It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


IMPORTANT! Regarding the recent 4chan zip file thread

page: 1
<<   2 >>

log in


posted on Aug, 18 2010 @ 02:18 AM
Mods please do not delete this, it really is important in case anyone else is trying to decode the file.

Recently there was a thread entitled "Wanna help solve a mystery ATS?", in it the OP asked the community to try and access a password protected zip file form 4chan, well I cracked it.

All it contained was a file named blogspot.txt, the contents merely "ö4æú¦³ m ùó¸‘EÐÆ"

I am now writing this via a live CD as all the partitions on ALL 3 of my hard drives have been wiped, luckily, I can recover them, others won't be as lucky.

I have never known a virus attach itself to a text file, but I cannot think of any other reason, as soon as I opened the file it seemed like my caps lock was stuck on, and my up arrow key was constantly pressed, when I restarted all hard drives were wiped.

Recovering 3TB of info is never fun.

posted on Aug, 18 2010 @ 02:21 AM
Beware of Romulans bearing gifts...

posted on Aug, 18 2010 @ 02:31 AM
Yup, I read that thread until I saw that, and decided "you know, some curiosities will leave you wishing you hadn't in a big way."

Glad now I didn't.

posted on Aug, 18 2010 @ 02:35 AM
reply to post by woogleuk

Thanks for the heads up.... kinda strange the Virus is attached to a txt file and not the zip file instead..... if that is possible?

posted on Aug, 18 2010 @ 02:37 AM
When I go about doing these sorts of things I always use a test pc that can be recovered very fast.

The name 4chan should be a dead giveaway that something is fishy..

[edit on 18-8-2010 by warlok]

posted on Aug, 18 2010 @ 02:37 AM
To quote 4chan

The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.

When someone there tells you to download something, don't do it!
Also you can delete your system32 folder to make your computer go faster.

posted on Aug, 18 2010 @ 02:38 AM
My virus scan caught a web based downloader virus last night but nothing from the zip file. I did d/l it and scan it, but did not open it.

I'm no IT guy, is it possible the malicious code might have come from the web page the zip was on and not from the zip?

posted on Aug, 18 2010 @ 02:41 AM
Anything 4chan does is malicious isn't it?

I never trust anything from that section of the Internet.

And this only furthers my beliefs.

I am sorry for what you went through.

posted on Aug, 18 2010 @ 02:45 AM
This is exactly how I expected that thread to turn out... Thanks for keeping us informed

posted on Aug, 18 2010 @ 02:51 AM
reply to post by Hefficide

The computer started playing up when I opened the text file in Microsoft Word, as I said, it locked the caps lock on, and seemed like the up arrow key was permanently pressed, or the home key, when I was trying to scroll down on web pages it kept going back to the top.

It happened the instant I opened the text file, it could just be coincidence, but I would rather you all knew the text file was nothing but garbage before anyone else attempted and maybe suffered a similar fate.

EDIT: I would like to point out that I used brute force, with advanced zip password recovery to break into it. I use kaspersky antivirus and spybot search and destroy to protect my computer, and comodo firewall.

I have Windows back up and running again, and I am about to re-install SuSe Linux.

I will no longer be attempting to crack files from 4chan.

[edit on 18/8/10 by woogleuk]

posted on Aug, 18 2010 @ 02:56 AM
reply to post by woogleuk

To be safe I am running a full system scan as well as the malicious software removal tool.

I just added what my system did in case the two events could be related or part of the same problem.

Thanks for posting this at any rate! Hopefully this will save others from the hassle you're going through. Sorry you got hit by whatever this is!

*edited because my typing bites*

[edit on 8/18/10 by Hefficide]

posted on Aug, 18 2010 @ 02:57 AM
reply to post by woogleuk


So........what was the password??

Sorry to hear about your computer crashing and I hope you'll have everything back to normal soon. Thanks for the heads up..

Big S+F for that!!


posted on Aug, 18 2010 @ 02:58 AM
I have never heard of a infected .txt file. However there are macro viruses in at least older .doc formats, possibly .docx

Microsoft word might be so dumb that it does not notify you that the file extension and contents do not match, and proceeds to open the file even though it is a doc file named as a txt

The first thing you should know is make sure is it a text file or something else. Try opening it with notepad or a hex editor. If the contents is the same as you saw in word, then it is possibly not infected. If the contents is similar jargon that you saw in word, then it is not a txt file.

Could you provide the original zip and password you cracked so i could take a look at it? I have moderate experience in cracking so i could investigate this a bit further if you are not willing to risk your data for a second time

posted on Aug, 18 2010 @ 03:04 AM
I ran a scan on it and it came clean. Dear god, I hope it doesn't wipe out my machine. Did the virus come when you installed it, or when you opened it in office?


posted on Aug, 18 2010 @ 03:10 AM
reply to post by above

The password was weird, i remember it had ~ and ^ in it, alas I cannot provide it as it was on the primary drive which I have re-installed onto, it took 13 hours to crack it. I do however have extracted text file on a usb stick, but I don't think it is wise to post it, lol. I can't remember the link, but if you can track down the poster of the original thread you might get it, use advanced zip file recovery to do it, with brute force, all options ticked and make sure you increase the length of the password it is looking for.

EDIT: I remember the file was called

[edit on 18/8/10 by woogleuk]

posted on Aug, 18 2010 @ 03:13 AM
reply to post by airspoon

It happened when I opened it in office, thats when the caps lock, up arrow stuck etc etc happened, it was when I restarted that I noticed that the partitions had been deleted.

posted on Aug, 18 2010 @ 04:37 AM
Are you 100% sure that you got a virus from the txt file?

Those characters you said were in it are not much different from the characters that appear after you enter a wrong password.

Also I just pulled this up:

A text file can contain a virus' code but CANNOT be executed and is harmless in a genuine .txt format.

HOWEVER! some viruses use double file extensions to trick users into opening a 'dangerous' filetype: eg .exe, .com (executable files) for example: info.txt.exe

Unfortunately, in MS Windows file extensions are hidden by default so the above file will be listed as: info.txt I prefer to see the full file extensions which can be shown by doing the following:

1) Open Windows Explorer
2) Goto Tools Menu�Folder Options...
3) Click View tab.
4) Uncheck 'Hide file extensions for known file types'

Other options can be configured here including showing system and hidden files for administrative purposes. Carrying out the above steps to 'unhide' file extensions could avoid accidentally opening damaging viruses

As far as I'm aware, the file was nothing more than a txt file and opening it in notepad would not do anything harmful to your system.

Is it possible for you to U2U me the password so I can see for myself?

posted on Aug, 18 2010 @ 04:42 AM
reply to post by havenvideo

It happened as soon as I opened the file, as I have said, it could just be coincidence, but better to let people know just in case.

Again, it took 13 hours to crack the file, and the password was stored on my primary hard drive, which has been formatted and Windows // Linux re-installed.

posted on Aug, 18 2010 @ 04:53 AM
Not trying to say you're a troll or anything, but how were you able to save the contents of the file to post here but not the password?

posted on Aug, 18 2010 @ 05:04 AM
Alright I just found the password - cbgAtgk - and it worked.

It contained the same text you posted but it did nothing to my computer. I opened it in office and it still did nothing. It must be a coincidence.

top topics

<<   2 >>

log in