FoodBanter.com

FoodBanter.com (https://www.foodbanter.com/)
-   Barbecue (https://www.foodbanter.com/barbecue/)
-   -   Graeme Walker (https://www.foodbanter.com/barbecue/53801-graeme-walker.html)

[email protected] 12-02-2005 09:22 PM

Graeme Walker
 
I've just gotten off the phone with Graeme. Regarding the worm, Trojan
horse or virus infecting his PC, he tried some of the remedies that were
e-mailed to him. He said when he got to the point where he started manually
deleting the 'infected' files, the screen flashed and a big sign came up,
saying, "You've been Hacked!"

He can no longer boot up. He can't re-install his operating system because
the bug disabled his CD drive.

He asked me to send his apologies for not e-mailing those who offered him
assistance.

BTW He doesn't know where it came from. He assured me that he hasn't
visited any 'naughty' web sites, so it may very well have snuck in under
the radar by hitchhiking on an e-mail.

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

bbq 12-02-2005 10:04 PM

wrote:

> I've just gotten off the phone with Graeme. Regarding the worm, Trojan
> horse or virus infecting his PC, he tried some of the remedies that were
> e-mailed to him. He said when he got to the point where he started manually
> deleting the 'infected' files, the screen flashed and a big sign came up,
> saying, "You've been Hacked!"
>
> He can no longer boot up. He can't re-install his operating system because
> the bug disabled his CD drive.
>
> He asked me to send his apologies for not e-mailing those who offered him
> assistance.
>
> BTW He doesn't know where it came from. He assured me that he hasn't
> visited any 'naughty' web sites, so it may very well have snuck in under
> the radar by hitchhiking on an e-mail.
>



Damn, he got smacked good. Nick, if you talk to him again before he
gets his pc fixed, I offer this suggestion. If he has another puter
around, remove the hard drive from the infected one and put into the
spare and boot off the CD from the spare. Then run the DOS deal that
Kili sent him. Just a suggestion. Don't know how effective it will be.

BBQ

kilikini 13-02-2005 10:20 AM

bbq wrote:
> wrote:
>
>> I've just gotten off the phone with Graeme. Regarding the worm,
>> Trojan horse or virus infecting his PC, he tried some of the
>> remedies that were e-mailed to him. He said when he got to the point
>> where he started manually deleting the 'infected' files, the screen
>> flashed and a big sign came up, saying, "You've been Hacked!"
>>
>> He can no longer boot up. He can't re-install his operating system
>> because the bug disabled his CD drive.
>>
>> He asked me to send his apologies for not e-mailing those who
>> offered him assistance.
>>
>> BTW He doesn't know where it came from. He assured me that he hasn't
>> visited any 'naughty' web sites, so it may very well have snuck in
>> under the radar by hitchhiking on an e-mail.
>>

>
>
> Damn, he got smacked good. Nick, if you talk to him again before he
> gets his pc fixed, I offer this suggestion. If he has another puter
> around, remove the hard drive from the infected one and put into the
> spare and boot off the CD from the spare. Then run the DOS deal that
> Kili sent him. Just a suggestion. Don't know how effective it will
> be.
>
> BBQ


BBQ, that's a good idea, I can see that working. Put a fresh drive in,
install windows, get it all set up, turn off the PC, change jumper settings
on the infected drive, piggy back it to the first, turn on, hit F8, boot
into DOS and run the utility I sent. Should clean it, but at this point I
think the data is too damaged to be saved. Sounds like the trojan had a
payload on it so that if he messed with it, it would basically run amuck.

In any case, Graeme still needs to reformat that drive. I'm sure the whole
thing is corrupted.

kili



bbq 13-02-2005 04:45 PM

kilikini wrote:
> bbq wrote:
>
wrote:
>>
>>
>>>I've just gotten off the phone with Graeme. Regarding the worm,
>>>Trojan horse or virus infecting his PC, he tried some of the
>>>remedies that were e-mailed to him. He said when he got to the point
>>>where he started manually deleting the 'infected' files, the screen
>>>flashed and a big sign came up, saying, "You've been Hacked!"
>>>
>>>He can no longer boot up. He can't re-install his operating system
>>>because the bug disabled his CD drive.
>>>
>>>He asked me to send his apologies for not e-mailing those who
>>>offered him assistance.
>>>
>>>BTW He doesn't know where it came from. He assured me that he hasn't
>>>visited any 'naughty' web sites, so it may very well have snuck in
>>>under the radar by hitchhiking on an e-mail.
>>>

>>
>>
>>Damn, he got smacked good. Nick, if you talk to him again before he
>>gets his pc fixed, I offer this suggestion. If he has another puter
>>around, remove the hard drive from the infected one and put into the
>>spare and boot off the CD from the spare. Then run the DOS deal that
>>Kili sent him. Just a suggestion. Don't know how effective it will
>>be.
>>
>>BBQ

>
>
> BBQ, that's a good idea, I can see that working. Put a fresh drive in,
> install windows, get it all set up, turn off the PC, change jumper settings
> on the infected drive, piggy back it to the first, turn on, hit F8, boot
> into DOS and run the utility I sent. Should clean it, but at this point I
> think the data is too damaged to be saved. Sounds like the trojan had a
> payload on it so that if he messed with it, it would basically run amuck.
>
> In any case, Graeme still needs to reformat that drive. I'm sure the whole
> thing is corrupted.
>
> kili
>
>


You know how much I like to 'reformat' :-) But yes, I do agree
reformatting is ALWAYS a much better solution. Just a big pita.

Nick, if you talk to him and he decides to go the reformat route, advise
him to make DOUBLY sure he has what he needs software wise, on CD or
floppy to get online. Win 98 and newer has been good about getting
access to a CD. His serial numbers too for his Windows.

BBQ

bbq 13-02-2005 05:45 PM

DC. wrote:

> I've just got off the phone to Graeme (Sunday 4pm UK time) & managed to get
> this off him. He has the w32.hllw.gaobot.gen worm/trojan.
>
> http://securityresponse.symantec.com...aobot.gen.html
>
> He done the manual removal as recommended but that crashed or didn't work
> for one reason or another. He's probably got a variant of the worm which is
> more diffucult to remove.
>
> It's gone critical now & he can't even get into SafeMode, he can only get
> into DOS setup (F2) & he says he'll bring his pooter into work tomorrow &
> have one of the tech guys there look at it. It sounds like the worm has
> severely messed up the config files & registry file & rendered his CD drive
> unusable. I've told him about Kili's suggestion for a reformat & that means
> he'll loose everything. I've also told him to go buy a new HD for £40 & have
> that formatted instead & set up in his box as the primary drive for now, so
> he is able to use his pooter again. The infected HD can then be examine by
> someone better qualified & reinstalled as secondary/slave drive later if it
> is recoverbable. I shall hear back from him tomorrow night & will let you
> guys know what's the latest. I've also told him to think about installing
> Win98 on his new HD if he's getting one, all these new viruses/worms/trojans
> are targetting XP weaknesses, Win98 although no longer supported by MS is
> still proving to be a safer OS if you're a heavy net user. Drop off any
> msgs. here for him or ping me & i shall pass it on. He did say he'll use his
> webmail login tomorrow at work & reply to any emails there.
>
> DC.
>


The new HD is a good option too and hopefully he can retrieve his
important text type files. I have had win2k installed for 4 months and
think it is very good. Have never had a lock up. Very unusual for a ms
product.

BBQ

[email protected] 13-02-2005 08:10 PM

"DC." > wrote:
> I've just got off the phone to Graeme (Sunday 4pm UK time) & managed to
> get this off him. He has the w32.hllw.gaobot.gen worm/trojan.
> []

Thanks for the update, DC. You just saved me the cost of a phone call. ;-)

I hope the poor basturt can retrieve his data. ;-(

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

Kilikini 13-02-2005 09:19 PM

DC. wrote:
> "kilikini" > wrote in message
> ...
> <snip>
>> Thanks for the update, DC. I'd have him buy a new drive, set it as
>> primary and run the DOS tool from it with the infected drive set as
>> slave. It will at least clean out the trojan. Then if there are
>> any files he would like to save, he can. After that, he can
>> reformat the old drive and use it for back up. That's just my $.02
>> on what I'd do.
>>
>> kili

>
> Thanks Kili, I shall pass it on. By the way... i'm playing catch up
> on this thread so please forgive if i sound stupid.... but is that
> DOS removal tool you sent him going to do the trick? if it will then
> i'll tell him to do just that with a new HD installed.
>
> DC.


It *WILL* DC. I've used it on about 6 other people's PC's who had
anti-virus software installed and the software found, but couldn't remove
the bug. This has done it EVERY single time. He shoulda listened. Tsk,
tsk.

kili



Kilikini 14-02-2005 12:17 AM

Duwop wrote:
> "Kilikini" > wrote in message
> ...
>> It *WILL* DC. I've used it on about 6 other people's PC's who had
>> anti-virus software installed and the software found, but couldn't
>> remove the bug. This has done it EVERY single time. He shoulda
>> listened. Tsk, tsk.
>>
>> kili

>
> I've got a friend with a hard to remove piece of malware, is this tool
> something you could email me Kili?
>
> D


Depends, is it a browser hijacker or a virus?

kili



Duwop 14-02-2005 12:18 AM

"Kilikini" > wrote in message
...
> It *WILL* DC. I've used it on about 6 other people's PC's who had
> anti-virus software installed and the software found, but couldn't remove
> the bug. This has done it EVERY single time. He shoulda listened. Tsk,
> tsk.
>
> kili


I've got a friend with a hard to remove piece of malware, is this tool
something you could email me Kili?

D
--





DC. 14-02-2005 01:23 AM

> wrote in message
...
> "DC." > wrote:
> > I've just got off the phone to Graeme (Sunday 4pm UK time) & managed to
> > get this off him. He has the w32.hllw.gaobot.gen worm/trojan.
> > []

> Thanks for the update, DC. You just saved me the cost of a phone call. ;-)
>
> I hope the poor basturt can retrieve his data. ;-(


I was just thinking that when i hit the send mail button... god with the
cost of that call to Graeme, you might as well fly over!

I too hope he can save some of his data, especially the latest piece he's
writing on concrete flooring for warehouses... it'll be a real pain if he
had to start all over again.

DC.



DC. 14-02-2005 01:24 AM

"Kilikini" > wrote in message
...
<snip>
> It *WILL* DC. I've used it on about 6 other people's PC's who had
> anti-virus software installed and the software found, but couldn't remove
> the bug. This has done it EVERY single time. He shoulda listened. Tsk,
> tsk.
>
> kili


I'll pass it on, thanks Kili.

DC.



[email protected] 14-02-2005 01:29 AM

"DC." > wrote:
> > wrote in message
> > "DC." > wrote:
> > > I've just got off the phone to Graeme (Sunday 4pm UK time) & managed
> > > to get this off him. He has the w32.hllw.gaobot.gen worm/trojan.
> > > []

> > Thanks for the update, DC. You just saved me the cost of a phone call.
> > ;-)
> >
> > I hope the poor basturt can retrieve his data. ;-(

>
> I was just thinking that when i hit the send mail button... god with the
> cost of that call to Graeme, you might as well fly over!


3 pence a minute, smartass! ;-D
>
> I too hope he can save some of his data, especially the latest piece he's
> writing on concrete flooring for warehouses... it'll be a real pain if he
> had to start all over again.
>

Plus his financial records. He'd best tighten his Kilt.

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

DC. 14-02-2005 01:54 AM

> wrote in message
...
<snip>
> > I was just thinking that when i hit the send mail button... god with the
> > cost of that call to Graeme, you might as well fly over!

>
> 3 pence a minute, smartass! ;-D


Ok you win, that shows how much i know about international call charges.

> > I too hope he can save some of his data, especially the latest piece

he's
> > writing on concrete flooring for warehouses... it'll be a real pain if

he
> > had to start all over again.
> >

> Plus his financial records. He'd best tighten his Kilt.


If it comes to that... i can see a International Food relief programme
kicking into action, with daily food parcels making it's way over from the
States. heeheee.

DC. (off to bed, g'night me old chum)





Duwop 14-02-2005 02:17 AM

"Kilikini" > wrote in message
...
> Duwop wrote:
> > "Kilikini" > wrote in message
> > ...
> >> It *WILL* DC. I've used it on about 6 other people's PC's who had
> >> anti-virus software installed and the software found, but couldn't
> >> remove the bug. This has done it EVERY single time. He shoulda
> >> listened. Tsk, tsk.
> >>
> >> kili

> >
> > I've got a friend with a hard to remove piece of malware, is this tool
> > something you could email me Kili?
> >
> > D

>
> Depends, is it a browser hijacker or a virus?
>
> kili
>


Ya know, I'm not 100% sure, but a hijacker *should* have been taken care of
with the steps we've taken already. I wasnt aware of any hijackers that
require manual removals. Anyway, it sounds like a nice tool to add to my
arsenal in either case, please.





Kilikini 14-02-2005 03:49 AM

Duwop wrote:
> "Kilikini" > wrote in message
> ...
>> Duwop wrote:
>>> "Kilikini" > wrote in message
>>> ...
>>>> It *WILL* DC. I've used it on about 6 other people's PC's who had
>>>> anti-virus software installed and the software found, but couldn't
>>>> remove the bug. This has done it EVERY single time. He shoulda
>>>> listened. Tsk, tsk.
>>>>
>>>> kili
>>>
>>> I've got a friend with a hard to remove piece of malware, is this
>>> tool something you could email me Kili?
>>>
>>> D

>>
>> Depends, is it a browser hijacker or a virus?
>>
>> kili
>>

>
> Ya know, I'm not 100% sure, but a hijacker *should* have been taken
> care of with the steps we've taken already. I wasnt aware of any
> hijackers that require manual removals. Anyway, it sounds like a nice
> tool to add to my arsenal in either case, please.


MOST hijackers require manual removals; not kidding! They are worse than
virii.

kili



Chef Juke 14-02-2005 06:39 AM

On Sun, 13 Feb 2005 16:33:58 -0000, "DC." > wrote:

>I've just got off the phone to Graeme (Sunday 4pm UK time) & managed to get
>this off him. He has the w32.hllw.gaobot.gen worm/trojan.
>
>http://securityresponse.symantec.com...aobot.gen.html
>
>He done the manual removal as recommended but that crashed or didn't work
>for one reason or another. He's probably got a variant of the worm which is
>more diffucult to remove.
>
>It's gone critical now & he can't even get into SafeMode, he can only get
>into DOS setup (F2) & he says he'll bring his pooter into work tomorrow &
>have one of the tech guys there look at it. It sounds like the worm has
>severely messed up the config files & registry file & rendered his CD drive
>unusable. I've told him about Kili's suggestion for a reformat & that means
>he'll loose everything. I've also told him to go buy a new HD for £40 & have
>that formatted instead & set up in his box as the primary drive for now, so
>he is able to use his pooter again. The infected HD can then be examine by
>someone better qualified & reinstalled as secondary/slave drive later if it
>is recoverbable. I shall hear back from him tomorrow night & will let you
>guys know what's the latest. I've also told him to think about installing
>Win98 on his new HD if he's getting one, all these new viruses/worms/trojans
>are targetting XP weaknesses, Win98 although no longer supported by MS is
>still proving to be a safer OS if you're a heavy net user. Drop off any
>msgs. here for him or ping me & i shall pass it on. He did say he'll use his
>webmail login tomorrow at work & reply to any emails there.
>
>DC.



Damn..I didn't see this thread until this evening, woulda chimed in
sooner...(for those who don't know, I work for a computer security
company and deal with this kind of thing all the time...)

The Gaobot worms are a pain in the butt, but can be removed...I would
not suggest any DRASTIC (read: Data Loss) action until a full course
of Antivirus troubleshooting has been performed. In all likelihood,
he can regain all of his data on his system, as long as he doesn't do
anything permanent like formatting..

Key here is patience. Just cause you get frustrated, doesn't mean to
give up and format the drive...

If someone has a more direct communication method for Grahame, please
send it to me off-list and I will see if I can get him some help via
phone but it seems like he's heading in the right direction.

Some general protection info for Grahame and everyone else:

The best way to avoid getting hit by a virus/worm/hacker is to take
some basic steps to protect your system BEFORE it is attacked. Just so
you know...the thing that attacked Grahame's system likely got in
because his systems had not had one or more of the MSOFT patches
applied to it AND/OR his system had a weak (not complicated) or no
password.

1) If you are running Windows (any flavor), make sure you are always
getting any updates from Microsoft. The best way to do this is to
turn on the Automatic Updates in "Windows update". What this will do
is automatically download any security patches that MSOFT
releases...this, in turn, will plug the holes like the ones that
Gaobot uses.

2) Get a good Antivirus Program and KEEP IT UP TO DATE!!! This means,
again, using the programs automatic updates feature (all of the
current versions of the top AV programs have them.

3) Also consider getting a software firewall program. This can help
in the case of an internet worm type virus that scans trying to find
systems that have week passwords or an unpatch vulnerability in the
operating system.

4) Make sure to set up your system with a password. NOT
"administrator". NOT "Password" and not any simple word or number or
even simple word/ number combination. These can be easily broken and
can let someone gain access to your system. Make sure to use some
special characters like @#$%^.

5) Avoid suspicious emails...and ESPECIALLY do not click on links in
them.

Hope this helps a little.





-Chef Juke
"EVERYbody Eats When They Come To MY House!"
www.chefjuke.com


John O 14-02-2005 02:59 PM

>
> MOST hijackers require manual removals; not kidding! They are worse than
> virii.


There are a couple interesting articles about hijackers and other spyware
tools at www.windowssecrets.com. Looks like a lot of our assumptions aren't
so good...the spyware tools don't work very well.

Bad viruses can destroy data on critical parts of the HDD, making them
unrecoverable, and HDDs can just go on their own, too. In truth, I haven't
heard much about real viruses in a couple years. But, the reformat should
provide a decent autopsy. If the disk is bad it won't format right.

-John O



John O 14-02-2005 03:17 PM

> Damn..I didn't see this thread until this evening, woulda chimed in
> sooner...(for those who don't know, I work for a computer security
> company and deal with this kind of thing all the time...)
>


Patience is exactly right. Don't toss the data until an expert gets a peek
at the system. In the meantime, everybody make a CD today that containes
your entire MyDocuments folder, along with any other irreplaceable files.

Chef Juke...I have a semi-work related question for you. Check out
http://www.heathkit.com/susa-vica/ and the Call to Action link on the left.
I'd like to create some malware challenges for a special group of students,
and need the advice of an expert.

-John O

--if anybody else is interested in this, give me a holler via email. The
contest is in Kansas City...damn fine food and jazz...does that help get
this on-topic? :-)



Nathan Lau 14-02-2005 06:26 PM

DC. wrote:

> I've just got off the phone to Graeme (Sunday 4pm UK time) & managed to get
> this off him. He has the w32.hllw.gaobot.gen worm/trojan.
>
> http://securityresponse.symantec.com...aobot.gen.html
>
> He done the manual removal as recommended but that crashed or didn't work
> for one reason or another. He's probably got a variant of the worm which is
> more diffucult to remove.


Thanks for the update DC. I don't think Gaobot was that destructive on
its own. It probably opened up a backdoor for hackers to take over and
mess with his system.

--
Aloha,

Nathan Lau
San Jose, CA

#include <std.disclaimer>

Harry Demidavicius 15-02-2005 01:39 AM

On Sun, 13 Feb 2005 09:45:59 -0600, bbq > wrote:

>kilikini wrote:
>> bbq wrote:
>>
wrote:
>>>
>>>
>>>>I've just gotten off the phone with Graeme. Regarding the worm,
>>>>Trojan horse or virus infecting his PC, he tried some of the
>>>>remedies that were e-mailed to him. He said when he got to the point
>>>>where he started manually deleting the 'infected' files, the screen
>>>>flashed and a big sign came up, saying, "You've been Hacked!"
>>>>
>>>>He can no longer boot up. He can't re-install his operating system
>>>>because the bug disabled his CD drive.
>>>>
>>>>He asked me to send his apologies for not e-mailing those who
>>>>offered him assistance.
>>>>
>>>>BTW He doesn't know where it came from. He assured me that he hasn't
>>>>visited any 'naughty' web sites, so it may very well have snuck in
>>>>under the radar by hitchhiking on an e-mail.
>>>>
>>>
>>>
>>>Damn, he got smacked good. Nick, if you talk to him again before he
>>>gets his pc fixed, I offer this suggestion. If he has another puter
>>>around, remove the hard drive from the infected one and put into the
>>>spare and boot off the CD from the spare. Then run the DOS deal that
>>>Kili sent him. Just a suggestion. Don't know how effective it will
>>>be.
>>>
>>>BBQ

>>
>>
>> BBQ, that's a good idea, I can see that working. Put a fresh drive in,
>> install windows, get it all set up, turn off the PC, change jumper settings
>> on the infected drive, piggy back it to the first, turn on, hit F8, boot
>> into DOS and run the utility I sent. Should clean it, but at this point I
>> think the data is too damaged to be saved. Sounds like the trojan had a
>> payload on it so that if he messed with it, it would basically run amuck.
>>
>> In any case, Graeme still needs to reformat that drive. I'm sure the whole
>> thing is corrupted.
>>
>> kili
>>
>>

>
>You know how much I like to 'reformat' :-) But yes, I do agree
>reformatting is ALWAYS a much better solution. Just a big pita.
>
>Nick, if you talk to him and he decides to go the reformat route, advise
>him to make DOUBLY sure he has what he needs software wise, on CD or
>floppy to get online. Win 98 and newer has been good about getting
>access to a CD. His serial numbers too for his Windows.
>
>BBQ


My suggestion: Install the new drive etc etc. remove the old drive
and send it to C Drive pathology type , who is best equipped to rescue
the data. The Cost is there, but what's a drive's accumulated data
worth?
Does this bring forward some naive thought - like - Back the ****ing
thing up regularly to a safe offsite location!!!!

Harry
Who's lost data & drives and still been safe because he does this [4
times per day].


BOB 15-02-2005 02:45 AM

wrote:
> I've just gotten off the phone with Graeme. Regarding the
> worm, Trojan horse or virus infecting his PC, he tried
> some of the remedies that were e-mailed to him. He said
> when he got to the point where he started manually
> deleting the 'infected' files, the screen flashed and a
> big sign came up, saying, "You've been Hacked!"
>
> He can no longer boot up. He can't re-install his
> operating system because the bug disabled his CD drive.
>
> He asked me to send his apologies for not e-mailing those
> who offered him assistance.
>
> BTW He doesn't know where it came from. He assured me
> that he hasn't visited any 'naughty' web sites, so it may
> very well have snuck in under the radar by hitchhiking on
> an e-mail.
>



I'm forwarding an edited interchange from the University
of North Carolina (USA) support mailin list!
--------------- ---------------------------- --------------
To: The support mailing list
Subject: [support] Symantec Anti-Virus Vulnerability

I just saw that Symantec has admitted to a fairly serious security hole
in SAV. Could anyone with the ITS-SAV folks here give us an update?
Are we affected? Will UNC's SAV clients patch automatically via
LiveUpdate?

http://www.zdnet.com.au/news/securit...9180674,00.htm

----------------------------------------------------------------
This vulnerability affects Symantec AntiVirus Corporate Edition prior to
build 9.01.1000. More information from Symantec can be found at:

http://www.sarc.com/avcenter/securit...005.02.08.html

Our campus parent servers ITS-SAV and ITS-SAV0 are running 9.0.3.1000,
which is the latest available revision (maintenance release 3). This
same client version is also available on Shareware. This version does
not contain this critical flaw.

About half the clients pointing to ITS-SAV, however, are running
vulnerable versions. Most likely these were migrated from departmental
parent servers by administrators and not individually touched.
Symantec's advisory indicates that LiveUpdate will issue a patch to
these vulnerable clients. LiveUpdate does regularly issue scan engine
upgrades. However, ITS-SAV does not push these patches to clients, only
virus definitions. The servers do however push a setting called
"Continuous LiveUpdate", meaning that all managed clients will also be
checking into Symantec directly via LiveUpdate for updates every 2
hours. LiveUpdate can also be run manually or on a schedule from the
user's machine. I am seeking information from Symantec at this time
about the possibility of issuing this patch via our servers, in case
LiveUpdate is not doing the job.

Although LiveUpdate looks like a short-term protection against this
specific threat, Symantec urges all users to update to the most current
version of its product to be protected. To quote: "Symantec strongly
recommends customers, if they are not already running a current
non-vulnerable product version/build, upgrade to their appropriate
product update immediately to protect against these types of threats."
Administrators should urge their users to download and install the
client version available on Shareware. In most cases it will prompt for
the prior version to be uninstalled first. We also have Group Policy
software installation available for those who are running Active
Directory. Please contact us at for more information
about that.

-------------------------------------------------------------


Symantec is telling me that on machines with vulnerable versions, as
long as they get virus definition updates via LiveUpdate or managed
server pushes, they are protected from this exploit. The definitions
themselves don't contain the fix, but the necessary files are sent with
them.

There is no simple patch, so the only long-term protection against this
kind of issue is to upgrade to version 9 MR1 or later. Version 9 MR3
(9.0.3.1000) is available on Shareware to the entire campus community.

So in short, clients are protected from this particular exploit as long
as their definitions are current.



DC. 15-02-2005 12:26 PM

"Nathan Lau" > wrote in message
...
<snip>
> Thanks for the update DC. I don't think Gaobot was that destructive on
> its own. It probably opened up a backdoor for hackers to take over and
> mess with his system.
>
> --
> Aloha,
>
> Nathan Lau
> San Jose, CA


Hi Nathan,

It might be possible but as i don't know Graeme's computer & what's been
going on in it, i can't really say. I don't know what software he has on it,
how he'd set up his firewall, if he has IRC, P2P, FTP or any other software
that connects to the net. But I did say i'll pop round next week & help him
sort it out or give him a hand in building a new one from scratch. Funny
thing is... he says the company he works for is also a Mac reseller (amongst
many other things they do), i just said to him to go get himself a Mac or if
he's determined to stick to PC, he might want to consider W98SE, less prone
to all these new viruses that prey on XP weaknesses. He'll just have to
stick to a regimental routine now of daily updating of his AV software,
being careful not to open any unknown emails with attachments, links to
dodgy sites or spam etc. It's just a way of life now if you're a heavy net
user. Just today i had an email that got through my spam filter titled
'valentine's day card from xxx', in the msg. body was a greeting with a link
to xyz website to see who the card was from. Moused over it & the url was
something else... plonk, straight into the bin & deleted. I reckon if i
clicked on it, it'll be a spam site with a zillion malicious scripts waiting
to be downloaded. : (

DC.






Craig Watts 15-02-2005 12:59 PM

DC. wrote:
> "Nathan Lau" > wrote in message
> ...
> <snip>
>
>>Thanks for the update DC. I don't think Gaobot was that destructive on
>>its own. It probably opened up a backdoor for hackers to take over and
>>mess with his system.
>>
>>--
>>Aloha,
>>
>>Nathan Lau
>>San Jose, CA

>
>
> Hi Nathan,
>
> It might be possible but as i don't know Graeme's computer & what's been
> going on in it, i can't really say. I don't know what software he has on it,
> how he'd set up his firewall, if he has IRC, P2P, FTP or any other software
> that connects to the net. But I did say i'll pop round next week & help him
> sort it out or give him a hand in building a new one from scratch. Funny
> thing is... he says the company he works for is also a Mac reseller (amongst
> many other things they do), i just said to him to go get himself a Mac or if
> he's determined to stick to PC, he might want to consider W98SE, less prone
> to all these new viruses that prey on XP weaknesses. He'll just have to
> stick to a regimental routine now of daily updating of his AV software,
> being careful not to open any unknown emails with attachments, links to
> dodgy sites or spam etc. It's just a way of life now if you're a heavy net
> user. Just today i had an email that got through my spam filter titled
> 'valentine's day card from xxx', in the msg. body was a greeting with a link
> to xyz website to see who the card was from. Moused over it & the url was
> something else... plonk, straight into the bin & deleted. I reckon if i
> clicked on it, it'll be a spam site with a zillion malicious scripts waiting
> to be downloaded. : (
>
> DC.


WOW. I'm sitting here silently in the corner watching this go on. This
system I'm on was built with Win2k. I'op'd to reformat out of NTFS and
reload 98se just because I know it and can control it. Don't like all
that XP phone home to Microsoft stuff. I know I'm not maxining out the
abilities of a PIII but it works for me.

Craig

DC. 15-02-2005 06:52 PM

"Craig Watts" > wrote in message
...
<snip>
> Some things in my favor are not being on a full time connection. No
> hardware fire wall here but I do have Zone Alarm up with spybot checkers
> like Adaware.


Software firewalls like ZoneAlarm should provide sufficient security...
blocking & hiding up your ports after all you ain't fort knox (as far as i
know ; ) so there is no reason why big time hackers would want to break into
your machine.

> One question you might answer. I have 256 meg of memory. I was told that
> Win98se would only use up to 64k of that. Any true to that?


I don't know... depends on what software you have on your machine, my
experience is the more rubbish, sorry software you have, the longer it takes
for it to process data. For a start, have a look at your start up menu,
remove stuff you don't need upon start up/boot up, these things just clutter
the boot up & stay in the background after it's booted up. You'll want to
keep firewall & AV softwares etc. on start up though. Some AV softwares
actually fire up during DOS boot up & does a scan there before going into
winders.

DC.



DC. 15-02-2005 07:12 PM

"Craig Watts" > wrote in message
...
<snip>
> AND ANOTHER THING! I have the dos boot screen show every time my machine
> boots up. Yes, it takes 30 seconds out of my life every time it boots up
> but when the chips are down it sure helps not having to bang f8 keys and
> the such.


Well if yer have 98Se since... when was it?? 1999?? it would be full of
rubbish, maybe it's time for you to do a clean up. Back up everything first
& then begin removing stuff you don't need or maybe even a full on
fdisk/reformat. That will get rid lots of rubbish. Everytime you install one
of them free cds you get in mags or newspaper etc... the bloody
self-extracting exes will dump a load of sh*t on yer & modify yer registry
file & then dumps a load of crap in the system or winders temp folder...
that's if they're programmed correctly. The badly programmed apps causes
more pain then anything else. The ones i've encountered during the internet
boom years late 90's - early 2000s. Boy the number of times i had to fdisk
just to get a clean lean machine that will boot up before i get the chance
to sit down! The worst were NT4... i could boot up & go make coffee & come
back 4mins later just to type in the admin paswd & bugger off for a few
biscuits & come back just to see the desktop loading up.... those were the
bad days.. so if yer want a clean lean fast boot up machine, keep the junk
off it ; )

DC.



Duwop 15-02-2005 09:24 PM

"DC." > wrote in message
...
> "Craig Watts" > wrote in message
> ...
> <snip>
> > Some things in my favor are not being on a full time connection. No
> > hardware fire wall here but I do have Zone Alarm up with spybot checkers
> > like Adaware.

>
> Software firewalls like ZoneAlarm should provide sufficient security...
> blocking & hiding up your ports after all you ain't fort knox (as far as i
> know ; ) so there is no reason why big time hackers would want to break

into
> your machine.
>
> > One question you might answer. I have 256 meg of memory. I was told that
> > Win98se would only use up to 64k of that. Any true to that?

>


No, I *think* 98SE max's out at 512M. But it certainly it not only 64.





John O 15-02-2005 10:03 PM

>> > One question you might answer. I have 256 meg of memory. I was told
>> > that
>> > Win98se would only use up to 64k of that. Any true to that?

>>

>
> No, I *think* 98SE max's out at 512M. But it certainly it not only 64.


IIRC you hit a point of diminishing return...I think the performance drops
as you get past 384M, or something, because 98 can't manage mem well at
those high addresses. I forget the numbers, but the limitation is the
motherboard/BIOS, not Win 98. I think 98 can take 1GB. Never had that much
myself, though.

256 with Win 98SE is great, it will all get used.

With 98 it's more important to keep the extraneous side programs (TSRs) at a
minimum, keep the drive defragged and the temp folders clear. Don't let it
get confused.

And don't forget the cool tool tat lets you delete the entire Registry...98
will automatically start up with yesterday's Registry. Saved my bacon a few
times when I used 98 on a laptop and loaded stupid software.

-John O



[email protected] 15-02-2005 10:12 PM

Craig Watts > wrote:
> DC. wrote:
> > "Nathan Lau" > wrote in message
> > <snip>
> >>Thanks for the update DC. I don't think Gaobot was that destructive on
> >>its own. It probably opened up a backdoor for hackers to take over and
> >>mess with his system.
> >>

> > It might be possible but as i don't know Graeme's computer & what's
> > been going on in it, i can't really say. I don't know what software he
> > has on it, how he'd set up his firewall, if he has IRC, P2P, FTP or any
> > other software that connects to the net. But I did say i'll pop round
> > next week & help him sort it out or give him a hand in building a new
> > one from scratch. Funny thing is... he says the company he works for is
> > also a Mac reseller (amongst many other things they do), i just said to
> > him to go get himself a Mac or if he's determined to stick to PC, he
> > might want to consider W98SE, less prone to all these new viruses that
> > prey on XP weaknesses. He'll just have to stick to a regimental routine
> > now of daily updating of his AV software, being careful not to open any
> > unknown emails with attachments, links to dodgy sites or spam etc. It's
> > just a way of life now if you're a heavy net user. Just today i had an
> > email that got through my spam filter titled 'valentine's day card from
> > xxx', in the msg. body was a greeting with a link to xyz website to see
> > who the card was from. Moused over it & the url was something else...
> > plonk, straight into the bin & deleted. I reckon if i clicked on it,
> > it'll be a spam site with a zillion malicious scripts waiting to be
> > downloaded. : (
> >

> WOW. I'm sitting here silently in the corner watching this go on. This
> system I'm on was built with Win2k. I'op'd to reformat out of NTFS and
> reload 98se just because I know it and can control it. Don't like all
> that XP phone home to Microsoft stuff. I know I'm not maxining out the
> abilities of a PIII but it works for me.
>

I've been running 98SE since it came out. Sure, it sometimes hangs up on me
and occasionally I get the 'blue screen of death', but in combo with Norton
AV and Firewall, it's been bulletproof online.

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

[email protected] 15-02-2005 10:24 PM

Craig Watts > wrote:
> DC. wrote:
> > "Craig Watts" > wrote in message
> > <snip>
> >>WOW. I'm sitting here silently in the corner watching this go on. This
> >>system I'm on was built with Win2k. I'op'd to reformat out of NTFS and
> >>reload 98se just because I know it and can control it. Don't like all
> >>that XP phone home to Microsoft stuff. I know I'm not maxining out the
> >>abilities of a PIII but it works for me.
> >>

> > If you feel comfortable & happy with W98SE & you have no software
> > requirements for using 2k, XP, NT or generally any server level OS,
> > then go for
> > 98SE. Only problem with 98SE is that MS no longer provides tech support
> > for it, but if you don't have any major problems with it... you won't
> > be needing MS tech support for it ; )
> >
> > My own experience with MS server OS like 2k, NT4 & Xp is that it's not
> > very stable & has holes in it which needs patching up, if you don't
> > know about it & have a always on connection, poor or no security...
> > sooner or later you'll be in trouble. Problem is quite a lot of people
> > use MS products, including myself so we'll have to be careful.
> >

> Some things in my favor are not being on a full time connection. No
> hardware fire wall here but I do have Zone Alarm up with spybot checkers
> like Adaware.
>
> One question you might answer. I have 256 meg of memory. I was told that
> Win98se would only use up to 64k of that. Any true to that?


I have 256 mB memory, too. It's all available to me under 98SE, AFAIK.
BTW Security is why I continue to stay on dialup, too.

Dinosaurs of the world, Unite!

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

Niki 15-02-2005 10:55 PM

wrote:

> I've been running 98SE since it came out. Sure, it sometimes hangs up on me
> and occasionally I get the 'blue screen of death', but in combo with Norton
> AV and Firewall, it's been bulletproof online.


I run 98 SE one of my other computers. Haven't had a prob yet and it beats ME
from what I hear. I have no exp with that one. It's all diff strokes for diff
folks and whatever works for you, works. I agree Nick, AV and firewall are of
the utmost importance, even on dialup.
--
Niki

Craig Watts 15-02-2005 11:45 PM

> will automatically start up with yesterday's Registry. Saved my bacon a few
> times when I used 98 on a laptop and loaded stupid software.
>
> -John O


Reply to all he
I'm a over zealous keeping my tsr's to a bare minimum and my systray as
empty as possible. It seems like every progy you install wants to stay
resident in the systray for quick start up. Bullshit. I'll ring you bell
when I need ya.

Thanks for all the feedback. I support integrated hardware (copiers and
printers) so it is just a hoot when you get to sit in someone elses seat
and see that crap they got running in the background. UUURRRGH I just
get the willies and don't touch it pry tell we don't blow something up.

Craig

Duwop 16-02-2005 12:09 AM

> wrote in message
...
> I have 256 mB memory, too. It's all available to me under 98SE, AFAIK.
> BTW Security is why I continue to stay on dialup, too.
>
> Dinosaurs of the world, Unite!


Ahh bullshit, get a Linksys router (now owned by Cisco) for $80. it keeps
out the bad guys better than any software "firewall" AND antivirus combo
existant. Me, I'm wearing a belt and suspenders with a router and ZoneAlarm.
No worries.

D
--





Niki 16-02-2005 12:10 AM

Craig Watts wrote:

> It seems like every progy you install wants to stay
> resident in the systray


QT is really bad at that.


--
Niki

[email protected] 16-02-2005 12:14 AM

"Duwop" > wrote:
> > wrote in message
>
> > I have 256 mB memory, too. It's all available to me under 98SE, AFAIK.
> > BTW Security is why I continue to stay on dialup, too.
> >
> > Dinosaurs of the world, Unite!

>
> Ahh bullshit, get a Linksys router (now owned by Cisco) for $80. it keeps
> out the bad guys better than any software "firewall" AND antivirus combo
> existant. Me, I'm wearing a belt and suspenders with a router and
> ZoneAlarm. No worries.
>

So, Duwop. You say 'bullshit' to me? OK. Tighten yer belt. The glove is up!
I say, "Bullshit," to you! °~|

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

DC. 16-02-2005 12:31 AM

> wrote in message
...
<snip>
> I've been running 98SE since it came out. Sure, it sometimes hangs up on

me
> and occasionally I get the 'blue screen of death', but in combo with

Norton
> AV and Firewall, it's been bulletproof online.
>
> --
> Nick.


If it suits yer... all the better & all the more reason to stick with it! To
be honest.... i use quite a few different ones & people can get hung up on
it, there was a time when there were Mac people & PC people. They hated each
other.... then they would ask me which OS i use, my reply would always be
the same... which ever one gets the job done! thats why i use a variety now,
never hurts having yer fingers in all the pies ; )

DC.





[email protected] 16-02-2005 12:39 AM

"DC." > wrote:
> [ . . . ]never hurts having yer fingers in all the pies ; )
>

I luv it when ya talk dirty!

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

DC. 16-02-2005 12:59 AM

> wrote in message
...
> "Duwop" > wrote:
> > > wrote in message

<snip>
> > Ahh bullshit, get a Linksys router (now owned by Cisco) for $80. it

keeps
> > out the bad guys better than any software "firewall" AND antivirus combo
> > existant. Me, I'm wearing a belt and suspenders with a router and
> > ZoneAlarm. No worries.


That is a good way of dealing with it, the router hides yer ip address & you
can set up zonealarm to monitor for any outgoing traffic from yer PC. Only
problem is... not many folks know the intricacies of routers, networking,
DHCP etc. which in itself can be a bad thing. The latest thing now is
wireless & not many people know about it too, that's why i log in to my
neighbours wireless network & surf. I guess if i wanted to i could try &
crack it but that would be bad thing to do.

> So, Duwop. You say 'bullshit' to me? OK. Tighten yer belt. The glove is

up!
> I say, "Bullshit," to you! °~|


Nick... you never fail to amaze me with yer quick wit & humour.... are yer
still drunk or sober? i'd say yer sober as yer mrs is on her way home ; )

DC. (goodnight y'all)





DC. 16-02-2005 01:03 AM

> wrote in message
...
> "DC." > wrote:
> > [ . . . ]never hurts having yer fingers in all the pies ; )
> >

> I luv it when ya talk dirty!
>
> --
> Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Oh Jeeze... i'm gonna have nightmares tonight after a comment like that! ; )
Goodnight y'all.

DC. (signing out 00:02hrs)



[email protected] 16-02-2005 01:12 AM

"DC." > wrote:
> > wrote in message
> > "Duwop" > wrote:
> > > > wrote in message

> <snip>
> > > Ahh bullshit, get a Linksys router (now owned by Cisco) for $80.[]

>
> That is a good way of dealing with it, the router hides yer ip address &
> you can set up zonealarm to monitor for any outgoing traffic from yer PC.
> Only problem is... not many folks know the intricacies of routers,
> networking, DHCP etc. which in itself can be a bad thing.


Back in the 70's, when we programmed in machine language and our connection
to the world was RS-232 at 110 or 330 baud (?), I could handle it. No more!

> The latest thing now is wireless & not many people know about it too,
> that's why i log in to my neighbours wireless network & surf. I guess if
> i wanted to i could try & crack it but that would be bad thing to do.


That's why I don't use wireless.
>
> > So, Duwop. You say 'bullshit' to me? OK. Tighten yer belt. The glove is

> up!
> > I say, "Bullshit," to you! °~|

>
> Nick...[]are yer still drunk or sober? i'd say yer sober as yer mrs is on
> her way home ; )

The former. I don't hafta have my blood alcohol below 0.08% 'til 11 AM
Thursday, for my drive to the airport.

--
Nick. To help with tsunami relief, go to: http://usafreedomcorps.gov/


Thank a Veteran and Support Our Troops. You are not forgotten. Thanks ! ! !

Duwop 16-02-2005 03:11 AM

"DC." > wrote in message

> can set up zonealarm to monitor for any outgoing traffic from yer PC. Only
> problem is... not many folks know the intricacies of routers, networking,
> DHCP etc. which in itself can be a bad thing.


Awe goddammit DC, don't skeer the folks off like that man. Doesn't sound
like you've set up a Linksys *consumer* made for the home user router. Slick
and easy html interface, easy to read (and follow) directions, nothing to
it. A skirt wearing one eyed drunk could set it up.
But if you on dial up, don't bother.


--






All times are GMT +1. The time now is 10:23 PM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
FoodBanter