Valik Posted December 4, 2011 Share Posted December 4, 2011 BrewManNH is correct as far as I can see. You have exactly one person to blame for this: You. Instead of learning your lesson and looking into sandbox or virtual machine software your response is to make an ass of yourself on their forum? Someone explain to me why I shouldn't preemptively block this user now just so I don't have to later when they do something stupid and then decide to blame somebody from our forum for it? BigDod 1 Link to comment Share on other sites More sharing options...
Blue_Drache Posted December 4, 2011 Share Posted December 4, 2011 (edited) I can only give you (currently) 434 reasons in favor of your argument, Valik. Edited December 4, 2011 by Blue_Drache Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache Link to comment Share on other sites More sharing options...
Valik Posted December 4, 2011 Share Posted December 4, 2011 I can only give you (currently) 434 reasons in favor of your argument, Valik.The number grew by the time I saw your post but "heh" none-the-less. Link to comment Share on other sites More sharing options...
jaberwacky Posted December 4, 2011 Share Posted December 4, 2011 Even though I have no idea what in the **** this function 'posed t' do, I just don't even like the name. expandcollapse popupBlindSucker proc uses ebx LOCAL lbrw:DWORD LOCAL lBuff[256]:BYTE ; ------- seh installation ------- ; SehBegin __bs call GetTickCount invoke nseed,eax ; ------- check for key ------- ; invoke GetModuleHandle,reparg("user32.dll") .if eax lea edx,lBuff mov dword ptr [edx],'AteG' ;"GetAsyncKeyState" mov dword ptr [edx+4],'cnys' mov dword ptr [edx+8],'SyeK' mov dword ptr [edx+12],'etat' mov byte ptr [edx+12+4],0 invoke GetProcAddress,eax,edx .if !eax SehPop return_0 .endif .endif scall eax,VK_B .if eax jmp @blind .endif invoke MyZeroMemory,ADDR lBuff,256 mov lbrw,0 invoke GetPrivateProfileString,ADDR szAnsavName,ADDR szBlindCnt,ADDR lbrw,ADDR lBuff,256,ADDR szAnsavIniPath cmp lBuff[0],0 je @writeit invoke atodw,ADDR lBuff mov ebx,eax add ebx,5000 call GetTickCount .if eax < ebx sub ebx,5000*2 cmp eax,ebx jb @writeit @blind: ; ------- time for blind all sucker ------- ; invoke Random,10 add eax,20 ; min invoke MakeRandomString,ADDR szRandomString,eax invoke MakeRandomString,ADDR szAppName,5 mov TimeForBlind,1 jmp @owrite .else @writeit: mov TimeForBlind,0 @owrite: ; set it last call GetTickCount lea ebx,lBuff invoke wsprintf,ebx,ADDR szdTosF,eax invoke WritePrivateProfileString,ADDR szAnsavName,ADDR szBlindCnt,ebx,ADDR szAnsavIniPath .endif ; ------- seh trapper ------- ; SehTrap __bs ErrorDump "BlindSucker",offset BlindSucker,offset szAnsavStuffasm SehEnd __bs ret BlindSucker endp Helpful Posts and Websites: AutoIt3 Variables and Function Parameters MHz | AutoIt Wiki | Using the GUIToolTip UDF BrewManNH | Can't find what you're looking for on the Forum? Link to comment Share on other sites More sharing options...
Shaggi Posted December 4, 2011 Share Posted December 4, 2011 I think the irony of this story is to download the source of an program, then run the binary. Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG Link to comment Share on other sites More sharing options...
BigDod Posted December 4, 2011 Share Posted December 4, 2011 Stupid is as stupid does Time you enjoyed wasting is not wasted time ......T.S. Elliot Suspense is worse than disappointment................Robert Burns God help the man who won't help himself, because no-one else will...........My Grandmother Link to comment Share on other sites More sharing options...
Bowmore Posted December 4, 2011 Share Posted December 4, 2011 Seeing this would start some alarm bells ringing for me. ; ------- time for blind sucker ------- ; call BlindSucker "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to build bigger and better idiots. So far, the universe is winning."- Rick Cook Link to comment Share on other sites More sharing options...
jchd Posted December 4, 2011 Share Posted December 4, 2011 Downloading and launching some random binary from a hackers' site outside of a serious VM or hardened sandbox quite often triggers a reinstall. Even visiting such sites without thick condoms is risky.Can we say that looking at a small part of alledged accompanying source dated early 2008 is digital tourism? This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
MvGulik Posted December 5, 2011 Share Posted December 5, 2011 Even visiting such sites without thick condoms is risky.You think that helps. Seems to me the user got the stick instead of the site.... open wide ... "Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions.""The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014) "Believing what you know ain't so" ... Knock Knock ... Link to comment Share on other sites More sharing options...
Skitty Posted December 5, 2011 Author Share Posted December 5, 2011 (edited) First and foremost, how do you guy's think I took a snapshot of the bios error? do you think I have some kind of software built into it that can enable screencap's? of course I was using a vm, but I still lost a bunch of udf's and other things I had accumulated over a period of 15 hours that I hadn't saved it.Anyway, a moderator over there was nice enough to submit my complaint for me.I sort of exaggerated the claim but still, it's a good warning to anyone else who might download it and unwittingly run the damn thing. Edited December 5, 2011 by THAT1ANONYMOUSEDUDE Link to comment Share on other sites More sharing options...
Valik Posted December 5, 2011 Share Posted December 5, 2011 First and foremost, how do you guy's think I took a snapshot of the bios error?There's this thing called a "camera". Link to comment Share on other sites More sharing options...
MvGulik Posted December 5, 2011 Share Posted December 5, 2011 "Camera" ... hehe I knew Valik would say that. NO I really DID. TRUST me. REALLY ... (Kinda don't work. Bad timing might be one factor here.) ... BUT's: generally best used for sitting on ... "Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions.""The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014) "Believing what you know ain't so" ... Knock Knock ... Link to comment Share on other sites More sharing options...
Skitty Posted December 5, 2011 Author Share Posted December 5, 2011 Even though I have no idea what in the **** this function 'posed t' do, I just don't even like the name. expandcollapse popupBlindSucker proc uses ebx LOCAL lbrw:DWORD LOCAL lBuff[256]:BYTE ; ------- seh installation ------- ; SehBegin __bs call GetTickCount invoke nseed,eax ; ------- check for key ------- ; invoke GetModuleHandle,reparg("user32.dll") .if eax lea edx,lBuff mov dword ptr [edx],'AteG' ;"GetAsyncKeyState" mov dword ptr [edx+4],'cnys' mov dword ptr [edx+8],'SyeK' mov dword ptr [edx+12],'etat' mov byte ptr [edx+12+4],0 invoke GetProcAddress,eax,edx .if !eax SehPop return_0 .endif .endif scall eax,VK_B .if eax jmp @blind .endif invoke MyZeroMemory,ADDR lBuff,256 mov lbrw,0 invoke GetPrivateProfileString,ADDR szAnsavName,ADDR szBlindCnt,ADDR lbrw,ADDR lBuff,256,ADDR szAnsavIniPath cmp lBuff[0],0 je @writeit invoke atodw,ADDR lBuff mov ebx,eax add ebx,5000 call GetTickCount .if eax < ebx sub ebx,5000*2 cmp eax,ebx jb @writeit @blind: ; ------- time for blind all sucker ------- ; invoke Random,10 add eax,20 ; min invoke MakeRandomString,ADDR szRandomString,eax invoke MakeRandomString,ADDR szAppName,5 mov TimeForBlind,1 jmp @owrite .else @writeit: mov TimeForBlind,0 @owrite: ; set it last call GetTickCount lea ebx,lBuff invoke wsprintf,ebx,ADDR szdTosF,eax invoke WritePrivateProfileString,ADDR szAnsavName,ADDR szBlindCnt,ebx,ADDR szAnsavIniPath .endif ; ------- seh trapper ------- ; SehTrap __bs ErrorDump "BlindSucker",offset BlindSucker,offset szAnsavStuffasm SehEnd __bs ret BlindSucker endp Wow, I hadn't seen that, If I would have noticed that I would have probably saved everything to my network share before running it after disabling the network, I'm just glad it didn't reach out to my network share and molest everything there too. Link to comment Share on other sites More sharing options...
trancexx Posted December 5, 2011 Share Posted December 5, 2011 I don't get it. What do you see there except funny name? ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Shaggi Posted December 5, 2011 Share Posted December 5, 2011 It might write something dangerous to an .ini file. Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG Link to comment Share on other sites More sharing options...
trancexx Posted December 5, 2011 Share Posted December 5, 2011 Something like "Johnny, la gente esta muy loca. What the fuck?!?" ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Skitty Posted December 5, 2011 Author Share Posted December 5, 2011 no te creo, mentirosa. Link to comment Share on other sites More sharing options...
jaberwacky Posted December 5, 2011 Share Posted December 5, 2011 Like I said, I don't know what it is supposed to do. My concern is over the odd choice of name. Helpful Posts and Websites: AutoIt3 Variables and Function Parameters MHz | AutoIt Wiki | Using the GUIToolTip UDF BrewManNH | Can't find what you're looking for on the Forum? Link to comment Share on other sites More sharing options...
jchd Posted December 5, 2011 Share Posted December 5, 2011 That's a moot point: should it be called RemoveTrojan or PrepareGUI would you trust it more? Mobius and James 2 This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
trancexx Posted December 6, 2011 Share Posted December 6, 2011 AutoIt has funny names for functions and variables sometimes too. For example check this: bool bDoBatshitLocoCopy = true; You just have to laugh honestly seeing stuff like that. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now