Gaming LAN Scanning

[Zesu-chan]

Alright, my friend has a virus. Apparently a foreign virus, because the google search results didn't turn up ANY English pages on it.

It's called foza_orana.vbe, and it hijacks USB drives and messes with your system files so your icons and your right clicking ability go away. It tried to get my laptop, but it shot that varmint before it could even reach my e-porch. ^^ My system was just too tough for it.

Now that I know what it is though, I know how to kill it. ClamWin from my USB drive couldn't detect it, and neither could his antivirus. But Trend Micro on my laptop can kick its ass. SO, I need to know one thing...

Is it possible to establish an LAN connection with my friend and scan his computer with my laptop connected like that? How would I go about doing it?

 

[MicShadow]

Not very well. Just tell youf friend to hold shift (disable autoplay) and insert the USB drive.
Either format the drive, of just delete the vbe file (Visual Basic Script)

 

[FAST6191]

From what you have said it is just a crude visual basic virus, alas this also means it is probably down to heuristics to pick it up.

Crude way: enable a shared folder (with write access) and map said folder to a drive,
http://www.microsoft.com/windowsxp/using/n...n/mapdrive.mspx

Better way: use a proper AV setup, probably involving a liveCD of some form, bartpe AV stuff:
http://www.bootcd.us/BartPE_Plugins_Category/antivirus/

Even better way but far complex is manual removal. You say it is a foreign virus (not that there really is such a thing) but http://www.pcentraide.com/index.php?showtopic=106275 has details on what it does (fairly minor league as far as things go). Safe mode is good, bartpe is better.

Quick translation
It uses autoplay.inf to trigger foza_orana.vbe
It runs 3 instances of wuauclt.exe as well as wscript.exe et wscntfy.exe

wuauclt is part of the windows update but it is occasionally used for malware purposes:
http://www.spywareremove.com/removewuaucltexe.html

wscript is not a core file but one used to run VBE flies.

wscntfy.exe is the security center, I disable it on my machine but make sure to have AV and everything. It could also be used as a disguise.

And adds entries under the following key in the registry:
HKCU*/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
*HKEY_current_user
If using bartpe
http://windowsxp.mvps.org/peboot.htm
Note the registry is used for many things and messing it up can quite easily mess your system up. Take backups before messing around with it.

 

[Zesu-chan]

Here's what I ended up doing.

I put all his storage drives into my computer, and they all tried to virus it, but my computer killed them all.

Then I wiped his hard drive after we backed up his data, scanning each storage drive we used for backup before putting the data into other drives.

Sorry I didn't try your methods guys, but I asked this question like a day before I had to help him. XD Anyway, now I need to go download the drivers he needs so his computer can work the speakers and use different resolutions. How do I go about finding out the drives he needs and getting them?

Also, for some reason his laptop (an unrelated computer) doesn't recognize its hard drive anymore. o.O How do I fix that?

 

[FAST6191]

Finding out info, cpuz is a good start:
http://www.cpuid.com/cpuz.php
Other than that sound is generally a motherboard (cpuz should take care of that) and graphics should be told to you as the first thing you see when you boot although CPUz should also take care of that.
From there is a simple search.


As for the drive I find laptops have useless connections for such things. If that does not help remove the drive and stick it in another machine/on an adapter to test it.

 

[houseonfire]

Illegally download the antivirus that works and put it on his computer.