Computer messed up after benchmark.

[DeVry Student]

Somehow a server admin hacked my computer. First thing I saw was the admin saying somthin bout running a benchmark on me and somthing bout boot.ini... and then the game went into benchmark mode. I restarted my computer last night only to find that the computer wouldn't boot. I checked the boot.ini file and found that it had a bunch of jibberish and somthing bout it being a benchmark file. WTF?

 

[Kirkburn]

We. Need. More. Info.

 

[DeVry Student]

This is what boot.ini looks like on my other computer:



"benchmark"
{
"framerate" "294.052002"
"build" "2259"
"VendorID" "4098"
"deviceID" "19017"
"ram" "1023"
"cpu_speed" "1737"
"cpu" "AuthenticAMD"
"width" "1024"
"height" "768"
"AASamples" "4"
"AnisoLevel" "8"
"SkipMipLevels" "0"
"DxLevel" "90"
"Windowed" "0"
"Trilinear" "0"
"ForceHWSync" "1"
"NoWaitForVSync" "1"
"DisableSpecular" "0"
"DisableBumpmapping" "0"
"EnableParallaxMapping" "0"
"ZPrefill" "0"
"ReduceFillRate" "0"
"RenderToTextureShadows" "1"
"RealtimeWaterReflection" "1"
"WaterReflectEntities" "1"
}

 

[Kirkburn]

Can you give us a clearer idea of what the admin was doing/saying? Was this over the net? Over a LAN? Do you have a firewall?

I'm amazed that he managed to edit your boot.ini file ...

 

[DeVry Student]

I guess he didnt like me team killing so he was talkin bout how he was gona use the admin clexec command to do somthing with bench_start and somthin else. It was over the Internet, and I use Zone Alarm Pro 2.6.362 - which, though an old version, is more stable and blocks more applications than Norton Internet Security and newer versions of Zone Alarm Pro.

 

[Dinkleberry]

This is what boot.ini looks like on my other computer:



"benchmark"
{
"framerate" "294.052002"
"build" "2259"
"VendorID" "4098"
"deviceID" "19017"
"ram" "1023"
"cpu_speed" "1737"
"cpu" "AuthenticAMD"
"width" "1024"
"height" "768"
"AASamples" "4"
"AnisoLevel" "8"
"SkipMipLevels" "0"
"DxLevel" "90"
"Windowed" "0"
"Trilinear" "0"
"ForceHWSync" "1"
"NoWaitForVSync" "1"
"DisableSpecular" "0"
"DisableBumpmapping" "0"
"EnableParallaxMapping" "0"
"ZPrefill" "0"
"ReduceFillRate" "0"
"RenderToTextureShadows" "1"
"RealtimeWaterReflection" "1"
"WaterReflectEntities" "1"
}

Is that the boot.ini on your hard drive root? If so, then something has seriously gone tits up. Do you have windows 2000? if so then you could transfer part of my boot.ini file and change it according to your setup.

 

[Hazar]

This is what boot.ini looks like on my other computer:



"benchmark"
{
"framerate" "294.052002"
"build" "2259"
"VendorID" "4098"
"deviceID" "19017"
"ram" "1023"
"cpu_speed" "1737"
"cpu" "AuthenticAMD"
"width" "1024"
"height" "768"
"AASamples" "4"
"AnisoLevel" "8"
"SkipMipLevels" "0"
"DxLevel" "90"
"Windowed" "0"
"Trilinear" "0"
"ForceHWSync" "1"
"NoWaitForVSync" "1"
"DisableSpecular" "0"
"DisableBumpmapping" "0"
"EnableParallaxMapping" "0"
"ZPrefill" "0"
"ReduceFillRate" "0"
"RenderToTextureShadows" "1"
"RealtimeWaterReflection" "1"
"WaterReflectEntities" "1"
}

what? that must be for a 9x system

the xp boot.ini file should be as so:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

[DeVry Student]

The boot.ini file never got modified on my C: drive. When I executed that command bench_start (to boot.ini), it actually made it to D:\boot.ini. However, the point of this thread is to illustrate the threat that this poses since boot.ini is, by default, NOT read-only / system. Thus, by using bench_start, it will overwrite the boot.ini file. This post was just to illustrate what can potentially happen if one does this and has HL2 installed to their Windows drive.

I emailed this bug to Valve 2 weeks ago, did a bug report, and they still have not patched it - and for a bug this serious, it should be a priority - but then again, look at Microsoft - they dont patch a security hole until the next year. If they are that backlogged in people to read the bug reports, why dont they just fire 20 and hire 200 from India @ $2/hr?

I even submitted a full bug report but the mod of this forum deleted it and gave me a level 2 warning. I submited the bug report to Steam forums, and it got deleted. The admin of the Steam User Forums said that he would put it in a private, special thread for Valve to look over, but obviousley he did not as I have not heard back or seen Valve/Steam do an update since that bug was submitted via the in-game and forums.

And I imagine that this thread will just be deleted just as well, and formerly diregarded as utter bull crap or as not a good threat (although it is serious), but at least I can try to inform as many people as I can before its deleted and disregarded as "spam".

 

[OD-Black_Fire]

That's mighty ****ed. That literaly all I can say, too. D:

 

[michaelsil1]

I disabled Remote Access so that things like that could not happen.

 

[DeVry Student]

It does not matter if you have a firewall, disabled remote access, have 3000 spyware programs, have anti-virus, etc... it does not even matter if you have a thousand dollar router behind your system - as long as CS:S can connect to a game server your vulnerable to this.

Only way to protect against this is to get the bug patched, and until they do either dont play any source engine games or ghost your computer before entering any more servers so that if they do modify your boot.ini file you have a disaster recovery plan in place.

 

[Dumb Dude]

What if I have all my steam games on a seperate hard drive from the Windows one? Am I in the clear?

 

[Link]

The simplist fix is to make boot.ini read only. This stops the bench outputting results to it. However, there are plenty of system critical files, write protecting them all would be a serious pain, so this bug does need to be sorted ASAP.

Dumb Dude - I don't think so, as it should be able to write to any drive, even if the install is not on the c:

DeVry Student - I would imagine that it got closed and you got warned because you posted a discription of how to do it. I'm guessing obviously, so I am assuming you did. Not meant as an attack or accusation at all, just a fyi. PM Munro and ask him to confirm if you want to know for sure.

A simpler solution would be to make a backup onto floppy of all files in c: and if this happens, at least you can restore them. Yes, they can go further into your directory structure, but I expect most will aim at files on your c: simply because thats easiest to type. (Hack0rs = teh lazy)

 

[DeVry Student]

First... I dont know if its appropriate to call people who use this "hax0rz" - because they are not really adding any code to the game. They are using a feature built in to get rid of "hax0rz" A more appropriate term would be "crackz0rz"

Second... yes. That is the reason why it was deleted earlier.

 

[Link]

You very right, this would not make someone a "hacker", but when I speak of hax0rz, I mean something else entirley.

Hackers are skilled computer users that write thier own programs and are generally excellent people, helping newer users out.

Hax0rz are stupid kids who will try and ruin other peoples day, but only if it dosen't involve any effort. As such they use ready-written programs and scripts. As you say, they are crackers, this is just how I classify them personally.

Either way, anyone who would actually use this can be classifyed as a cracker, a hax0rz and mentally at least, 10 years old.

 

[DeVry Student]

... Either way, anyone who would actually use this can be classifyed as a cracker, a hax0rz and mentally at least, 10 years old.

Quite the contrary... 10 year olds can't play this game - it's rated Mature for 17+... ane even if a 10 year old played this game, they wouldnt know anything about running a server and most likely all they would want to do is just play the game, or grow impatient and just forget it because Steam is so reliable.

 

[Link]

mentally at least, 10 years old.

Anyway, do you honestly believe that the rating is going to stop them getting it. I used to work in a game store and the number of people that bought GTA type games for their young (And I mean young) kids was unbeliveable. And yes, I told them how graphic and adult it was. Dosen't stop them.

 

[Dumb Dude]

Well, this issue is nice and patched up now.