Windows XP Horror Edition
Windows XP Horror Edition is a screamer application created by a user WobbyChip, and was first given to Siam Alam to showcase and popularize the virus.
Payload
Upon launch, the virus installs a false update for Windows XP, and plays the Windows XP installation music in the background. When the "update" is 66% complete, the music stops, and an error message appears on the screen, saying "Setup cannot copy the file ntdll.dll, Setup will use the file 666.sys." The music is replaced with a creepy chime soundtrack, the background turns red, and the Windows XP logo changes to an eye along with "Don't Look Behind You." When the "update" is 100% complete, the screen then shows what appears to be TV static, before turning black. The cursor is still visible.
The screen stays black briefly, before showing a false Windows XP startup animation all in red, and with a skull in the logo.
The red background reappears, along with an eye next to the word "welcome." Logging in to Windows XP Horror Edition greets the user with a desktop wallpaper full of skulls, a red taskbar with the Start button labeled "DEAD," and four icons labeled, "My Computer," "NOTHING," "DON'T OPEN ME.txt" and "Recycle Bin." The background changes to creepy pictures and glitchy effects at certain points. Thresh's Theme from League of Legends plays in the background.'
Clicking the "DEAD" button opens the Start menu but in red and with "666" on the top bar. Clicking on the programs within the Start menu causes them to disappear. Clicking the icon on the top bar greets the user with a wooden door. After a few moments the door opens, along with a loud squeak sound. The user is jumpscared by a weird figure, before then being greeted with "GO TO SLEEP" written in blood on the screen.
Opening the "DON'T OPEN ME.txt" file opens a Notepad window with, "CONGRATULATION YOU OPENED ME, DO YOU WANNA PLAY A GAME, OKEY THEN LOOK BEHIND YOU." The screen then changes to a spider jumpscare, and then displays "Game Over." The Notepad icon then twitches and can't be opened again.
Opening "NOTHING" greets the user with a video and some violin background music.
At certain points, the background changes to a Half-Life 3 wallpaper, with a cartoon Bill Gates head. After a few moments the Nope.avi sound is played, before switching back to the desktop.
Opening the "My Computer" icon displays a message saying "DO YOU SERIOUSLY WANT TO TRASH YOUR COMPUTER FOREVER?" Clicking Yes will cause the My Computer icon to move to the Recycle Bin icon. The screen then turns black, before showing a Freddy Fazbear jumpscare, then showing a false BSOD which says "The problem seems to be caused by the following file 666.sys." The messages appear line by line several times, before the computer shows a real BSOD, and then reboots.
The last payload of the malware overwrites the MBR upon the next boot, and then displays an eye, along with "I'M WATCHING YOU" on the bottom.
Stopping it through Task Manager is impossible, as the malware disables its use upon launch.
To fix the overwritten MBR, run the Windows setup loader on the installation media, access the Command Prompt through Repair Your Computer, and then type the following commands: "bootrec /fixboot, bootrec /fixmbr" The MBR can also be fixed through NeoSmart's Easy Recovery Essentials, a recovery/diagnostic tool that can be used to restore non-functioning computers.
Links
NOTE: The following application contains a screamer! as well as a malicious script that could harm your computer!
- archive.org/details/WinXP.Horror.DestructiveCreatedByWobbyChip_201811
- Preview: youtube.com/watch?v=2UX4dbEXAOE