|06 May 2010||#1|
| || |
In a word, destructive, the tale of W32/Scar-H
Very rarely nowadays do we find a piece of malware whose sole intent and purpose is to destroy the victim computer. W32/Scar-H is an example of one of those über twisted malware which in the literal sense detonates a bomb on the victim.
At first glance W32/Scar-H is like any ordinary Autorun worm making its way from victim to victim. When first run it creates the following files:
<System>\ntldr.exe (copy of self)It spreads to any device that is mapped to a drive letter by creating the following files with the hidden attribute set on the created files:
<Root>\WinNT.exe (copy of self)Here is where the rampage begins. W32/Scar-H will systematically replace all files in the C: drive ending with the extension .exe with a copy of itself starting with the files in the <System> directory. The filenames of the replaced files will remain unchanged. These unchanged filenames add to the explosive mixture.
With all these file replacements going on in the C: drive, an application crash is a guaranteed event. The default debugger on Windows is <System>\Drwtsn32.exe which captures a crash log and process dump file to be submitted as an error report to Microsoft optionally. W32/Scar-H has already conveniently replaced Drwtsn32.exe with a copy of itself. So every time Windows calls Drwtsn32.exe to handle an exception, another W32/Scar-H processes gets created by Windows. This calling of Drwtsn32.exe carries on recursively and indefinitely till the victim computer becomes completely non-responsive.
|My System Specs|
|07 May 2010||#6|
| || |
If someone is affected by that virus, it's an imminent format, yes, but what if he wants to save his data? Man... the computer that will receive the infected drive really needs to be well protected and autorun is set to off >_<
Or on Linux? Well, Linux in that case would be a savior. Or a Mac with a software to read NTFS partitions/hard drives.
Otherwise, if you get that virus, you are pretty much screwed... and your other hard drives along if they have .exes.
|My System Specs|
|Similar help and support threads for2: In a word, destructive, the tale of W32/Scar-H|
|BSOD during Non-Destructive Reinstall||BSOD Help and Support|
|Tale of the magnetic tape: 60 years at IBM||Chillout Room|
|A tale of two old machines... to upgrade or not ?||Hardware & Devices|
|System Restore failure - yet another tale of woe!!||Backup and Restore|
|Bluescreen after complete destructive restore||Backup and Restore|
|HP Laptop Non-destructive recovery?||Installation & Setup|
|Non Destructive Rebuilds||Installation & Setup|