1. [OT] Re: VERY strange problem? HELP!
On Sat, 26 Jun 2004 15:26:42 -0700, CoJaBo <guest at RapidEuphoria.com>
wrote:
>I think it was "54484520454E44" again, similar problems each time:
> 4920414D2054484520454E442100 or spatchula?)
I doubt this helps, but that is ascii code for "THE END" and "I AM THE
END!" Maybe something will twig scanning your firewall logs?
Pete
2. Re: [OT] Re: VERY strange problem? HELP!
Pete Lomax wrote:
>
> On Sat, 26 Jun 2004 15:26:42 -0700, CoJaBo <guest at RapidEuphoria.com>
> wrote:
>
> >I think it was "54484520454E44" again, similar problems each time:
> > 4920414D2054484520454E442100 or spatchula?)
>
> I doubt this helps, but that is ascii code for "THE END" and "I AM THE
> END!" Maybe something will twig scanning your firewall logs?
>
> Pete
Yes, I know. The cracker wasn't too happy when I decoded that
and posted "What do you mean "I am the end!"?"!
Also the strangest value ?time() displayed (-3812688), when
you remove the '-' and convert it into hexadecimal, it is the ASCII
code for "
"! This is where I got "54484520454E44" to call the
cracker, I don't even know what the cracker actually wants to be called.
3. Re: [OT] Re: VERY strange problem? HELP!
CoJaBo wrote:
> Yes, I know. The cracker wasn't too happy when I decoded that
> and posted "What do you mean "I am the end!"?"!
> Also the strangest value ?time() displayed (-3812688), when
> you remove the '-' and convert it into hexadecimal, it is the ASCII
> code for ""! This is where I got "54484520454E44" to call the
> cracker, I don't even know what the cracker actually wants to be called.
>
I get hit about once per week too so i know the problems that can
come up.
I've had all kinds of funny stuff going on...from installing
'toolbars' in my IE to deleting programs.
One time i went to open a simple text file using Notepad and
got the error message something like
"Unable to open file, cant find Notepad.exe"
Now why on earth would a web site want to delete your Notepad????
A little investigation turned up a program that was installed
overtop of Notepad (theirs) but when they deleted Notepad versions
(which BTW were in about three directories which they had to hunt down
to accomplish) they forgot to reinstall THEIR program in that one
directory...which happend to be the one that was called to open
the text file. If it wasnt for that, THEIR replacement file would
have ran on my machine and who knows that else from there 
I also found that they also replaced the Windows media player, and
during the time of the attack the were able to stop the firewall
log from recording transactions! There was a void in the times
between which they were doing this attack.
This wasnt the first time and i know it wont be the last.
I dont know what they think they will accomplish, but it
wont be a heck of a lot! Even if my comp goes down it's not
going to do any good for them right?
I've developed some software to deal with these idiots over
the years, but unfortunately this is a catch-as-catch-can
situation--if i post anything to the web and it gets learned
by would-be attackers, that makes it less effective for me.
I've even considered posting .exe versions of the software,
but once it gets into the wrong hands it allows experimentation
with what passes undetected and what doesnt--so it's effectiveness
still declines.
Only thing i can say is run a virus detector of some kind.
Take care and good luck with it,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
4. Re: [OT] Re: VERY strange problem? HELP!
Al Getz wrote:
>
> CoJaBo wrote:
> > Yes, I know. The cracker wasn't too happy when I decoded that
> > and posted "What do you mean "I am the end!"?"!
> > Also the strangest value ?time() displayed (-3812688), when
> > you remove the '-' and convert it into hexadecimal, it is the ASCII
> > code for ""! This is where I got "54484520454E44" to call the
> > cracker, I don't even know what the cracker actually wants to be called.
> >
>
> I get hit about once per week too so i know the problems that can
> come up.
>
> I've had all kinds of funny stuff going on...from installing
> 'toolbars' in my IE to deleting programs.
The desktop compuyter gets a "toolbar" installing itself
at least monthly, so I run a scan every week, it has never found
less than 10 things...
>
> One time i went to open a simple text file using Notepad and
> got the error message something like
> "Unable to open file, cant find Notepad.exe"
> Now why on earth would a web site want to delete your Notepad????
That happend to me, I had to copy it from another computer.
>
> A little investigation turned up a program that was installed
> overtop of Notepad (theirs) but when they deleted Notepad versions
> (which BTW were in about three directories which they had to hunt down
> to accomplish) they forgot to reinstall THEIR program in that one
> directory...which happend to be the one that was called to open
> the text file. If it wasnt for that, THEIR replacement file would
> have ran on my machine and who knows that else from there
>
> I also found that they also replaced the Windows media player, and
> during the time of the attack the were able to stop the firewall
> log from recording transactions! There was a void in the times
> between which they were doing this attack.
I think somone messed up my logs too, it says that
64.224.18.21 did a ddK`~~soWlyyyy attack at 12:00 AM 06/88/1900
which makes no sense at all!
64.224.18.21 appears to be a webserver, and the router reports no
communication with 64.224.18.21.
>
> This wasnt the first time and i know it wont be the last.
> I dont know what they think they will accomplish, but it
> wont be a heck of a lot! Even if my comp goes down it's not
> going to do any good for them right?
Well, mine was once used to launch an attack on thesims.ea.com BBS,
slowing my internet connection down quite a bit untill I found out
what was happenning (which, unfortunatly, was after they had banned
me, and none of the tech support links work...).
>
> I've developed some software to deal with these idiots over
> the years, but unfortunately this is a catch-as-catch-can
> situation--if i post anything to the web and it gets learned
> by would-be attackers, that makes it less effective for me.
>
> I've even considered posting .exe versions of the software,
> but once it gets into the wrong hands it allows experimentation
> with what passes undetected and what doesnt--so it's effectiveness
> still declines.
>
> Only thing i can say is run a virus detector of some kind.
>
> Take care and good luck with it,
> Al
>
>
> And, good luck with your Euphoria programming!
>
> My bumper sticker: "I brake for LED's"
>
5. Re: [OT] Re: VERY strange problem? HELP!
----- Original Message -----
From: "Al Getz" <guest at RapidEuphoria.com>
To: <EUforum at topica.com>
Sent: Monday, June 28, 2004 1:45 PM
Subject: Re: [OT] Re: VERY strange problem? HELP!
>
>
> posted by: Al Getz <Xaxo at aol.com>
>
> CoJaBo wrote:
> > Yes, I know. The cracker wasn't too happy when I decoded that
> > and posted "What do you mean "I am the end!"?"!
> > Also the strangest value ?time() displayed (-3812688), when
> > you remove the '-' and convert it into hexadecimal, it is the ASCII
> > code for ""! This is where I got "54484520454E44" to call the
> > cracker, I don't even know what the cracker actually wants to be called.
> >
>
> I get hit about once per week too so i know the problems that can
> come up.
>
> I've had all kinds of funny stuff going on...from installing
> 'toolbars' in my IE to deleting programs.
For any IE problems, run a google search on 'Hijack This!' Its great. Ull
see.
> One time i went to open a simple text file using Notepad and
> got the error message something like
> "Unable to open file, cant find Notepad.exe"
> Now why on earth would a web site want to delete your Notepad????
A web site couldn't do that unless you have REALLY low security settings.
Anyway, for solving spyware problems, i got some suggestions:
Spybot Search & Destroy - http://www.safer-networking.org - free
Spyware Blaster - http://www.javacoolsoftware.com - free
> Only thing i can say is run a virus detector of some kind.
Lol. Sorry to break it to ya, but dealing with spyware via antivirus
software works very poorly.
Fact of the matter is, when it comes to spyware, AV wont do jack.
Well, check em out!
William Heimbigner
6. Re: [OT] Re: VERY strange problem? HELP!
William Heimbigner wrote:
>
>
> ----- Original Message -----
> From: "Al Getz" <guest at RapidEuphoria.com>
> To: <EUforum at topica.com>
> Sent: Monday, June 28, 2004 1:45 PM
> Subject: Re: [OT] Re: VERY strange problem? HELP!
>
>
> > posted by: Al Getz <Xaxo at aol.com>
> >
> > CoJaBo wrote:
> > > Yes, I know. The cracker wasn't too happy when I decoded that
> > > and posted "What do you mean "I am the end!"?"!
> > > Also the strangest value ?time() displayed (-3812688), when
> > > you remove the '-' and convert it into hexadecimal, it is the ASCII
> > > code for ""! This is where I got "54484520454E44" to call the
> > > cracker, I don't even know what the cracker actually wants to be called.
> > >
> >
> > I get hit about once per week too so i know the problems that can
> > come up.
> >
> > I've had all kinds of funny stuff going on...from installing
> > 'toolbars' in my IE to deleting programs.
> For any IE problems, run a google search on 'Hijack This!' Its great. Ull
> see.
> > One time i went to open a simple text file using Notepad and
> > got the error message something like
> > "Unable to open file, cant find Notepad.exe"
> > Now why on earth would a web site want to delete your Notepad????
> A web site couldn't do that unless you have REALLY low security settings.
> Anyway, for solving spyware problems, i got some suggestions:
>
> Spybot Search & Destroy - <a
> href="http://www.safer-networking.org">http://www.safer-networking.org</a> -
> free
> Spyware Blaster - <a
> href="http://www.javacoolsoftware.com">http://www.javacoolsoftware.com</a> - free
>
> > Only thing i can say is run a virus detector of some kind.
>
> Lol. Sorry to break it to ya, but dealing with spyware via antivirus
> software works very poorly.
> Fact of the matter is, when it comes to spyware, AV wont do jack.
>
> Well, check em out!
> William Heimbigner
>
>
Hello William,
I think i had my security set on medium but it didnt matter
in the past what i had it set to.
What is it about spyware that a virus detector wouldnt find?
I dont use virus detectors, just my own software.
It couldnt hurt to learn more about the adware and spyware
i guess.
Take care,
Al
And, good luck with your Euphoria programming!
My bumper sticker: "I brake for LED's"
7. Re: [OT] Re: VERY strange problem? HELP!
Al Getz wrote:
> I think i had my security set on medium but it didnt matter
> in the past what i had it set to.
Al:
The very first thing you should do is go to http://grc.com
and click on "Shields Up", then scroll down the page to find
the "Hot Spots" section, and click on "Shields UP!" again.
Run all 5 of the tests there under ShieldsUP!! Services.
Your computer should register all ports as "stealth".
Anything less than that is opening yourself up for troubles.
By the way, GRC is Gibson Research (Steve Gibson was the inventor
of the SpinRite software from years ago) - I think you can trust them.
Regards,
Irv
8. Re: [OT] Re: VERY strange problem? HELP!
All that items listed aer FREE unless stated otherwise.
TrendMicro AntiVirus scan - http://housecall.trendmicro.com/ -
http://www.antivirus.com
AVG - http://www.grisoft.com/ - I didn't find this to be all that good
SpywareBlaster - http://www.javacoolsoftware.com
Spybot Search & Destory - http://www.safer-networking.org/
Lavasoft Adaware - http://www.lavasoft.de/
BHODemon - http://www.definitivesolutions.com/bhodemon.htm
Online logs say this one works.
Merjin's tools - http://www.spywareinfo.com/~merijn/downloads.html
Includes:
HijackThis
CWShredder
StartupList
BHOList - Broswer Helper Object lister
Kill2Me
KazaaBegone
If you are really serious visit and read over this about NOD32.
This software cost money but is apparently delivers what it promises.
I run a business now and will be buying this very soon.
http://www.nod32.com.au/nod32/home/home.htm
http://antivirus.about.com/cs/softwarereviews/gr/nod32v2.htm
http://www.pcmag.com/article2/0,4149,978452,00.asp
http://www.tech-critic.com/comments.php?id=9920&catid=2
unkmar
