Category: Geeks r Us
Hi,
I know what your thinking, not another topic! But this is good news for all people out there. Tyler gave me the srk, and I tested it, and got the exact same results as Tyler. Same behavior, going and checking, etc. So, I just quickly made an autoit script that prevents and does not allow that virus to run. It does not prevent or get rid of the virus completely, it just won't let it run, it has only been tested once, but it worked. Please go to my site http://blindviruses.freewebhosting360.com/ to get it. There is a WAV file in the package that the script plays explaining your directions since some people said there sapi crashed! Thank You!
Hi,
there is also another version out there that tyler did and I uploaded it to www.acegamesonline.net/rsgames/uploads/files/srktyler.exe. They both fix it.
Why not include how they fix it so people can design their own solutions if they wish and not rely on strange scripts from the Internet? :)
if this problem affects screen readers, why not talk to the major AT programmers? just a thought. the recent problems with elequence and certain character combos was taken on board by freedom scientific etc, so why not tell them about this one. it would be helpful I think. for this fix is a very useful one, or so it would seem to me, but my only problem with fixes like this is that they rely on the user having some kind of computer literacy which goes beyond just using them for word processing etc, and some computer users do not have this level of knowledge. well done for fixing this issue, thanks.
The sr companies as well as av have failed to respond. I made one of those strange scripts, I do own a game company and a security website, and have made games, so it isn't trust you worry about I hope. It is better to use the script, a because they were specifically designed for this virus, and since me and tyler have spent time studying this program, we know how it works.
And the first instance we heard of this we reported, no response. They probably have no clue of security, and just ignored us.
And sorry about this next post, I am used to editing my posts, I think that would be a good idea, but include the time of edit so they are no flames. Anyway, I can understand if you don't want scripts from a 12 year old, or from a former black-hat. I will post a fix as soon as I am done with my hw.
Well, here we go again, I just got an email from a person at Sophos Anti-Virus, so those wanting a professional removal tool will get it soon after I send it to them.
To those who've studyed the virus, does it spread to external drives, what file types does it bind itself to?
no it doesn't but it somehow doesn't leave when you delete mci32... It comes back some how! lol. Ryan, tell me what the script does, please? Which one do i trust yours or tylers? Is yours in the zip package in the acegamesonline.net/rsgames/uploads/files folder too? info, please?
Hi,
You can use either, I know some people would rather commit suicide then go anywhere near Tyler, they both work, I tested them, its again, personal preference. Mines a little bigger, and in autoit, tylers is smaller and I have no idea what it is in. Mine is at http://www.acegamesonline.net/rsgames/uploads/files/Screen%20Reader%20Killer%20Fixer.zip
Get that run the exe, and see my forum reply tristan, I have the source, etc, uploaded.
We have Sophos Anti-Virus involved, and to anyone wanting that DO NOT DOWNLOAD www.acegamesonline.net/rsgames/uploads/files/Screen Reader Package.zip IT CONTAINS THE VIRUS FOR SOPHOS ANTI-VIRUS TO ANALYZE. DO NOT DOWNLOAD THAT.
I'm asuming that only Sophos will release deffs against the virus, or will they give it to AVG, Symantec, the others?
Acording to another friend of mine, the fix for the virus is the following.
1. go to your c drive by going to the start menu, followed by r for run and then type c, colon, backslash and press enter.
2. go to the file menu and press your alt key, followed by the down arrow key which lands you on the new submenu, or pulldown for window-eyes. Press enter here, and then create a folder with the letter a. that's all, the letter a and press enter. Then, try running any sscreen access software such as narator and if it works you are all set. I have absolutely no idea why this would work but my friend swears up and down that it works. so it may be a simple fix. but it's good that the internet virus companies are involved. if any of you use nod 32 and you have sighted assistance, they do have a feature that allows you to submit files for analysis. so if you do that, they can try to figure out what it is.
Sounds like this is a flag that the virus writer included. Makes you wonder.
You are 100 percent correct Toonhead. I will send the virus to the others. Sophos won't give it to the others, its competition, so they want it to be in there product only.
Well, I still fully intend to submit the suspicious files to the folks at Eset, and even get them to Grisoft for them to flag as suspicious as well. Not everyone uses Sofos. If it's a virus that effects anyone, anyone at all, the more antivirus companies that find a fix for this thing, the better. Yes people can fix the virus by doing what i said above, but if there's a virus on the internet and if people lose the use of their computers because of it, that causes unnecessary strain on the users and nobody needs that.
Well, Sophos emailed me, so I made them my first priority. They actually really want to get rid of this thing.
Well, that's good I'm glad they're willing to help. But the fact that only one antivirus company has a jump on a potentially dangerous virus that could come from just about anywhere on the internet? Where does that leave people who use Norton? AVG? Nod 32? or any other antivirus program for that matter. These people who use these other programs should *not* be left open to potential vonerabilities, unless Sofo's actually allows anyone else who doesn't use their software to scan for the virus and delete it, or at leastmake the information available to other people. Sure, there are a lot of antivirus companies out there, but a lot of them have definitions for exactly the same types of viruses? Why should anyone who doesn't use their program be left open to a possible vonerability? Be a good sport and make these infectted files available to the other antivirus companies for analysis. If you leave others open to a vonerability you are no better than the people who created the virus.
manual fix: If you want a quick one, the creation of the folder "a" or "windowsa" inside the C colon backslash windows folder is all you need. To remove things it gets a bit more complicated since the files have to be targeted. Replace the slashes with backslashes. Remove directories: C colon /windows/config . Remove files: C:/windows/config/svchost.exe, C:/windows/mci32.exe, and look for mci32.dll by pressing f3 inside the windows folder and tabbing to all files, then typing the file name. If the files are locked you can (1) use a program, or for the more interested (2) do it manually: 1. Open a command prompt shell (go to run and type cmd.exe); 2. Make sure that you change the title of this window, type title "windowName" (without the quotes, where window name is the name you wanna put for the window, in this case, make it up). Then, note the time. If it is PM, then use military time. You'll have to type it 1 or 2 minutes ahead of the current time. 3. Type: at (hour:minute, without the parenthesis) /interactive "cmd.exe" . If successful you should get the message "added a new job with id 1". 4. When the other windo opens you'll see that the path has changed and the file svchost.exe is being run under a system console. Close the window that has a different name and type on this one: cd .. and then type: explorer.exe. If you do this for the first time, you'll have to wait for the settings to be created and loaded. From here, delete the files that have been mentioned before just as you would using your own account. If you notice, you can see that process explorer.exe is runnning as the "system" user. If this bit of typing is confusing, it would look like this: at 4:50 /interactive "cmd.exe". You will not need the folders windows backslash windowsa and windows backslash a anymore and your screen reader should run as expected. Hope that helps.
a few more notes, (sorry for an extra post). *you close a command prompt window by giving the command exit . To check if the at (hh:mm) /interactive "cmd.exe" command works, just type the word "at" then press enter. I had set mine to run at 16:54; A confirmation message like this one appears
Status . ID . Day Time . Command Line
-------------------------------------------------------------------------------1 Today 4:54 PM cmd.exe
oh and , don't forget to reboot!
guys I really feel retarded. Ok, the final note on this subject for real: After the new dos window is opened, go to your task manager (control plus shift plus escape) and end the process explorer.exe that is currently running. After you are done, switch oto the new window (just in case you get stuck out of your desktop and start menu, leave the tasks manager running) and then type the cd .. and explorer.exe commands. also, If you happen to screw the time on the at command, go to the start menu/programs/accessories/system tools/scheduled tasks and remove the ones titled "at" and just type the command again with the right time in it. My apologies four writing 4 posts when all of them could have been done into one.
well joke the line below your link's right, u just keep on posting! hahahaha!!!
well that changes hopefully as I make more posts. in the mean time, I wonder if this fix has worked for me only... although I really would like to have feedback on it.
yeah but for now it's kinda funny! not sure as i have vista now and never gotten it. sorry.