Blackcom: Difference between revisions

From Screamer Wiki
Jump to: navigation, search
Visual
No edit summary
mNo edit summary
 
Line 1: Line 1:
{{Lost}}
{{PLS}}{{Infobox  
{{Infobox  
|title = Blackcom
|title = Blackcom
|image = VBScript_icon.png
|image = VBScript_icon.png
Line 9: Line 8:
}}
}}


'''Blackcom''' is a [[screamer]] [[application]] created by FlashUpload. It was written in [[wikipedia:VBScript|VBScript]].
'''Blackcom''' is a 2009 [[screamer]] [[application]] that was created by FlashUpload and written in [[wikipedia:VBScript|VBScript]]. The download for it is currently lost, though there is still some footage confirming its existence.


When launched, it displays a false MSWORD.exe error message that reads: "Microsoft Word cannnot open this document because it contains characters MSWORD.EXE does not understant".
When launched, it displays a false MSWORD.exe error message that reads: "Microsoft Word cannnot open this document because it contains characters MSWORD.EXE does not understant".
Line 20: Line 19:
01011001 01101111 01110101 00100000 01000111 00100000 01110100 00100000 01100101 00100000 00100000 00100000
01011001 01101111 01110101 00100000 01000111 00100000 01110100 00100000 01100101 00100000 00100000 00100000
</pre>
</pre>
This message is then followed by [[wikipedia:Microsoft_text-to-speech_voices#Windows_2000_and_Windows_XP|Microsoft Sam]] saying: "CAUTION! A virus has been detected."
This message is then followed by a [[wikipedia:Microsoft_text-to-speech_voices#Windows_2000_and_Windows_XP|Microsoft Sam]] voice saying: "Caution: A virus has been detected."


Blackcom then displays more fake error messages about svchost.exe and DRVSTORE, then displays a message stating: "An important system file is not found and WINDOWs can no longer run."
Blackcom then displays more fake error messages about nonexistent applications titled "svchost.exe" and "DRVSTORE", then displays a message stating: "An important system file is not found and WINDOWs can no longer run."


After several seconds pass, the trojan initiates a system shutdown and corrupts "hal.dll" in the System32 directory, rendering Windows unbootable. Furthermore. Blackcom will change the homepage to a [[YouTube]] [[screamer]], but it is unknown what the screamer was.
After several seconds pass, the trojan initiates a system shutdown and corrupts the "hal.dll" in the System32 directory, something required for Windows to boot up. Furthermore, even if Windows were bootable at that point, Blackcom will go further to change the homepage to a [[YouTube]] [[screamer]]; though it is currently unknown what this screamer really was.
== Showcases==
== Showcase Videos==
<u>NOTE</u>: Although this trojan contains a [[screamer]], it is not visible in these showcases.  
<u>NOTE</u>: Although this trojan contains a [[screamer]], it is not visible in these showcase videos.  
<div style="text-align: center;">
<div style="text-align: center;">
<youtube width="320" height="180">zh8ceqtyGVI</youtube>
<youtube width="320" height="180">zh8ceqtyGVI</youtube>
Line 33: Line 32:
{{Maliciousnav}}
{{Maliciousnav}}
{{Comments}}
{{Comments}}
[[Category:Partially lost]]
[[Category:Malware]][[Category:2009]]
[[Category:Malware]][[Category:2009]]
[[Category:Other makers]]
[[Category:Other makers]]

Latest revision as of 12:26, 18 April 2025

This page is about a screamer that is partially lost.
 If you have more information about this screamer, please add it to the page or in the comments.

Blackcom is a 2009 screamer application that was created by FlashUpload and written in VBScript. The download for it is currently lost, though there is still some footage confirming its existence.

When launched, it displays a false MSWORD.exe error message that reads: "Microsoft Word cannnot open this document because it contains characters MSWORD.EXE does not understant".

After a couple seconds, it displays a false binary error message that reads:

Microsoft Word Cannot Complete The Operation Requested Due To Security Risks 

Please include the following in your error report 

01011001 01101111 01110101 00100000 01000111 00100000 01110100 00100000 01100101 00100000 00100000 00100000
01011001 01101111 01110101 00100000 01000111 00100000 01110100 00100000 01100101 00100000 00100000 00100000

This message is then followed by a Microsoft Sam voice saying: "Caution: A virus has been detected."

Blackcom then displays more fake error messages about nonexistent applications titled "svchost.exe" and "DRVSTORE", then displays a message stating: "An important system file is not found and WINDOWs can no longer run."

After several seconds pass, the trojan initiates a system shutdown and corrupts the "hal.dll" in the System32 directory, something required for Windows to boot up. Furthermore, even if Windows were bootable at that point, Blackcom will go further to change the homepage to a YouTube screamer; though it is currently unknown what this screamer really was.

Showcase Videos

NOTE: Although this trojan contains a screamer, it is not visible in these showcase videos.

Comments

Comments

Carsonlee0205
22 months ago
Score 0
I translated the false binary error message on a binary code translator and the results were this: [ou G t e [ou G t e
Permalink
Nemesis6051
22 months ago
Score 0
It turns out I incorrectly transcribed the first string wrong. It should be 01011001, not 01011011. This makes out the binary message to be "You G t e You G t e".
Permalink

You must log in or create an account to comment.
Retrieved from "https://screamer.wiki/index.php?title=Blackcom&oldid=164170"