Dosboy's Bits and Bytes

The other day I was downloading some stuff off the interweb as I normally do.  Now, I'm usually pretty smart about what I download, the sources I get stuff from, and whether or not I run/open things that might seem a little sketchy.  In other words, I don't use protection.  As you can see here, I have antivirus installed, but the on-access protection is disabled cuz it chews up valuable CPU resources.  At any rate, I had downloaded a big (700mb - can you guess what it was?) series of RAR files.  I opened one of the them and inside it had another RAR file (which was password protected), a README, and an executable called something like RarPasswordGenerator.exe.  The README told me to run the password generator to generate a password for the internal RAR file. 

Immediately red flags went up.  Why would someone package a file within a file, NOT provide the password for the internal file, but include a password generator for it?  So, I carefully extracted the password generator file, right-clicked it and scanned it.  Came back clean.  I actually did this a second time, since I didn't think it possible that this file could be clean, but it appeared to be.  So, I decided to run it.  Immediately Vista's UAC popped it's head up and said something along the lines of "Setup_15382.exe has just been launched.  Are you sure you want to run this file?".  More suspicion, since that's not the name of the file that I actually clicked, so I told Vista to Cancel.  I scanned the file a 3rd time and again it came back clean.  Since I really wanted what was in the internal RAR file (and since I was a little more than tempted in having a RAR password cracker), I decided to go for it.  Ran it again, and this time I told Vista to Allow.  Ho-lee shitballs, was that a mistake.  Immediately my HDD started grinding, explorer crashed and restarted, shortcuts to porn sites started appearing on my desktop, and my machine generally went into chaos.  I'm not going to get into the details of everything that happened (mostly cuz I was freaking out and don't remember the specifics), but suffice it to say that I hit Shutdown as quickly as possible.  What I really should have done was flip the switch on my wireless right away, but I didn't think of that until about a minute later when my machine was in the shutdown phase.  I rebooted to Safe Mode (without Networking) and proceeded to run a full virus scan.  This went on for about 8 hours.  Then I rebooted to normal mode (with my networking physically shut off) and immediately Windows Defender started freaking out.  I let it do it's thing, cleaned up my Run registry keys (which had had about 20 weird looking exe's inserted into them), and killed said processes manually.  I then ran another full scan (Thorough, Include Archive Files) while at the same time running a full Windows Defender scan.  This took about 10 hours.  I then made sure that my antivirus was set for everything enabled at startup and rebooted.  I then ran another scan (Normal, No Archive Files).  After this I carefully enabled my networking (I'm not sure how you "carefully" slide a switch, but if it's possible I did it).  Downloaded Malwarebytes' Anti-Malware and proceeded to run a full scan with that.  All in all the scans and effort took the better part of a day and all told there were over 30 pieces of shit that had been installed on my machine, from worms to trojans to god knows what else.  But, here I am 2 days later with my antivirus on-access protection enabled and so far everything seems good.  Though I did borrow an external HDD from one of the guys here in case I want to back my shit up and just blow my machine away.  Which might be a good idea, but which will also take a long time and is not something I really want to do.  Though given the current weather conditions it may not be such a bad idea.

Moral of this story... always use protection.  Especially in Thailand.