1. oh no...
- Posted by "Darth Maul, aka Matt" <uglyfish87 at HOTMAIL.COM> Nov 30, 2000
- 555 views
- Last edited Dec 01, 2000
great, just GREAT! i think i got some twisted virus that nuked my windows directory. i lost everything in my windows directory except three files that start with a 'p'. :P i'm anticipating getting a new PC, so see you soon - Matt the Cursed
2. Re: oh no...
- Posted by Kat <gertie at PELL.NET> Nov 30, 2000
- 524 views
- Last edited Dec 01, 2000
On 30 Nov 2000, at 20:56, Darth Maul, aka Matt wrote: > great, just GREAT! i think i got some twisted virus that nuked my windows > directory. i lost everything in my windows directory except three files that > start with a 'p'. :P i'm anticipating getting a new PC, so see you soon Such has happened to me too, and i learned: 1) run proxy(s) to filter ALL java* and all activex from anything going to any application that is scriptable. 2) don't run anything scriptable that you cannot filter scripts out of. (scripts are a great way to get a trojan or a virus onto a puter, if they aren't viruses themselves) 3) run a firewall, ESPECIALLY on a winbox. > - Matt the Cursed Kat the Wiser
3. Re: oh no...
- Posted by Liona Kerslake <paulk at UNISERVE.COM> Nov 30, 2000
- 530 views
- Last edited Dec 01, 2000
Will the reign of terror ever end? I got an e-mail awhile ago from "Undetermined Mail Sender" with no subject, no information and a file called "EGGKOKEG.EXE". Naturally I deleted it right away. I learned in Computer Studies, for those with an "always on" 'net connection, hackers can get in easily without a firewall. This is especially dangerous to networks with a cable 'net connection. I've got a 28.8K modem and 10 hrs. a month so I like to think I'm safe! Jes' thought I'd contribute. -Thomas
4. Re: oh no...
- Posted by Colin Taylor <ctaylor at RACSA.CO.CR> Dec 01, 2000
- 526 views
- Last edited Dec 02, 2000
> Thomas wrote: > I got an e-mail awhile ago from "Undetermined Mail Sender" with no subject, > no information and a file called "EGGKOKEG.EXE". > I got it too. Colin
5. Re: oh no...
- Posted by Bernie <xotron at PCOM.NET> Dec 01, 2000
- 534 views
- Last edited Dec 02, 2000
So did I but I deleted it
6. Re: oh no...
- Posted by Kat <gertie at PELL.NET> Dec 02, 2000
- 528 views
On 1 Dec 2000, at 20:52, Bernie wrote: > So did I but I deleted it Did anyone save the smtp headers? Where did it come from? Kat
7. Re: oh no...
- Posted by Dan B Moyer <DANMOYER at PRODIGY.NET> Dec 01, 2000
- 504 views
- Last edited Dec 02, 2000
I didn't get that post, but I do often get similar ones, from "Undetermined Mail Sender, but I've discovered that they are actual posts from list members, maybe with mangled headers (?), which I have filtered into a folder called "from server"; when I realize they're there, I have been "checking them out" by using Outlook Express "properties" button and "details", and then "message source", which not only shows the mail header, but also the message. I have been thinking this is a "safe" way to read such email without opening it, but now I'm wondering if that's true. Any thoughts? Dan ----- Original Message ----- From: "Kat" <gertie at PELL.NET> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Friday, December 01, 2000 10:41 PM Subject: Re: oh no... > On 1 Dec 2000, at 20:52, Bernie wrote: > > > So did I but I deleted it > > Did anyone save the smtp headers? Where did it come from? > > Kat
8. Re: oh no...
- Posted by Bernie <xotron at PCOM.NET> Dec 02, 2000
- 513 views
On Sat, 2 Dec 2000 00:41:35 -0600, Kat <gertie at PELL.NET> wrote: >On 1 Dec 2000, at 20:52, Bernie wrote: > >> So did I but I deleted it > >Did anyone save the smtp headers? Where did it come from? > >Kat It had no header came blank
9. Re: oh no...
- Posted by Bernie <xotron at PCOM.NET> Dec 02, 2000
- 519 views
Kat PS - At time I recieved the file, I viewed the data inside the file and saw a reference to kernel32.exe. So I immedatley deleted from the file from my system. This file had to be sent to me from some ones address book because I do not subscribe to any mailing lists. Bernie
10. Re: oh no...
- Posted by Colin Taylor <ctaylor at RACSA.CO.CR> Dec 02, 2000
- 518 views
------=_NextPart_000_00BF_01C05C20.7B2C8D00 charset="iso-8859-1" Kat, Here is the message header. - Colin ----- Original Message ----- From: Kat <gertie at PELL.NET> To: <EUPHORIA at LISTSERV.MUOHIO.EDU> Sent: Saturday, December 02, 2000 12:41 AM Subject: Re: oh no... > On 1 Dec 2000, at 20:52, Bernie wrote: > > > So did I but I deleted it > > Did anyone save the smtp headers? Where did it come from? > > Kat ------=_NextPart_000_00BF_01C05C20.7B2C8D00 name="hdr.txt"
11. Re: oh no...
- Posted by Liona Kerslake <paulk at UNISERVE.COM> Dec 02, 2000
- 502 views
Kat: What's kernel32.exe? Dan: "I have been thinking this is a "safe" way to read such email without opening it, but now I'm wondering if that's true. Any thoughts?" I don't trust e-mails much. Obviously I trust this group. But, doing your 'safe check....I don't know, I personally wouldn't. It seems to me if most of the people on this list got it, then either someone's either got messed up e-mails, or someone's going throught a lot of trouble to cause problems. Not that I'm paranoid......... --Bye ---Thomas
12. Re: oh no...
- Posted by Kat <gertie at PELL.NET> Dec 02, 2000
- 525 views
On 1 Dec 2000, at 23:38, Dan B Moyer wrote: > I didn't get that post, but I do often get similar ones, from "Undetermined > Mail Sender, but I've discovered that they are actual posts from list members, > maybe with mangled headers (?), which I have filtered into a folder called > "from server"; when I realize they're there, I have been "checking them out" > by using Outlook Express "properties" button and "details", and then "message > source", which not only shows the mail header, but also the message. I have > been thinking this is a "safe" way to read such email without opening it, but > now I'm wondering if that's true. Any thoughts? Just one thought: doing *anything* to the email in Outlook Express is dangerous, and you could find your puter executing the email. Part of the problem is the hidden extensions, such as readme.txt.exe , in which windoze is told by MS, by default, to not show you the ".exe", so when you open what *looks* like "readme.txt", you exec it. There are some viruses that need only be handled, not opened, by OE for them to exec, due to OE looking into them to decide what to do with them. "Properties" should be safe, but i do not *know* that it is, because, like i said, it is possible to get OE to exec something just by recieving it totally unopened. Marginally legal examples of OE exec'ing code behind the scenes is the "auto-verify receipt when recieved" and "auto-verify receipt when opened" options in email readers. So-called "user friendly" options include allowing html src tags to be active, so the email reader will goto the web and retrieve unknown files, possibly javascript or vbs files, which then exec and do anything the author wished. As far as virus scanners of email, some people have reported problems with them, mostly hanging the puter types of problems. One of my dear projects i wish i had time to work on is an email proxy, like the http proxies i have. When i got Pegasus, i intentionally did not get the plugins for scripting, forwarding/sorting, or anything other than plain text decode/display. Btw, Colin sent me the header, it's from Switzerland. Do not expect the usa to have any clout in Europe/Asia to chase down virus factories, it's not like it was in the Melissa virus case. Kat
13. Re: oh no...
- Posted by "Darth Maul, aka Matt" <uglyfish87 at HOTMAIL.COM> Dec 02, 2000
- 516 views
On Thu, 30 Nov 2000 21:24:45 -0600, Kat <gertie at PELL.NET> wrote: >2) don't run anything scriptable that you cannot filter scripts out of. >(scripts are a great way to get a trojan or a virus onto a puter, if they aren't >viruses themselves) Well, I don't have any scripting programs...actually, I suspect it was a program called ALINK. Here's what happened: 1) I assembled and linked(into COFF format) a test .ASM file that came with it. It couldn't find a couple symbols... 2) I try linking my own program and try to get it to link with user32.dll to no avail 3) I try linking it with some file on the site(win32.lib), it crashes, I leave my system alone for a while, the DOS prompt crashes, and the next thing I know, *POOF*! I hate the universe... - Matt
14. Re: oh no...
- Posted by George Henry <ghenryca at HOTMAIL.COM> Dec 02, 2000
- 498 views
- Last edited Dec 03, 2000
>either someone's either got messed up e-mails, or someone's going throught >a lot of trouble to cause problems. My wife got that message, and she is not on this list; on the other hand, I didn't get it, and I am on the list; so whether you got it or not doesn't have anything in particular to do with being on this list. Don't spend too much of your valuable time and neuronal reources thinking about this. George _____________________________________________________________________________________ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
15. Re: oh no...
- Posted by Kat <gertie at PELL.NET> Dec 02, 2000
- 523 views
On 2 Dec 2000, at 9:47, Liona Kerslake wrote: > Kat: > > What's kernel32.exe? Should have been kernal32.dll. It's the core routines of the windoze OS. Other routines are in other hunks of code, like user32.* and other *.dll and *.exe. > Not that I'm paranoid......... "paranoid" has gotten such a bad reputation. It's aka "covering your vulnerable parts of your anatomy", "being prepared" (Boy Sprout motto), "taking birth control or vitamin pills", "getting a flu shot", "using an internet firewall", "an apple a day keeps the doctor away", etc.... Kat, appropriately paranoid.
16. Re: oh no...
- Posted by "Darth Maul, aka Matt" <uglyfish87 at HOTMAIL.COM> Dec 02, 2000
- 523 views
On Sat, 2 Dec 2000 14:04:23 -0600, Kat <gertie at PELL.NET> wrote: >On 2 Dec 2000, at 9:47, Liona Kerslake wrote: > >> Kat: >> >> What's kernel32.exe? > >Should have been kernal32.dll. It's the core routines of the windoze OS. >Other routines are in other hunks of code, like user32.* and other *.dll and >*.exe. You're sure? Last time I checked before my Windoze dir got nuked, it was Kernel32.dll.
17. Re: oh no...
- Posted by Kat <gertie at PELL.NET> Dec 02, 2000
- 532 views
- Last edited Dec 03, 2000
On 2 Dec 2000, at 15:17, Darth Maul, aka Matt wrote: > On Sat, 2 Dec 2000 14:04:23 -0600, Kat <gertie at PELL.NET> wrote: > > >On 2 Dec 2000, at 9:47, Liona Kerslake wrote: > > > >> Kat: > >> > >> What's kernel32.exe? > > > >Should have been kernal32.dll. It's the core routines of the windoze OS. > >Other routines are in other hunks of code, like user32.* and other *.dll > and > >*.exe. > > You're sure? Last time I checked before my Windoze dir got nuked, it was > Kernel32.dll. > Ok, kernEl32.dll. Happy now? Kat
18. Re: oh no...
- Posted by "Darth Maul, aka Matt" <uglyfish87 at HOTMAIL.COM> Dec 09, 2000
- 529 views
On Sat, 2 Dec 2000 23:06:57 -0600, Kat <gertie at PELL.NET> wrote: >Ok, kernEl32.dll. Happy now? okay, okay...geez, a bit touchy today, huh?