notablackbear / poe_qolV2

52 stars 34 forks source link

Totally messed up my PC. #67

Open agassparkle opened 4 years ago

agassparkle commented 4 years ago

After installing this, it deleted my mbr on my c drive. How i know it happened after this, I havent installed anything for the last month and this happened after i started using this for an hour.

At first while the game was running, i was getting error saying that backgroundtaskhost.exe was not responding. And i couldnt get taskmanager open. And I restarted and boom everything was gone. Luckly i had a image and restored from it.

Just to test i ran the program after reinstall, this time it didnt fuck up the drive but you cant run the game if you have ran the program.

Something is weird with this thing. It is a good idea but pls be sure it is ok to use it.

0xdavidel commented 4 years ago

Hi, I am very sorry that this situation occurred, as a person from the cybersecurity realm it sounds a bit unlikely this was caused by this (ugly but) simple python script, deleting the MBR with any program is only possible when you run the program with administrator permissions, without those permissions that sector in the drive is limited only for reading. I can assure you that ZERO parts of this code even remotely tries to touch the MBR or any important data structures in the process of loading up your operating system.

Please run the Malwarebytes scanner or any other reputable AV scanner out there because I suspect you might have had a bootkit that failed to install (or succeded and you just don't know that)

And about the actual program - for the time being, I would highly suggest running the python code directly and not the executables, you can do this by installing python 3, installing the required libraries by using the pip module with the -r flag on the requirements.txt file (python -m pip -r requirements.txt) and then simply running the newest version by executing "python POE_QOL2.py"

I will add this information soon to the README.md file, and perhaps the best course of action will be to delete the obsolete executables.

Could you please update me when and if the AV scan finds anything?

agassparkle commented 4 years ago

Hi,

These were the Malwares findings. This backup is tainted it seems. PUP.Optional.Linkury PUP.Optional.Babylon PUP.Optional.Ask Adware.Elex As you have mentioned i have ran the program with admin rights when my windows was gone.

As for the python -m pip -r requirements.txt , i downloaded phyton 3.8.5 and when run this i am getting "no such option: -r"