What? What possible motivation would I have to create a "boogyman" story? Have I ever misled people here? Ever?
Seriously, why would you think that? Because I'm more than a little upset that you'd insinuate I'm lying about this.
I do not know. I was not the person that performed the service. I apologize if I do not have all of the details. (However, the person that did the service is also a member here on PL. If he chooses to share further details of this event, that is his prerogative, though his client would probably appreciate at least some anonymity.)What was the exact name of the threat/trojan etc, etc.
And what, exactly, would the NAME of the malware do for you anyway? There are thousands, tens of thousands of viruses in the wild. And apart from a few high-profile ones (conficker, nimda, sasser, code red) the names are irrelevant. I seriously doubt that the client wrote down the name of the malware either, but I can ask...
I don't know what virus checker they used on the new machine, but I know it was a newly-purchased machine (as in less than a month old). I know that the Mamba software identified itself as version 1.6-something. I don't remember if it was 1.61, or 1.63, or 1.6 something else. (Who cares, really? Is there that much difference between 100ths-place version numbers?)Don't get me wrong i hate piracy, but this claim just needs more details filled in.
Also, there may be some confusion due to terminology. I identified the malware as a trojan horse, because it was contained within a valid software product. I do recognize that there are specific definitions for a virus, a worm, and a trojan. In my haste to post (and my desire to avoid being pedantic), I did not consider that it might be more appropriate to call it a virus or a worm. But again, I didn't not work on the infected machine myself, so I can not say exactly what it was trying to do - beyond the fact that it *did* try to infect all the executable files on the drive.
And typically, once it activates it downloads a payload (or simply executes the payload if it was already contained within the trojan) which first tries to infect other executables on the host computer's hard disk - and this will slow the machine to a crawl. I don't need a lecture in how viruses, trojans, or worms operate...
I do not know if the machine "phoned home" to download a payload, or if the malware was fully contained within the software on the CD. The infected computer *was* connected to the Internet for at least a short period of time, because the client tried to update his Mamba Black to the latest version. (This, of course, didn't work, because the cracked versions don't have the Rockey-4 dongle, so they didn't have a serial number they could register to get an update.) So it's possible that it tried to download a payload. However, this is not the case with new machine.
The new machine was not connected to the Internet when they attempted to install the software. The virus checker popped up an alert window as soon as autoplay started. I don't know how far the infection got on the new machine. They immediately reset the machine, removed the CD, and booted to safe mode. Then they ran the virus checker and it was able to clean the machine. There were several files that had to be cleaned.
That's all the details I can remember from the phone conversation. If that's not enough for you, then by all means - jump on e-bay and buy one of these pirated copies of Mamba Black for yourself. Then you can perform your own diagnostics to satisfy your curiosity as to the specific malware that is included on the disc.
But for the rest of the group, the existence of this trojan embedded in the cracked Chinese version of Mamba Black has been documented in serveral places, including numerous discussions on the ILDA mailing list. More to the point, I'm not an employee of Medialas, nor would I have any other motivation to make up "ghost stories" about this. (I'm a Pangolin user, remember?)
Finally, consider the fact that Bill Benner posted a warning about this being a cracked version above... Bill doesn't work for Medialas either. So why would he have any motivation to lie about it? Unless maybe he was sharing information in an effort to help people avoid getting screwed...
And if you *still* believe that I'm telling ghost stories, go check out the ILDA list server and read the notices from Medialas (and others) about the malware contained on this disc.
Adam