    wscntfy.exe is the security center, I disable it on my machine but make sure to have AV and everything. It could also be used as a disguise.

    And adds entries under the following key in the registry:
    HKCU*/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
    *HKEY_current_user
    If using bartpe
    http://windowsxp.mvps.org/peboot.htm
    Note the registry is used for many things and messing it up can quite easily mess your system up. Take backups before messing around with it.
     
  4. Zesu-chan
    OP

    Newcomer Zesu-chan Advanced Member

    Joined:
    Dec 3, 2008
    Messages:
    96
    Country:
    United States
    Here's what I ended up doing.

    I put all his storage drives into my computer, and they all tried to virus it, but my computer killed them all.

    Then I wiped his hard drive after we backed up his data, scanning each storage drive we used for backup before putting the data into other drives.

    Sorry I didn't try your methods guys, but I asked this question like a day before I had to help him. XD Anyway, now I need to go download the drivers he needs so his computer can work the speakers and use different resolutions. How do I go about finding out the drives he needs and getting them?

    Also, for some reason his laptop (an unrelated computer) doesn't recognize its hard drive anymore. o.O How do I fix that?
     
  5. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,749
    Country:
    United Kingdom
    Finding out info, cpuz is a good start:
    http://www.cpuid.com/cpuz.php
    Other than that sound is generally a motherboard (cpuz should take care of that) and graphics should be told to you as the first thing you see when you boot although CPUz should also take care of that.
    From there is a simple search.


    As for the drive I find laptops have useless connections for such things. If that does not help remove the drive and stick it in another machine/on an adapter to test it.
     
  6. houseonfire

    Member houseonfire GBAtemp Regular

    Joined:
    May 21, 2007
    Messages:
    285
    Country:
    United States
    Illegally download the antivirus that works and put it on his computer.
     

Share This Page