Problem with an HTML Application

02 Jan 2011

Basically what happened is that I launched an HTML Application a few days ago without obviously knowing what it could do.

From the wiki page: "An HTA runs as a fully trusted application and therefore has more privileges than a normal HTML file; for example, an HTA can create, edit and remove files and registry entries."

The particular script I'm talking about came from a well-known imageboard.
Here is the commented source code of the HTA:

This script generates a random image with instructions to copy and paste the image to paint and save it as .hta. When you change it to .hta and run it, you execute the script which then causes you to become infected. It then reposts the same image, but embeds a random file from your computer into the file.

Now what I did to get rid of it was using DBAN to wipe my 2 HDDs and just to be safe I also changed all of my passwords.

Should I consider myself safe now?

Jacee · 02 Jan 2011

I'm going to ask members not to click on the active links! Keep yourselves safe

Jacee · 02 Jan 2011

01234 ... what were you trying to accomplish without knowing what application you downloaded and launched?

03 Jan 2011

The active links were not dangerous... it was just a Wikipedia link and a Pastebin link...
Why were they edited? Pastebin it's been around since 2002, it's safe...
Jacee what I was trying to do does not really matter, I was just an idiot to run this script. Can anyone help me now?

Golden · 03 Jan 2011

The links were edited to keep the more inexperienced safe from their own curiosity.

Regards,
Golden

Jacee · 03 Jan 2011

If you've wiped the hardrives, changed all passwords and done a clean install, then you should be safe.

Hopalong X · 03 Jan 2011

+1 Jacee

That should clean things up quite nicely.

Here is the best way to do it.
SSD / HDD : Optimize for Windows Reinstallation

03 Jan 2011

Golden said:

The links were edited to keep the more inexperienced safe from their own curiosity.

Regards,
Golden

Oh ok, I understand.

Jacee said:

If you've wiped the hardrives, changed all passwords and done a clean install, then you should be safe.

Thank you very much. Can anyone else confirm that I should be safe?

To be honest I'm not really sure this application affected me in the first place because when I launched it all I saw it was a windows full of seemingly incomprehensible (like a bunch of random letters and symbols) code and nothing else happened. I also tried to look at the source code of the .bmp image and that didn't make any sense either.
Maybe during the process of the conversion from .jpg to .bmp to .hta something went wrong so the script didn't actually work at all. What do the experts think?

03 Jan 2011

Hopalong X said:

+1 Jacee

That should clean things up quite nicely.

Here is the best way to do it.
SSD / HDD : Optimize for Windows Reinstallation

I already did a clean install after wiping my HDDs with DBAN but thank you anyway.

Hopalong X · 03 Jan 2011

If you already did that yes your safe.

If you wiped the drives totally clean and reinstalled your done.

I don't know about Dban but the way I posted the link to writes 0's and 1's so it is as clean as the day you bought it new.

Mike