Jump to content

Possible (nasty) malware infection on Windows ME

pcalvert

By pcalvert
in Windows 9x/ME

 Share

Recommended Posts

pcalvert

pcalvert

Posted
Posted

A friend told me that his sister's computer got really messed up after she opened an email containing a bunch of cute pictures. His sister's computer has Windows ME on it, and she is using Pegasus Mail and Firefox. Based on emails I have exchanged with her in the past, I doubt that her OS or software were updated regularly. I even contacted her about six months ago to warn her about a vulnerability that was found in Pegasus Mail, but she didn't seem too concerned and indicated that she wasn't sure whether she would bother to upgrade to the latest version. :rolleyes:

Anyway, my friend claims that the malware renamed the System32 folder to System3r and then created a new System32 folder and was populating it with various legitimate-looking drivers. Of course, my friend is guessing about what happened. But if he's right, then the files in the new System32 folder have most likely been "trojanized" in some way.

Here's what I am wondering: Are there any legitimate processes or mechanisms within Windows ME that could be responsible for the System32 folder being renamed to "System3r"? Although my friend's speculation about what happened may be correct, I'd prefer not to jump to any conclusions.

Phil

Link to comment
Share on other sites

Petr

Petr

Posted
Posted

Quick Google search shows nothing, so there is very low probability that it is something known.

I have one idea - the binary reprsentation of these characters are very similar:

2 = 32 in hex = 0011 0010 in binary.

r = 72 in hex = 0111 0010 in binary

So just one bit difference.

I'd guess on some hardware problem, either with disk (or cable) or with memory.

Petr

Link to comment
Share on other sites
LLXX

LLXX

Posted
Posted (edited)
Quick Google search shows nothing, so there is very low probability that it is something known.

I have one idea - the binary reprsentation of these characters are very similar:

2 = 32 in hex = 0011 0010 in binary.

r = 72 in hex = 0111 0010 in binary

So just one bit difference.

I'd guess on some hardware problem, either with disk (or cable) or with memory.

Petr

You're not the only one to notice that ;)

Definitely a bit flipped on the disk, right in the middle of the directory entry filename... I'd say do a backup and perform read/write testing on the drive.

What an interesting coincidence indeed.

Edited by LLXX
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...