 sj |
||
|
||
BS: Nasty Virus - Hackers.KeyGen
|
|
|
|||||||
|
BS: Nasty Virus - Hackers.KeyGen |
Share Thread
|
||||||
|
Subject: BS: Nasty Virus From: Louie Roy Date: 24 Jan 08 - 10:29 PM There is a nasty virus making the rounds and it is called Hackers.KeyGen and it has roots that spread throughout your PC and it has to be manually removed. Norton will put it in quarantine but it is still in your computer. I didn't have the smarts to get rid of it but a computer friend of mine did and it took him a couple of hours due to the fact it had all of these attachments and each one of them has to be removed manually. I hope none of the rest of the mudcatters get invaded but if you do get help unless you are a computer expert and know your way around. ( posted this to let everyone know it is vicious) |
|
Subject: RE: BS: Nasty Virus From: katlaughing Date: 25 Jan 08 - 12:05 AM Thanks, Louie. Good to know. Glad you got it taken care of. |
|
Subject: RE: BS: Nasty Virus From: michaelr Date: 25 Jan 08 - 12:10 AM How do we recognize it? |
|
Subject: RE: BS: Nasty Virus From: Louie Roy Date: 25 Jan 08 - 12:37 AM It comes up on your screen and tells you what it is and Norton tell you it needs immediate attention. Believe me if you receive you'll know and this happens after a full scan |
|
Subject: RE: BS: Nasty Virus From: Stilly River Sage Date: 25 Jan 08 - 01:11 AM If you do a Google Search on "Hackers.KeyGen" you get gobbledly gook, lots of it in non-English, a lot of it random words on the page. I didn't follow any of the links, for various (obvious, I hope!) reasons. The discussion Louie Ray started here is about 5 on the list. Symantec doesn't know what it is. "No results from your search." Search on "keygen" and you'll find it is a program that generates key codes to access programs. You know those long strings of letters and numbers, often grouped in fours, that you enter to access a program? That seems to be what the programs are for. To break into legitimate programs with illegitmate keys. And hackers are the folks who do it. http://www.keygen.ms/ is a site that lists all sorts of programs it generates keys for. Another site says
Crack Serial Keygen is a search engine that gets searches all of the major crack, serial and keygen sites so you don't have to visit them all manually! Try avoiding searching for: crack, serial, keygen, warez, full, iso, download, 2007, key, release, ddl, usenext, cracked, .rar, .zip Not sure what you had on your computer, or what you downloaded to get it. And I'm not sure what your friend thought he was doing. Maybe this is a virus that works by stealing key codes from compromised computers. A search on " 'hackers.keygen' and virus" brings the mudcat thread to the top and little else. While searching I stumbled upon some interesting forums. this guy has something that is apparently nothing that he was trying to remove. They're sending huge registry files back and forth to examine for problems. I see a list of all of the programs he has installed--it's like peeking into his underwear drawer or medicine cabinet. Otherwise private stuff. :) SRS |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: JohnInKansas Date: 25 Jan 08 - 06:08 AM See: Wiki on keygen Stilly - The list of files you see in the registry keys exchanged at your link are not "all the programs he has installed." They are the log of all the programs that his system has opened since the last boot. The list tells you what's running, but there may be lots of other programs onboard. A keygen is a program for "generating" a "key" to unlock programs. The only common uses for such a program are to (illegally usually) use programs that require "validation" by a manufacturer – by entering a registration number or "key" – before the program runs. The keygen is NOT A VIRUS. It's a program that you install. A keygen could be part of a payload carried by a virus, and anyone who didn't install one on purpose probably would want it removed, along with the virus that may have installed it. Malicious sources/sites may also include a virus with, or as part of, a phony keygen, with the usual result that the keygen fails to unlock the program for which it is advertised, but installs the virus or other malware when run. Since keygen users usually are involved in questionable, if not illegal, activity, this is a fairly "safe" method of distributing viral or malware components for those inclined to do so, and it's not uncommon. If a viral component is present, it can of course be passed to other computers, and may take the keygen program, or fragments of one, with it. The two registry logging keys posted both show evidence of deliberate "file sharing," (from share setups common only for allowing others to access folders and upload/download from them) and people who trade (DRM containing) files are likely to intentionally have keygen programs for "unlocking" DVDs and/or CDs. Evidence is that such persons are also much more likely to use "counterfeit" programs of other kinds. In essence, your "Googling" for anti-malware help, instead of consulting known and recognized AV and anti malware resources, have shown you a tiny bit of the criminal side of the internet. It's not surprising that you found a lot of "gobbledygook" as practitioners of the "cracking" avocation are prone to the use of "jargon" that's largely incomprehensible to "real people." A high incidence of foreign language sites is also an expected result, since much of this stuff originates in countries that have no laws against piracy, or who almost never enforce laws they have. Long strings of dissociated words are used to increase search engine hits, since there is some risk to openly advertising the sites most intimately involved in this kind of activity. Some of the "random words" are recognized "jargon" associated with the practices of the sites. Norton and other AV programs may report a virus name and also the name of an infected file. Rarely a file may be quarantined because it contains a "looks like a virus" content, but no specific virus can be identified, in which case you could get only the filename. A quarantined file is "off the machine" for all practical purposes' but by keeping it in quarantine you have a "diagnostic aid" for identifying what needs to be replaced/restored if a program you want to use is affected. A virus that can be deleted usually is just deleted. A file that contains a virus, but where the viral content can be removed without damage to the normal functions of the file, will be "cleaned" and will not (by most AVs) be quarantined. Since an infected file (that can't be cleaned) may be a program that you intended to have on your computer, searching for that filename will seldom return anything at AV sites. If a virus is known to be associated with, and to infect particular files, when you search for the virus name instructions for removal are likely to tell you what files are likely to be infected and should be removed. Since keygens, with a variety of names, are "real programs" you will not be likely to find them at AV sites by their file names. John |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: SINSULL Date: 25 Jan 08 - 08:20 AM Louie Roy, what have you been up to????? |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: JohnInKansas Date: 25 Jan 08 - 09:32 AM I love my friends, And they love me We're just as close, As we can be And just because, We Really Care What – ever we get - - - - We Share I got it from Agnes, She got it from Jim We all agree. It must have been Lou-ise, Who gave it to him Now she got it from Harry Who got it from Marie And every body knows that - Marie - - - Got it from me. Giles got it from Daphne, She got it from Joan Who picked it up in County Cork, A' kissin' the Blarney Stone Pierre gave it to Sheila, Who must have brought it here He may have got it from Fançois and Jacques, A HA - - - - Lucky Pierre Max got it from Edith, Who gets it every spring She got it from her Daddy, Who gives her just about every thing She then gave it to Daniel, Who's spaniel has it now Our dentist even got it, And we're still - - - - Wondering how I got it from Agnes, Or maybe it was Sue Or Millie or Billie or Gillie or Willie It doesn't matter who It might have been at the pub, Or at the club, Or in the loo, And if you will be my friend then I might - - - Mind you I said "Might" - - - Give it to you Tom Lehrer John |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: Stilly River Sage Date: 25 Jan 08 - 10:08 AM John, you just restated what I understood from my search--that this is not a "legitimate" use of free software or shareware programs, it is a form of hacking. A Google search takes you into a code-filled domain where you don't want to linger. I think you're right, though. The programs opened are showing up on that one discussion where the guy is trying to remove a value or program he thinks is a problem. Louie Ray, I don't suppose you can do a screen shot of the message you're getting and post it somewhere (photobucket, flickr, etc.) so we can see what you're seeing? Or transcribe the message and post it? SRS |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: Louie Roy Date: 25 Jan 08 - 04:44 PM Stilly River Sage when I woke my PC up Wednesday morning this was staring me in the face. Hih Alert Attention needed immediately Hacktool.Keygen 151552 Hugh Risk Manual Removal only This affects Peformance Privacy Removal Stealth Affected areas Files Browse Cable Ihave an automatic full scan scheduled at 3 AM every Monday and it showed these two identcal what ever you want to call them entered my PC at 11:14 PM and 11:27 PM Sunday evening and I still call them a virus.i haven't downloaded anything for at least 2 years and they didn't show that they came in on an email, but I'm not saying they didn't.Anyway I got rid of them and I hope I never see anything like them again they are spooky and as I said before I hope no one else in mudcat has this trouble because they are a bitch to get rid of |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: JohnInKansas Date: 25 Jan 08 - 06:13 PM One of the difficulties that the keygen programs have is that some verification programs refuse to accept a "key" that's been returned by another user. Variants of the program apparently are distributed as "bots" to search randomly on other people's machines to compile lists of keys in use. Lists compiled by these "bot runners" are exchanged on a number of websites. If someone is getting into your machine to place one of these there - for any purpose - it probably means that you have a "hole" in your firewall that allows outside access to your computer. Most Antivirus program sellers have web sites where you can have your machine scanned by the site to detect malware. Some of them have "security checks" that can look to see if your firewall is allowing open ports and whether your computer is visible to anyone scanning from the outside. If you don't have a place you prefer, you can run Symantec Security Check - free - and get a report on any open holes that someone may be using to get to your machine. (The link is to the instructions for running the check. A link there takes you to the site to actually run the check.) You'll likely get some "advertising pitches" but they haven't been aggressive when I've used this site. Once you know how vulnerable you are, you can choose your own protections a little more knowledgeably. John |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: Louie Roy Date: 25 Jan 08 - 08:43 PM Thanks John for your info and I'll certainly check it out.After ten years this was a first for me. Thanks again Louie Roy |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: Stilly River Sage Date: 25 Jan 08 - 08:59 PM Downloading something intentionally (a program you purchase, for example) is one thing, but if you use a computer online you download lots of things in the background all of the time. This occurrence of yours is a puzzle. I concur with John--get a scan from someplace like Symantec, then please let us know what you learn. SRS |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: Louie Roy Date: 25 Jan 08 - 09:08 PM SRSI'lltake your and John's advice and let you know.It will probably take a day or two Thanks again to both of you Louie roy |
|
Subject: RE: BS: Nasty Virus - Hackers.KeyGen From: Amos Date: 25 Jan 08 - 10:37 PM IF all else fails, Louie, try buying a Mac. A |
