The Danger of some Chinese Websites

Discussion in 'Chit Chat' started by pisthai, Jun 4, 2016.

  1. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,731
    1,955
    210
    The Danger of some Chinese Websites: Baidu and Tencent!


    I got the first real infection on Windows 10 today in the morning while searching for some special drivers on Taiwanese and China Websites.


    Firstly, a very short living screen was popping up and say that I could work while installing! Just a matter of 2-3 sec and that screen were gone. immediately opened the Taskmanager and looked for suspicious apps and saw that Tencent. Tried to end process: IMPOSSIBLE!! 5 instances were running beside of an other of Baidu!


    Ok, stopping impossible, and so to delete in ProgramFiles x86 newly shown Tencent and Baidu Folders! So, I restarted the Machine, now not booting from internal HDD, was booting from USB HDD with Windows 10. Iuse to have one USB3 HDD with Windows 10 Enterprise, special created with apps for problems as this new one.


    First thing I did were to set the internal System HDD to Online stage (normally in Win2Go the internal HDD's are offline) and delete all folders I found on the System HDD, and those were located at:

    • ProgramFiles x86
    • Program Data
    • Users, several instances


    That deletion could only be done as Administrator!


    Further, I opened Registra Registry Manager Pro 7.75 and searched for all entries of either Tencent and Baidu and eleted all of them. That were a total of more then 500 entries!! After that, I restarted the computer from internal System HDD, and opened Regedit as Admin and seraches again for Tencent and Baidu, Reason are very easy, if use a external Registration Editor and change and/pr delete something, there will be a new Reg-Folder in Local Machine called Undo, which contains all infose delete withg the 3.party apps. Again, all those I deleted one by one because It couldn't be done at once like in Registra Registry Manager, just to avoid that those entries could come back!!


    OK, my machine is backl in normal stage and works with no problems. I just posted this as reminder of the danger of some chinese websites. Last time I had such problems, is a few years ago on Windows 8.1, also with Baidu. And this Tencent is owned by Baidu!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,389
    15,083
    340
    Can you please tell us what drivers are you looking for?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,731
    1,955
    210
    Sure!

    A driver for the HDD Case Staray S2 Series from Stardom, Raidon in Taiwan. It's a older 2.5" HDD Enclosurer with Fingerprint and IDE Interface. My customer had lose that Driver and RFaidon didn't provide that driver, told: Not more available!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ecraiger

    ecraiger MDL Novice

    Sep 15, 2014
    3
    0
    0
    Have you tried Snappy Driver?
    sdi-tool[dot]org
     
  5. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,731
    1,955
    210
    Here some pictures:

    [​IMG]

    [​IMG]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,731
    1,955
    210
    Yes and NO, not available!

    Problem is, if the driver for the Fingerprint apps couldn't be installed, you couldn't get access to the HDD's content, just to a small partition of 20MB!! And there some important data on the HDD of my customer.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,731
    1,955
    210
    Just to clarify: I posted just about the bad outcome from those Chinese Websites, to warn other, who may interested to know that and/or have such experiences as well!

    That problem with the driver, I explained only because Tito was asking for it!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. GOD666

    GOD666 MDL Expert

    Aug 1, 2015
    1,789
    1,746
    60
  9. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,587
    384
    90
    i have a simply solution...stay away from trojan sites.
     
  10. GOD666

    GOD666 MDL Expert

    Aug 1, 2015
    1,789
    1,746
    60
    Simple to say, but impossible to achieve while online. Your argument would require everyone to unplug their computer. Even Facebook was hacked once. There is no telling at any given moment on which site is safe or not. Because everything online is a risk.

    The sooner more people learn that; the sooner more people will take their security seriously.
     
  11. GezoeSloog

    GezoeSloog MDL Addicted

    Feb 10, 2012
    660
    2,426
    30
    Cool story, bro :dicht:
     
  12. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    5,314
    1,433
    180
    what browser? any ad block soft?
     
  13. RGadelha

    RGadelha MDL Expert

    Feb 14, 2010
    1,098
    437
    60
    Hey Pisthai,
    Thank you for sharing with us, my friend :D
     
  14. MrMagic

    MrMagic MDL Guru

    Feb 13, 2012
    5,706
    3,711
    180
    Don't turn UAC off then, and programs won't be able to install themselves without your permission

    PEBKAC error
     
  15. RGadelha

    RGadelha MDL Expert

    Feb 14, 2010
    1,098
    437
    60
    Most common error ever :D

    [​IMG]
     
  16. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,587
    384
    90
    dude all does Chinese sites are booby trap...did he find the driver no.....all found their was a virus.
     
  17. xman charl

    xman charl MDL Novice

    Nov 21, 2014
    35
    1
    0
    had some of that stuff go after bios on mother board



    got a junk os, win 7 ultimate on old hard drive

    its for goofy stuff, kind that should not be run

    so, would think its isolated from my main raid and system stuff

    no, no this one thingy started installing a bunch of junk, then
    a cmd prompt opened, slic injector started up.

    apparently was going for bios on mother board

    have several bios chips for mother board, so it
    could easy be replaced on the board, as chip socket is up front,
    no need to remove mother board

    when that cmd prompt opened up on screen, pressed power off
    button

    bios seems to be okay, as several utility's were run, compared to a previously
    save bios file, shows no changes

    my 2 cents

    Charl

     
  18. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,312
    3,794
    210
    I have malwarebytes, Malwarebytes Anti-Exploit , Malwarebytes Anti-Ransomware, This scared me I turned UAC back on, should I :confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. WindowsGeek

    WindowsGeek MDL Senior Member

    Jun 30, 2015
    405
    76
    10
    u search in worst place, what made u think the driver was in their:rolleyes: im sure that driver is in the net some were in some huge driver archive u just have to look in the right place. good luck
     
  20. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,683
    13,110
    180
    :facepalm:
    Member since 2014 and ignores clean and original M$haft isos found in here?
    http://forums.mydigitallife.net/attachment.php?attachmentid=40053&d=1461860011