1. IMPORTANT: Email warning!
- Posted by Al Getz <Xaxo at aol.com> Jul 21, 2005
- 518 views
IMPORTANT Im posting this because this issue *may* possibly affect people on this list... Yesterday morning someone hacked into my computer AGAIN. I fell asleep with the comp turned on and connected to the internet (something i dont like to do!) and when i woke up there were several text files appearing on my desktop. The files didnt seem to contain any virus or anything like that, just objectional text including bad language. The files were easily deleted, and i checked the rest of my system using my 'virus' program (written in Euphoria) and i didnt find anything else that seemed harmful. The problem is, last time this happened a few emails got sent off using my screen name (Xaxo) with text containing various bad language and bad jokes to friends of mine. Im posting this just in case this happened again to anyone who reads this list, even though i dont usually store email addresses in an easy to find location anymore. I appologize for the inconvenience and am working on ways to avoid this kind of thing. Im also contiually updating my 'virus' program although i havent found a way to prevent things like this from happening altogether...only correct things that happened after something goes wrong with the system or strange files suddenly appear in a directory somewhere. I usually get hit worse than this however, with dll's, .js scripts, and stuff like that. I even have SP2 and that doesnt seem to make ANY difference. Also, from a scan i can find various 'remnant' files left as a result of someone running MY Exe FILES from MY computer! I dont see how anyone can get this kind of privilege? *LAST* time i was hit was about six weeks ago, but that time i was actually surfing the web. The screen went to a black background and the only thing left was a dialog box saying something like i had the 'sassor worm' and i had to run this virus program to get rid of it, with an "ok" button to run the program (which actually did nothing when clicked). The name of the virus program was "Gold" something or 'something' GOLD, which was apparently downloaded very nearly (within about a minute) the same time as the 'virus'! Now this makes me wonder, what are the chances of getting a virus AND virus protection software downloaded within 60 seconds of each other when not even trying to download anything at all??? This hit was so bad though i couldnt run anything so the only way around it was to reinstall, which takes quite a bit of time because most other software has to be reinstalled also! Anyway, a number of programs had been run and just in case anyone got any objectional emails please ignore them, or better yet, if they are dated between say about 12:01am to about 6:00am yesterday morning dont even open them :) Thanks very much for your attention, and if anyone has any ideas or suggestions about security issues with XP-SP2 please mention them either here or email. I thought SP2 was supposed to clear up a lot of security issues with XP! Weird thing is, i know there are people who stay connected to the internet for many hours at a time and dont get hit. They must be running Linux! :) Take care, Al Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
2. Re: IMPORTANT: Email warning!
- Posted by Jason Gade <jaygade at yahoo.com> Jul 21, 2005
- 494 views
Al Getz wrote: > > IMPORTANT > > Im posting this because this issue *may* possibly affect people on this > list... > > Yesterday morning someone hacked into my computer AGAIN. > I fell asleep with the comp turned on and connected to the internet > (something i dont like to do!) and when i woke up there were > several text files appearing on my desktop. The files didnt seem > to contain any virus or anything like that, just objectional text > including bad language. The files were easily deleted, and i checked > the rest of my system using my 'virus' program (written in Euphoria) > and i didnt find anything else that seemed harmful. The problem is, > last time this happened a few emails got sent off using my screen > name (Xaxo) with text containing various bad language and bad jokes > to friends of mine. Im posting this just in case this happened again > to anyone who reads this list, even though i dont usually store email > addresses in an easy to find location anymore. > I appologize for the inconvenience and am working on ways to avoid > this kind of thing. Im also contiually updating my 'virus' program > although i havent found a way to prevent things like this from happening > altogether...only correct things that happened after something goes wrong > with the system or strange files suddenly appear in a directory somewhere. > I usually get hit worse than this however, with dll's, .js scripts, and > stuff like that. I even have SP2 and that doesnt seem to make ANY difference. > Also, from a scan i can find various 'remnant' files left as a result of > someone running MY Exe FILES from MY computer! I dont see how anyone can get > this kind of privilege? > > *LAST* time i was hit was about six weeks ago, but that time i was actually > surfing the web. The screen went to a black background and the only thing > left was a dialog box saying something like i had the 'sassor worm' and > i had to run this virus program to get rid of it, with an "ok" button to > run the program (which actually did nothing when clicked). The name of > the virus program was "Gold" something or 'something' GOLD, which > was apparently downloaded very nearly (within about a minute) the same > time as the 'virus'! Now this makes me wonder, what are the chances of > getting a virus AND virus protection software downloaded within 60 seconds > of each other when not even trying to download anything at all??? > This hit was so bad though i couldnt run anything so the only way around it > was to reinstall, which takes quite a bit of time because most other > software has to be reinstalled also! > > Anyway, a number of programs had been run and just in case anyone got any > objectional emails please ignore them, or better yet, if they are dated > between say about 12:01am to about 6:00am yesterday morning dont even > open them :) > > Thanks very much for your attention, and if anyone has any ideas or > suggestions > about security issues with XP-SP2 please mention them either here or email. > I thought SP2 was supposed to clear up a lot of security issues with XP! > > Weird thing is, i know there are people who stay connected to the internet > for many hours at a time and dont get hit. They must be running Linux! :) > > > Take care, > Al > > > Take care, > Al > > And, good luck with your Euphoria programming! > > My bumper sticker: "I brake for LED's" > Using XP, I'm running McAffee on one computer and Norton on another along with Microsoft Antispyware. Even though my cable router has a firewall in it I am also running ZoneAlarm free firewall even though the Windows XP firewall should be good enough. I've though about dropping ZoneAlarm but it warns me about *outgoing* connections which is nice (and a hassle sometimes). Virus scanners should not "download themselves". Make sure remote desktop/remote assistance is turned off. Use Firefox and Thunderbird instead of Explorer and Outlook. If you must use Explorer, make sure the security is set to not download Active X / Active content. It should warn you first. I don't have any problems with javascript or java but I know others on this list do. Check out Shields Up! https://www.grc.com/x/ne.dll?bh0bkyd2 for a security scan. It will tell you any open ports and how visible your computer is to the world and how to fix it. Sounds like you should pave the computer and re-install Windows or Linux. ===================================== Too many freaks, not enough circuses. j.
3. Re: IMPORTANT: Email warning!
- Posted by Derek Parnell <ddparnell at bigpond.com> Jul 21, 2005
- 489 views
Al Getz wrote: > > IMPORTANT > > Im posting this because this issue *may* possibly affect people on this > list... > > Yesterday morning someone hacked into my computer AGAIN. Use a decent firewall. The one that comes with XP is not good enough. My firewall (ZoneAlarm) rejects about 30-40 attacks per hour. -- Derek Parnell Melbourne, Australia Skype name: derek.j.parnell
4. Re: IMPORTANT: Email warning!
- Posted by Vincent <darkvincentdude at yahoo.com> Jul 21, 2005
- 493 views
Al Getz wrote: > > IMPORTANT > > Im posting this because this issue *may* possibly affect people on this > list... > > Yesterday morning someone hacked into my computer AGAIN. > I fell asleep with the comp turned on and connected to the internet > (something i dont like to do!) and when i woke up there were > several text files appearing on my desktop. The files didnt seem > to contain any virus or anything like that, just objectional text > including bad language. The files were easily deleted, and i checked > the rest of my system using my 'virus' program (written in Euphoria) > and i didnt find anything else that seemed harmful. The problem is, > last time this happened a few emails got sent off using my screen > name (Xaxo) with text containing various bad language and bad jokes > to friends of mine. Im posting this just in case this happened again > to anyone who reads this list, even though i dont usually store email > addresses in an easy to find location anymore. > I appologize for the inconvenience and am working on ways to avoid > this kind of thing. Im also contiually updating my 'virus' program > although i havent found a way to prevent things like this from happening > altogether...only correct things that happened after something goes wrong > with the system or strange files suddenly appear in a directory somewhere. > I usually get hit worse than this however, with dll's, .js scripts, and > stuff like that. I even have SP2 and that doesnt seem to make ANY difference. > Also, from a scan i can find various 'remnant' files left as a result of > someone running MY Exe FILES from MY computer! I dont see how anyone can get > this kind of privilege? > > *LAST* time i was hit was about six weeks ago, but that time i was actually > surfing the web. The screen went to a black background and the only thing > left was a dialog box saying something like i had the 'sassor worm' and > i had to run this virus program to get rid of it, with an "ok" button to > run the program (which actually did nothing when clicked). The name of > the virus program was "Gold" something or 'something' GOLD, which > was apparently downloaded very nearly (within about a minute) the same > time as the 'virus'! Now this makes me wonder, what are the chances of > getting a virus AND virus protection software downloaded within 60 seconds > of each other when not even trying to download anything at all??? > This hit was so bad though i couldnt run anything so the only way around it > was to reinstall, which takes quite a bit of time because most other > software has to be reinstalled also! > > Anyway, a number of programs had been run and just in case anyone got any > objectional emails please ignore them, or better yet, if they are dated > between say about 12:01am to about 6:00am yesterday morning dont even > open them :) > > Thanks very much for your attention, and if anyone has any ideas or > suggestions > about security issues with XP-SP2 please mention them either here or email. > I thought SP2 was supposed to clear up a lot of security issues with XP! > > Weird thing is, i know there are people who stay connected to the internet > for many hours at a time and dont get hit. They must be running Linux! :) > > > Take care, > Al > > > Take care, > Al > > And, good luck with your Euphoria programming! > > My bumper sticker: "I brake for LED's" > That must of explained why you logged in to the #Euphoria chatroom as youngni**ershi*t. And said things like: "f*ck sh*t ni**er", and "did you blow me you sh*t s*cker!" I checked the logs it seemed to be happening during early Wednesday. We thought you were going insane or somthing. You probaly got attacked by someone using a trojan horse as well, like Sub7 or something. I use the following programs for my Windows XP SP2 box to protect against spyware, viruses, and other security threats. LANguard Network Security Scanner v5.0 NeWT Security Scanner Pro v2.2 SpyBot Search & Destroy v1.3 Microsoft AntiSpyware (beta) Adaware Personal SE v1.06r1 Registry Mechanic v4.0 Nortan Anti Virus 2003 Ace Utilities v2.5.0 Spyware Blaster v3.4 Spyware Doctor v3.2 ZoneAlarm Pro v6.0 Trojan Hunter v4.2 Spyware Guard v2.2 Spy Sweeper v4.0 MRU-Blaster v1.5 I had a big adware takeover on my machine a couple weeks ago. I had to scan through over 7000 DLL and EXE files "manually" on harddrive, and "manually" delete 156 DLL, EXE and Prefetch files, inorder to regain security (took me 6 hours to do). I since got big time and installed and used all those programs listed above. I can now lock down my machine very tightly if I needed. Regards, Vincent ---------------------------------------------- ___ __________ ___ /__/\ /__________\ |\ _\ \::\'\ //::::::::::\\ |'|::| \::\'\ //:::_::::_:::\\ |'|::| \::\'\ //::/ |::| \::\\ |'|::| \::\'\ //::/ |::| \::\\|'|::| \::\'\__//::/ |::| \::\|'|::| \::\','/::/ |::| \::\\|::| \::\_/::/ |::| \::\|::| \::,::/ |::| \:::::| \___/ |__| \____| .``. ',,'
5. Re: IMPORTANT: Email warning!
- Posted by "Kat" <gertie at visionsix.com> Jul 22, 2005
- 474 views
On 21 Jul 2005, at 11:18, Vincent wrote: > That must of explained why you logged in to the #Euphoria chatroom as > youngni**ershi*t. And said things like: "f*ck sh*t ni**er", and "did you blow > me > you sh*t s*cker!" I checked the logs it seemed to be happening during early > Wednesday. We thought you were going insane or somthing. You probaly got > attacked by someone using a trojan horse as well, like Sub7 or something. I > use > the following programs for my Windows XP SP2 box to protect against spyware, > viruses, and other security threats. > > LANguard Network Security Scanner v5.0 > NeWT Security Scanner Pro v2.2 > SpyBot Search & Destroy v1.3 > Microsoft AntiSpyware (beta) > Adaware Personal SE v1.06r1 > Registry Mechanic v4.0 > Nortan Anti Virus 2003 > Ace Utilities v2.5.0 > Spyware Blaster v3.4 > Spyware Doctor v3.2 > ZoneAlarm Pro v6.0 > Trojan Hunter v4.2 > Spyware Guard v2.2 > Spy Sweeper v4.0 > MRU-Blaster v1.5 > > I had a big adware takeover on my machine a couple weeks ago. I had to scan > through over 7000 DLL and EXE files "manually" on harddrive, and "manually" > delete 156 DLL, EXE and Prefetch files, inorder to regain security (took me 6 > hours to do). I since got big time and installed and used all those programs > listed above. I can now lock down my machine very tightly if I needed. Do you still allow copy/paste by script? What about downloads of icons, activex, javascript, shockwave? Do you know if your runtime protection really scans the css files for scripts? You do know modern viruses and trojan automagically shut off all your "protection"? Kat
6. Re: IMPORTANT: Email warning!
- Posted by Vincent <darkvincentdude at yahoo.com> Jul 22, 2005
- 492 views
Kat wrote: > > On 21 Jul 2005, at 11:18, Vincent wrote: > > > > That must of explained why you logged in to the #Euphoria chatroom as > > youngni**ershi*t. And said things like: "f*ck sh*t ni**er", and "did you > > blow me > > you sh*t s*cker!" I checked the logs it seemed to be happening during early > > Wednesday. We thought you were going insane or somthing. You probaly got > > attacked by someone using a trojan horse as well, like Sub7 or something. I > > use > > the following programs for my Windows XP SP2 box to protect against spyware, > > viruses, and other security threats. > > > > LANguard Network Security Scanner v5.0 > > NeWT Security Scanner Pro v2.2 > > SpyBot Search & Destroy v1.3 > > Microsoft AntiSpyware (beta) > > Adaware Personal SE v1.06r1 > > Registry Mechanic v4.0 > > Nortan Anti Virus 2003 > > Ace Utilities v2.5.0 > > Spyware Blaster v3.4 > > Spyware Doctor v3.2 > > ZoneAlarm Pro v6.0 > > Trojan Hunter v4.2 > > Spyware Guard v2.2 > > Spy Sweeper v4.0 > > MRU-Blaster v1.5 > > > > I had a big adware takeover on my machine a couple weeks ago. I had to scan > > through over 7000 DLL and EXE files "manually" on harddrive, and "manually" > > delete 156 DLL, EXE and Prefetch files, inorder to regain security (took me > > 6 > > hours to do). I since got big time and installed and used all those programs > > listed above. I can now lock down my machine very tightly if I needed. > > Do you still allow copy/paste by script? What about downloads of icons, > activex, javascript, shockwave? Do you know if your runtime protection really > scans the css files for scripts? You do know modern viruses and trojan > automagically shut off all your "protection"? > > Kat > > Kat... Windows XP SP2 will prompt me if ActiveX content trys to run... I can disable Flash and Shockwave with spyware blaster.. Spyware gaurd has a protection database with a list of bad sites to refuse downloads from, spyware gaurd prompts action on changes to the registry, spy sweeper will notify me of new cookies. I only run a few programs with live protection, if their processes and tray icons disapear I would notice it very quickly.. and I will shutdown my network with ZoneAlarm or do a scan on any suspecious network activity, 99% Zonealarm will notice a file trying to run, and I know by experience on whether or not its safe. I see your point, but my Windows protection is fairly decent, after all I learned my lesson many times in the past. Regards, Vincent ---------------------------------------------- ___ __________ ___ /__/\ /__________\ |\ _\ \::\'\ //::::::::::\\ |'|::| \::\'\ //:::_::::_:::\\ |'|::| \::\'\ //::/ |::| \::\\ |'|::| \::\'\ //::/ |::| \::\\|'|::| \::\'\__//::/ |::| \::\|'|::| \::\','/::/ |::| \::\\|::| \::\_/::/ |::| \::\|::| \::,::/ |::| \:::::| \___/ |__| \____| .``. ',,'
7. Re: IMPORTANT: Email warning!
- Posted by Ron Weidner <xecronix at yahoo.com> Jul 22, 2005
- 501 views
> > > > > That must of explained why you logged in to the > #Euphoria chatroom as > > > youngni**ershi*t. And said things like: "f*ck > sh*t ni**er", and "did you blow me > > > you sh*t s*cker!" I checked the logs it seemed > to be happening during early > > > Wednesday. We thought you were going insane or > somthing. You probaly got > > > attacked by someone using a trojan horse as > well, like Sub7 or something. I use > > > the following programs for my Windows XP SP2 box > to protect against spyware, > > > viruses, and other security threats. > > > > > > LANguard Network Security Scanner v5.0 > > > NeWT Security Scanner Pro v2.2 > > > SpyBot Search & Destroy v1.3 > > > Microsoft AntiSpyware (beta) > > > Adaware Personal SE v1.06r1 > > > Registry Mechanic v4.0 > > > Nortan Anti Virus 2003 > > > Ace Utilities v2.5.0 > > > Spyware Blaster v3.4 > > > Spyware Doctor v3.2 > > > ZoneAlarm Pro v6.0 > > > Trojan Hunter v4.2 > > > Spyware Guard v2.2 > > > Spy Sweeper v4.0 > > > MRU-Blaster v1.5 > > > > > > I had a big adware takeover on my machine a > couple weeks ago. I had to scan > > > through over 7000 DLL and EXE files "manually" > on harddrive, and "manually" > > > delete 156 DLL, EXE and Prefetch files, inorder > to regain security (took me 6 > > > hours to do). I since got big time and installed > and used all those programs > > > listed above. I can now lock down my machine > very tightly if I needed. > > > Kat... Windows XP SP2 will prompt me if ActiveX > content trys to run... I can disable Flash and > Shockwave with spyware blaster.. Spyware gaurd has a > protection database with a list of bad sites to > refuse downloads from, spyware gaurd prompts action > on changes to the registry, spy sweeper will notify > me of new cookies. I only run a few programs with > live protection, if their processes and tray icons > disapear I would notice it very quickly.. and I will > shutdown my network with ZoneAlarm or do a scan on > any suspecious network activity, 99% Zonealarm will > notice a file trying to run, and I know by > experience on whether or not its safe. I see your > point, but my Windows protection is fairly decent, > after all I learned my lesson many times in the > past. > With all of those programs running and effort spent fighting spyware/viruses, it's a wonder you have any processor or time left to enjoy your computer. I'm sure glad I've explored alternatives. And I'm greatful that I'm no longer windows dependant. Good luck. -- Ronald Weidner http://www.techport80.com PHP Software developer for hire.
8. Re: IMPORTANT: Email warning!
- Posted by Al Getz <Xaxo at aol.com> Jul 22, 2005
- 494 views
Hello again Jason, Derek, Vincent, and Kat, It looks like i'll have to check some of these programs out, although i was hoping to avoid shelling out 50 bucks just because some dumb person and/or company feels like hacking my computer. Jason: I checked out that Shields program but they dont seem to have a section for Win XP, unless i missed it? Derek: Yeah i see what you mean :) Win XP's firewall doesnt seem to do anything at all! I wonder why they even bother to install it when you install XP ? Doesnt make any sense to me! Vincent: Oh wow, so the euphoria chat room got blasted! Well, on the bright side so far that's the only bad news i've heard. It's been a couple days now and i havent received any emails complaining about someone getting a bunch of bad jokes or bad language in the email. I guess they were mad this time...they couldnt find my email list ha ha! Kat: Do you know if an external system can turn my "Remote Desktop" back on? It appears that was activated again and im pretty sure i had it turned off! I usually set my IE security settings to 'prompt' for most things. This makes me think about a program...that brings up a dialog box whenever *ANY* exe is run on a machine. I have a program that creates buttons in a window when you drop a .exe/exw or directory on it, and when you click the button before anything actually runs you get a small dialog window that says: "Run or open file?" with four buttons: "Edit properties", "No", "Yes", "Explore". Now before the exe can run, the user has to click "Yes", otherwise it just sits there doing nothing. Well, if there was a program or perhaps a way of "subclassing" EVERY SINGLE EXE program on the computer, you could have a dialog box like that come up so the exe couldnt run unless you click it. I guess this brings up the question though...can an external user click a button on someone else's computer somehow? If not, this would work great! If they could, then it would only work when the user is sitting right there in front of the computer watching the screen. A small delay period (even 0.3 seconds probably) would mean the dialog box would be visible showing the user what is going on. I dont know how this would affect performance however. OH yes, BTW, the name of the program that really messed up my machine several weeks back was: Antivirus Gold. Their website is at ----://www.antivirus-gold.com (i've blocked out the h.t.t.p part of the address so no one clicks on it!) This site/product is RESPONSIBLE for that nasty attack i was talking about where the desktop went black, and only their stinking product was shown in a dialog box. What they do is install a virus, then tell you you need their software to fix it!!! Now do they really expect me to buy their software after that? That's just nuts. Well i guess i'll be looking for some free software to help prevent these kinds of things.... Thanks for all the ideas and suggestions, and if anyone knows a way to 'subclass' all the exe's on a machine (like i was talking about before) please let me know. Take care for now, Al Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
9. Re: IMPORTANT: Email warning!
- Posted by Jason Gade <jaygade at yahoo.com> Jul 22, 2005
- 500 views
Al Getz wrote: > Jason: > I checked out that Shields program but they dont seem to have a > section for Win XP, unless i missed it? Its not a program that runs on your computer; his computer will scan your computer and tell you any open ports or vulnerabilities that it might have. It will tell you how visible your computer is to the rest of the internet. BTW, ZoneAlarm has a free version of their firewall; it is what I use. Although I've been thinking about dropping it since I also have a hardware firewall, it works very well. ===================================== Too many freaks, not enough circuses. j.
10. Re: IMPORTANT: Email warning!
- Posted by Pete Lomax <petelomax at blueyonder.co.uk> Jul 23, 2005
- 491 views
On Fri, 22 Jul 2005 05:07:52 -0700, Al Getz <guest at RapidEuphoria.com> wrote: >This makes me think about a program...that brings up a dialog box >whenever *ANY* exe is run on a machine. I use Kerio, which monitors all executables for network traffic. It also performs an md5 checksum on any exe you have previously given permission to perform network traffic before it is run. This may not help with many viruses, (unless they infect your browser etc), but it should catch any spyware/trojan type programs. Other firewalls probably perform in a similar fashion. I am not a security expert. Regards, Pete PS I replied before but I think it got lost. You wrote: >a dialog box saying something like i had the 'sassor worm' and >i had to run this virus program to get rid of it, with an "ok" button to >run the program (which actually did nothing when clicked). As you are probably aware, that was a bit of relatively harmless html showing, but clicking the button installed the virus. If you'd just closed the window, it would probably not have managed to cause harm.
11. Re: IMPORTANT: Email warning!
- Posted by Al Getz <Xaxo at aol.com> Jul 25, 2005
- 511 views
Hi again, Jason: I'll take another look at the Shields info when im feeling a bit better. Having a nasty couple weeks here...now came down with some kind of flu so i'll be out of commish for a few more days yet. Pete: I couldnt close anything after that took over...it blanked everything else out...never got a chance to even say "no". Thanks again for all the ideas and suggestions! Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"