1. IMPORTANT: Email warning!
IMPORTANT
Im posting this because this issue *may* possibly affect people on this list...
Yesterday morning someone hacked into my computer AGAIN.
I fell asleep with the comp turned on and connected to the internet
(something i dont like to do!) and when i woke up there were
several text files appearing on my desktop. The files didnt seem
to contain any virus or anything like that, just objectional text
including bad language. The files were easily deleted, and i checked
the rest of my system using my 'virus' program (written in Euphoria)
and i didnt find anything else that seemed harmful. The problem is,
last time this happened a few emails got sent off using my screen
name (Xaxo) with text containing various bad language and bad jokes
to friends of mine. Im posting this just in case this happened again
to anyone who reads this list, even though i dont usually store email
addresses in an easy to find location anymore.
I appologize for the inconvenience and am working on ways to avoid
this kind of thing. Im also contiually updating my 'virus' program
although i havent found a way to prevent things like this from happening
altogether...only correct things that happened after something goes wrong
with the system or strange files suddenly appear in a directory somewhere.
I usually get hit worse than this however, with dll's, .js scripts, and
stuff like that. I even have SP2 and that doesnt seem to make ANY difference.
Also, from a scan i can find various 'remnant' files left as a result of
someone running MY Exe FILES from MY computer! I dont see how anyone can get
this kind of privilege?
*LAST* time i was hit was about six weeks ago, but that time i was actually
surfing the web. The screen went to a black background and the only thing
left was a dialog box saying something like i had the 'sassor worm' and
i had to run this virus program to get rid of it, with an "ok" button to
run the program (which actually did nothing when clicked). The name of
the virus program was "Gold" something or 'something' GOLD, which
was apparently downloaded very nearly (within about a minute) the same
time as the 'virus'! Now this makes me wonder, what are the chances of
getting a virus AND virus protection software downloaded within 60 seconds
of each other when not even trying to download anything at all???
This hit was so bad though i couldnt run anything so the only way around it
was to reinstall, which takes quite a bit of time because most other
software has to be reinstalled also!
Anyway, a number of programs had been run and just in case anyone got any
objectional emails please ignore them, or better yet, if they are dated
between say about 12:01am to about 6:00am yesterday morning dont even
open them :)
Thanks very much for your attention, and if anyone has any ideas or suggestions
about security issues with XP-SP2 please mention them either here or email.
I thought SP2 was supposed to clear up a lot of security issues with XP!
Weird thing is, i know there are people who stay connected to the internet
for many hours at a time and dont get hit. They must be running Linux! :)
Take care,
Al
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
2. Re: IMPORTANT: Email warning!
Al Getz wrote:
>
> IMPORTANT
>
> Im posting this because this issue *may* possibly affect people on this
> list...
>
> Yesterday morning someone hacked into my computer AGAIN.
> I fell asleep with the comp turned on and connected to the internet
> (something i dont like to do!) and when i woke up there were
> several text files appearing on my desktop. The files didnt seem
> to contain any virus or anything like that, just objectional text
> including bad language. The files were easily deleted, and i checked
> the rest of my system using my 'virus' program (written in Euphoria)
> and i didnt find anything else that seemed harmful. The problem is,
> last time this happened a few emails got sent off using my screen
> name (Xaxo) with text containing various bad language and bad jokes
> to friends of mine. Im posting this just in case this happened again
> to anyone who reads this list, even though i dont usually store email
> addresses in an easy to find location anymore.
> I appologize for the inconvenience and am working on ways to avoid
> this kind of thing. Im also contiually updating my 'virus' program
> although i havent found a way to prevent things like this from happening
> altogether...only correct things that happened after something goes wrong
> with the system or strange files suddenly appear in a directory somewhere.
> I usually get hit worse than this however, with dll's, .js scripts, and
> stuff like that. I even have SP2 and that doesnt seem to make ANY difference.
> Also, from a scan i can find various 'remnant' files left as a result of
> someone running MY Exe FILES from MY computer! I dont see how anyone can get
> this kind of privilege?
>
> *LAST* time i was hit was about six weeks ago, but that time i was actually
> surfing the web. The screen went to a black background and the only thing
> left was a dialog box saying something like i had the 'sassor worm' and
> i had to run this virus program to get rid of it, with an "ok" button to
> run the program (which actually did nothing when clicked). The name of
> the virus program was "Gold" something or 'something' GOLD, which
> was apparently downloaded very nearly (within about a minute) the same
> time as the 'virus'! Now this makes me wonder, what are the chances of
> getting a virus AND virus protection software downloaded within 60 seconds
> of each other when not even trying to download anything at all???
> This hit was so bad though i couldnt run anything so the only way around it
> was to reinstall, which takes quite a bit of time because most other
> software has to be reinstalled also!
>
> Anyway, a number of programs had been run and just in case anyone got any
> objectional emails please ignore them, or better yet, if they are dated
> between say about 12:01am to about 6:00am yesterday morning dont even
> open them :)
>
> Thanks very much for your attention, and if anyone has any ideas or
> suggestions
> about security issues with XP-SP2 please mention them either here or email.
> I thought SP2 was supposed to clear up a lot of security issues with XP!
>
> Weird thing is, i know there are people who stay connected to the internet
> for many hours at a time and dont get hit. They must be running Linux! :)
>
>
> Take care,
> Al
>
>
> Take care,
> Al
>
> And, good luck with your Euphoria programming!
>
> My bumper sticker: "I brake for LED's"
>
Using XP, I'm running McAffee on one computer and Norton on another along with
Microsoft Antispyware. Even though my cable router has a firewall in it I am
also running ZoneAlarm free firewall even though the Windows XP firewall should
be good enough. I've though about dropping ZoneAlarm but it warns me about
*outgoing* connections which is nice (and a hassle sometimes).
Virus scanners should not "download themselves".
Make sure remote desktop/remote assistance is turned off.
Use Firefox and Thunderbird instead of Explorer and Outlook.
If you must use Explorer, make sure the security is set to not download Active X
/ Active content. It should warn you first.
I don't have any problems with javascript or java but I know others on this list
do.
Check out Shields Up! https://www.grc.com/x/ne.dll?bh0bkyd2 for a security scan.
It will tell you any open ports and how visible your computer is to the world
and how to fix it.
Sounds like you should pave the computer and re-install Windows or Linux.
=====================================
Too many freaks, not enough circuses.
j.
3. Re: IMPORTANT: Email warning!
Al Getz wrote:
>
> IMPORTANT
>
> Im posting this because this issue *may* possibly affect people on this
> list...
>
> Yesterday morning someone hacked into my computer AGAIN.
Use a decent firewall. The one that comes with XP is not good enough.
My firewall (ZoneAlarm) rejects about 30-40 attacks per hour.
--
Derek Parnell
Melbourne, Australia
Skype name: derek.j.parnell
4. Re: IMPORTANT: Email warning!
Al Getz wrote:
>
> IMPORTANT
>
> Im posting this because this issue *may* possibly affect people on this
> list...
>
> Yesterday morning someone hacked into my computer AGAIN.
> I fell asleep with the comp turned on and connected to the internet
> (something i dont like to do!) and when i woke up there were
> several text files appearing on my desktop. The files didnt seem
> to contain any virus or anything like that, just objectional text
> including bad language. The files were easily deleted, and i checked
> the rest of my system using my 'virus' program (written in Euphoria)
> and i didnt find anything else that seemed harmful. The problem is,
> last time this happened a few emails got sent off using my screen
> name (Xaxo) with text containing various bad language and bad jokes
> to friends of mine. Im posting this just in case this happened again
> to anyone who reads this list, even though i dont usually store email
> addresses in an easy to find location anymore.
> I appologize for the inconvenience and am working on ways to avoid
> this kind of thing. Im also contiually updating my 'virus' program
> although i havent found a way to prevent things like this from happening
> altogether...only correct things that happened after something goes wrong
> with the system or strange files suddenly appear in a directory somewhere.
> I usually get hit worse than this however, with dll's, .js scripts, and
> stuff like that. I even have SP2 and that doesnt seem to make ANY difference.
> Also, from a scan i can find various 'remnant' files left as a result of
> someone running MY Exe FILES from MY computer! I dont see how anyone can get
> this kind of privilege?
>
> *LAST* time i was hit was about six weeks ago, but that time i was actually
> surfing the web. The screen went to a black background and the only thing
> left was a dialog box saying something like i had the 'sassor worm' and
> i had to run this virus program to get rid of it, with an "ok" button to
> run the program (which actually did nothing when clicked). The name of
> the virus program was "Gold" something or 'something' GOLD, which
> was apparently downloaded very nearly (within about a minute) the same
> time as the 'virus'! Now this makes me wonder, what are the chances of
> getting a virus AND virus protection software downloaded within 60 seconds
> of each other when not even trying to download anything at all???
> This hit was so bad though i couldnt run anything so the only way around it
> was to reinstall, which takes quite a bit of time because most other
> software has to be reinstalled also!
>
> Anyway, a number of programs had been run and just in case anyone got any
> objectional emails please ignore them, or better yet, if they are dated
> between say about 12:01am to about 6:00am yesterday morning dont even
> open them :)
>
> Thanks very much for your attention, and if anyone has any ideas or
> suggestions
> about security issues with XP-SP2 please mention them either here or email.
> I thought SP2 was supposed to clear up a lot of security issues with XP!
>
> Weird thing is, i know there are people who stay connected to the internet
> for many hours at a time and dont get hit. They must be running Linux! :)
>
>
> Take care,
> Al
>
>
> Take care,
> Al
>
> And, good luck with your Euphoria programming!
>
> My bumper sticker: "I brake for LED's"
>
That must of explained why you logged in to the #Euphoria chatroom as
youngni**ershi*t. And said things like: "f*ck sh*t ni**er", and "did you blow me
you sh*t s*cker!" I checked the logs it seemed to be happening during early
Wednesday. We thought you were going insane or somthing. You probaly got attacked
by someone using a trojan horse as well, like Sub7 or something. I use the
following programs for my Windows XP SP2 box to protect against spyware, viruses,
and other security threats.
LANguard Network Security Scanner v5.0
NeWT Security Scanner Pro v2.2
SpyBot Search & Destroy v1.3
Microsoft AntiSpyware (beta)
Adaware Personal SE v1.06r1
Registry Mechanic v4.0
Nortan Anti Virus 2003
Ace Utilities v2.5.0
Spyware Blaster v3.4
Spyware Doctor v3.2
ZoneAlarm Pro v6.0
Trojan Hunter v4.2
Spyware Guard v2.2
Spy Sweeper v4.0
MRU-Blaster v1.5
I had a big adware takeover on my machine a couple weeks ago. I had to scan
through over 7000 DLL and EXE files "manually" on harddrive, and "manually"
delete 156 DLL, EXE and Prefetch files, inorder to regain security (took me 6
hours to do). I since got big time and installed and used all those programs
listed above. I can now lock down my machine very tightly if I needed.
Regards,
Vincent
----------------------------------------------
___ __________ ___
/__/\ /__________\ |\ _\
\::\'\ //::::::::::\\ |'|::|
\::\'\ //:::_::::_:::\\ |'|::|
\::\'\ //::/ |::| \::\\ |'|::|
\::\'\ //::/ |::| \::\\|'|::|
\::\'\__//::/ |::| \::\|'|::|
\::\','/::/ |::| \::\\|::|
\::\_/::/ |::| \::\|::|
\::,::/ |::| \:::::|
\___/ |__| \____|
.``.
',,'
5. Re: IMPORTANT: Email warning!
On 21 Jul 2005, at 11:18, Vincent wrote:
> That must of explained why you logged in to the #Euphoria chatroom as
> youngni**ershi*t. And said things like: "f*ck sh*t ni**er", and "did you blow
> me
> you sh*t s*cker!" I checked the logs it seemed to be happening during early
> Wednesday. We thought you were going insane or somthing. You probaly got
> attacked by someone using a trojan horse as well, like Sub7 or something. I
> use
> the following programs for my Windows XP SP2 box to protect against spyware,
> viruses, and other security threats.
>
> LANguard Network Security Scanner v5.0
> NeWT Security Scanner Pro v2.2
> SpyBot Search & Destroy v1.3
> Microsoft AntiSpyware (beta)
> Adaware Personal SE v1.06r1
> Registry Mechanic v4.0
> Nortan Anti Virus 2003
> Ace Utilities v2.5.0
> Spyware Blaster v3.4
> Spyware Doctor v3.2
> ZoneAlarm Pro v6.0
> Trojan Hunter v4.2
> Spyware Guard v2.2
> Spy Sweeper v4.0
> MRU-Blaster v1.5
>
> I had a big adware takeover on my machine a couple weeks ago. I had to scan
> through over 7000 DLL and EXE files "manually" on harddrive, and "manually"
> delete 156 DLL, EXE and Prefetch files, inorder to regain security (took me 6
> hours to do). I since got big time and installed and used all those programs
> listed above. I can now lock down my machine very tightly if I needed.
Do you still allow copy/paste by script? What about downloads of icons,
activex, javascript, shockwave? Do you know if your runtime protection really
scans the css files for scripts? You do know modern viruses and trojan
automagically shut off all your "protection"?
Kat
6. Re: IMPORTANT: Email warning!
Kat wrote:
>
> On 21 Jul 2005, at 11:18, Vincent wrote:
>
>
> > That must of explained why you logged in to the #Euphoria chatroom as
> > youngni**ershi*t. And said things like: "f*ck sh*t ni**er", and "did you
> > blow me
> > you sh*t s*cker!" I checked the logs it seemed to be happening during early
> > Wednesday. We thought you were going insane or somthing. You probaly got
> > attacked by someone using a trojan horse as well, like Sub7 or something. I
> > use
> > the following programs for my Windows XP SP2 box to protect against spyware,
> > viruses, and other security threats.
> >
> > LANguard Network Security Scanner v5.0
> > NeWT Security Scanner Pro v2.2
> > SpyBot Search & Destroy v1.3
> > Microsoft AntiSpyware (beta)
> > Adaware Personal SE v1.06r1
> > Registry Mechanic v4.0
> > Nortan Anti Virus 2003
> > Ace Utilities v2.5.0
> > Spyware Blaster v3.4
> > Spyware Doctor v3.2
> > ZoneAlarm Pro v6.0
> > Trojan Hunter v4.2
> > Spyware Guard v2.2
> > Spy Sweeper v4.0
> > MRU-Blaster v1.5
> >
> > I had a big adware takeover on my machine a couple weeks ago. I had to scan
> > through over 7000 DLL and EXE files "manually" on harddrive, and "manually"
> > delete 156 DLL, EXE and Prefetch files, inorder to regain security (took me
> > 6
> > hours to do). I since got big time and installed and used all those programs
> > listed above. I can now lock down my machine very tightly if I needed.
>
> Do you still allow copy/paste by script? What about downloads of icons,
> activex, javascript, shockwave? Do you know if your runtime protection really
> scans the css files for scripts? You do know modern viruses and trojan
> automagically shut off all your "protection"?
>
> Kat
>
>
Kat... Windows XP SP2 will prompt me if ActiveX content trys to run... I can
disable Flash and Shockwave with spyware blaster.. Spyware gaurd has a protection
database with a list of bad sites to refuse downloads from, spyware gaurd prompts
action on changes to the registry, spy sweeper will notify me of new cookies. I
only run a few programs with live protection, if their processes and tray icons
disapear I would notice it very quickly.. and I will shutdown my network with
ZoneAlarm or do a scan on any suspecious network activity, 99% Zonealarm will
notice a file trying to run, and I know by experience on whether or not its safe.
I see your point, but my Windows protection is fairly decent, after all I
learned my lesson many times in the past.
Regards,
Vincent
----------------------------------------------
___ __________ ___
/__/\ /__________\ |\ _\
\::\'\ //::::::::::\\ |'|::|
\::\'\ //:::_::::_:::\\ |'|::|
\::\'\ //::/ |::| \::\\ |'|::|
\::\'\ //::/ |::| \::\\|'|::|
\::\'\__//::/ |::| \::\|'|::|
\::\','/::/ |::| \::\\|::|
\::\_/::/ |::| \::\|::|
\::,::/ |::| \:::::|
\___/ |__| \____|
.``.
',,'
7. Re: IMPORTANT: Email warning!
> >
> > > That must of explained why you logged in to the
> #Euphoria chatroom as
> > > youngni**ershi*t. And said things like: "f*ck
> sh*t ni**er", and "did you blow me
> > > you sh*t s*cker!" I checked the logs it seemed
> to be happening during early
> > > Wednesday. We thought you were going insane or
> somthing. You probaly got
> > > attacked by someone using a trojan horse as
> well, like Sub7 or something. I use
> > > the following programs for my Windows XP SP2 box
> to protect against spyware,
> > > viruses, and other security threats.
> > >
> > > LANguard Network Security Scanner v5.0
> > > NeWT Security Scanner Pro v2.2
> > > SpyBot Search & Destroy v1.3
> > > Microsoft AntiSpyware (beta)
> > > Adaware Personal SE v1.06r1
> > > Registry Mechanic v4.0
> > > Nortan Anti Virus 2003
> > > Ace Utilities v2.5.0
> > > Spyware Blaster v3.4
> > > Spyware Doctor v3.2
> > > ZoneAlarm Pro v6.0
> > > Trojan Hunter v4.2
> > > Spyware Guard v2.2
> > > Spy Sweeper v4.0
> > > MRU-Blaster v1.5
> > >
> > > I had a big adware takeover on my machine a
> couple weeks ago. I had to scan
> > > through over 7000 DLL and EXE files "manually"
> on harddrive, and "manually"
> > > delete 156 DLL, EXE and Prefetch files, inorder
> to regain security (took me 6
> > > hours to do). I since got big time and installed
> and used all those programs
> > > listed above. I can now lock down my machine
> very tightly if I needed.
> >
> Kat... Windows XP SP2 will prompt me if ActiveX
> content trys to run... I can disable Flash and
> Shockwave with spyware blaster.. Spyware gaurd has a
> protection database with a list of bad sites to
> refuse downloads from, spyware gaurd prompts action
> on changes to the registry, spy sweeper will notify
> me of new cookies. I only run a few programs with
> live protection, if their processes and tray icons
> disapear I would notice it very quickly.. and I will
> shutdown my network with ZoneAlarm or do a scan on
> any suspecious network activity, 99% Zonealarm will
> notice a file trying to run, and I know by
> experience on whether or not its safe. I see your
> point, but my Windows protection is fairly decent,
> after all I learned my lesson many times in the
> past.
>
With all of those programs running and effort spent
fighting spyware/viruses, it's a wonder you have any
processor or time left to enjoy your computer. I'm
sure glad I've explored alternatives. And I'm
greatful that I'm no longer windows dependant.
Good luck.
--
Ronald Weidner
http://www.techport80.com
PHP Software developer for hire.
8. Re: IMPORTANT: Email warning!
Hello again Jason, Derek, Vincent, and Kat,
It looks like i'll have to check some of these programs out,
although i was hoping to avoid shelling out 50 bucks just because
some dumb person and/or company feels like hacking my computer.
Jason:
I checked out that Shields program but they dont seem to have a
section for Win XP, unless i missed it?
Derek:
Yeah i see what you mean :) Win XP's firewall doesnt seem to do
anything at all! I wonder why they even bother to install it when
you install XP ? Doesnt make any sense to me!
Vincent:
Oh wow, so the euphoria chat room got blasted! Well, on the bright
side so far that's the only bad news i've heard. It's been a couple
days now and i havent received any emails complaining about someone
getting a bunch of bad jokes or bad language in the email. I guess
they were mad this time...they couldnt find my email list ha ha!
Kat:
Do you know if an external system can turn my "Remote Desktop" back
on? It appears that was activated again and im pretty sure i
had it turned off!
I usually set my IE security settings to 'prompt' for most things.
This makes me think about a program...that brings up a dialog box
whenever *ANY* exe is run on a machine. I have a program that creates
buttons in a window when you drop a .exe/exw or directory on it, and
when you click the button before anything actually runs you get a small
dialog window that says:
"Run or open file?"
with four buttons:
"Edit properties", "No", "Yes", "Explore".
Now before the exe can run, the user has to click "Yes", otherwise
it just sits there doing nothing.
Well, if there was a program or perhaps a way of "subclassing"
EVERY SINGLE EXE program on the computer, you could have a dialog
box like that come up so the exe couldnt run unless you click it.
I guess this brings up the question though...can an external user
click a button on someone else's computer somehow? If not, this
would work great! If they could, then it would only work when
the user is sitting right there in front of the computer watching
the screen. A small delay period (even 0.3 seconds probably)
would mean the dialog box would be visible showing the user what
is going on. I dont know how this would affect performance however.
OH yes, BTW, the name of the program that really messed up my machine
several weeks back was: Antivirus Gold.
Their website is at ----://www.antivirus-gold.com
(i've blocked out the h.t.t.p part of the address so no one clicks on it!)
This site/product is RESPONSIBLE for that nasty attack i was talking about
where the desktop went black, and only their stinking product was shown
in a dialog box. What they do is install a virus, then tell you you need
their software to fix it!!! Now do they really expect me to buy their
software after that? That's just nuts.
Well i guess i'll be looking for some free software to help prevent these
kinds of things....
Thanks for all the ideas and suggestions, and if anyone knows a way to
'subclass' all the exe's on a machine (like i was talking about before)
please let me know.
Take care for now,
Al
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
9. Re: IMPORTANT: Email warning!
Al Getz wrote:
> Jason:
> I checked out that Shields program but they dont seem to have a
> section for Win XP, unless i missed it?
Its not a program that runs on your computer; his computer will scan your
computer and tell you any open ports or vulnerabilities that it might have. It
will tell you how visible your computer is to the rest of the internet.
BTW, ZoneAlarm has a free version of their firewall; it is what I use. Although
I've been thinking about dropping it since I also have a hardware firewall, it
works very well.
=====================================
Too many freaks, not enough circuses.
j.
10. Re: IMPORTANT: Email warning!
On Fri, 22 Jul 2005 05:07:52 -0700, Al Getz <guest at RapidEuphoria.com>
wrote:
>This makes me think about a program...that brings up a dialog box
>whenever *ANY* exe is run on a machine.
I use Kerio, which monitors all executables for network traffic. It
also performs an md5 checksum on any exe you have previously given
permission to perform network traffic before it is run. This may not
help with many viruses, (unless they infect your browser etc), but it
should catch any spyware/trojan type programs. Other firewalls
probably perform in a similar fashion. I am not a security expert.
Regards,
Pete
PS I replied before but I think it got lost. You wrote:
>a dialog box saying something like i had the 'sassor worm' and
>i had to run this virus program to get rid of it, with an "ok" button to
>run the program (which actually did nothing when clicked).
As you are probably aware, that was a bit of relatively harmless html
showing, but clicking the button installed the virus. If you'd just
closed the window, it would probably not have managed to cause harm.
11. Re: IMPORTANT: Email warning!
Hi again,
Jason:
I'll take another look at the Shields info when im feeling a bit better.
Having a nasty couple weeks here...now came down with some kind of flu
so i'll be out of commish for a few more days yet.
Pete:
I couldnt close anything after that took over...it blanked everything else
out...never got a chance to even say "no".
Thanks again for all the ideas and suggestions!
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
