SOLVED Virus from boot disk download

[catilley1092]

To all that may be having problems and need assistance: STAY AWAY from the website FREE PC TECH! I was looking for a problem with one of my XP laptops, was steered to it on a forum (tom's computing net) and downloaded three boot discs. Today, MSE caught the viruses and removed them from my laptop. The most severe one, I forgot to write down the name of it, but it was a password stealer. The other two (medium risk) were Tool:Win32/Angryscan.A & Remote Access:Win32/RealVNC. These two were said to be a privacy risk or could cause computer damage. There are a whole page of boot and recovery discs here, but stay away. It took a while, but MSE fixed the problems. I'm beginning to be impressed with MSE. Usually, Avast places these files in the virus chest, but MSE deleted or destroyed them.

 

[clifford_cooley]

Can you tell us which programs you downloaded.

I know Hiren's BootCD has programs that are designed to find your passwords. These programs can even clear your passwords so that you can set a new password at login. Some of the programs maybe falsely accused of harm when they are in fact working the way they are designed.

 

[catilley1092]

Falcon Four Ultimate Boot CD (424MB) was the bad one. It screwed both of my laptops up BAD. And yes, I downloaded Hiren's Boot CD from there as well as another one. It installed a password grabber on my laptops. And there's no doubt about the program, as it was identified by MSE & Windows Live Safety Scanner. That was the first program that caught it and attempted to repair my laptops, but it couldn't remove all of the damage done. MSE finished repairing the newer of the two, the other was beyond all hope. I had to reinstall Win 2K Pro & XP Pro, and still updating them now. Avast even caught some of it. So that one file was not a false alarm by any means. It took MSE over an hour to clean it up on the one that could be saved. And there was another file that done some medium damage: Spotman Powersuite 2009 Pro (178MB ISO). My virus protection didn't catch it on the download, but apparently after they were opened, they did the damage. They were both zip files, and I think the Hiren's Boot CD was one as well. They were all on the same page. The only reason I was even there was I was looking for a SP Express 4 to download for Win 2K Pro, to put it on CD, as Microsoft won't be supporting that OS after this coming August. I wanted a spare file, and I ran across all of these. I jumped all over them after reading the descriptions. That's why I kept these laptops for, for trying things out, and I'm about to inherit another one. But it needs cleaning badly, and I'm not talking about the case. It's infected as well, he's already ruined a $1700 PC in 2003, a lot of cash then. He's too lazy to install a free virus program, but can sit up all night looking at porn. But anyway, you all need to know about these files, Microsoft has already collected information on it. Be careful out there, a password stealer is on the loose.

 

[draceena]

If you really need a boot CD, I highly recommend Ultimate Boot CD http://www.ultimatebootcd.com/

You do have to do some work on your own to get it set up but once you have it burned, it works like a charm and has saved me many times

 

[Ian]

Like Clifford has already mentioned, I have a feeling that the things that were picked up were simply tools that come as part of the recovery CD. There would probably be a password recovery tool and RealVNC on the disk, which would explain things - so it may not be as bad as you first think (although I can't say this for certain).

I'll also 2nd the recommendation for the Ultimate Boot CD - it's a great tool to have.

 

[Veedaz]

And i would 3rd that UBCD has proved its self many times for me over time on many occasions with XP and no doubt will with Windows 7.

 

[catilley1092]

You mean that virus scanners are that sensitive? I have them set to maximum protection. Avast is always picking up page file viruses of some sort on XP Pro, but I ignore them. You can't put that file in the chest or delete it. Mabye I should reset the protection to standard. The page that I was on looked legit. But I can see where you all are coming from, being the tools were there. They were zip files, and scanned cleanly going into my laptops. The next time, I'll make the discs that I need and delete the rest with CCleaner. That way, I'll have my tools and the files will be gone. By the way, that Hiren's Boot CD has a lot of excellent tools on it. I destroyed the other two, they were the reported risk files. Thanks to you all for your help.

 

[FalconFour]

Falcon Four Ultimate Boot CD (424MB) was the bad one. It screwed both of my laptops up BAD.

*nod*

Wow, thanks for that. Yep, definitely a passive BootCD that never writes unless you use it to do so, screwed your laptops up BAD. As the author of said BootCD (and with a new version v4.0 out now, not that you'd care I guess), I can tell you there's no way you can screw up your computer by simply burning and booting any part of the disc. Even the old versions.

Additionally, people need to learn to read what their antivirus is telling them, and understand what they're saying. If you'd like, you can go to realvnc.com and download a "VIRUS!!" right now. If that's your definition of "virus", that is. Point of that is, those are NOT "viruses" or "malware", they're tools that can potentially (read: POTENTIALLY) be used for malicious purposes. A tool used to retrieve Outlook passwords is considered malware by most AV programs, although the tool itself is not, it can be used for malicious purposes. And for that reason, if you scan the F4UBCD with a virus scanner, it'll go off like a Christmas tree. It has a LOT of powerful tools that can be used for good or evil... but NONE of them are activated by simply running the BootCD. They're only used by the user of the disc.

And if you don't understand that, you're probably not smart enough to know how to use the disc without breaking something. So please... step away from the computer.

If I made the F4UBCD to steal passwords, then it must not be doing a very good job, because to date I haven't had a single person randomly email me their password. Though some of the one-word emails and comments I get on my blog are pretty strange...

 

[catilley1092]

FalconFour, welcome to the forum. Sorry, but that was quite awhile back when the incident happened, and I didn't know anything about these discs, nor the capabilities of them. Since then, I've came a long way in learning, by no means do I know everything, but almost everyday I learn something new.

That was actually the first time that every virus and malware protector that I had to all sound off like I described months ago. I downloaded the discs because they looked good in description, but never needed them, so CCleaner took care of them all. I've found other products that does what I need for them to do.

I did burn F4UBCD for a friend before disposing the zip files, he really likes and still uses it a lot. He works on computers that's donated to Goodwill, and sometimes he needs the disc to "get into" the donated computers, to make them ready for resell. Many users forgets to deactivate (or remove) their passwords. So you must have done a good job in creating the disc.

As for me, I've learned more about what to look for when downloading zip files. As long as it comes from a legit source (as yours did), I realize that my AV (MSE) may detect a bad file, when there isn't one. And I read the description of the contents more carefully, so that I won't be surprised.

Thanks for coming onto here and making your product description more clear to me, and always feel free to return at anytime, should you ever need help, or simply have a question. You may also want to submit your product description to the Free Software Database on this forum for potential posting of it. In the right hands, there are many good tools on it.

Best of Luck,
Cat

 

[FalconFour]

Hey, thanks for coming back with a reply! Really glad to hear you've kept at it since then, the learning thing and all... too many people just give up at the first sign of trouble.

Really the F4UBCD is more of a compilation of programs than anything... just a lot of various BootCDs and tools crammed into one boot menu. At least the useful ones, while excluding other popular, less useful choices - BartPE (and its relatives, like UBCD4Win), have proven to be slow and tempermental, and UBCD itself is just too dedicated to "pure open source Linuxlike legality" to actually be much use. It's designed to provide the best, cleanest, most familiar tools (like a full blown Windows desktop and Explorer) to get the job done.

However, it's had its fair share of trouble gaining popularity... I was actually drawn to this topic because someone actually posted on my blog post that some forum post "bothered" them (this one)... since it's the only forum post I'd really seen about it in a while, it was kinda sad to see it was one calling the disc malware! Haven't really had anyone talking about how awesome it is or anything... so it's been rather slow to pick up. But, meh... I post it online to help people out, and if nobody finds it, I guess it'll be an obscure part of my "when I wasn't quite popular yet" legacy... I'm still at that "I wish I was as popular as deadmau5" part... I never thought to try posting it in forums and whatnot... I'm not really active anywhere, so to come on somewhere and be like "hello, i'm a random person, download my random stuff" is like... I dunno, un-kosher?

edit: Oh, and MSE = :top: