1. [OT] Re: VERY strange problem? HELP!
- Posted by Pete Lomax <petelomax at blueyonder.co.uk> Jun 27, 2004
- 525 views
On Sat, 26 Jun 2004 15:26:42 -0700, CoJaBo <guest at RapidEuphoria.com> wrote: >I think it was "54484520454E44" again, similar problems each time: > 4920414D2054484520454E442100 or spatchula?) I doubt this helps, but that is ascii code for "THE END" and "I AM THE END!" Maybe something will twig scanning your firewall logs? Pete
2. Re: [OT] Re: VERY strange problem? HELP!
- Posted by CoJaBo <cojabo at suscom.net> Jun 28, 2004
- 492 views
Pete Lomax wrote: > > On Sat, 26 Jun 2004 15:26:42 -0700, CoJaBo <guest at RapidEuphoria.com> > wrote: > > >I think it was "54484520454E44" again, similar problems each time: > > 4920414D2054484520454E442100 or spatchula?) > > I doubt this helps, but that is ascii code for "THE END" and "I AM THE > END!" Maybe something will twig scanning your firewall logs? > > Pete Yes, I know. The cracker wasn't too happy when I decoded that and posted "What do you mean "I am the end!"?"! Also the strangest value ?time() displayed (-3812688), when you remove the '-' and convert it into hexadecimal, it is the ASCII code for ""! This is where I got "54484520454E44" to call the cracker, I don't even know what the cracker actually wants to be called.
3. Re: [OT] Re: VERY strange problem? HELP!
- Posted by Al Getz <Xaxo at aol.com> Jun 28, 2004
- 481 views
CoJaBo wrote: > Yes, I know. The cracker wasn't too happy when I decoded that > and posted "What do you mean "I am the end!"?"! > Also the strangest value ?time() displayed (-3812688), when > you remove the '-' and convert it into hexadecimal, it is the ASCII > code for ""! This is where I got "54484520454E44" to call the > cracker, I don't even know what the cracker actually wants to be called. > I get hit about once per week too so i know the problems that can come up. I've had all kinds of funny stuff going on...from installing 'toolbars' in my IE to deleting programs. One time i went to open a simple text file using Notepad and got the error message something like "Unable to open file, cant find Notepad.exe" Now why on earth would a web site want to delete your Notepad???? A little investigation turned up a program that was installed overtop of Notepad (theirs) but when they deleted Notepad versions (which BTW were in about three directories which they had to hunt down to accomplish) they forgot to reinstall THEIR program in that one directory...which happend to be the one that was called to open the text file. If it wasnt for that, THEIR replacement file would have ran on my machine and who knows that else from there I also found that they also replaced the Windows media player, and during the time of the attack the were able to stop the firewall log from recording transactions! There was a void in the times between which they were doing this attack. This wasnt the first time and i know it wont be the last. I dont know what they think they will accomplish, but it wont be a heck of a lot! Even if my comp goes down it's not going to do any good for them right? I've developed some software to deal with these idiots over the years, but unfortunately this is a catch-as-catch-can situation--if i post anything to the web and it gets learned by would-be attackers, that makes it less effective for me. I've even considered posting .exe versions of the software, but once it gets into the wrong hands it allows experimentation with what passes undetected and what doesnt--so it's effectiveness still declines. Only thing i can say is run a virus detector of some kind. Take care and good luck with it, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
4. Re: [OT] Re: VERY strange problem? HELP!
- Posted by CoJaBo <cojabo at suscom.net> Jun 28, 2004
- 483 views
Al Getz wrote: > > CoJaBo wrote: > > Yes, I know. The cracker wasn't too happy when I decoded that > > and posted "What do you mean "I am the end!"?"! > > Also the strangest value ?time() displayed (-3812688), when > > you remove the '-' and convert it into hexadecimal, it is the ASCII > > code for ""! This is where I got "54484520454E44" to call the > > cracker, I don't even know what the cracker actually wants to be called. > > > > I get hit about once per week too so i know the problems that can > come up. > > I've had all kinds of funny stuff going on...from installing > 'toolbars' in my IE to deleting programs. The desktop compuyter gets a "toolbar" installing itself at least monthly, so I run a scan every week, it has never found less than 10 things... > > One time i went to open a simple text file using Notepad and > got the error message something like > "Unable to open file, cant find Notepad.exe" > Now why on earth would a web site want to delete your Notepad???? That happend to me, I had to copy it from another computer. > > A little investigation turned up a program that was installed > overtop of Notepad (theirs) but when they deleted Notepad versions > (which BTW were in about three directories which they had to hunt down > to accomplish) they forgot to reinstall THEIR program in that one > directory...which happend to be the one that was called to open > the text file. If it wasnt for that, THEIR replacement file would > have ran on my machine and who knows that else from there > > I also found that they also replaced the Windows media player, and > during the time of the attack the were able to stop the firewall > log from recording transactions! There was a void in the times > between which they were doing this attack. I think somone messed up my logs too, it says that 64.224.18.21 did a ddK`~~soWlyyyy attack at 12:00 AM 06/88/1900 which makes no sense at all! 64.224.18.21 appears to be a webserver, and the router reports no communication with 64.224.18.21. > > This wasnt the first time and i know it wont be the last. > I dont know what they think they will accomplish, but it > wont be a heck of a lot! Even if my comp goes down it's not > going to do any good for them right? Well, mine was once used to launch an attack on thesims.ea.com BBS, slowing my internet connection down quite a bit untill I found out what was happenning (which, unfortunatly, was after they had banned me, and none of the tech support links work...). > > I've developed some software to deal with these idiots over > the years, but unfortunately this is a catch-as-catch-can > situation--if i post anything to the web and it gets learned > by would-be attackers, that makes it less effective for me. > > I've even considered posting .exe versions of the software, > but once it gets into the wrong hands it allows experimentation > with what passes undetected and what doesnt--so it's effectiveness > still declines. > > Only thing i can say is run a virus detector of some kind. > > Take care and good luck with it, > Al > > > And, good luck with your Euphoria programming! > > My bumper sticker: "I brake for LED's" >
5. Re: [OT] Re: VERY strange problem? HELP!
- Posted by "William Heimbigner" <icxcnika at hotpop.com> Jun 28, 2004
- 528 views
----- Original Message ----- From: "Al Getz" <guest at RapidEuphoria.com> To: <EUforum at topica.com> Sent: Monday, June 28, 2004 1:45 PM Subject: Re: [OT] Re: VERY strange problem? HELP! > > > posted by: Al Getz <Xaxo at aol.com> > > CoJaBo wrote: > > Yes, I know. The cracker wasn't too happy when I decoded that > > and posted "What do you mean "I am the end!"?"! > > Also the strangest value ?time() displayed (-3812688), when > > you remove the '-' and convert it into hexadecimal, it is the ASCII > > code for ""! This is where I got "54484520454E44" to call the > > cracker, I don't even know what the cracker actually wants to be called. > > > > I get hit about once per week too so i know the problems that can > come up. > > I've had all kinds of funny stuff going on...from installing > 'toolbars' in my IE to deleting programs. For any IE problems, run a google search on 'Hijack This!' Its great. Ull see. > One time i went to open a simple text file using Notepad and > got the error message something like > "Unable to open file, cant find Notepad.exe" > Now why on earth would a web site want to delete your Notepad???? A web site couldn't do that unless you have REALLY low security settings. Anyway, for solving spyware problems, i got some suggestions: Spybot Search & Destroy - http://www.safer-networking.org - free Spyware Blaster - http://www.javacoolsoftware.com - free > Only thing i can say is run a virus detector of some kind. Lol. Sorry to break it to ya, but dealing with spyware via antivirus software works very poorly. Fact of the matter is, when it comes to spyware, AV wont do jack. Well, check em out! William Heimbigner
6. Re: [OT] Re: VERY strange problem? HELP!
- Posted by Al Getz <Xaxo at aol.com> Jun 28, 2004
- 474 views
William Heimbigner wrote: > > > ----- Original Message ----- > From: "Al Getz" <guest at RapidEuphoria.com> > To: <EUforum at topica.com> > Sent: Monday, June 28, 2004 1:45 PM > Subject: Re: [OT] Re: VERY strange problem? HELP! > > > > posted by: Al Getz <Xaxo at aol.com> > > > > CoJaBo wrote: > > > Yes, I know. The cracker wasn't too happy when I decoded that > > > and posted "What do you mean "I am the end!"?"! > > > Also the strangest value ?time() displayed (-3812688), when > > > you remove the '-' and convert it into hexadecimal, it is the ASCII > > > code for ""! This is where I got "54484520454E44" to call the > > > cracker, I don't even know what the cracker actually wants to be called. > > > > > > > I get hit about once per week too so i know the problems that can > > come up. > > > > I've had all kinds of funny stuff going on...from installing > > 'toolbars' in my IE to deleting programs. > For any IE problems, run a google search on 'Hijack This!' Its great. Ull > see. > > One time i went to open a simple text file using Notepad and > > got the error message something like > > "Unable to open file, cant find Notepad.exe" > > Now why on earth would a web site want to delete your Notepad???? > A web site couldn't do that unless you have REALLY low security settings. > Anyway, for solving spyware problems, i got some suggestions: > > Spybot Search & Destroy - <a > href="http://www.safer-networking.org">http://www.safer-networking.org</a> - > free > Spyware Blaster - <a > href="http://www.javacoolsoftware.com">http://www.javacoolsoftware.com</a> - free > > > Only thing i can say is run a virus detector of some kind. > > Lol. Sorry to break it to ya, but dealing with spyware via antivirus > software works very poorly. > Fact of the matter is, when it comes to spyware, AV wont do jack. > > Well, check em out! > William Heimbigner > > Hello William, I think i had my security set on medium but it didnt matter in the past what i had it set to. What is it about spyware that a virus detector wouldnt find? I dont use virus detectors, just my own software. It couldnt hurt to learn more about the adware and spyware i guess. Take care, Al And, good luck with your Euphoria programming! My bumper sticker: "I brake for LED's"
7. Re: [OT] Re: VERY strange problem? HELP!
- Posted by irv mullins <irvm at ellijay.com> Jun 28, 2004
- 493 views
Al Getz wrote: > I think i had my security set on medium but it didnt matter > in the past what i had it set to. Al: The very first thing you should do is go to http://grc.com and click on "Shields Up", then scroll down the page to find the "Hot Spots" section, and click on "Shields UP!" again. Run all 5 of the tests there under ShieldsUP!! Services. Your computer should register all ports as "stealth". Anything less than that is opening yourself up for troubles. By the way, GRC is Gibson Research (Steve Gibson was the inventor of the SpinRite software from years ago) - I think you can trust them. Regards, Irv
8. Re: [OT] Re: VERY strange problem? HELP!
- Posted by "Unkmar" <L3Euphoria at bellsouth.net> Jun 29, 2004
- 491 views
All that items listed aer FREE unless stated otherwise. TrendMicro AntiVirus scan - http://housecall.trendmicro.com/ - http://www.antivirus.com AVG - http://www.grisoft.com/ - I didn't find this to be all that good SpywareBlaster - http://www.javacoolsoftware.com Spybot Search & Destory - http://www.safer-networking.org/ Lavasoft Adaware - http://www.lavasoft.de/ BHODemon - http://www.definitivesolutions.com/bhodemon.htm Online logs say this one works. Merjin's tools - http://www.spywareinfo.com/~merijn/downloads.html Includes: HijackThis CWShredder StartupList BHOList - Broswer Helper Object lister Kill2Me KazaaBegone If you are really serious visit and read over this about NOD32. This software cost money but is apparently delivers what it promises. I run a business now and will be buying this very soon. http://www.nod32.com.au/nod32/home/home.htm http://antivirus.about.com/cs/softwarereviews/gr/nod32v2.htm http://www.pcmag.com/article2/0,4149,978452,00.asp http://www.tech-critic.com/comments.php?id=9920&catid=2 unkmar