Helper, Comment administrators, rollback
577
edits
Nemesis6051 (talk | contribs) No edit summary |
Nemesis6051 (talk | contribs) No edit summary |
||
Line 15: | Line 15: | ||
===Payload=== | ===Payload=== | ||
[[File:Windows XP Horror Edition gameplay.png|left|200px|thumb|The wallpaper and the changes from the program's payload.]] | [[File:Windows XP Horror Edition gameplay.png|left|200px|thumb|The wallpaper and the changes from the program's payload.]] | ||
Windows XP Horror Edition is a program that disguises itself as a [[wikipedia:Windows XP|Windows XP]] update, but instead installs malware onto the user's computer. Once launched, the program presents a fake update for Windows XP, accompanied by the | Windows XP Horror Edition is a program that disguises itself as a [[wikipedia:Windows XP|Windows XP]] update, but instead installs malware onto the user's computer. Once launched, the program presents a fake update for Windows XP, accompanied by [https://youtu.be/5xk-CUTwg1Q title.wma], better known as Velkommen or the Windows Welcome Music. The update progresses to 66% completion before issuing an error message that reads:<pre> | ||
Setup cannot copy the file ntdll.dll | Setup cannot copy the file ntdll.dll | ||
Setup will use the file 666.sys | Setup will use the file 666.sys | ||
Line 33: | Line 33: | ||
The file labeled <code>NOTHING</code> displays a video called [https://www.youtube.com/watch?v=KqXbz4kIWGE The Sad Man] created by the animator [https://www.youtube.com/channel/UChoxc58JVjk_HVVWdtYxsjg Jake Lava]upon launching. Similar to <code>DON'T OPEN ME.txt</code>, after the animation finishes, the icon then twitches in a glitchy fashion and cannot be opened again. | The file labeled <code>NOTHING</code> displays a video called [https://www.youtube.com/watch?v=KqXbz4kIWGE The Sad Man] created by the animator [https://www.youtube.com/channel/UChoxc58JVjk_HVVWdtYxsjg Jake Lava]upon launching. Similar to <code>DON'T OPEN ME.txt</code>, after the animation finishes, the icon then twitches in a glitchy fashion and cannot be opened again. | ||
At certain points during use, the screen may change to a ''[[wikipedia:Half-Life 3|Half-Life 3]]'' image with a trollface version of | At certain points during use, the screen may change to a ''[[wikipedia:Half-Life 3|Half-Life 3]]'' image with a [[wikipedia:Trollface|trollface]] version of [[wikipedia:Gabe_Newell|Gabe Newell]] accompanied by the [https://www.youtube.com/watch?v=DdcdeS9kzFo Valve Theme], or to other screamers. Additionally, after displaying several error messages that read <code>Task Manager has been disabled by your administrator.</code> the program will emit the [https://www.youtube.com/watch?v=gvdf5n-zI14 nope.avi] soundbite before returning to the desktop. | ||
Upon | Upon clicking the <code>My Computer</code> icon, a message will appear reading: | ||
DO YOU SERIOUSLY WANT TRASH YOUR COMPUTER FOREVER? | |||
Selecting "Yes" will result in the <code>My Computer</code> icon moving to the Recycle Bin, and the screen will then turn black and present a Phantom Balloon Boy jumpscare from ''[[wikipedia:Five Nights at Freddy's 3|Five Nights at Freddy's 3]]'' accompanied by the scream from [[wikipedia:Five_Nights_at_Freddy's_(video_game)|Five Night's at Freddy's]]. Then, a fake Red Screen of Death (RSoD) will appear with the message:<pre> | |||
A problem has been detected and windows has been shut down to prevent damage | |||
to your computer. | |||
The problem seems to be caused by the following file: 666.SYS | |||
PAGE_FAULT_IN_NONPAGED_AREA | |||
If this is the first time you've seen this stop error screen, | |||
restart your computer. If this screen appears again, follow these steps: | |||
Check to make sure any new hardware or software is properly installed. | |||
If this is a new installation, ask your hardware or software maufacturer | |||
for any windows Updates you might need. | |||
If problems continue, disable or remove any newly installed hardware | |||
or software. Disable BIOS memory options such as caching or shadowing. | |||
If you need to use Safe Mode to remove or disable components, restart | |||
your computer, press F6 to select Advanced Startup Options, and then | |||
select Safe Mode. | |||
Technical information: | |||
***STOP 0x666666666 (0x6666666666,0x66666666,0x66666666,0x66666666)</pre> | |||
This message will repeat several times in a line-by-line fashion. Finally, the computer will display a real Blue Screen of Death (BSoD) and reboot. Upon the rebooting, the program's final payload overwrites the Master Boot Record (MBR) with an image displaying an eye along with the message:<div style="text-align: center;"> | |||
I'M WATCHING YOU | |||
Created by WobbyChip | |||
</div> | |||
===Restore solution === | ===Restore solution === | ||
The program disables Task Manager upon launch, making it impossible to | The program disables Task Manager upon launch, making it impossible to end the process using this tool. To fix the overwritten MBR, the user may use the Windows Setup loader on the installation media, access the Command Prompt through <code>Repair Your Computer</code>, and enter the commands <code>bootrec /fixboot</code> and <code>bootrec /fixmbr</code>. Alternatively, the MBR can be repaired using [https://neosmart.net/EasyRE/ NeoSmart's Easy Recovery Essentials], a recovery and diagnostic tool designed to restore non-functioning Windows computers. | ||
=== Peaceful Version === | |||
The "Peaceful" version of the software differs from the "Destructive" version in two ways. First, after the Phantom Balloon Boy jumpscare and fake RSoD, the application simply closes instead of triggering a BSoD and overwriting the MBR. Second, the user may close the application by pressing either ALT + F4 or CTRL + ALT + DEL. | |||
==Links== | ==Links== | ||
<u>NOTE</u>: The following applications contain multiple [[screamers]], <span style="color:red">as well as a [[malicious script]] that will harm your computer! | <u>NOTE</u>: The following applications contain multiple [[screamers]], <span style="color:red">as well as a [[malicious script]] that will harm your computer! | ||
*'''Destructive Version:''' archive.org/details/WinXP.Horror. | *'''Destructive Version:''' archive.org/details/WinXP.Horror.DestructiveCreatedByWobbyChip_201903 | ||
*'''Destructive & Peaceful Versions:''' archive.org/details/winxp.horror.destructive | *'''Destructive & Peaceful Versions:''' archive.org/details/winxp.horror.destructive | ||
==Showcases== | ==Showcases== |