"Illegal Microsoft License detected"? What the hell?

ThePerfectCore · Dec 31, 2002

I just plugged in the new battery I got for my laptop. About 20 seconds later the machine locked, and after rebooting immediately shut itself off again. I turned it back on, and I get a screen full of crap yelling something about an "Illegal Windows license detected" and that my license has been revoked.

Um, what the hell? It's freakin' Windows 95, which MS will no longer even offer support for in about 6 hours, and on top of that, it's the only ****ing machine in the house that still uses Windows 95!

Grr! What the hell is going on!? If this thing ate my hard disk, I'm gonna be ****ED!

Yakbak · Dec 31, 2002

I never seen that screen in Win95 before...you sure it isn't some hoax or anything?

Is there a way to bypass it?

ThePerfectCore · Dec 31, 2002

Well, there's a web addy on the screen - http://www.bsa.org/.

No way to bypass it, haven't found my bootdisk yet.

So many questions, dammit!

-One, how the hell did this thing even come to the conclusion that I HAVE an illegal license? The damn thing hasn't been online for a while!
-Two, IT'S THE ONLY ****ING WINDOWS 95 MACHINE IN THE DAMN HOUSE.
-Three, why is it telling me this NOW, 5 1/2 hours before 95's official EOL date?!

Kendan · Dec 31, 2002

OMG!! Did you even go to the link here is a page on what you have: http://vil.nai.com/vil/content/v_99924.htm

and another: http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.k.worm.html

ThePerfectCore · Dec 31, 2002

@$%&@$%^!#$@%!#^$%%^#!
1345!#45
315
1#$!%$!%4
!#$%!#45
1
41#$%!#$%!#^!#$%12
543
1345!#45
13
*Expldoes*

Kendan · Dec 31, 2002

ThePerfectCore said:
@$%&@$%^!#$@%!#^$%%^#!
1345!#45
315
1#$!%$!%4
!#$%!#45
1
41#$%!#$%!#^!#$%12
543
1345!#45
13
*Expldoes*

I know you can't be too happy right now. but at least you know what it is. there are also removal directions but it is rated high for damage

Good luck removing it.

ThePerfectCore · Dec 31, 2002

No, I went nuts because I usually take every precaution to keep viruses from getting in.

But I was defeated, this time.

Update - the hard drive is completely toasted. FDISK says there's two partitions on it, both taking up 100% of the drive. One 44GB partition and one 4GB partition. There's one partition, NOVELL type, that doesn't take up any space.

It's a 1.33GB HDD, so you just *know* there's no getting that data back.

Fortunately the only thing of value on it was a few webpages that I can get back, and 3 completed SETI WUs.

Great. I just know it's hiding on this machine as well, but at least it doesn't affect 2kPro. If it's hiding in the 98SE installation at least I'll be able to zap it.

*Sigh*

deathstar13 · Dec 31, 2002

damg man ,im running pc-cillen now after reading this.
usually i dont care about viruses.but loosing 2X7200 hdd's id die!

HaTE · Dec 31, 2002

damn, i hope they dont make a version for XP

ThePerfectCore · Jan 1, 2003

When I said "toasted", I meant the data on the drive was completely gone. Erased. Blown to bits. Ruined. Kaput.

You could say, I was owned like an unpatched IIS box.

I had to use debug to wipe the partition table and start over. No hardware was damaged in this "attack", thank God.

Doc_Skurlock · Jan 1, 2003

What os' does it attack? Just 95?
Doc

ThePerfectCore · Jan 1, 2003

95, 98, 98SE, ME.

Pretty much anything using the 9x kernel.

Audioaficionado · Jan 1, 2003

I'm sure some fool is working on an NT kernel version as we speak. I hope AVG.6 is up to the task.

ThePerfectCore · Jan 1, 2003

My question is, what the hell was it supposed to accomplish, outside of eating someone's data?

And it's not like the author would be around to see it, so they could "omg lol!!!! look wut i did!111!! lol i rox!!!".

diggingforgold · Jan 2, 2003

ThePerfectCore said:
@$%&@$%^!#$@%!#^$%%^#!
1345!#45
315
1#$!%$!%4
!#$%!#45
1
41#$%!#$%!#^!#$%12
543
1345!#45
13
*Expldoes*

So THATS what it feels like to get a virus!

Mr. $T$ · Jan 2, 2003

ThePerfectCore said:
My question is, what the hell was it supposed to accomplish, outside of eating someone's data?

And it's not like the author would be around to see it, so they could "omg lol!!!! look wut i did!111!! lol i rox!!!".

Just for the fun of F-ing up some one else's computer.

Kendan · Jan 2, 2003

Mr. $T$ said:
Just for the fun of F-ing up some one else's computer.

And I am sure people are calling microsoft and complaining about the little note that there OS is warez

eh? · Jan 2, 2003

2. The worm then runs C:\Boot.exe to reboot the system, at which time the payload runs. It overwrites the boot section of the hard drive, deletes the CMOS, and destroys all data on the hard drive. It then displays this message:
NOTICE:

Illegal Microsoft Windows license detected!
You are in violation of the Digital Millennium Copyright Act!

Your unauthorized license has been revoked.

For more information, please call us at:

1-888-NOPIRACY

If you are outside the USA, please look up the correct contact information
on our website, at:

www.bsa.org

Business Software Alliance
Promoting a safe & legal online world.

Man thats a mean little virus...Sorry to hear about the trouble.

*edit*My god i read on...

If not all conditions for the payload were met, the worm performs the following actions:

If the original file name of the worm is not %windir%\Mqbkup.exe, it copies itself as %windir%\Mqbkup.exe and then deletes itself from the original location. It then updates the registry and quits. This ensures that the worm runs at the next system startup as %windir%\Mqbkup.exe.

NOTE: %windir% is a variable. The worm locates the Windows main installation folder (by default, this is C:\Windows or C:\Winnt) and uses it as a destination folder.

The worm creates the "mqbkup61616" mutex. This mutex allows only one instance of the W32.Opaserv.K.Worm to execute in memory.
The worm creates the value

mqbkup %windir%\mqbkup.exe

or

mqbkupdbs %windir%\mqbkup.exe

in the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the worm starts when you restart Windows.
If the operating system is Windows 95/98/Me, the worm registers itself as a service process to continue to run after you log off.
Then the worm takes an inventory of the network, looking for "C:\" shares. For each share it finds, it attempts to perform these actions:
It copies itself to C:\Windows\Mqbkup.exe.
It adds the following line to the Win.ini file on the infected network computer:

run=c:\windows\mqbkup.exe

To replicate across the network, the worm uses a security vulnerability in Microsoft Windows 95/98/Me. It sends single-character passwords to network shares to obtain access to Windows 95/98/Me file shares without knowing the entire passwords assigned to the shares. The affected operating systems include:
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me

man!

Doc_Skurlock · Jan 2, 2003

OMG, that's horrible. I think virus writers should be dragged into the street and shot. Seriously, all virus' do are screw people's computers up. Although, anti-virus people would go out of business. So what?
Doc

ThePerfectCore · Jan 2, 2003

Norton has his Utilities suite to fall back on.

McAffee, dunno about them...

"Illegal Microsoft License detected"? What the hell?

Red Raccoon Dojo

Member

Red Raccoon Dojo

Senior Punk

Red Raccoon Dojo

Senior Punk

Red Raccoon Dojo

FSB FRIEK

Member

Red Raccoon Dojo

Member

Red Raccoon Dojo

Sparkomatic Moderator

Red Raccoon Dojo

Member

Member

Senior Punk

Member

Member

Red Raccoon Dojo

Similar threads