|
Home > Archive > alt.certification.a-plus > April 2005 > My virus count is bigger than yours! NYAH! :P
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
My virus count is bigger than yours! NYAH! :P
|
|
|
| I just got finished with a client's computer, a toshiba satellite pro
4300. Initially it was very flaky...million popups when IE would
load, IE crashing, etc.
The family didn't mind spending money, so I bought norton IS for them,
installed it (found/eliminated an unknown virus during bootup), and
downloaded LiveUpdate. I thought maybe I'd find a dozen spywares and
a backdoor or two....
The sucker had *488* viruses (including
adware/spyware/dialers/backdoors/trojans). It was a miracle this
thing still booted. The client initially gave it to me thinking it
would be a quick fix. I quickly told them it would be a little
more....involved 
This was a true "fixer-upper"....running XP Pro on 128 megs of ram
The pagefile was over 300 megs large...the hard drive light never went
off until I "evicted" the 14 adware/spyware background processes and
added an extra 128mb SO-DIMM. The "spyware eviction notice" also
amazingly cleared up most of the IE problems, and I was able to get to
windowsupdate (previously blocked...would divert to porn sites).
Because porn was appearing on the system, the original owner had
attempted to install a "porn scanner" by 180solutions...this program
ITSELF was spyware...nothing like getting into it even more
As you can probably guess, there were no firewall, antivirus, or
windows updates installed...DCOM RPC, etc. vulnerabilities were ripe
for the taking. This thing was an open book (or an open NOTEbook,
heh).
Anyway, just want to express to the group one of my biggest success
stories  After doing a dozen different things, from BIOS & win.
updates, to deleting the porn-saturated admin temp files, to adding a
content advisor password, the computer FINALLY felt safe to put back
on the Internet. Just wanted to share the experience with everyone
Dan
PS I was also wondering if anyone has had experience with hackers
using msmsgs.exe (microsoft messaging) to hack into a system. If
there's no password on the admin account, can they get into the system
via MS messaging?
| |
| Max M.Wachtel III 2005-04-06, 2:27 pm |
| Dan wrote:
> I just got finished with a client's computer, a toshiba satellite pro
> 4300. Initially it was very flaky...million popups when IE would
> load, IE crashing, etc.
>
> The family didn't mind spending money, so I bought norton IS for them,
> installed it (found/eliminated an unknown virus during bootup), and
> downloaded LiveUpdate. I thought maybe I'd find a dozen spywares and
> a backdoor or two....
>
> The sucker had *488* viruses (including
> adware/spyware/dialers/backdoors/trojans). It was a miracle this
> thing still booted. The client initially gave it to me thinking it
> would be a quick fix. I quickly told them it would be a little
> more....involved
>
> This was a true "fixer-upper"....running XP Pro on 128 megs of ram
> The pagefile was over 300 megs large...the hard drive light never went
> off until I "evicted" the 14 adware/spyware background processes and
> added an extra 128mb SO-DIMM. The "spyware eviction notice" also
> amazingly cleared up most of the IE problems, and I was able to get to
> windowsupdate (previously blocked...would divert to porn sites).
>
> Because porn was appearing on the system, the original owner had
> attempted to install a "porn scanner" by 180solutions...this program
> ITSELF was spyware...nothing like getting into it even more
>
> As you can probably guess, there were no firewall, antivirus, or
> windows updates installed...DCOM RPC, etc. vulnerabilities were ripe
> for the taking. This thing was an open book (or an open NOTEbook,
> heh).
>
> Anyway, just want to express to the group one of my biggest success
> stories After doing a dozen different things, from BIOS & win.
> updates, to deleting the porn-saturated admin temp files, to adding a
> content advisor password, the computer FINALLY felt safe to put back
> on the Internet. Just wanted to share the experience with everyone
>
> Dan
>
> PS I was also wondering if anyone has had experience with hackers
> using msmsgs.exe (microsoft messaging) to hack into a system. If
> there's no password on the admin account, can they get into the system
> via MS messaging?
>
Wonder if it would have saved time by copying important files and just
format the thing. Sounds like the user needs some instruction. Oh well,
it will be back soon,perhaps to break your personal record
-max
--
Virus Removal Instructions: http://www.geocities.com/maxpro4u/
Keeping Windows Clean: http://www.geocities.com/maxpro4u/madmax.html
Virus Cleaning+Fixes: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)
| |
|
| Yes, if Msmsgs is not being filtered by a good firewall, is like having a
sign on your door that says "we're not home so feel free to rob us". Any
number of programs could be used to locate the open port msmsgs uses,
determine its current status and get through it and into the system.
"Dan" <jasdfosd@asjedfoi.com> wrote in message
news:c1vjt0lrbem63ri0s9r6tfft7
qjv0vv89n@4ax.com...
> I just got finished with a client's computer, a toshiba satellite pro
> 4300. Initially it was very flaky...million popups when IE would
> load, IE crashing, etc.
>
> The family didn't mind spending money, so I bought norton IS for them,
> installed it (found/eliminated an unknown virus during bootup), and
> downloaded LiveUpdate. I thought maybe I'd find a dozen spywares and
> a backdoor or two....
>
> The sucker had *488* viruses (including
> adware/spyware/dialers/backdoors/trojans). It was a miracle this
> thing still booted. The client initially gave it to me thinking it
> would be a quick fix. I quickly told them it would be a little
> more....involved
>
> This was a true "fixer-upper"....running XP Pro on 128 megs of ram
> The pagefile was over 300 megs large...the hard drive light never went
> off until I "evicted" the 14 adware/spyware background processes and
> added an extra 128mb SO-DIMM. The "spyware eviction notice" also
> amazingly cleared up most of the IE problems, and I was able to get to
> windowsupdate (previously blocked...would divert to porn sites).
>
> Because porn was appearing on the system, the original owner had
> attempted to install a "porn scanner" by 180solutions...this program
> ITSELF was spyware...nothing like getting into it even more
>
> As you can probably guess, there were no firewall, antivirus, or
> windows updates installed...DCOM RPC, etc. vulnerabilities were ripe
> for the taking. This thing was an open book (or an open NOTEbook,
> heh).
>
> Anyway, just want to express to the group one of my biggest success
> stories After doing a dozen different things, from BIOS & win.
> updates, to deleting the porn-saturated admin temp files, to adding a
> content advisor password, the computer FINALLY felt safe to put back
> on the Internet. Just wanted to share the experience with everyone
>
> Dan
>
> PS I was also wondering if anyone has had experience with hackers
> using msmsgs.exe (microsoft messaging) to hack into a system. If
> there's no password on the admin account, can they get into the system
> via MS messaging?
>
| |
|
|
I just recently had to work on my aunts computer since it was prett
well dead. I took the thing to work on as a christmas present for her
When I took the pc it was running windows 98. The cdrom did not work
Ie and everything else you ran crashed itself or windows. In it
current state one could not even attempt to install adaware even afte
killing all the processes. It only had 64 megs of ram
The first thing that I did was to add 128 megs of ram into the compute
and then I was able to get adaware installed. I got it all updated an
ran it first. I snagged 4,693 spyware. After that I installed Norto
Antivirus and updated the virus defs. When I scanned with it I foun
and removed 1,769 virus's. Somewhere along the line of removing th
adware the cdrom drive began working again. I was amazed the th
computer even loaded windows. This computer is an old compaq. It
about 5 years old
--
Ti
-----------------------------------------------------------------------
Tim's Profile: http://www.extremechatforums.com/fo...ber.php?userid=
View this thread: http://www.extremechatforums.com/fo...read.php?t=3731
| |
| «BONEHEAD>> 2005-04-06, 2:28 pm |
|
"Max M.Wachtel III" <maxpro4u@nomail.afraid.org> wrote in message
news:VunCd.47$T75.40@fe1.columbus.rr.com...
> Dan wrote:
> Wonder if it would have saved time by copying important files and just
> format the thing. Sounds like the user needs some instruction. Oh well,
> it will be back soon,perhaps to break your personal record
> -max
>
My thoughts exactly, but you know sometimes the challengeis just to good to
pass up....
I'm guilty....
--
<B0N3H3@D>
"I have no special talent. I am only passionately curious." Albert Einstein
| |
|
| On Mon, 3 Jan 2005 22:23:51 -0500, "me" <me@nospam.com> wrote:
>Yes, if Msmsgs is not being filtered by a good firewall, is like having a
>sign on your door that says "we're not home so feel free to rob us". Any
>number of programs could be used to locate the open port msmsgs uses,
>determine its current status and get through it and into the system.
Thanks, I had a feeling this was the case...good thing I disabled it
(changed the filename from msmsgs.exe to msmsgs.ex_ ).
I was getting Internet activity even when nothing was running, so I
checked the firewall logs. The firewall kept allowing msmsgs.exe to
pass, and earlier I had accidently allowed a couple items to pass
through the firewall initially (I was trying to update Norton's
LiveUpdate and I got a million requests from programs trying to access
the internet through the firewall...most were denied, but I let a few
past by accident). I really enjoy the new "block all" feature on
norton firewall...gives me time to view the logs and make a decision.
A password was also added to the admin account. There wasn't any
originally, so I suppose it was free for the taking (thus alll the
porn storage in the temp files). I suppose some hedonophile out there
is pretty pissed off.
Thanks very much.
Dan
| |
|
| On Mon, 3 Jan 2005 22:05:52 -0600, Tim <tim@extremechatforums.com>
wrote:
>ran it first. I snagged 4,693 spyware. After that I installed Norton
>Antivirus and updated the virus defs. When I scanned with it I found
>and removed 1,769 virus's. Somewhere along the line of removing the
>adware the cdrom drive began working again. I was amazed the the
>computer even loaded windows. This computer is an old compaq. Its
>about 5 years old.
I am humbled...yeesh, that's nasty.
Did you happen to see a lot of the Beagle.M virus? That was the
primary one on this laptop.
Dan
| |
| Max M.Wachtel III 2005-04-06, 2:28 pm |
| Tim wrote:
> I just recently had to work on my aunts computer since it was pretty
> well dead. I took the thing to work on as a christmas present for her.
> When I took the pc it was running windows 98. The cdrom did not work.
> Ie and everything else you ran crashed itself or windows. In its
> current state one could not even attempt to install adaware even after
> killing all the processes. It only had 64 megs of ram.
>
> The first thing that I did was to add 128 megs of ram into the computer
> and then I was able to get adaware installed. I got it all updated and
> ran it first. I snagged 4,693 spyware. After that I installed Norton
> Antivirus and updated the virus defs. When I scanned with it I found
> and removed 1,769 virus's. Somewhere along the line of removing the
> adware the cdrom drive began working again. I was amazed the the
> computer even loaded windows. This computer is an old compaq. Its
> about 5 years old.
>
>
The best AV is an educated user.
-max
--
Virus Removal Instructions: http://www.geocities.com/maxpro4u/
Keeping Windows Clean: http://www.geocities.com/maxpro4u/madmax.html
Virus Cleaning+Fixes: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)
| |
| the_angry_monkey 2005-04-06, 2:28 pm |
| Before I had my first major crash I did not virus scan my PC for over
5 years and had it connected to broadband with no firewal (ah days of
innocence) - whilst the virus scan I did only found a few types of
virus - it found over 12000 infected files. Needless to say the PC
ceased to function after that repair operation 
|
|
|
|
|