This screen saver (version 3.2 - final version?) Was developed in 2004 by some Mark Russinovich (Mark Russinovich), member of the American company "Sysinternals", dedicated to the development of various software.
Screensaver is a software application file Windows, performed in the SCR-format . It is written in Microsoft Visual C +, has the original file size of 716,800 bytes (originally the original code was not processed by any tools or compression cryptography).
This screen saver included, among other components of various assemblies of additional "widgets" to the desktop of Windows. The official name of the file - SYSINTERNALS_BLUESCREEN.SCR , but may be others:
With its activity (ie, in accordance with user-defined time parameters in the settings of the desktop) screensaver simulates a very realistic crash on Windows with the issuance of a "blue screen of death" (hence the title screen saver - Blue Screen), then restart the system and re-run the "Blue Screen". The "emergency state of the system" can be completed easily at the touch of a function key Esc or " gap . "
Variants of fragments of texts and error codes issued by the splash when simulating a system crash, selected from dozens of options contained in it (screensaver) code. The names of SYS-driver who supposedly are the cause of system failure, also randomly selected from the choices contained in the SCR-code file, or from a list of the actual driver involved in the operation of the system through a special survey software Windows. Version of the "malfunctioning" of the function, which allegedly caused the appearance of a "critical error", also randomly chosen from the following options, a list which contains the code taking into account the identity of errors, the simulated screen saver, a real communications system for critical failures, the screensaver has been built in the procedure of legalization of its use in the user's computer. If the program runs in the first computer, it displays the following window containing the text of the user agreement, after reading the user must decide for himself, he wants to use this intro in my computer or not:
When you click " Decline "(reject) or simply close the window, the program completes its work, creating the following registry branches are empty Screen Saver] If the user clicks the " Agree "(agree), then creates the following registry key Screen Saver] "EulaAccepted" = dword: 00000001 After this User Agreement shall be deemed adopted and the screensaver is executed. In the future when referring to the splash screen will be automatically uploaded to the execution time without any queries. (Note: If the window with the agreement granting the user goes into the program window so it will be perceived as a screensaver consent to its use - the program will complete its work, after creating the registry entries above, and further launches screensaver will automatically run for execution).
If you run a screensaver, after replacing the file extension with the SCR, for example, EXE, then the screen will fill up the following screen:
If you close it without pressing any other options in the registry are empty, only the following branches click "OK ", then the registry keys will be created the following entries, then the window also tick the option " Fake disk activity "and click" OK ", then the registry keys will be created the following entries, then the box will also
Credibility of critical errors, simulated headpiece was immediately seized by armed virus writers - in particular, the authors of numerous variants of the Trojan Backdoor.Intimidater.A . Code file with the screen saver "BlueScreen" was a bit modified, processed by different tools and compression added to the composition of the components of "harmful to the nose" of the program. In this case, to turn into a real splash "pugalku" in the virus code has been built above procedure generate record Key [HKEY_CURRENT_USER \ Software \ Sysinternals \ Bluescreen Screen Saver] "EulaAccepted" = dword: 00000001 , confirming the consent of users to use a screensaver, though that the latter, most obviously, do not even have any idea about the presence of this screen saver to your computer. It is because of the illegal introduction into the screen saver that displays "terrible thing" frightening users, many anti-virus companies have procedures for detecting viruses used in variations of the screen saver "BlueScreen" in the signature bases its products under the names of species identification FraudTool ("afernaya setting"), FakeAlert ("false threat"), BadJoke ("bad joke"), etc. In order to dispel rumors of a terrible virus, "BlueScreen" and give users the opportunity to see live they simulated the critical errors of Windows, I uncompressed the original version of the screen saver utility compression UPX 3.03 and packed in RAR-archive (for smaller file size), which posted a free download from our website here . As mentioned above, nothing criminal, or how something potentially dangerous in the code screen saver has been found .
Study the code and description of development: Broido Herman (aka VirusHunter)
Date of creation: 10/10/2008
Date of last change: 10.10.2008
Author Description: Broido Herman (aka VirusHunter)
No comments:
Post a Comment