Restarting the computer shows the final payload, dropped earlier during the MBR overwrite (this also works on Windows 2000/ME and below, but does not work with systems that use EFI bootloaders). Time to get banned!' – danooct1 2016 (not included in original version) 'This is everything I want in my computer' – danooct1 2016 (not included in original version).I don't believe we've been properly introduced.
Why did you even tried to kill MEMZ? Your PC is fucked anyway.SOMEBODY ONCE TOLD ME THE MEMZ ARE GONNA ROLL ME.HAVE FUN TRYING TO RESTORE YOUR DATA :D.YOU TRIED SO HARD AND GOT SO FAR, BUT IN THE END, YOUR PC WAS STILL FUCKED!.YOU KILLED MY TROJAN! Now you are going to die.Here is a list of the messages that this payload shows :
Trying to end the MEMZ process will, as mentioned above, start killWindows(), which pops up tons of message boxes containing "leetspeek" messages, and then crash the computer to a BSOD using NtRaiseHardError, an undocumented ntdll call, with error code 0xC0000022. A bit later, warning icons get drawn at random coordinates and error icons get drawn below the cursor by PayloadDrawErrors, the trojan plays error sounds through the PayloadSound payload, and the PayloadTunnel payload copies your screen's contents and place them on top of your screen, getting smaller and smaller each time (known as the "Tunnel" effect). It may also open one of the following Windows applications:Īfter a while, the trojan will start randomly moving the mouse slightly, and messages taunting the user appear (see image), getting more violent and rapid as time progresses.
exe in Wine or Crossover, although only the dialog box and MBR overwriting payload are functional.
It is also possible to launch MEMZ on Mac OS X by converting it from. However, the MBR overwrite payload works on all Windows versions from 95 onwards. The payloads are meant to work on Windows XP and up, failing on all versions of Windows 9x, especially Windows 98 and below. Trying to kill MEMZ will cause your system to beĪt the same moment, the computer's Master Boot Record is overwritten by MEMZ. YOUR COMPUTER HAS BEEN FUCKED BY THE MEMZ TROJAN. At the same time, it will leave a note titled note.txt for the user saying that they will not be able to use the computer anymore after rebooting it : If the user answers Yes to both warning messages, MEMZ will run. Newer versions of MEMZ Destructive, 4.0 and up, warn the user not to run it on a physical machine as it will damage it and advise the user to run the trojan on a virtual machine. The batch version works like a self-extracting archive, which just extracts and runs the.
It is available as an executable .exe file and a batch version. This trojan has quite a few payloads, which all automatically activate after each other, with some delay. It was originally created for danooct1's "Viewer-Made Malware" series.