1. oh no...

great, just GREAT! i think i got some twisted virus that nuked my windows
directory. i lost everything in my windows directory except three files
that start with a 'p'. :P i'm anticipating getting a new PC, so see you soon

 - Matt the Cursed

new topic     » topic index » view message » categorize

2. Re: oh no...

On 30 Nov 2000, at 20:56, Darth Maul, aka Matt wrote:

> great, just GREAT! i think i got some twisted virus that nuked my windows
> directory. i lost everything in my windows directory except three files that
> start with a 'p'. :P i'm anticipating getting a new PC, so see you soon

Such has happened to me too, and i learned:

1) run proxy(s) to filter ALL java* and all activex from anything going to any
application that is scriptable.
2) don't run anything scriptable that you cannot filter scripts out of.
(scripts are a great way to get a trojan or a virus onto a puter, if they aren't
viruses themselves)
3) run a firewall, ESPECIALLY on a winbox.

>  - Matt the Cursed

Kat the Wiser

new topic     » goto parent     » topic index » view message » categorize

3. Re: oh no...

Will the reign of terror ever end?

I got an e-mail awhile ago from "Undetermined Mail Sender" with no subject,
no information and a file called "EGGKOKEG.EXE". Naturally I deleted it
right away. I learned in Computer Studies, for those with an "always on"
'net connection, hackers can get in easily without a firewall. This is
especially dangerous to networks with a cable 'net connection. I've got a
28.8K modem and 10 hrs. a month so I like to think I'm safe! Jes' thought
I'd contribute.

-Thomas

new topic     » goto parent     » topic index » view message » categorize

4. Re: oh no...

> Thomas wrote:
> I got an e-mail awhile ago from "Undetermined Mail Sender" with no
subject,
> no information and a file called "EGGKOKEG.EXE". >

I got it too.

Colin

new topic     » goto parent     » topic index » view message » categorize

5. Re: oh no...

So did I but I deleted it

new topic     » goto parent     » topic index » view message » categorize

6. Re: oh no...

On 1 Dec 2000, at 20:52, Bernie wrote:

> So did I but I deleted it

Did anyone save the smtp headers? Where did it come from?

Kat

new topic     » goto parent     » topic index » view message » categorize

7. Re: oh no...

I didn't get that post, but I do often get similar ones, from "Undetermined
Mail Sender, but I've discovered that they are actual posts from list
members, maybe with mangled headers (?), which I have filtered into a folder
called "from server";  when I realize they're there, I have been "checking
them out" by using Outlook Express "properties" button and "details", and
then "message source", which not only shows the mail header, but also the
message.  I have been thinking this is a "safe" way to read such  email
without opening it, but now I'm wondering if that's true.  Any thoughts?

Dan

----- Original Message -----
From: "Kat" <gertie at PELL.NET>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Friday, December 01, 2000 10:41 PM
Subject: Re: oh no...


> On 1 Dec 2000, at 20:52, Bernie wrote:
>
> > So did I but I deleted it
>
> Did anyone save the smtp headers? Where did it come from?
>
> Kat

new topic     » goto parent     » topic index » view message » categorize

8. Re: oh no...

On Sat, 2 Dec 2000 00:41:35 -0600, Kat <gertie at PELL.NET> wrote:

>On 1 Dec 2000, at 20:52, Bernie wrote:
>
>> So did I but I deleted it
>
>Did anyone save the smtp headers? Where did it come from?
>
>Kat


It had no header came blank

new topic     » goto parent     » topic index » view message » categorize

9. Re: oh no...

Kat
PS - At time I recieved the file, I viewed the data inside the file
     and saw a reference to kernel32.exe. So I immedatley deleted
     from the file from my system. This file had to be sent to me from
     some ones address book because I do not subscribe to any mailing
     lists.
Bernie

new topic     » goto parent     » topic index » view message » categorize

10. Re: oh no...

------=_NextPart_000_00BF_01C05C20.7B2C8D00
        charset="iso-8859-1"

Kat,  Here is the message header.  - Colin

----- Original Message -----
From: Kat <gertie at PELL.NET>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Saturday, December 02, 2000 12:41 AM
Subject: Re: oh no...


> On 1 Dec 2000, at 20:52, Bernie wrote:
>
> > So did I but I deleted it
>
> Did anyone save the smtp headers? Where did it come from?
>
> Kat


------=_NextPart_000_00BF_01C05C20.7B2C8D00
        name="hdr.txt"

new topic     » goto parent     » topic index » view message » categorize

11. Re: oh no...

Kat:

What's kernel32.exe?

Dan:

"I have been thinking this is a "safe" way to read such  email
without opening it, but now I'm wondering if that's true.  Any thoughts?"

I don't trust e-mails much. Obviously I trust this group. But, doing your
'safe check....I don't know, I personally wouldn't. It seems to me if most
of the people on this list got it, then either someone's either got messed
up e-mails, or someone's going throught a lot of trouble to cause problems.

Not that I'm paranoid.........

--Bye
---Thomas

new topic     » goto parent     » topic index » view message » categorize

12. Re: oh no...

On 1 Dec 2000, at 23:38, Dan B Moyer wrote:

> I didn't get that post, but I do often get similar ones, from "Undetermined
> Mail Sender, but I've discovered that they are actual posts from list members,
> maybe with mangled headers (?), which I have filtered into a folder called
> "from server";  when I realize they're there, I have been "checking them out"
> by using Outlook Express "properties" button and "details", and then "message
> source", which not only shows the mail header, but also the message.  I have
> been thinking this is a "safe" way to read such  email without opening it, but
> now I'm wondering if that's true.  Any thoughts?

Just one thought: doing *anything* to the email in Outlook Express is
dangerous, and you could find your puter executing the email. Part of the
problem is the hidden extensions, such as readme.txt.exe , in which
windoze is told by MS, by default, to not show you the ".exe", so when
you open what *looks* like "readme.txt", you exec it. There are some
viruses that need only be handled, not opened, by OE for them to exec,
due to OE looking into them to decide what to do with them. "Properties"
should be safe, but i do not *know* that it is, because, like i said, it is
possible to get OE to exec something just by recieving it totally unopened.
Marginally legal examples of OE exec'ing code behind the scenes is the
"auto-verify receipt when recieved" and "auto-verify receipt when opened"
options in email readers. So-called "user friendly" options include allowing
html src tags to be active, so the email reader will goto the web and
retrieve unknown files, possibly javascript or vbs files, which then exec and
do anything the author wished.

As far as virus scanners of email, some people have reported problems
with them, mostly hanging the puter types of problems. One of my dear
projects i wish i had time to work on is an email proxy, like the http proxies
i have.

When i got Pegasus, i intentionally did not get the plugins for scripting,
forwarding/sorting, or anything other than plain text decode/display.

Btw, Colin sent me the header, it's from Switzerland. Do not expect the
usa to have any clout in Europe/Asia to chase down virus factories, it's not
like it was in the Melissa virus case.

Kat

new topic     » goto parent     » topic index » view message » categorize

13. Re: oh no...

On Thu, 30 Nov 2000 21:24:45 -0600, Kat <gertie at PELL.NET> wrote:
>2) don't run anything scriptable that you cannot filter scripts out of.
>(scripts are a great way to get a trojan or a virus onto a puter, if they
aren't
>viruses themselves)

Well, I don't have any scripting programs...actually, I suspect it was a
program called ALINK. Here's what happened:

1) I assembled and linked(into COFF format) a test .ASM file that came
with it. It couldn't find a couple symbols...
2) I try linking my own program and try to get it to link with user32.dll
to no avail
3) I try linking it with some file on the site(win32.lib), it crashes, I
leave my system alone for a while, the DOS prompt crashes, and the next
thing I know, *POOF*!

I hate the universe...

 - Matt

new topic     » goto parent     » topic index » view message » categorize

14. Re: oh no...

>either someone's either got messed up e-mails, or someone's going throught
>a lot of trouble to cause problems.

My wife got that message, and she is not on this list; on the other hand, I
didn't get it, and I am on the list; so whether you got it or not doesn't
have anything in particular to do with being on this list.

Don't spend too much of your valuable time and neuronal reources thinking
about this.

George

_____________________________________________________________________________________
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com

new topic     » goto parent     » topic index » view message » categorize

15. Re: oh no...

On 2 Dec 2000, at 9:47, Liona Kerslake wrote:

> Kat:
>
> What's kernel32.exe?

Should have been kernal32.dll. It's the core routines of the windoze OS.
Other routines are in other hunks of code, like user32.* and other *.dll and
*.exe.


> Not that I'm paranoid.........

"paranoid" has gotten such a bad reputation. It's aka "covering your
vulnerable parts of your anatomy", "being prepared" (Boy Sprout motto),
"taking birth control or vitamin pills", "getting a flu shot", "using an
internet
firewall", "an apple a day keeps the doctor away", etc....

Kat,
appropriately paranoid.

new topic     » goto parent     » topic index » view message » categorize

16. Re: oh no...

On Sat, 2 Dec 2000 14:04:23 -0600, Kat <gertie at PELL.NET> wrote:

>On 2 Dec 2000, at 9:47, Liona Kerslake wrote:
>
>> Kat:
>>
>> What's kernel32.exe?
>
>Should have been kernal32.dll. It's the core routines of the windoze OS.
>Other routines are in other hunks of code, like user32.* and other *.dll
and
>*.exe.

You're sure? Last time I checked before my Windoze dir got nuked, it was
Kernel32.dll.

new topic     » goto parent     » topic index » view message » categorize

17. Re: oh no...

On 2 Dec 2000, at 15:17, Darth Maul, aka Matt wrote:

> On Sat, 2 Dec 2000 14:04:23 -0600, Kat <gertie at PELL.NET> wrote:
>
> >On 2 Dec 2000, at 9:47, Liona Kerslake wrote:
> >
> >> Kat:
> >>
> >> What's kernel32.exe?
> >
> >Should have been kernal32.dll. It's the core routines of the windoze OS.
> >Other routines are in other hunks of code, like user32.* and other *.dll
> and
> >*.exe.
>
> You're sure? Last time I checked before my Windoze dir got nuked, it was
> Kernel32.dll.
>

Ok, kernEl32.dll. Happy now?

Kat

new topic     » goto parent     » topic index » view message » categorize

18. Re: oh no...

On Sat, 2 Dec 2000 23:06:57 -0600, Kat <gertie at PELL.NET> wrote:
>Ok, kernEl32.dll. Happy now?

okay, okay...geez, a bit touchy today, huh?

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu