• Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

Beware if you get the "Win32 Pioneer" virus.

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 63,000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

Nov 2, 2021
21
24
So a while back, I noticed that one of my flash drives for some unknown reason got the Win32 Pioneer virus. I disinfected the infected files on it with Kaspersky and thought nothing of it. Fast forward to last Thursday. I was using a WInPE based flash drive (the same thing I disinfected previously) for some stuff and I noticed some programs I added to it had changed file sizes and were refusing to load. No problem I thought, replaced them with the originals from backups stored on my laptop's SSD. Then it happened again, they changed back to the previous damaged state as before. The flash drive was pretty new so I knew that wasn't an issue. Then more programs started to go bad on it. At this point I realized the flash drive may have still been infected or something. I the rebooted and formatted that thing clean. I go back home and power on the laptop again to do something, and decided to check Kaspersky to see if anything was detected, and I was immediately greeted with warning after warning of infected program files from my boot SSD. I let it disinfect it all, and since I was tired I made the grave mistake of not disconnecting the WiFi (hence I put my campus network at risk since this virus does transmit itself over networks). I rebooted and everything seemed fine... As for the flash drive, when I plugged it into my desktop, Kaspersky lost its mind and went crazy blocking infected program files that were supposedly on there. Yeah, quick formatting an infected flash drive and plugging it into a clean computer is a horrible idea. Luckily the desktop didn't get infected. I nuked that drive with BleachBit's "wipe free space" option to finish the virus off. Next morning I got to study for an exam, and immediately noticed that Kaspersky had been completely destroyed on that bootup. I immediately shut off Windows to prevent whatever "undead" leftover of this virus that was still there from spreading over the campus network. Luckily I had a dual-boot with Linux so I could still finish my studying. I ended up later formatting both the SSD (including the Linux install, just in case) and the storage HDD. Good thing I had a very recent backup of most important files. If this virus hits you. Shut down your PC immediately, and reinstall Windows after deleting all partitions on all drives. So yeah, lesson learnt, even a girl like me who is extremely paranoid over cybersecurity can get hit once in a while. This was literally the worst infection I've had since my Windows XP days.
 
Some virus can be tricky, use a antivirus, a firewall and a content filter app to protect your computer. In this case Win32 Pioneer doesn't take advantage on networks and infect by plugging usb devices and rewrite files to execute (This remember me the old days where virus use trusted executables to hide).
 
I am kind of curious how you were able to plug in an infected USB flash drive into a A/V protected system. Infected or not I usually see darn near any A/V program go nutty when a USB drive is attached.
I do agree about wiping the drive. I am kind of partial to easeus part. manager. It will nuke the most stubborn of flash drive I find and some of them can be just that for a variety of reasons. You didn't happen to netstat and try to figure out who the virus was downloading from did you? This kind of activity brings back memories of the old script kiddes viruses.
 
I am kind of curious how you were able to plug in an infected USB flash drive into a A/V protected system. Infected or not I usually see darn near any A/V program go nutty when a USB drive is attached.
I do agree about wiping the drive. I am kind of partial to easeus part. manager. It will nuke the most stubborn of flash drive I find and some of them can be just that for a variety of reasons. You didn't happen to netstat and try to figure out who the virus was downloading from did you? This kind of activity brings back memories of the old script kiddes viruses.
I don't really know much about netstat, most of my cybersecurity stuff I do under Linux and even there I am just a beginner who once in a while tinkers with hacking stuff. I do some times shut down all AV for legit reasons (hacking tools mainly) and forget to turn it on for day, but I have other protection against web page based viruses anyway and I usually remember to turn it back on before I go anywhere dodgy. This virus did its deed long after the last time I did that... Hmmmm... My college is a major government cybersecurity hub so probably some students were messing around and trying to be "hackers" on campus to show off or something. This crap was worse than what I usually get from things like dodgy pirate downloads, malicious websites and other similar stuff.
 
I am kind of curious how you were able to plug in an infected USB flash drive into a A/V protected system. Infected or not I usually see darn near any A/V program go nutty when a USB drive is attached.
I do agree about wiping the drive. I am kind of partial to easeus part. manager. It will nuke the most stubborn of flash drive I find and some of them can be just that for a variety of reasons. You didn't happen to netstat and try to figure out who the virus was downloading from did you? This kind of activity brings back memories of the old script kiddes viruses.

In the old days of XP it was autorun.inf
 
I don't really know much about netstat, most of my cybersecurity stuff I do under Linux and even there I am just a beginner who once in a while tinkers with hacking stuff. I do some times shut down all AV for legit reasons (hacking tools mainly) and forget to turn it on for day, but I have other protection against web page based viruses anyway and I usually remember to turn it back on before I go anywhere dodgy. This virus did its deed long after the last time I did that... Hmmmm... My college is a major government cybersecurity hub so probably some students were messing around and trying to be "hackers" on campus to show off or something. This crap was worse than what I usually get from things like dodgy pirate downloads, malicious websites and other similar stuff.

As you can see by this text the problem was executing malware in the machine. Some virus are outdated after some days or weeks and some stay persistent for years if it connects to a C&C
 
Back