From kenbrody at spamcop.net Mon Feb 1 09:43:26 2010 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Feb 1 09:45:08 2010 Subject: [Scgeeks] Re: App to remove all the trial junk that comes with most hardware/software In-Reply-To: References: Message-ID: On 1/30/2010 9:22 PM, Frog Prince wrote: > App to remove all the trial junk that comes with most hardware/software. > > I have it but I can't recall the name.' It's called, appropriately enough "PC De-Crapifier": http://majorgeeks.com/PC_De-Crapifier_d5223.html Of course, it won't necessarily remove "all" of the trialware that came with the system, but it knows how to remove plenty. -- Kenneth Brody From DLipman~nospam~ at Verizon.Net Mon Feb 1 14:35:16 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 1 14:40:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Heidi" | I've never been infected by anything, and this now makes four times in the | last two weeks, another trojan found by AVG in the scan last night, | Hiloti.M. It's removed, malwarebytes finds nothing now, but what's going on | that this is suddenly happening? I've got AVG, Zone Alarm running, | securities set where they've always been. I use Firefox, not IE, I don't | get it. My resident geek at work thinks they're mostly 'drive by's' from | ads at the sides of Yahoo mail screens or whatever. I don't know, but I | find it disturbing. I had AVG Link Scanner running but I turned it off | because I thought it slowed down browsing to a crawl. Do I need it after | all? This is a VERY non-specific, generic new group. If you TRULY want to discuss malware; alt.comp.virus , alt.comp.anti-virus and alt.privacy.spyware are *better* places to pose such questions. People think WWW stands for Word Wide Web. I here to tell you WWW stands for Wild Wild West as the amount of malicious activity has GREATLY increased over the past 5 years. In the past, malware author motives were mostly fame and destuction levels and they were primarily true viruses that carried the payload. Today it is money that is driving the malware. there are TOO NUMEROUS reasons for this but to anema few are simple cons like the fake anti virus applications atht get you to pay for a snake-oil product. there there is malware spoecifically designed for the intention of intentity theft. Then there are the banker tojans designed to gather financial instutional information about you and they they'll drain your account. Then there are the data stealers. I could go on and on... The MOST important aspect is YOU. You *must* practice Safe Hex. Then you must have a goo anti virus application and maybe anti spyware. AVG is a good anti virus application and MBAM is a good anti spyware. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Mon Feb 1 16:28:13 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 1 16:30:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Charles" | It wasn't me! It was "David H. Lipman" ! >> The MOST important aspect is YOU. You *must* practice Safe Hex. | Oh, hey, that's me all the way. And we even ended up with fricking viruses | on our servers. Like WTF? We're clearing a virus from at least one | machine a week. OK, that's not a lot but it is, really. That means that | on average our machines get 2 viruses a year. What's changed to make this | happen? 2 years ago we had zero viruses. It's nuts. All depends on WHAT your servers are. Are they; Internet or Intranet ? Serving what ? Another thing you use the term "virus". Everyone seems to use the term "virus" for all sorts of malware. However viruses are but a small sub-set of all malware. What malware was found on your server ? What malware is found to be recurring on said server ? --------- As a note when it comes to servers. Most of the time I find their role is abused. So-called admins use the server like a workstation and Broswse the Internet and do other things as they would do on a workstation. This is BAD practice. The Server role must be respected. That means do all work on workstations and ONLY logon to the server when make updates to that specific platform. I have seen all too often those complaining of "viruses" on a server that turn out to be non-viral malware in the form of adware and spyware indicative of so-called admins abusing the the server and using it like it was a workstation. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Mon Feb 1 17:30:14 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 1 17:35:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Charles" wrote in message news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... > It wasn't me! It was "David H. Lipman" ! > >> The MOST important aspect is YOU. You *must* practice Safe Hex. > > Oh, hey, that's me all the way. And we even ended up with fricking > viruses > on our servers. Like WTF? We're clearing a virus from at least one > machine a week. OK, that's not a lot but it is, really. That means that > on average our machines get 2 viruses a year. What's changed to make this > happen? 2 years ago we had zero viruses. It's nuts. Heh. I guess things even out in the end....in spite of all the problems I've had with my various PC's over the last 20+ years, I have yet to be infected with ANY form of malware....ever. From nobody at spamcop.net Mon Feb 1 17:58:01 2010 From: nobody at spamcop.net (bar0) Date: Mon Feb 1 18:00:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hk7kll$e1r$1@news.spamcop.net... > > "Charles" wrote in message > news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... >> It wasn't me! It was "David H. Lipman" ! >> >>> The MOST important aspect is YOU. You *must* practice Safe Hex. >> >> Oh, hey, that's me all the way. And we even ended up with fricking >> viruses >> on our servers. Like WTF? We're clearing a virus from at least one >> machine a week. OK, that's not a lot but it is, really. That means that >> on average our machines get 2 viruses a year. What's changed to make >> this >> happen? 2 years ago we had zero viruses. It's nuts. > > Heh. I guess things even out in the end....in spite of all the problems > I've had with my various PC's over the last 20+ years, I have yet to be > infected with ANY form of malware....ever. Given some of the problems you have had some of your freeware could likely also be called MALware. From nobody at spamcop.net Mon Feb 1 18:06:39 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 1 18:10:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "bar0" wrote in message news:hk7m9p$eko$1@news.spamcop.net... > Given some of the problems you have had some of your freeware could likely > also be called MALware. You mean like WinAmp somehow changing MP3 file properties so Win Exploder can't read the tag info anymore? From nobody at spamcop.net Mon Feb 1 18:31:42 2010 From: nobody at spamcop.net (bar0) Date: Mon Feb 1 18:35:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hk7mpv$ero$1@news.spamcop.net... > > "bar0" wrote in message > news:hk7m9p$eko$1@news.spamcop.net... >> Given some of the problems you have had some of your freeware could >> likely also be called MALware. > > You mean like WinAmp somehow changing MP3 file properties so Win Exploder > can't read the tag info anymore? Umm, no I'm thinking more of all your tweakers and "utilities" Do you really think it was WinAmp? I think Nullsoft have a "forum" surely you could find out if anyone else has seen that. I was actually thinking of paying for winamp. Having all their CoDecs It looks like the best music tool for my old system. Media player doesn't touch lots of files (like ogg) and WMA files from some vista systems won't play, but Winamp doesn't mind. From nobody at spamcop.net Mon Feb 1 18:36:26 2010 From: nobody at spamcop.net (bar0) Date: Mon Feb 1 18:40:08 2010 Subject: [Scgeeks] WinXP32 and 64bit machines and memory Message-ID: Folks, I've heard that even with 32bit WinXP, 4 GB of physical memory can be addressed on 64bit machines, But that no single application + DATA can exceed 2GB at a whack. Is that true? (thinking of getting 2 2GB SIMMs for the hp flaptop (turion64 processor)) My son makes and records music, including MIDI, the latter + effects eats memory. From DLipman~nospam~ at Verizon.Net Mon Feb 1 19:19:00 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 1 19:20:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Charles" | No way it was me! It was "David H. Lipman" | ! >> All depends on WHAT your servers are. >> Are they; Internet or Intranet ? >> Serving what ? | It's the domain controller, I think, that got it. Or maybe it was the | backup server. I don't really recall. It was only once. It was still | very scary. >> Another thing you use the term "virus". Everyone seems to use the >> term "virus" for all sorts of malware. However viruses are but a >> small sub-set of all malware. >> What malware was found on your server ? | I do not recall. It was not anything really malicious but that is beside | the point. The point, the fear, is that it was the server. The server is | supposed to be, as you say, left alone in its corner. WTF? >> As a note when it comes to servers. Most of the time I find their >> role is abused. So-called admins use the server like a workstation and >> Broswse the Internet and do other things as they would do on a >> workstation. | I agree. But, hey, well. It's tough. I'm only kind of in charge of that. | And, well, you shouldn't be able to get a virus from browsing the web. | Sure looks like you can. Sucks. Few "viruses" can be obtained from just browsing but it DOES happen. **A scenerio... A favourite web site you like doesn't maintain their server software and it has a vulnerability. A malicious actor from the Ukraine finds the site's vulnerability and exploits it. The malicious actor then modifies the HTML page(s) of that site to include an invisible IFrame to a third party site. That third party site then is coded with a laundry list of vulnerabilities and exploits. For this scenerio lets say you have Adobe Reader v8 installed and the web site checks that and provides a malcious PDF that then exploits a vulnerability in an Adobe function that causes a buffer overflow condition and elevation of priveledges which subsequently causes the Parite.b virus to be installed. Now the payload didn't have to be a Parite virus. It could just as easily (and more frequently) a FakeAlert trojan, Zlob trojan or a Vundo trojan. Additionally you thought you were following Safe Hex practices as that was a totally legitimate web site, but you STILL got infected (in this scenario). Now YOU tell me you can't recall the malware that hits your server, in this case a Domain controller. It seems to me that if you were the admin of a Domain controller on your Intranet that gets infected with a virus you would KNOW exactly what virus it was, what the symptoms were, etc. What that "virus" was, its payload is and what its infection vectors are are as important to know as eating food in any given 24 hour period. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Mon Feb 1 19:49:56 2010 From: nobody at spamcop.net (Heidi) Date: Mon Feb 1 19:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Charles" wrote in message news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... > It wasn't me! It was "David H. Lipman" ! > >> The MOST important aspect is YOU. You *must* practice Safe Hex. > > Oh, hey, that's me all the way. And we even ended up with fricking > viruses > on our servers. Like WTF? We're clearing a virus from at least one > machine a week. OK, that's not a lot but it is, really. That means that > on average our machines get 2 viruses a year. What's changed to make this > happen? 2 years ago we had zero viruses. It's nuts. Thank you! See, it's not just me. People think I'm some stupid newbie surfing and im'ing unprotected, good grief, short of a lockdown I've got everything I've always ever needed, but lately, it ain't workin'. From nobody at spamcop.net Mon Feb 1 19:54:00 2010 From: nobody at spamcop.net (Heidi) Date: Mon Feb 1 19:55:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "David H. Lipman" wrote in message news:hk7adl$aku$1@news.spamcop.net... > From: "Heidi" > > This is a VERY non-specific, generic new group. THIS one? This one ain't new...... "I've been around since the Anyboard Days!", LOL > > The MOST important aspect is YOU. You *must* practice Safe Hex. > > Then you must have a goo anti virus application and maybe anti spyware. > > AVG is a good anti virus application and MBAM is a good anti spyware. 'Zactly. So they should have protected me, no? MBAM was downloaded to get rid of it, but I think I'll be using it frequently now. From nobody at spamcop.net Mon Feb 1 20:41:09 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 1 20:45:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "bar0" wrote in message news:hk7o8u$f9d$1@news.spamcop.net... > > Umm, no I'm thinking more of all your tweakers and "utilities" You may have missed my post weeks ago that I didn't reinstall most of the "tweakers" I used to have on board....only have a few installed now, and two of those are "clean wipe" deinstallers. I didn't even install EasyCleaner, a free app I've been using for about 10 years. Found out it wipes out some Win install files (cleans the Temp directory too well), meaning that when I went to uninstall something the original install info was gone....not good! > > Do you really think it was WinAmp? I do find it hard to believe, but that's the only thing that changed between being able to see the tag info and having it disappear....except maybe for a couple update packages. > > I think Nullsoft have a "forum" surely you could find out if anyone else > has seen that. I posted to an MS NG this afternoon about the issue, and some moron representing MS (according to his sig) said "you have to use NTFS to read streaming file info". Huh? Since when does Vista run in FAT32 to start with?! > > I was actually thinking of paying for winamp. Having all their CoDecs It > looks like the best music tool for my old system. Media player doesn't > touch lots of files (like ogg) and WMA files from some vista systems won't > play, but Winamp doesn't mind. > I find using WinAmp rather non-intuitive and difficult to navigate. Rhapsody and WMP are much easier to use IMO. From DLipman~nospam~ at Verizon.Net Mon Feb 1 20:58:41 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 1 21:00:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Charles" | No way it was me! It was "David H. Lipman" | ! >> Now YOU tell me you can't recall the malware that hits your server, in >> this case a Domain controller. | I do tell you that. Yup. I have a bad memory and it's getting worse from | the drugs I'm taking. I can look up the bill from our network guys - it | might say what the problem was... >> It seems to me that if you were the admin of a Domain controller on >> your Intranet that gets infected with a virus you would KNOW exactly >> what virus it was, what the symptoms were, etc. | The symptoms were that Norton freaked out _and_ couldn't delete whatever | file it was. As far as I know nothing nefarious happened but, well, hey, | maybe it did. We have a pretty tight firewall AFAIK but, well, I do let | others take care of most everything. Again, I am nominatively in control | of all of this stuff and when the guys are all out I get to deal with | everything but most of the time I try to avoid having to do so. I prefer | managing in a hands off way. Yeah, yeah. This got me a virus on a DC. | Well, sucks. And it happens and whatever. And we're still alive. Oh. | This just makes it sound like it's terrible and we're just losers. Really, | it's not that bad. Honest. We have some semblance of order and control | over what goes on. And we're always working at getting better at it all. | And still... More people are getting viruses. It's freaking weird. Your attitude is poor considering the server and its role. Being infected with malware can have a devasting effect on the company, its trade secrets, its privacy, the botton line, etc.... -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Mon Feb 1 21:01:25 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 1 21:05:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Heidi" | "Charles" wrote in message | news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... >> It wasn't me! It was "David H. Lipman" ! >>> The MOST important aspect is YOU. You *must* practice Safe Hex. >> Oh, hey, that's me all the way. And we even ended up with fricking >> viruses >> on our servers. Like WTF? We're clearing a virus from at least one >> machine a week. OK, that's not a lot but it is, really. That means that >> on average our machines get 2 viruses a year. What's changed to make this >> happen? 2 years ago we had zero viruses. It's nuts. | Thank you! See, it's not just me. People think I'm some stupid newbie | surfing and im'ing unprotected, good grief, short of a lockdown I've got | everything I've always ever needed, but lately, it ain't workin'. When was the last time YOU mitigated all vulnerabilities on your PC ? RealAudio Sun Java iTunes/Quicktime Browser Adobe PDF To name but a few softwares known to be highly exploited. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Tue Feb 2 10:22:39 2010 From: nobody at spamcop.net (bar0) Date: Tue Feb 2 10:25:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hk7vrk$hrp$1@news.spamcop.net... > > "bar0" wrote in message > news:hk7o8u$f9d$1@news.spamcop.net... >> ... > > I find using WinAmp rather non-intuitive and difficult to navigate. > Rhapsody and WMP are much easier to use IMO. Curious how different minds work, Not that I find WinAmp totally intuitive, but WMP leaves me totally puzzled sometimes. Too much auto-magic. I still use it, since my Streamium needs to talk to it. From nobody at spamcop.net Tue Feb 2 11:25:05 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 2 11:30:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: For anyone who wishes to read, here are a few sites I check now & then when I'm curious about the viral situation: http://www.mimosasystems.com/articles/how-to-avoid-trojans-in-your-email.html http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html http://www.viruslist.com/en/viruses/encyclopedia?virusid=41815 http://www.us-cert.gov/current/ I don't especially recommend or make any statements of usability of the above links and information; it's simply part of a list I look at now & then that seems to have reasonable information free of bias and opinion. What they will do is give the reader a feel for the several different ways things can happen to them but of course, not an all inclusive list. There is no such thing as a 100% secure computer system and never will be, but we CAN and many do, come as close to perfection as we know how and can research. It pays to be pro-active about your systems but not to the point of excessive paranoia. HTH, Twayne In news:hk80sk$i7i$1@news.spamcop.net, David H. Lipman typed: > From: "Charles" > >> No way it was me! It was "David H. Lipman" >> ! > >>> Now YOU tell me you can't recall the malware that hits your server, >>> in this case a Domain controller. > >> I do tell you that. Yup. I have a bad memory and it's getting >> worse from the drugs I'm taking. I can look up the bill from our >> network guys - it might say what the problem was... > > >>> It seems to me that if you were the admin of a Domain controller on >>> your Intranet that gets infected with a virus you would KNOW exactly >>> what virus it was, what the symptoms were, etc. > >> The symptoms were that Norton freaked out _and_ couldn't delete >> whatever file it was. As far as I know nothing nefarious happened >> but, well, hey, maybe it did. We have a pretty tight firewall AFAIK >> but, well, I do let others take care of most everything. Again, I >> am nominatively in control of all of this stuff and when the guys >> are all out I get to deal with everything but most of the time I try >> to avoid having to do so. I prefer managing in a hands off way. >> Yeah, yeah. This got me a virus on a DC. Well, sucks. And it >> happens and whatever. And we're still alive. Oh. This just makes >> it sound like it's terrible and we're just losers. Really, it's not >> that bad. Honest. We have some semblance of order and control over >> what goes on. And we're always working at getting better at it all. >> And still... More people are getting viruses. It's freaking weird. > > > Your attitude is poor considering the server and its role. > > Being infected with malware can have a devasting effect on the > company, its trade secrets, its privacy, the botton line, etc.... From nobody at spamcop.net Tue Feb 2 11:29:13 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 2 11:30:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hk7kll$e1r$1@news.spamcop.net, Indigo typed: > "Charles" wrote in message > news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... >> It wasn't me! It was "David H. Lipman" >> ! >>> The MOST important aspect is YOU. You *must* practice Safe Hex. >> >> Oh, hey, that's me all the way. And we even ended up with fricking >> viruses >> on our servers. Like WTF? We're clearing a virus from at least one >> machine a week. OK, that's not a lot but it is, really. That means >> that on average our machines get 2 viruses a year. What's changed >> to make this happen? 2 years ago we had zero viruses. It's nuts. > > Heh. I guess things even out in the end....in spite of all the > problems I've had with my various PC's over the last 20+ years, I > have yet to be infected with ANY form of malware....ever. This being spamcop, it might be a good place to ask this: Does anyone know if only Windows machines using IE are being targetted? I've read in a couple places that it's IE being attacked but not other browsers. I use the latest FireFox version (and occasionally IE8) and have had no problems. But I do have neighbors around me who use IE7 & 8 who've had problems. Supposedly they have good habits, but that's always an unknown factor for sure. Just wondering what the common experience is, Twayne From joegill at removethis Tue Feb 2 12:15:54 2010 From: joegill at removethis (Joe Gill) Date: Tue Feb 2 12:20:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hk9jsv$3l4$1@news.spamcop.net... > In news:hk7kll$e1r$1@news.spamcop.net, > Indigo typed: >> "Charles" wrote in message >> news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... >>> It wasn't me! It was "David H. Lipman" >>> ! >>>> The MOST important aspect is YOU. You *must* practice Safe Hex. >>> >>> Oh, hey, that's me all the way. And we even ended up with fricking >>> viruses >>> on our servers. Like WTF? We're clearing a virus from at least one >>> machine a week. OK, that's not a lot but it is, really. That means >>> that on average our machines get 2 viruses a year. What's changed >>> to make this happen? 2 years ago we had zero viruses. It's nuts. >> >> Heh. I guess things even out in the end....in spite of all the >> problems I've had with my various PC's over the last 20+ years, I >> have yet to be infected with ANY form of malware....ever. > > This being spamcop, it might be a good place to ask this: > > Does anyone know if only Windows machines using IE are being targetted? > I've read in a couple places that it's IE being attacked but not other > browsers. > > I use the latest FireFox version (and occasionally IE8) and have had no > problems. But I do have neighbors around me who use IE7 & 8 who've had > problems. Supposedly they have good habits, but that's always an unknown > factor for sure. > > Just wondering what the common experience is, > > Twayne I think it is only IE.... I am using IE and have had zero problems. I When you say "..they have good habits..." many people do! But I have found what some people get suckered on is a site which pops up a small box saying something like "Your Flash Player is out of date, Click here to update.". From nobody at spamcop.net Tue Feb 2 12:19:42 2010 From: nobody at spamcop.net (bar0) Date: Tue Feb 2 12:20:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hk9jsv$3l4$1@news.spamcop.net... > In news:hk7kll$e1r$1@news.spamcop.net, > Indigo typed: >> "Charles" wrote in message >> news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... >>> It wasn't me! It was "David H. Lipman" >>> ! >>>> The MOST important aspect is YOU. You *must* practice Safe Hex. >>> >>> Oh, hey, that's me all the way. And we even ended up with fricking >>> viruses >>> on our servers. Like WTF? We're clearing a virus from at least one >>> machine a week. OK, that's not a lot but it is, really. That means >>> that on average our machines get 2 viruses a year. What's changed >>> to make this happen? 2 years ago we had zero viruses. It's nuts. >> >> Heh. I guess things even out in the end....in spite of all the >> problems I've had with my various PC's over the last 20+ years, I >> have yet to be infected with ANY form of malware....ever. > > This being spamcop, it might be a good place to ask this: > > Does anyone know if only Windows machines using IE are being targetted? > I've read in a couple places that it's IE being attacked but not other > browsers. > > I use the latest FireFox version (and occasionally IE8) and have had no > problems. But I do have neighbors around me who use IE7 & 8 who've had > problems. Supposedly they have good habits, but that's always an unknown > factor for sure. > > Just wondering what the common experience is, I've used IE whatever pretty much only on the PC since it was released (mid 90's?). I've not had a problem that I'm aware of. Some shareware or PC Bloatware (weather Bug) comes to mind) that I have had was labeled spyware, and removed over the years a couple of bad files have landed in tmp, but were never executed. OTOH, if I have any question about a site (or want to see where some spam redirects), I use an obscure and very secure OS with an obscure browser, (It's setup to self identify as IE6 on a PC) never the PC. From blacklist-me at davjam.org Tue Feb 2 15:08:30 2010 From: blacklist-me at davjam.org (David Bolt) Date: Tue Feb 2 15:15:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: <7733066.PT4EfDdHjk@dev.null.davjam.org> On Tuesday 02 Feb 2010 16:29, while playing with a tin of spray paint, Twayne painted this mural: > Does anyone know if only Windows machines using IE are being targetted? No, it's not. It's virtually only Windows systems that are targeted, but Firefox and Opera have been targeted as well as. > I've > read in a couple places that it's IE being attacked but not other browsers. Remember the old Storm worm? It hosted pages on infected systems and, when someone went to look at them, it would include a chunk of Javascript that had a wide selection of exploits it could try, and which version of the script it would send depended on what the browser identified itself as. > I use the latest FireFox version (and occasionally IE8) and have had no > problems. But I do have neighbors around me who use IE7 & 8 who've had > problems. Supposedly they have good habits, but that's always an unknown > factor for sure. While using Windows, I only had one infection. I was using Firefox at the time and, as is recommended to make sure that you really remove any infection, I performed a total wipe and reinstall. Damned annoying, but it's the only way to really be sure your machine doesn't have any hidden malware. > Just wondering what the common experience is, IE is targeted rather more than Firefox, mainly because Microsoft tied it quite deeply into Windows, thereby providing a much easier way to for malware to get in. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From not at home.today Tue Feb 2 16:19:48 2010 From: not at home.today (Ant) Date: Tue Feb 2 16:25:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Twayne" wrote: > Does anyone know if only Windows machines using IE are being targetted? I've > read in a couple places that it's IE being attacked but not other browsers. Windows and IE are popular targets because of the large installed base. IE also exposes a greater surface for exploit attempts than other browsers with its ability to run ActiveX controls. However, in most cases it's not the browser itself being directly targetted but the AX controls, plugins and associated helper applications being used. So, any browser can be at risk. The typical scenario tries to inject code into the process address space with the help of Javascript (any browser) or, less commonly, VBscript (IE only) and goes something like this: - A malicious script creates an invisible iframe. - It checks the browser make and capabilities. - A document/file/media stream is presented for a plugin to handle. - The data is malformed and the vulnerable component triggers execution of shellcode previously prepared by the script. - Or - the document contains its own script (e.g. PDF ActionScript) which triggers a plugin vulnerability leading to execution of code embedded in the document. I've examined many of these scripts and associated executable code and in all cases they've been aimed at Windows machines. That is, they call Windows API functions to download and run Windows executables. This is why it's so important to check that not only the browser but the components and other software it uses are properly configured and updated. For myself, I never allow any documents like PDF and SWF or streaming media to automatically display/render or activate. It helps protect against zero-day exploits for bugs that the vendors haven't yet discovered and patched. From me at privacy.net Tue Feb 2 16:22:42 2010 From: me at privacy.net (Frog Prince) Date: Tue Feb 2 16:25:09 2010 Subject: [Scgeeks] Re: WinXP32 and 64bit machines and memory References: Message-ID: "bar0" wrote in message news:hk7ohq$fe9$1@news.spamcop.net... > Folks, > > I've heard that even with 32bit WinXP, 4 GB of physical memory can be > addressed on 64bit machines, But that no single application + DATA can > exceed 2GB at a whack. Is that true? (thinking of getting 2 2GB SIMMs for > the hp flaptop (turion64 processor)) My son makes and records music, > including MIDI, the latter + effects eats memory. My kids do a LOT of music and video process work. While they use win boxes for other things they will do music and video process work ONLY on Mac Boxen. They say they could but it's just not worth the hassle to the point of turning down paying gigs because the client required the work to be done on Windows platform. From me at privacy.net Tue Feb 2 19:04:41 2010 From: me at privacy.net (Frog Prince) Date: Tue Feb 2 19:05:08 2010 Subject: [Scgeeks] Need an app to unhide a hidden partition Message-ID: Playing with two HDD (one visita one XP) and would like to find out what I need to do to view/unhide the hidden partitions. From nobody at spamcop.net Tue Feb 2 19:59:58 2010 From: nobody at spamcop.net (bar0) Date: Tue Feb 2 20:00:08 2010 Subject: [Scgeeks] Re: WinXP32 and 64bit machines and memory References: Message-ID: "Frog Prince" wrote in message news:hka539$9fk$1@news.spamcop.net... > > "bar0" wrote in message > news:hk7ohq$fe9$1@news.spamcop.net... >> Folks, >> >> I've heard that even with 32bit WinXP, 4 GB of physical memory can be >> addressed on 64bit machines, But that no single application + DATA can >> exceed 2GB at a whack. Is that true? (thinking of getting 2 2GB SIMMs for >> the hp flaptop (turion64 processor)) My son makes and records music, >> including MIDI, the latter + effects eats memory. > > My kids do a LOT of music and video process work. While they use win > boxes for other things they will do music and video process work ONLY on > Mac Boxen. > > They say they could but it's just not worth the hassle to the point of > turning down paying gigs because the client required the work to be done > on Windows platform. It's a hobby and we (well, he) just can't afford a Mac right now. But I can afford a $100 memory gift now and then. Last I looked a minimal workable Mac was > $1K, you can buy a lot of PC for that. From nobody at spamcop.net Tue Feb 2 20:03:59 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 2 20:05:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "bar0" wrote in message news:hk9fvv$2a0$1@news.spamcop.net... > > Curious how different minds work, Not that I find WinAmp totally > intuitive, but WMP leaves me totally puzzled sometimes. Too much > auto-magic. First thing you need to do with WMP is cut off it's communications with the 'net, else you will find hundreds of album cover JPG's in your music folders! From nobody at spamcop.net Tue Feb 2 20:07:48 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 2 20:10:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Ant" wrote in message news:hka4v0$9f4$1@news.spamcop.net... > I've examined many of these scripts and associated executable code > and in all cases they've been aimed at Windows machines. That is, they > call Windows API functions to download and run Windows executables. Isn't that what DEP is designed to prevent? From DLipman~nospam~ at Verizon.Net Tue Feb 2 20:24:18 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 2 20:25:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "Ant" wrote in message | news:hka4v0$9f4$1@news.spamcop.net... >> I've examined many of these scripts and associated executable code >> and in all cases they've been aimed at Windows machines. That is, they >> call Windows API functions to download and run Windows executables. | Isn't that what DEP is designed to prevent? http://support.microsoft.com/kb/875352 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Tue Feb 2 20:46:51 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 2 20:50:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkaj84$eb3$1@news.spamcop.net... > > http://support.microsoft.com/kb/875352 > That link is for XP, I'm running Vista.... From not at home.today Tue Feb 2 21:15:28 2010 From: not at home.today (Ant) Date: Tue Feb 2 21:20:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Indigo" wrote: > "Ant" wrote: >> I've examined many of these scripts and associated executable code >> and in all cases they've been aimed at Windows machines. That is, they >> call Windows API functions to download and run Windows executables. > > Isn't that what DEP is designed to prevent? Yes, it's supposed to stop code running in memory segments allocated for data storage like the stack and heap, so it should thwart these shellcode attacks. The software (browser and plugins, etc.) also need to be compatible with it. So-called software data execution prevention may not prevent injected code from running but true hardware DEP as implemented in modern Intel and AMD processors should. I don't know when it was introduced but my machine doesn't support it. From me at privacy.net Tue Feb 2 21:18:59 2010 From: me at privacy.net (Frog Prince) Date: Tue Feb 2 21:55:08 2010 Subject: [Scgeeks] Re: WinXP32 and 64bit machines and memory References: Message-ID: "bar0" wrote in message news:hkahqf$dsj$1@news.spamcop.net... > > "Frog Prince" wrote in message > news:hka539$9fk$1@news.spamcop.net... >> >> "bar0" wrote in message >> news:hk7ohq$fe9$1@news.spamcop.net... >>> Folks, >>> >>> I've heard that even with 32bit WinXP, 4 GB of physical memory can be >>> addressed on 64bit machines, But that no single application + DATA can >>> exceed 2GB at a whack. Is that true? (thinking of getting 2 2GB SIMMs >>> for the hp flaptop (turion64 processor)) My son makes and records music, >>> including MIDI, the latter + effects eats memory. >> >> My kids do a LOT of music and video process work. While they use win >> boxes for other things they will do music and video process work ONLY on >> Mac Boxen. >> >> They say they could but it's just not worth the hassle to the point of >> turning down paying gigs because the client required the work to be done >> on Windows platform. > > It's a hobby and we (well, he) just can't afford a Mac right now. But I > can afford a $100 memory gift now and then. > > Last I looked a minimal workable Mac was > $1K, you can buy a lot of PC > for that. If you do run across a deal on a Mac be aware that there are some serious compatibility problem with software between the old Mac and the Intel Mac. Problems the vendors won't tell you about so do your research. From blacklist-me at davjam.org Tue Feb 2 23:24:20 2010 From: blacklist-me at davjam.org (David Bolt) Date: Tue Feb 2 23:30:08 2010 Subject: [Scgeeks] Re: Need an app to unhide a hidden partition References: Message-ID: <1399862.67uLZWGnKm@dev.null.davjam.org> On Wednesday 03 Feb 2010 00:04, while playing with a tin of spray paint, Frog Prince painted this mural: > > Playing with two HDD (one visita one XP) and would like to find out what I > need to do to view/unhide the hidden partitions. If you don't mind using a Linux live CD, you could use fdisk to change partition types. Alternatively, if you prefer a GUI, you could use the gparted live CD to (re)set the hidden flag for the partition. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From joegill at removethis Wed Feb 3 11:43:52 2010 From: joegill at removethis (Joe Gill) Date: Wed Feb 3 11:45:07 2010 Subject: [Scgeeks] Re: WinXP32 and 64bit machines and memory In-Reply-To: References: Message-ID: "bar0" wrote in message news:hk7ohq$fe9$1@news.spamcop.net... > Folks, > > I've heard that even with 32bit WinXP, 4 GB of physical memory can be > addressed on 64bit machines, But that no single application + DATA can > exceed 2GB at a whack. Is that true? (thinking of getting 2 2GB SIMMs for > the hp flaptop (turion64 processor)) My son makes and records music, > including MIDI, the latter + effects eats memory. I was under the assumption that WinXP can only address the result of (Total installed memory (4G or less) less the video memory size). Also, I am under the assumption that VISTA and 7 are much better at memory management! Step one would be to bring the memory up. Step two would be do make sure the pagefile is sized correctly and not in many segments. Step three would be to make sure the programs he is using are the BEST for the purpose and for your environment. There are MANY programs out there... some Great, some Good, some Bad, and some UGLY! If memory utilization is still a problem, then I would use Task Manager, turn on some of the 'memory' related columns(working set size and Peak working set size) and see who are the virutal memory 'pigs'. If they are not needed system funtions, terminate them. Now turn on the 'Page Fault; and 'Page Fault Delta' column. Look for programs with high page faults, relative to their value to you! One last suggestion! And it would have to be followed completeley to work!. For the 'sessions' of working with music, disconnect from the net (both wired and wireless), then turn OFF AV protection until the next reboot. One has to be very disciplined, but this could buy you performance improvements, both memory and CPU utilization! From nobody at spamcop.net Wed Feb 3 12:36:12 2010 From: nobody at spamcop.net (bar0) Date: Wed Feb 3 12:40:09 2010 Subject: [Scgeeks] Re: WinXP32 and 64bit machines and memory In-Reply-To: References: Message-ID: "Joe Gill" wrote in message news:hkc94u$he$1@news.spamcop.net... > .... > > One last suggestion! And it would have to be followed completeley to > work!. For the 'sessions' of working with music, disconnect from the net > (both wired and wireless), then turn OFF AV protection until the next > reboot. One has to be very disciplined, but this could buy you performance > improvements, both memory and CPU utilization! We're doing the latter already, and we've disabled a lot of the Vista window dressing (transparent borders etc.) His HW/SW combo from ProSonus had a pretty good guide to maximizing resources. The thing I was interested in is 4GB, he has 2 now. From nobody at spamcop.net Wed Feb 3 16:40:02 2010 From: nobody at spamcop.net (Twayne) Date: Wed Feb 3 16:40:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hk9mkr$4lc$1@news.spamcop.net, Joe Gill typed: > "Twayne" wrote in message > news:hk9jsv$3l4$1@news.spamcop.net... >> In news:hk7kll$e1r$1@news.spamcop.net, >> Indigo typed: >>> "Charles" wrote in message >>> news:Xns9D1295CBBFF7DThisIsMyPost@216.154.195.61... >>>> It wasn't me! It was "David H. Lipman" >>>> ! >>>>> The MOST important aspect is YOU. You *must* practice Safe Hex. >>>> >>>> Oh, hey, that's me all the way. And we even ended up with fricking >>>> viruses >>>> on our servers. Like WTF? We're clearing a virus from at least >>>> one machine a week. OK, that's not a lot but it is, really. That >>>> means that on average our machines get 2 viruses a year. What's >>>> changed to make this happen? 2 years ago we had zero viruses. It's >>>> nuts. >>> >>> Heh. I guess things even out in the end....in spite of all the >>> problems I've had with my various PC's over the last 20+ years, I >>> have yet to be infected with ANY form of malware....ever. >> >> This being spamcop, it might be a good place to ask this: >> >> Does anyone know if only Windows machines using IE are being >> targetted? I've read in a couple places that it's IE being attacked >> but not other browsers. >> >> I use the latest FireFox version (and occasionally IE8) and have had >> no problems. But I do have neighbors around me who use IE7 & 8 >> who've had problems. Supposedly they have good habits, but that's >> always an unknown factor for sure. >> >> Just wondering what the common experience is, >> >> Twayne > > I think it is only IE.... I am using IE and have had zero problems. I > When you say "..they have good habits..." many people do! But I have > found what some people get suckered on is a site which pops up a > small box saying something like "Your Flash Player is out of date, > Click here to update.". Yup, and then they click! I never follow an e-mail link, post link or even that from a web page if I don't know the source and it's a link I have saved on my machine. Much better to use your own links. Not perfect, but so far it works well. Too many lookalikes to be bothered these days. Cheers, Twayne` From nobody at spamcop.net Wed Feb 3 16:50:07 2010 From: nobody at spamcop.net (Twayne) Date: Wed Feb 3 16:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkam9a$ffl$1@news.spamcop.net, Ant typed: > "Indigo" wrote: > >> "Ant" wrote: >>> I've examined many of these scripts and associated executable code >>> and in all cases they've been aimed at Windows machines. That is, >>> they call Windows API functions to download and run Windows >>> executables. >> >> Isn't that what DEP is designed to prevent? > > Yes, it's supposed to stop code running in memory segments allocated > for data storage like the stack and heap, so it should thwart these > shellcode attacks. The software (browser and plugins, etc.) also need > to be compatible with it. So-called software data execution prevention > may not prevent injected code from running but true hardware DEP as > implemented in modern Intel and AMD processors should. I don't know > when it was introduced but my machine doesn't support it. Interestingly enough, I noticed that Applies To listed XP Pro but not XP Home. Must be another diff between the two. Regards, Twayne` From nobody at spamcop.net Wed Feb 3 16:54:26 2010 From: nobody at spamcop.net (Twayne) Date: Wed Feb 3 16:55:08 2010 Subject: [Scgeeks] Re: Need an app to unhide a hidden partition References: Message-ID: In news:hkaej1$cnt$1@news.spamcop.net, Frog Prince typed: > Playing with two HDD (one visita one XP) and would like to find out > what I need to do to view/unhide the hidden partitions. Won't Disk Management let you give it a drive letter? Normally I think it has an "*" in the drive letter place. I just went in and gave it a drive letter to see the partition and what was in it. Turned out it contained a bunch of trouble-shooting tools! Good ones! Darned if I can figure out how to access them properly though! I wrote and asked Dell but they're a black hole; may not have liked my finding them. Start; Programs; Administrative Tools; Computer Management; Disk Management. If the Admin tools aren't there, they're usually in Control Panel instead or in addition. Not sure which one is the default but only one place is. Regards, Twayne` From DLipman~nospam~ at Verizon.Net Wed Feb 3 19:51:59 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Wed Feb 3 19:55:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkaj84$eb3$1@news.spamcop.net... >> http://support.microsoft.com/kb/875352 | That link is for XP, I'm running Vista.... Maybe but DEP is basically the same and you didn't specifically indicate and OS ( XP, Vista or Win7). However, you are correct in the assumption that DEP can help. In fact the US CERT had indicated in a notice of a recnt vulnerability in Adobe Reader/Acrobat (prior to v9.3) to enable DEP and disable Javascript. Enabling DEP will prevent the shellcode in that situation from being executed. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Wed Feb 3 21:31:32 2010 From: nobody at spamcop.net (Heidi) Date: Wed Feb 3 21:35:09 2010 Subject: [Scgeeks] Still something weird going on Message-ID: Last night (without No Script running, in the latest FF ) I clicked on a google search result that I know was a legit site, (Safe Search is on) and got redirected to ' can't load meta7 search site" or something like that. I backed up, hit the link again, and went where it should. The same thing happened again only went to a different site, also the page didn't load. When I reboot, I get a 'windows' message saying it can't find "azapujaxa.dll". That file was infected with the Hiloti trojan when it last found something, and was moved to the virus vault and then deleted. A google search on "azapujaxa.dll" gets no hits - so something must be hiding, but four programs found no threats. Aside from that, everything seems to be working as it should. Browser redirects are making me nervous though.... :(. From MikeE at ster.invalid Wed Feb 3 22:17:21 2010 From: MikeE at ster.invalid (Mike Easter) Date: Wed Feb 3 22:20:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: Heidi wrote: > When I reboot, I get a 'windows' message saying it can't find > "azapujaxa.dll". That file was infected with the Hiloti trojan when it last > found something, and was moved to the virus vault and then deleted. Maybe you still have hiloti key/s in the registry requesting the .dll Here's a hiloti removal page http://www.spywareremove.com/removeTrojanHiloti.html Trojan.Hiloti Removal Guide > A > google search on "azapujaxa.dll" gets no hits - so something must be > hiding, but four programs found no threats. If your registry is hiloti contaminated you might see the same thing. From above link "Step 1 : Use Registry Editor to Remove Trojan.Hiloti Registry Values" -- Mike Easter From nobody at spamcop.net Wed Feb 3 23:00:35 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 3 23:05:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkd5ni$afk$1@news.spamcop.net... > > Maybe but DEP is basically the same and you didn't specifically indicate > and OS ( XP, > Vista or Win7). > > However, you are correct in the assumption that DEP can help. In fact the > US CERT had > indicated in a notice of a recnt vulnerability in Adobe Reader/Acrobat > (prior to v9.3) to > enable DEP and disable Javascript. Enabling DEP will prevent the > shellcode in that > situation from being executed. Well, it didn't help me tonite.....I had two FF windows open, with about 5 tabs each, several tabs were Yahoo websites, and at exactly 7:22 pm I got infected by the effing Antivirus 2010 affliction that is running rampant right now. On top of that, it also apparently allowed 4 other trojans/backdoors in at the same time, AND it changed my security settings! (turned off Win Defender, for instance). I downloaded Malwarebyte's software to try to clean my PC, but the effing infection wouldn't allow it to install properly! Luckily, I had SuperAntiSpyware previously installed, ran that in safe mode, it found all the nasties and deleted them, but when I rebooted I got stuck in no-man's land (blank blue screen with the hard drive LED blinking like crazy). I rebooted and used System Restore to go back to this morning's restore point, now everything is hunky dory after 2 hours of work. I just successfully installed MBAM and I'm running a complete scan of all my drives, hopefully it won't find anything. But I forget all the advice given to Heidi on how to prevent re-infections: do I have to disable Active-X? From DLipman~nospam~ at Verizon.Net Thu Feb 4 06:30:34 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Thu Feb 4 06:35:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkd5ni$afk$1@news.spamcop.net... >> Maybe but DEP is basically the same and you didn't specifically indicate >> and OS ( XP, >> Vista or Win7). >> However, you are correct in the assumption that DEP can help. In fact the >> US CERT had >> indicated in a notice of a recnt vulnerability in Adobe Reader/Acrobat >> (prior to v9.3) to >> enable DEP and disable Javascript. Enabling DEP will prevent the >> shellcode in that >> situation from being executed. | Well, it didn't help me tonite.....I had two FF windows open, with about 5 | tabs each, several tabs were Yahoo websites, and at exactly 7:22 pm I got | infected by the effing Antivirus 2010 affliction that is running rampant | right now. On top of that, it also apparently allowed 4 other | trojans/backdoors in at the same time, AND it changed my security settings! | (turned off Win Defender, for instance). | I downloaded Malwarebyte's software to try to clean my PC, but the effing | infection wouldn't allow it to install properly! Luckily, I had | SuperAntiSpyware previously installed, ran that in safe mode, it found all | the nasties and deleted them, but when I rebooted I got stuck in no-man's | land (blank blue screen with the hard drive LED blinking like crazy). I | rebooted and used System Restore to go back to this morning's restore point, | now everything is hunky dory after 2 hours of work. | I just successfully installed MBAM and I'm running a complete scan of all my | drives, hopefully it won't find anything. But I forget all the advice given | to Heidi on how to prevent re-infections: do I have to disable Active-X? Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, etc. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Thu Feb 4 06:57:04 2010 From: nobody at spamcop.net (Heidi) Date: Thu Feb 4 07:00:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "David H. Lipman" wrote in message news:hkeb4u$n05$1@news.spamcop.net... > From: "Indigo" > > > | I just successfully installed MBAM and I'm running a complete scan of > all my > | drives, hopefully it won't find anything. But I forget all the advice > given > | to Heidi on how to prevent re-infections: do I have to disable Active-X? > > > Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, > etc. You are beyond just offensive now, sliding right into "rude and obnoxious". From nobody at spamcop.net Thu Feb 4 07:01:25 2010 From: nobody at spamcop.net (Heidi) Date: Thu Feb 4 07:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: "Mike Easter" wrote in message news:hkde82$dch$1@news.spamcop.net... > Heidi wrote: > >> When I reboot, I get a 'windows' message saying it can't find >> "azapujaxa.dll". That file was infected with the Hiloti trojan when it >> last found something, and was moved to the virus vault and then deleted. > > Maybe you still have hiloti key/s in the registry requesting the .dll > > Here's a hiloti removal page > http://www.spywareremove.com/removeTrojanHiloti.html Trojan.Hiloti > Removal Guide > > > A >> google search on "azapujaxa.dll" gets no hits - so something must be >> hiding, but four programs found no threats. > > If your registry is hiloti contaminated you might see the same thing. > > From above link "Step 1 : Use Registry Editor to Remove Trojan.Hiloti > Registry Values" I ran their scanner Spy Hunter, and it found a bunch of registry items, most of which are something called Wild Tangent, I don't do gaming which is supposedly what that's for, so I have no idea what that's all about. Found 2 others Rogue.Spy.Protector, and Trojan.Dropper. I deleted the Rogue stuff, but I"m not keen on screwing with my registry, especially not late at night, so I'm going to keep trying to find something to remove it. MWB and SAS still don't find anything in the registry. From nobody at spamcop.net Thu Feb 4 08:32:58 2010 From: nobody at spamcop.net (bar0) Date: Thu Feb 4 08:35:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Heidi" wrote in message news:hkecmi$nj4$1@news.spamcop.net... > > "David H. Lipman" wrote in message > news:hkeb4u$n05$1@news.spamcop.net... >> From: "Indigo" >> >> >> | I just successfully installed MBAM and I'm running a complete scan of >> all my >> | drives, hopefully it won't find anything. But I forget all the advice >> given >> | to Heidi on how to prevent re-infections: do I have to disable >> Active-X? >> >> >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, >> etc. > > You are beyond just offensive now, sliding right into "rude and > obnoxious". > Yahoo in particular, and hotmail/msn also to a lesser degree offer up malware advertizing pages and frames. If you allow scripting and activex, you can just be passively on a yahoo mail page and ads may cycle right into malware. From not at home.today Thu Feb 4 10:01:27 2010 From: not at home.today (Ant) Date: Thu Feb 4 10:05:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Twayne" wrote: > Ant typed: >> [DEP] > Interestingly enough, I noticed that Applies To listed XP Pro but not XP > Home. Must be another diff between the two. It applies to all NT variants since (and including) XP SP2. I'm currently cleaning a friend's XP Home system and it has DEP. From not at home.today Thu Feb 4 10:02:43 2010 From: not at home.today (Ant) Date: Thu Feb 4 10:05:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "David H. Lipman" wrote: > From: "Indigo" >> But I forget all the advice given to Heidi on how to prevent >> re-infections: You could always re-read the thread. >> do I have to disable Active-X? Firefox doesn't use MS components unless you have some plugin allowing it to. > Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, etc. That's a bit harsh, Dave. I suspect Indigo is not deliberately running stuff and it should be possible to visit malicious or compromised sites without being drive-by infected provided you don't allow automatic installation of anything, your software is up-to-date and appropriate configuration/security settings are in effect. However, I wouldn't advise visiting a known bad site because there's always the possibility of being caught by a zero-day exploit. I'd really like to see an example web page where these recently reported problems are originating. From MikeE at ster.invalid Thu Feb 4 10:05:52 2010 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 4 10:10:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: Heidi wrote: > "Mike Easter" >> Heidi wrote: >> >>> When I reboot, I get a 'windows' message saying it can't find >>> "azapujaxa.dll". >> From above link "Step 1 : Use Registry Editor to Remove Trojan.Hiloti >> Registry Values" > > Spy Hunter, and it found a bunch of registry items, > I"m not keen on screwing with my registry, While I don't encourage 'screwing with' the registry carelessly; realize that what you are doing is screwing with the registry sorta carelessly. That is, when you contaminate 'recklessly' (whether you realized it or meant for any actions to be reckless or not) and then you 'algorithmically' mess with the registry by using contaminant removal tools, you are definitely screwing with the registry. The contamination and sanitization process screws with the registry bigtime and is overall a destabilizing influence on it. IMO the 'purpose' of decontamination tools should be to demonstrate that no decontamination is necessary. Using them to remove stuff is a sign that something is wrong with the way you are configured or using your browser or some other activities that needs to be permanently changed, not getting another new decontamination tool. -- Mike Easter From MikeE at ster.invalid Thu Feb 4 10:52:12 2010 From: MikeE at ster.invalid (Mike Easter) Date: Thu Feb 4 10:55:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: Ant wrote: > "David H. Lipman" wrote: >> From: "Indigo" >>> But I forget all the advice given to Heidi on how to prevent >>> re-infections: > > You could always re-read the thread. Ha! >>> do I have to disable Active-X? > > Firefox doesn't use MS components unless you have some plugin allowing > it to. Yeah, there /is/ some kind of active-x plugin >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, etc. > > That's a bit harsh, Dave. I don't understand why it is necessary to couch one's language so cautiously to avoid hurting tender sensibilities about this business. When people get infected/contaminated, they 'screwed up' somehow. That doesn't mean that we don't all screwup on a regular basis, but I don't see why the language has to pussyfoot around as if it weren't the infected's 'fault' - if fault isn't considered too insensitive a word in this context. That is, it is the 'fault' of those who construct and configure these exploits that those who are susceptible can be exploited, but the 'victim' plays a necessary part in the process. That is, as in so many other victim cases, there are strategies that victims can employ to reduce their chances of becoming a victim. The business about everyone scurrying around trying to find the most popular or effective tools seems to put the emphasis in the wrong place; or rather, put too much emphasis over there in that place instead of over here in this place. > I suspect Indigo is not deliberately running > stuff Right right right... > and it should be possible to visit malicious or compromised > sites without being drive-by infected provided you don't allow > automatic installation of anything, your software is up-to-date and > appropriate configuration/security settings are in effect. You would think. > However, > I wouldn't advise visiting a known bad site because there's always the > possibility of being caught by a zero-day exploit. I would think that most people wouldn't need two different systems to surf around; one equipped with MS ware configured insecurely and one which is not. > I'd really like to see an example web page where these recently > reported problems are originating. Even tho' there are chickenlittles running around saying 'the sky is falling' whenever they get some kind of alert from their system, when I go visit things with a linux box which have alerted them, I haven't found anything -- but then I haven't been working at it very hard at all, because I'm not really that interested. There are plenty of other people working on finding that stuff with automated tools that the situation doesn't need my curiosity. -- Mike Easter From nobody at spamcop.net Thu Feb 4 13:16:42 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 13:20:08 2010 Subject: [Scgeeks] Clonezilla; FYI Message-ID: Clonezilla https://sourceforge.net/projects/clonezilla Clonezilla is a partition or disk clone tool similar to Norton Ghost. It saves and restores only used blocks in hard drive. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (Server Edition). -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 4 13:26:33 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 13:30:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkeiad$pfa$1@news.spamcop.net, bar0 typed: > "Heidi" wrote in message > news:hkecmi$nj4$1@news.spamcop.net... >> >> "David H. Lipman" wrote in message >> news:hkeb4u$n05$1@news.spamcop.net... >>> From: "Indigo" >>> >>> >>>> I just successfully installed MBAM and I'm running a complete scan >>>> of all my drives, hopefully it won't find anything. But I forget >>>> all the advice given to Heidi on how to prevent re-infections: do >>>> I have to disable Active-X? >>> >>> >>> Not neccessarily. Stop willy-nilly browsing, stop falling for BS >>> cons, etc. >> >> You are beyond just offensive now, sliding right into "rude and >> obnoxious". >> > > Yahoo in particular, and hotmail/msn also to a lesser degree offer up > malware advertizing pages and frames. If you allow scripting and > activex, you can just be passively on a yahoo mail page and ads may > cycle right into malware. That might call for a good HOSTS file to help that out. I originally used the MVP's free HOSTS file offering and then added to it myself plus allow Spybot etc. to add to it. I seldom see an ad anymore while I surf and when I do, unless it's someone major, it goes right into the HOSTS file. If one does a lot of Yahoo surfing, they might have to remove a couple entries from the original file: but I don't recommend it. I had to do it for my sister's PC so she could keep a user forum working and it's never posed any problems but only do things like that carefully. With a HOSTS file you can grow a pretty effective blocker. Be sure you set it so you're notified whenever a change is made, though; Winpatrol does a good job of that and many other things too, but lots of apps will also do so. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 4 13:30:59 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 13:35:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkecmi$nj4$1@news.spamcop.net, Heidi typed: > "David H. Lipman" wrote in message > news:hkeb4u$n05$1@news.spamcop.net... >> From: "Indigo" >> >> >>> I just successfully installed MBAM and I'm running a complete scan >>> of all my drives, hopefully it won't find anything. But I forget >>> all the advice given to Heidi on how to prevent re-infections: do I >>> have to disable Active-X? >> >> >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS >> cons, etc. > > You are beyond just offensive now, sliding right into "rude and > obnoxious". That's a little rude and obnoxious in and of itself, Heidi. Perhaps you're new here? Indigo is a curious type and does commit some interesting errors now and then, but one thing he isn't is rude and obnoxious; he's learning and adventerous IMO. One can learn much from the responses to his queries. -- Twayne Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 4 13:45:17 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 13:50:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: In news:hkdbi5$cei$1@news.spamcop.net, Heidi typed: > Last night (without No Script running, in the latest FF ) I clicked > on a google search result that I know was a legit site, (Safe Search > is on) and got redirected to ' can't load meta7 search site" or > something like that. I backed up, hit the link again, and went where > it should. The same thing happened again only went to a different > site, also the page didn't load. > When I reboot, I get a 'windows' message saying it can't find > "azapujaxa.dll". That file was infected with the Hiloti trojan when > it last found something, and was moved to the virus vault and then > deleted. A google search on "azapujaxa.dll" gets no hits - so > something must be hiding, but four programs found no threats. Aside > from that, everything seems to be working as it should. Browser > redirects are making me nervous though.... :(. Browser redirects are something you're right to be nervous about IFF they're happening on more than one site. IF they only happen on one site, then set that site to never-visit. If it's only the one site, that site is also a suspect for the source of the infection you had. But if it's happening on more than one site, it indicates you're still at least partially infected. Try Start; Run; sysedit and click OK or hit Enter. Search the presented system files for anything that calls for that filename. If found, remove the reference line. Just in case, back up the file to a safe location in case something should go wrong, so you can get it back. If not found, Try searching your registry and look for that file, being sure it's spelled correctly. You should come across a line in the registry that calls for the file which, when found, can be deleted. Keep searching and remove all references. When found, Export that part of the registry before you make any changes. That creates .reg files which, when clicked, will bring back the original information. Restart to see if the problem error message went away. It's possible it could go away but be replace by another filename not found. Sometimes you'll find multiple files left over that need to be cleaned up. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From blacklist-me at davjam.org Thu Feb 4 15:03:00 2010 From: blacklist-me at davjam.org (David Bolt) Date: Thu Feb 4 15:15:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: <2135124.b9nUPlyArG@dev.null.davjam.org> On Thursday 04 Feb 2010 02:31, while playing with a tin of spray paint, Heidi painted this mural: > When I reboot, I get a 'windows' message saying it can't find > "azapujaxa.dll". That file was infected with the Hiloti trojan when it last > found something, and was moved to the virus vault and then deleted. What about the other malware it's probably downloaded[0] and is possibly running undetected in the background? > A > google search on "azapujaxa.dll" gets no hits No surprise there. Hiloti creates a DLL with a random name and has it execute upon startup. It's unlikely that you'll find a match for that name, given that there's so many other possible combinations of letters for it to choose. > - so something must be > hiding, but four programs found no threats. You'll find that it's rare for the various anti-virus software to always find the same malware. Usually, one or two will while the others won't. And, in the case of malware they've not seen, you're almost certain to not have it found out. > Aside from that, everything > seems to be working as it should. Browser redirects are making me nervous > though.... :(. If I was you, I'd back up all my documents and do a wipe and fresh install. Once you've been infected by something that downloads other malware, you can never be certain to get rid of it all, and there's a good chance that while you think you're in control of your machine, you aren't. [0] http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti.gen!A Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From nobody at spamcop.net Thu Feb 4 17:53:32 2010 From: nobody at spamcop.net (Heidi) Date: Thu Feb 4 17:55:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Twayne" wrote in message news:hkf3oq$vie$1@news.spamcop.net... > That's a little rude and obnoxious in and of itself, Heidi. Perhaps you're > new here? Indigo is a curious type and does commit some interesting errors > now and then, but one thing he isn't is rude and obnoxious; he's learning > and adventerous IMO. One can learn much from the responses to his queries. No, I'm not new here, I"m older than dirt here, actually. Charles was right, you didn't follow the thread, or misinterpreted my quoting. I was not referring to Indi's post, I was referring to the obnoxious, rude, and misinformed comment made by David H. Lipman, "Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, etc." Arrogantly assuming that everyone is stupid and just doesn't know how to use a computer safely is rude, and I take exception to it. Up until lately, my computer has always been secure, well protected, and my browsing habits are verging on the anal side, so no, I don't take a lot of responsibilty for the recent invasion of malware. The fact that it is happening to people like Charles and several other people I know who are more knowledgable about security than most says to me it's something new, not the result of "willy nilly browsing and falling for BS cons". Being boorish just for the sake of it isn't helpful, but gosh it must be oh so satisfying to feel superior. From nobody at spamcop.net Thu Feb 4 18:15:36 2010 From: nobody at spamcop.net (Heidi) Date: Thu Feb 4 18:20:07 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "David Bolt" wrote in message news:2135124.b9nUPlyArG@dev.null.davjam.org... > > If I was you, I'd back up all my documents and do a wipe and fresh > install. Once you've been infected by something that downloads other > malware, you can never be certain to get rid of it all, and there's a > good chance that while you think you're in control of your machine, you > aren't. I'm resisting that, mostly because my software binder is in a safe place (read, 'I can't find it') and my stuff came preinstalled, but I know there are disks somewhere, and also mulling upgrading to Windows 7, which will probably render some things useless, like my ancient version of Acrobat 5. There must be a way to get rid of it without reinventing my wheel...... > > > [0] > http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti.gen!A See? This is what I mean, their prevention advice is: Take the following steps to help prevent infection on your system: a.. Enable a firewall on your computer. [I have one] b.. Get the latest computer updates for all your installed software. [Always done automatically] c.. Use up-to-date antivirus software. [see above] d.. Use caution when opening attachments and accepting file transfers. [ don't do either, and incoming and outgoing mail is screened anyway before I open it] e.. Use caution when clicking on links to Web pages. [I don't click on anything anywhere that isn't as site I am 100% confident in] f.. Avoid downloading pirated software. [Really? Who does that anyway?] g.. Protect yourself against social engineering attacks. [I don't go to social sites] h.. Use strong passwords. [Yep] And even though I'm doing eveything they say, I still get malware..... From nobody at spamcop.net Thu Feb 4 18:22:18 2010 From: nobody at spamcop.net (Heidi) Date: Thu Feb 4 18:25:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "bar0" wrote in message news:hkeiad$pfa$1@news.spamcop.net... > > Yahoo in particular, and hotmail/msn also to a lesser degree offer up > malware advertizing pages and frames. If you allow scripting and activex, > you can just be passively on a yahoo mail page and ads may cycle right > into malware. ....which is, I am told, how this happened. From nobody at spamcop.net Thu Feb 4 18:52:10 2010 From: nobody at spamcop.net (bar0) Date: Thu Feb 4 18:55:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Heidi" wrote in message news:hkfkeo$5l3$1@news.spamcop.net... > > "David Bolt" wrote in message > news:2135124.b9nUPlyArG@dev.null.davjam.org... >> >> If I was you, I'd back up all my documents and do a wipe and fresh >> install. Once you've been infected by something that downloads other >> malware, you can never be certain to get rid of it all, and there's a >> good chance that while you think you're in control of your machine, you >> aren't. > > I'm resisting that, mostly because my software binder is in a safe place > (read, 'I can't find it') and my stuff came preinstalled, but I know there > are disks somewhere, and also mulling upgrading to Windows 7, which will > probably render some things useless, like my ancient version of Acrobat 5. > There must be a way to get rid of it without reinventing my wheel...... >> >> >> [0] >> http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti.gen!A > > See? This is what I mean, their prevention advice is: > > Take the following steps to help prevent infection on your system: > a.. Enable a firewall on your computer. [I have one] > b.. Get the latest computer updates for all your installed software. > [Always done automatically] > c.. Use up-to-date antivirus software. [see above] > d.. Use caution when opening attachments and accepting file transfers. > [ don't do either, and incoming and outgoing mail is screened anyway > before I open it] > e.. Use caution when clicking on links to Web pages. [I don't click on > anything anywhere that isn't as site I am 100% confident in] > f.. Avoid downloading pirated software. [Really? Who does that anyway?] > g.. Protect yourself against social engineering attacks. [I don't go to > social sites] > h.. Use strong passwords. [Yep] > > And even though I'm doing eveything they say, I still get malware..... You mentioned Acrobat 5, which is unsupported now so there are no security updates. Is it possible you got an exploit PDF, and it opened with Acro rather than your reader which is probably up to date? BTW, I run Secunia PSI to scan for software needing updates, about once a week or so to see if there is something I need to update for security vulnerabilities. I'm also about to uninstall AdAware, it doesn't do anything, except advise me to remove the odd cookie, which Snorton does also anyway and like a virus it keeps on restarting even after I disable it. Between Norton , Windows defender and Tea Timer , I've got enough stuff chewing CPU cycles and memory. Also that super spyware program (from earlier in the thread) is going the way of ad-aware, I ran it somewhere in the middle of your thread, it found nothing besides cookies, and wants to start every time I boot. Spybots "imunization" really is a big help, null routing likely malware sites (and lots of Yahoo ad frames). From nobody at spamcop.net Thu Feb 4 19:07:32 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 19:10:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hkfkeo$5l3$1@news.spamcop.net, Heidi typed: > "David Bolt" wrote in message > news:2135124.b9nUPlyArG@dev.null.davjam.org... >> >> If I was you, I'd back up all my documents and do a wipe and fresh >> install. Once you've been infected by something that downloads other >> malware, you can never be certain to get rid of it all, and there's a >> good chance that while you think you're in control of your machine, >> you aren't. > > I'm resisting that, mostly because my software binder is in a safe > place (read, 'I can't find it') and my stuff came preinstalled, but I > know there are disks somewhere, and also mulling upgrading to Windows > 7, which will probably render some things useless, like my ancient > version of Acrobat 5. There must be a way to get rid of it without > reinventing my wheel...... >> >> >> [0] >> http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti.gen!A > > See? This is what I mean, their prevention advice is: > > Take the following steps to help prevent infection on your system: > a.. Enable a firewall on your computer. [I have one] > b.. Get the latest computer updates for all your installed software. > [Always done automatically] > c.. Use up-to-date antivirus software. [see above] > d.. Use caution when opening attachments and accepting file > transfers. [ don't do either, and incoming and outgoing mail is > screened anyway before I open it] > e.. Use caution when clicking on links to Web pages. [I don't click > on anything anywhere that isn't as site I am 100% confident in] > f.. Avoid downloading pirated software. [Really? Who does that > anyway?] g.. Protect yourself against social engineering attacks. [I > don't go to social sites] > h.. Use strong passwords. [Yep] > > And even though I'm doing eveything they say, I still get malware..... It's a little trite, but most logical people will agree that there is NO WAY to 100% guarantee that anyone can keep all viruses and other malware out of their machines. You appear to be doing all the right things, but remember the criminals, thieves and other scammers don't give a hoot about what's "right" and they excel at finding holes and so far undiscovered ways to get malware onto your machine. Even reputable, large sites with impeccable reputatoins can be compromised and all of a sudden start issuing malware. And whenever something new comes out that the AV and malware people aren't aware of yet, it's very likely it's going to succeed in getting by your protections. I think David Boldt's advice to wipe everything clean and start over again is excellent advice from what I've followed here so far. It's entirely possible you still have a malware running that could be inviting other malware in on its own, unbeknownst to you in any way. One way to look at it is, do you want to spend the next month or so fighting the problems and maybe never get it cleaned up, or would you rather spend a couple hours reinstalling your OS and then another few hours reinstalling/updating and otherwise getting all your programs back and customized the way you want them? You could also take this a an opporunity to learn about reinstalls and setups for the future. Things like you have WILL happen again. If you're armed and prepared with educated experience, these things become annoyances instead of major problems. It's not a complex process, but it can have a lot of steps and some things have to be done in the right sequence. In my opinion, you should: Assuming you don't do backups already: First, back up all of your important data that you've created. In other words, everything but the operating system. Favorites, e-mail addresses, letters from Aunt Molly, personal information, pictures, documents and the like. Get them onto DVD where they're safe and put them away for future use. If you have more than one drive, back things up to DVDs on a per drive basis. One set for drive D, one for drive E, whatever you have. I didn't mention C because at this point it's likely infected so not worth backing up. Get to your computer manufacturer's web site and have your computer serial #, brand and model ready at hand, along with a Tag number if you should come across one. Find out: -- How to return the machine to its shipped state. -- More importantly, How do you do a "clean install" of XP? -- Ask how you can get XP, plus the Drivers CD and the Utilities CD if there is one. That way you can forget about anything stored on the hard drivedisk and work with the original CDs. It's very seldom you'll find a web site that doesn't do that. And you can always ask here for further assistance should you need it. Once you've gotten what you can from your PC manufacturer's web site, then come back here if you wish and ask what the next logical step would be. Be certain to include ALL relevant information you have: XP version, computer brand and model, what CDs you have or don't have, etc.. At a minimum, they can give you the key press sequence to initiate the on-disk recovery software if that's what you have. Best case, they can send you the CDs you need in order to not have to bother or worry about on-disk recovery. If you'd like to do some reading on the subject, here are some links on doing clean installs: http://windowsxp.mvps.org/XPClean.htm http://www.theeldergeek.com/clean_installation_of_windows_xp.htm http://michaelstevenstech.com/cleanxpinstall.html They all say about the same thing but in different ways, which sometimes helps one to get a good grasp of the meanings. Those are good sources and are accurate. Many people have used them for just this purpose. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 4 19:09:07 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 19:10:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:Xns9D158E97C409DThisIsMyPost@216.154.195.61, Charles typed: > It wasn't me! It was "Twayne" ! > >> That's a little rude and obnoxious in and of itself > > Doesn't look like you followed the thread right, there. At least, as > I see it you are attributing comments to the wrong people about the > wrong people. Go back and look at the post: It's clear who the writer of the quote was and who responded to it. I notice, interestingly enough, that you managed to incorrectly trim the information or it would still be visible. Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 4 19:19:19 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 4 19:20:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkfj5d$57v$1@news.spamcop.net, Heidi typed: > "Twayne" wrote in message > news:hkf3oq$vie$1@news.spamcop.net... > >> That's a little rude and obnoxious in and of itself, Heidi. Perhaps >> you're new here? Indigo is a curious type and does commit some >> interesting errors now and then, but one thing he isn't is rude and >> obnoxious; he's learning and adventerous IMO. One can learn much >> from the responses to his queries. > > No, I'm not new here, I"m older than dirt here, actually. Charles was > right, you didn't follow the thread, or misinterpreted my quoting. I > was not referring to Indi's post, I was referring to the obnoxious, rude, > and misinformed comment made by David H. Lipman, "Not > neccessarily. Stop willy-nilly browsing, stop falling for BS cons, > etc." Arrogantly assuming that everyone is stupid and just doesn't > know how to use a computer safely is rude, and I take exception to > it. Up until lately, my computer has always been secure, well > protected, and my browsing habits are verging on the anal side, so > no, I don't take a lot of responsibilty for the recent invasion of > malware. The fact that it is happening to people like Charles and > several other people I know who are more knowledgable about security > than most says to me it's something new, not the result of "willy > nilly browsing and falling for BS cons". Being boorish just for the > sake of it isn't helpful, but gosh it must be oh so satisfying to > feel superior. Ah, I see; an error in the quoting is all that happened there. No big deal. You didn't respond to whom you thought you did; you probably lost an interim post be h aving it marked read and hidden. Stuff happens. As for the rest of it, I can pretty much agree with you; Lipman does get off on tangents now and then but it's better IMO to not let things like that bother one. At least he's not like the PCBUTTS dummy! And no, I don't think you should have to take any responsibility for the recent invasion. You're here for assistance, as most are, and when you get a junk post, just bypass it. From what I can tell, the biggest problem you have is in figureing out whether or not your'e still infected with something and if so, what is it and how does it get handled? Correct? Sometimes, depending on the amount of total effort something is going to require, it's just easier and a lot more efficient to update one's backups and re-image or reinstall, whatever options you may have available. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From not at home.today Thu Feb 4 19:38:47 2010 From: not at home.today (Ant) Date: Thu Feb 4 19:40:09 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "bar0" wrote: > "Heidi" wrote: >> ... like my ancient version of Acrobat 5. >> b.. Get the latest computer updates for all your installed software. >> [Always done automatically] Well, Adobe's updates don't seem to be working. >> g.. Protect yourself against social engineering attacks. [I don't go to >> social sites] Social engineering is about confidence tricks like being persuaded to open, read or believe the contents of a spam message or follow a link to what looks like, say, trusted-site.example.com but really isn't, and so on.. > You mentioned Acrobat 5, which is unsupported now so there are no security > updates. Is it possible you got an exploit PDF, and it opened with Acro > rather than your reader which is probably up to date? PDF exploits are pretty much the most prevalent form of drive-by attack so my bets are on this. From DLipman~nospam~ at Verizon.Net Thu Feb 4 19:40:25 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Thu Feb 4 19:45:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Heidi" | "David H. Lipman" wrote in message | news:hkeb4u$n05$1@news.spamcop.net... >> From: "Indigo" >> | I just successfully installed MBAM and I'm running a complete scan of >> all my >> | drives, hopefully it won't find anything. But I forget all the advice >> given >> | to Heidi on how to prevent re-infections: do I have to disable Active-X? >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, >> etc. | You are beyond just offensive now, sliding right into "rude and obnoxious". LOL It is people habits that get them infected. All the software in the world won't protect them if they don't practice Safe Hex and fall for Social Engineering ploits. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Thu Feb 4 19:41:37 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Thu Feb 4 19:45:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Heidi" | "bar0" wrote in message | news:hkeiad$pfa$1@news.spamcop.net... >> Yahoo in particular, and hotmail/msn also to a lesser degree offer up >> malware advertizing pages and frames. If you allow scripting and activex, >> you can just be passively on a yahoo mail page and ads may cycle right >> into malware. | ....which is, I am told, how this happened. Malvertising, usually through Flas Files (SWF), is low on the scaale of causative factors. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From user at domain.invalid Thu Feb 4 19:54:03 2010 From: user at domain.invalid (Farelf) Date: Thu Feb 4 19:55:07 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: Heidi wrote: > > See? This is what I mean, their prevention advice is: > > g.. Protect yourself against social engineering attacks. [I don't go to > social sites] > And even though I'm doing eveything they say, I still get malware..... > No, no - social engineering attacks are like: "A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways." (PCWorld) - but you wouldn't be sucked in by anything like that, you have already said. Patches aren't the whole story (apparently) - see http://support.microsoft.com/kb/980088 with links to http://www.microsoft.com/technet/security/advisory/980088.mspx (Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosure - tools provided "Enable Network Protocol Lockdown" and the "undo" for that.) "Information disclosure", some say, includes access to every file you have. With sufficient 'intent' (and knowledge) a follow-up attack could leave your machine totally owned by the attacker and you would never know. Dunno what the heck we're supposed to do to really stay safe (other than using less 'mainstream' OS and/or applications) - it's actually impossible in theory. Well, my theory. The protection of most is the protection of the herd - there are so many of us they can't 'eat' us all. But they give it a darn good try. What a revolting turn of events. Maybe the "Network Protocol Lockdown" thing is of interest to you. All magic to me, I'm afraid (and I use IE8 minimally). From DLipman~nospam~ at Verizon.Net Thu Feb 4 20:00:47 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Thu Feb 4 20:05:10 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Heidi" | "Twayne" wrote in message | news:hkf3oq$vie$1@news.spamcop.net... >> That's a little rude and obnoxious in and of itself, Heidi. Perhaps you're >> new here? Indigo is a curious type and does commit some interesting errors >> now and then, but one thing he isn't is rude and obnoxious; he's learning >> and adventerous IMO. One can learn much from the responses to his queries. | No, I'm not new here, I"m older than dirt here, actually. Charles was | right, you didn't follow the thread, or misinterpreted my quoting. I was | not referring to Indi's post, I was referring to the obnoxious, rude, and | misinformed comment made by David H. Lipman, "Not neccessarily. Stop | willy-nilly browsing, stop falling for BS cons, etc." Arrogantly assuming | that everyone is stupid and just doesn't know how to use a computer safely | is rude, and I take exception to it. Up until lately, my computer has | always been secure, well protected, and my browsing habits are verging on | the anal side, so no, I don't take a lot of responsibilty for the recent | invasion of malware. The fact that it is happening to people like Charles | and several other people I know who are more knowledgable about security | than most says to me it's something new, not the result of "willy nilly | browsing and falling for BS cons". Being boorish just for the sake of it | isn't helpful, but gosh it must be oh so satisfying to feel superior. Misinformed ? I have excellent situational awareness when it comes malicious activity. I have been studying it for almost two decades and I have access to information that YOU don't have access to. As an administrator of hundreds of nodes, I watch my personnel and their actions. I find it "interesting" how people tend to put themsleves "at risk" without even knowing they have. Sometimes when you put a mirror in front of someone, they don't like what they see. Their reaction, a defensive posture. Harsh ? Yes, its called tough love. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Thu Feb 4 20:05:33 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Thu Feb 4 20:10:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Ant" | "David H. Lipman" wrote: >> From: "Indigo" >>> But I forget all the advice given to Heidi on how to prevent >>> re-infections: | You could always re-read the thread. >>> do I have to disable Active-X? | Firefox doesn't use MS components unless you have some plugin allowing | it to. >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, etc. | That's a bit harsh, Dave. I suspect Indigo is not deliberately running | stuff and it should be possible to visit malicious or compromised | sites without being drive-by infected provided you don't allow | automatic installation of anything, your software is up-to-date and | appropriate configuration/security settings are in effect. However, | I wouldn't advise visiting a known bad site because there's always the | possibility of being caught by a zero-day exploit. | I'd really like to see an example web page where these recently | reported problems are originating. No sugar coating Ant. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Thu Feb 4 20:15:22 2010 From: nobody at spamcop.net (Heidi) Date: Thu Feb 4 20:20:09 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Ant" wrote in message news:hkfpc9$7d9$1@news.spamcop.net... > > Social engineering is about confidence tricks like being persuaded to > open, read or believe the contents of a spam message or follow a link > to what looks like, say, trusted-site.example.com but really isn't, > and so on.. Well gee, where are we, Spamcop? Do you really think I even LOOK at spam, much less click on anything in one? Good grief, man... are you mad? I don't click on *anything* without mousing over and looking at the link, if it isn't legit, I don't click. I don't seem to have adequately conveyed my level of paranoia about evil things on the internet.... > >> You mentioned Acrobat 5, which is unsupported now so there are no >> security >> updates. Is it possible you got an exploit PDF, and it opened with Acro >> rather than your reader which is probably up to date? > > PDF exploits are pretty much the most prevalent form of drive-by > attack so my bets are on this. Nuh uh....I only use Acrobat to make pdfs if it's something I can't scan, actually it's the distiller, I use Reader for everything else to avoid getting the annoying message, "there are things newer than this version can support", or something like that. From nobody at spamcop.net Thu Feb 4 21:07:46 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 4 21:10:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkeb4u$n05$1@news.spamcop.net... > From: "Indigo" > | I just successfully installed MBAM and I'm running a complete scan of > all my > | drives, hopefully it won't find anything. But I forget all the advice > given > | to Heidi on how to prevent re-infections: do I have to disable Active-X? > > > Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, > etc. > I wasn't even actively browsing at the time of infection. I had just used Excel's "MSN Stockquote Update" add-on to update my financial spreadsheets when all hell broke loose. So I had multiple FF windows and tab open, but I wasn't using, or browsing, in FF when I got infected. How the hell does that happen? From nobody at spamcop.net Thu Feb 4 21:09:23 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 4 21:10:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "bar0" wrote in message news:hkeiad$pfa$1@news.spamcop.net... > Yahoo in particular, and hotmail/msn also to a lesser degree offer up > malware advertizing pages and frames. If you allow scripting and activex, > you can just be passively on a yahoo mail page and ads may cycle right > into malware. That's apparently what happened to me last night -- how do I turn off active-x in FF? I just looked at the tools/options section and didn't see anything related to active-x. From not at home.today Thu Feb 4 21:13:13 2010 From: not at home.today (Ant) Date: Thu Feb 4 21:15:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Mike Easter" wrote: > Ant wrote: >> "David H. Lipman" wrote: >>> Stop willy-nilly browsing, stop falling for BS cons, etc. >> >> That's a bit harsh, Dave. > > I don't understand why it is necessary to couch one's language so > cautiously to avoid hurting tender sensibilities about this business. It helps to avoid flame wars. > When people get infected/contaminated, they 'screwed up' somehow. That > doesn't mean that we don't all screwup on a regular basis, but I don't > see why the language has to pussyfoot around as if it weren't the > infected's 'fault' - if fault isn't considered too insensitive a word in > this context. I take your point but my reaction was based on the suggestion that Indigo fell for a con. Reading it again, I don't think Dave's comment may be intended to suggest that he did but is good general advice - if advising the gullible not to be conned will do any good. > The business about everyone scurrying around trying to find the most > popular or effective tools seems to put the emphasis in the wrong place; Definitely. The best tool is your brain and if that fails, a registry editor and a somewhat in-depth knowledge of how Windows works! >> I wouldn't advise visiting a known bad site because there's always the >> possibility of being caught by a zero-day exploit. > > I would think that most people wouldn't need two different systems to > surf around; one equipped with MS ware configured insecurely and one > which is not. Indeed not, but they might use two accounts; one for admin tasks and one unprivileged for web-browsing. Together with other appropriate settings and behaviours this will mitigate any damage caused by an exploit of a new vulnerability. There's always a trade-off between security and the ease-of-use you may be happy with. >> I'd really like to see an example web page where these recently >> reported problems are originating. > > Even tho' there are chickenlittles running around saying 'the sky is > falling' whenever they get some kind of alert from their system, when I > go visit things with a linux box which have alerted them, I haven't > found anything It can be difficult because, as someone already pointed out, even good sites showing rotating ads from mainstream advertising providers can unwittingly get a rogue injected now and again. It may only appear once in a number of visits. > -- but then I haven't been working at it very hard at > all, because I'm not really that interested. There are plenty of other > people working on finding that stuff with automated tools that the > situation doesn't need my curiosity. I s'pose that could be me but I usually use wget from a command line. From not at home.today Thu Feb 4 21:55:42 2010 From: not at home.today (Ant) Date: Thu Feb 4 22:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Heidi" wrote: > "Ant" wrote: >> Social engineering is about confidence tricks like being persuaded to >> open, read or believe the contents of a spam message or follow a link >> to what looks like, say, trusted-site.example.com but really isn't, >> and so on.. > > Well gee, where are we, Spamcop? Do you really think I even LOOK at spam, > much less click on anything in one? Good grief, man... are you mad? I don't > click on *anything* without mousing over and looking at the link, if it > isn't legit, I don't click. You said about "social engineering" that you didn't visit social sites, as if you didn't know the meaning of the term. My comment was to give examples of what it meant - not to suggest you did those particular things. > I don't seem to have adequately conveyed my > level of paranoia about evil things on the internet.... The problems you've had indicate an insecure system configuration where otherwise the damage would have been limited. Your remark in an earlier post: "What do administrator rights have to do with anything?" suggests that paranoia is not the answer. >> PDF exploits are pretty much the most prevalent form of drive-by >> attack so my bets are on this. > > Nuh uh....I only use Acrobat to make pdfs if it's something I can't scan, > actually it's the distiller, I use Reader for everything else to avoid > getting the annoying message, "there are things newer than this version can > support", or something like that. So the mystery remains. From avoozl at spamcop.net Thu Feb 4 22:15:59 2010 From: avoozl at spamcop.net (Chris Willoughby) Date: Thu Feb 4 22:20:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: "Heidi" wrote in message news:hkdbi5$cei$1@news.spamcop.net... > Last night (without No Script running, in the latest FF ) I clicked on a > google search result that I know was a legit site, (Safe Search is on) and > got redirected to ' can't load meta7 search site" or something like that. > I backed up, hit the link again, and went where it should. The same thing > happened again only went to a different site, also the page didn't load. > > When I reboot, I get a 'windows' message saying it can't find > "azapujaxa.dll". That file was infected with the Hiloti trojan when it > last found something, and was moved to the virus vault and then deleted. > A google search on "azapujaxa.dll" gets no hits - so something must be > hiding, but four programs found no threats. Aside from that, everything > seems to be working as it should. Browser redirects are making me nervous > though.... :(. > Smells like some sort of rootkit to me.. *shrug* I don't really have anything useful to add though. From loyal at spamcop.user Fri Feb 5 02:17:03 2010 From: loyal at spamcop.user (AndrewB) Date: Fri Feb 5 02:20:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: Heidi wrote: > "Ant" wrote in message > news:hkfpc9$7d9$1@news.spamcop.net... >> Social engineering is about confidence tricks like being persuaded to >> open, read or believe the contents of a spam message or follow a link >> to what looks like, say, trusted-site.example.com but really isn't, >> and so on.. > > Well gee, where are we, Spamcop? Do you really think I even LOOK at spam, > much less click on anything in one? Good grief, man... are you mad? I don't > click on *anything* without mousing over and looking at the link, if it > isn't legit, I don't click. I don't seem to have adequately conveyed my > level of paranoia about evil things on the internet.... "Hi, this is your bank. We had a security issue and had to lock a bunch of accounts. Please visit this site below and input all your information, including your debit card number, expiration date, and CVV, as well as the same for one of your credit cards. We'll use that information to make sure you are you." BTW, the mousing over and looking at a URL link in the status bar can be misleading, as they can use Javascript to display a message on the status bar when the mouse is over the URL. AndrewB From loyal at spamcop.user Fri Feb 5 02:28:37 2010 From: loyal at spamcop.user (AndrewB) Date: Fri Feb 5 02:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: Heidi wrote: > Last night (without No Script running, in the latest FF ) I clicked on a > google search result that I know was a legit site, (Safe Search is on) and > got redirected to ' can't load meta7 search site" or something like that. I > backed up, hit the link again, and went where it should. The same thing > happened again only went to a different site, also the page didn't load. > > When I reboot, I get a 'windows' message saying it can't find > "azapujaxa.dll". That file was infected with the Hiloti trojan when it last > found something, and was moved to the virus vault and then deleted. A > google search on "azapujaxa.dll" gets no hits - so something must be > hiding, but four programs found no threats. Aside from that, everything > seems to be working as it should. Browser redirects are making me nervous > though.... :(. > > Check this link: http://www.pandasecurity.com/homeusers/security-info/208237/information/Hiloti The Tech details tab will give you some things to scope out. I would suggest you close your browser and ensure it's not running on the Processes tab of Task Manager prior to doing anything in terms of removing Firefox Hiloti files and such. If you can, print the Hiloti information first before closing the browser. :) The 'means of transmission' section looks interesting. Hiloti needs human intervention to spread. You may also think about contacting a local computer repair shop and get some quotes on removing the crap you have. Best bet, find someone who can refer you to a store/shop. AndrewB From blacklist-me at davjam.org Fri Feb 5 02:42:32 2010 From: blacklist-me at davjam.org (David Bolt) Date: Fri Feb 5 02:45:10 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: <1371422.SPYKUYFuaP@dev.null.davjam.org> On Thursday 04 Feb 2010 23:15, while playing with a tin of spray paint, Heidi painted this mural: > > "David Bolt" wrote in message > news:2135124.b9nUPlyArG@dev.null.davjam.org... >> >> If I was you, I'd back up all my documents and do a wipe and fresh >> install. Once you've been infected by something that downloads other >> malware, you can never be certain to get rid of it all, and there's a >> good chance that while you think you're in control of your machine, you >> aren't. > > I'm resisting that, mostly because my software binder is in a safe place > (read, 'I can't find it') You have one of those "safe places" too[0]? > and my stuff came preinstalled, So you're machine was shop bought, not home built? You might want to check and see if there is a hidden rescue partition on the hard drive that is used for fresh installs? It's possible that you may be able to return the machine to the state it was initially in without having those discs. As for other software, well I hope you manage to remember where that safe place is. > but I know there > are disks somewhere, and also mulling upgrading to Windows 7, which will > probably render some things useless, Possibly. > like my ancient version of Acrobat 5. That's probably not going to work with Windows 7, although there are alternatives. I used to use a freeware PDF creator that was installed as a printer. > There must be a way to get rid of it without reinventing my wheel...... Not if you really want to be sure. At one time, Microsoft themselves used to say on their site that the only way to really get rid of an infection was a wipe and reinstall. Unfortunately, a search brings up loads of other pages except the one that had that advice. >> [0] >> http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Hiloti.gen!A > > See? This is what I mean, their prevention advice is: > > Take the following steps to help prevent infection on your system: > a.. Enable a firewall on your computer. [I have one] Useful as it stops things getting in to exploitable services. > b.. Get the latest computer updates for all your installed software. > [Always done automatically] Except for things that are unsupported? > c.. Use up-to-date antivirus software. [see above] You could use half a dozen different ones and they'd still not catch everything, not that you could actually get half a dozen of them to actually play nice enough with each other to be able to run together. > d.. Use caution when opening attachments and accepting file transfers. [ > don't do either, and incoming and outgoing mail is screened anyway before I > open it] Does this not doing file transfers include while browsing, for instance viewing images/videos, or listening to audio? There has been cases where images, videos and audio files have been used as the carrier for malware. > e.. Use caution when clicking on links to Web pages. [I don't click on > anything anywhere that isn't as site I am 100% confident in] Except that you don't even need to click on links to become infected. It's possible to look at a page and have malware installed because the server was itself infected and served some malware as a part of the page. As others have said, adverts are a common way for this type of infection to spread. > f.. Avoid downloading pirated software. [Really? Who does that anyway?] You get some stupid persons that will download pirated software and then end up infected. > g.. Protect yourself against social engineering attacks. [I don't go to > social sites] Social engineering is nothing to do with social sites. Social engineering is case of conning you to think something you wouldn't and/or shouldn't trust, is something you do trust, and so give up information useful to whoever is doing the social engineering. A common example of this is some form of phish. > h.. Use strong passwords. [Yep] Useful too, especially if you have a different password for each site you interact with. > And even though I'm doing eveything they say, I still get malware..... Yes, you have, as have many others. Even the most up to date software, with the best firewall and anti-virus software, is still at risk. All it needs is for someone who writes and spreads malware to find an unfixed exploit, write a new variant of their malware that the anti-virus can't spot and they can infect large numbers of people. [0] I think I must have several of them because, when I finally find one safe place, it usually has something I was previously looking for but not thing I'm presently wanting. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From blacklist-me at davjam.org Fri Feb 5 03:15:58 2010 From: blacklist-me at davjam.org (David Bolt) Date: Fri Feb 5 03:30:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: <5653805.EvYhyI6sBW@dev.null.davjam.org> On Friday 05 Feb 2010 02:13, while playing with a tin of spray paint, Ant painted this mural: > "Mike Easter" wrote: >> -- but then I haven't been working at it very hard at >> all, because I'm not really that interested. There are plenty of other >> people working on finding that stuff with automated tools that the >> situation doesn't need my curiosity. > > I s'pose that could be me but I usually use wget from a command line. I much prefer curl to wget when checking out malware on the web. However, at the moment, that's not my main interest. I'm presently rather more interested in the new, and presently unidentified, malware that's being spread about using Usenet. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From DLipman~nospam~ at Verizon.Net Fri Feb 5 06:47:14 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 06:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "bar0" wrote in message | news:hkeiad$pfa$1@news.spamcop.net... >> Yahoo in particular, and hotmail/msn also to a lesser degree offer up >> malware advertizing pages and frames. If you allow scripting and activex, >> you can just be passively on a yahoo mail page and ads may cycle right >> into malware. | That's apparently what happened to me last night -- how do I turn off | active-x in FF? I just looked at the tools/options section and didn't see | anything related to active-x. There is NO such thing as "ActiveX" in FireFox ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Fri Feb 5 06:49:55 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 06:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkeb4u$n05$1@news.spamcop.net... >> From: "Indigo" >> | I just successfully installed MBAM and I'm running a complete scan of >> all my >> | drives, hopefully it won't find anything. But I forget all the advice >> given >> | to Heidi on how to prevent re-infections: do I have to disable Active-X? >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS cons, >> etc. | I wasn't even actively browsing at the time of infection. I had just used | Excel's "MSN Stockquote Update" add-on to update my financial spreadsheets | when all hell broke loose. So I had multiple FF windows and tab open, but I | wasn't using, or browsing, in FF when I got infected. How the hell does that | happen? Who said it happened then ? You can get infected and it doesn't show up until period +X down the road or until a reboot plus period +X. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From not at home.today Fri Feb 5 07:46:10 2010 From: not at home.today (Ant) Date: Fri Feb 5 07:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: "David Bolt" wrote: > Ant painted this mural: >> I s'pose that could be me but I usually use wget from a command line. > > I much prefer curl to wget when checking out malware on the web. I use Win versions of these 'nix tools and should check that out some time. Wget does have its limitations but I have other ways... > However, at the moment, that's not my main interest. I'm presently > rather more interested in the new, and presently unidentified, malware > that's being spread about using Usenet. Unfortunately I no longer have access to binary groups. Most usenet malware has been data stealers (web/email/ftp account passwords, etc.) From nobody at spamcop.net Fri Feb 5 10:37:14 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 10:40:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkfpg1$7dn$1@news.spamcop.net... > From: "Heidi" > > > | "bar0" wrote in message > | news:hkeiad$pfa$1@news.spamcop.net... > >>> Yahoo in particular, and hotmail/msn also to a lesser degree offer up >>> malware advertizing pages and frames. If you allow scripting and >>> activex, >>> you can just be passively on a yahoo mail page and ads may cycle right >>> into malware. > > | ....which is, I am told, how this happened. > > > > Malvertising, usually through Flas Files (SWF), is low on the scaale of > causative factors. It is high for those that practice generally safe hex though, presuming their habits close off other routes of malware ingress. I would expect that YouTube surfers and freeware users are more likely to have problems than those that visit only a few trusted sites, don't download software, and minimize their exposure to active content of one kind or another. That still leaves the malvertizing vector. From MikeE at ster.invalid Fri Feb 5 11:19:17 2010 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 5 11:20:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: Heidi wrote: > Up until lately, my computer has > always been secure, well protected, and my browsing habits are verging on > the anal side, so no, I don't take a lot of responsibilty for the recent > invasion of malware. This implies that everyone is helpless against the exploit. I don't accept that. > The fact that it is happening to people like Charles > and several other people I know who are more knowledgable about security > than most says to me it's something new, New exploits find newly 'discovered' or exploited vulnerabilities. I don't have the answer to - here's what you did wrong and here's what you need to stop doing to prevent it - but surely there is such a thing done wrong or configured insecurely. > not the result of "willy nilly > browsing and falling for BS cons". Being boorish just for the sake of it > isn't helpful, but gosh it must be oh so satisfying to feel superior. I don't want to defend what David said and I also don't want to defend that you don't feel responsible - or 'don't take a lot of responsibility'. The mac users and the linux users (like me) are configured more securely than those who - also like me - still use winware to surf the web. So, that tells me that there are many different approaches to how to be sufficiently secure. -- Mike Easter From nobody at spamcop.net Fri Feb 5 11:42:56 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 11:45:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Mike Easter" wrote in message news:hkhge6$pgf$1@news.spamcop.net... > Heidi wrote: > >> Up until lately, my computer has always been secure, well protected, and >> my browsing habits are verging on the anal side, so no, I don't take a >> lot of responsibilty for the recent invasion of malware. > > This implies that everyone is helpless against the exploit. I don't > accept that. > > > The fact that it is happening to people like Charles >> and several other people I know who are more knowledgable about security >> than most says to me it's something new, > > New exploits find newly 'discovered' or exploited vulnerabilities. I > don't have the answer to - here's what you did wrong and here's what you > need to stop doing to prevent it - but surely there is such a thing done > wrong or configured insecurely. > > > not the result of "willy nilly >> browsing and falling for BS cons". Being boorish just for the sake of it >> isn't helpful, but gosh it must be oh so satisfying to feel superior. > > I don't want to defend what David said and I also don't want to defend > that you don't feel responsible - or 'don't take a lot of responsibility'. > > The mac users and the linux users (like me) are configured more securely > than those who - also like me - still use winware to surf the web. So, > that tells me that there are many different approaches to how to be > sufficiently secure. We might also be lucky, well, using less popular OS increases ones odds of being lucky. From MikeE at ster.invalid Fri Feb 5 11:48:26 2010 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 5 11:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: Ant wrote: > Unfortunately I no longer have access to binary groups. Does that mean that your provider stopped providing a newsserver with (free) binaries and you are currently accessing a free (or otherwise) newsserver which doesn't carry binaries and you (also) don't feel like 'fooling with' paying $3-4 for access to a small amount of binaries, or... ... does that mean something else? I rarely access binaries. But, I have 3 binary-related news accounts; a free giganews one via my provider EL earthlink, a teranews one which I paid about $4 for in perpetuity which I once considered 'worthless' but which is now pretty good since it quit stamping ad trailers and since it also became highwinds; and a usenet-news block for which I paid $4 for a few years ago and it still hasn't run out. -- Mike Easter From nobody at spamcop.net Fri Feb 5 12:21:15 2010 From: nobody at spamcop.net (Twayne) Date: Fri Feb 5 12:25:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:Xns9D15C77F76A06ThisIsMyPost@216.154.195.61, Charles typed: > No way it was me! It was "Twayne" ! > >> Go back and look at the post: It's clear who the writer of the quote >> was and who responded to it. I notice, interestingly enough, that >> you managed to incorrectly trim the information or it would still be >> visible. > > Heidi was commenting on David. David was commenting on Indi. Looks > to me like you're still not threading this correctly. I certainly > did not "incorrectly trim" information - I left more than what was > necessary if you have a newsreader that threads forwards and > backwards. > > But, hey, surely it's all good. Whatever. I don't care. I'm not > just going to say, "I'm done with this thread" and piss off. I'm > going to say that I don't care about anything just as a rule (these > days). But, hey, we're not exactly communicating very well here. Hi Charles, Yeah, it kind of fell apart later on, didn't it? One thing I used to do that I notice I don't anymore is specifically address who the post is for and if relevant who the comment was about, just to keep things like that from being misunderstood. The poster is going to know because they wrote the message, but other people aren't necessarily going to catch on, although it's possible most of the time. And you're right, it's not worth being upset about. At least past problems can be addressed and watched out for. Flames are never positive in nature. Regards, Twayne` -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Fri Feb 5 12:34:40 2010 From: nobody at spamcop.net (Twayne) Date: Fri Feb 5 12:35:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkfuko$960$1@news.spamcop.net, Indigo typed: > "bar0" wrote in message > news:hkeiad$pfa$1@news.spamcop.net... >> Yahoo in particular, and hotmail/msn also to a lesser degree offer up >> malware advertizing pages and frames. If you allow scripting and >> activex, you can just be passively on a yahoo mail page and ads may >> cycle right into malware. > > That's apparently what happened to me last night -- how do I turn off > active-x in FF? I just looked at the tools/options section and didn't > see anything related to active-x. Indigo, Does FF actually use Active-x? Checking FF Help for IE users, I came across this (excerpt): " Firefox and other browsers that work on multiple operating systems use the Netscape Plugin Application Programming Interface (NPAPI) system. NPAPI performs functions similar to those of ActiveX. Note: Firefox does not officially support ActiveX. " on http://support.mozilla.com/en-US/kb/ActiveX?bl=n&s=activex . There's quite a bit more infor there, but that's the gist of it. Check the link if you're interested in further details. So apparently it depends on how you look at it whether FF uses active-x or not. To turn it off in FF you'd probably have to figure out which add-on is allowing it. Also, since Netscape is no longer I'd have to wonder whether the quote is actually accurate. But it's the only one I noticed. Regards, Twayne` -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Fri Feb 5 12:39:59 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 12:40:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hkhkr7$qt1$1@news.spamcop.net... > In news:hkfuko$960$1@news.spamcop.net, > Indigo typed: >> "bar0" wrote in message >> news:hkeiad$pfa$1@news.spamcop.net... >>> Yahoo in particular, and hotmail/msn also to a lesser degree offer up >>> malware advertizing pages and frames. If you allow scripting and >>> activex, you can just be passively on a yahoo mail page and ads may >>> cycle right into malware. >> >> That's apparently what happened to me last night -- how do I turn off >> active-x in FF? I just looked at the tools/options section and didn't >> see anything related to active-x. > > > Indigo, > Does FF actually use Active-x? > Checking FF Help for IE users, I came across this (excerpt): > > " > > Firefox and other browsers that work on multiple operating systems use the > Netscape Plugin Application Programming Interface (NPAPI) system. NPAPI > performs functions similar to those of ActiveX. > > > > Note: Firefox does not officially support ActiveX. > " > > on http://support.mozilla.com/en-US/kb/ActiveX?bl=n&s=activex . > There's quite a bit more infor there, but that's the gist of it. Check > the link if you're interested in further details. So apparently it > depends on how you look at it whether FF uses active-x or not. > To turn it off in FF you'd probably have to figure out which add-on is > allowing it. > Also, since Netscape is no longer I'd have to wonder whether the quote > is actually accurate. But it's the only one I noticed. This may not be relevant, but Netscape Firefox SeaMonkey and relatives are all using something called the "Mozilla" engine. They all tend to work or fail in similar ways, and manage or support plugins via a similar or identical API. From nobody at spamcop.net Fri Feb 5 12:48:44 2010 From: nobody at spamcop.net (Twayne) Date: Fri Feb 5 12:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkfuhn$95m$1@news.spamcop.net, Indigo typed: > "David H. Lipman" wrote in message > news:hkeb4u$n05$1@news.spamcop.net... >> From: "Indigo" >>> I just successfully installed MBAM and I'm running a complete scan >>> of all my drives, hopefully it won't find anything. But I forget >>> all the advice given to Heidi on how to prevent re-infections: do I >>> have to disable Active-X? >> >> >> Not neccessarily. Stop willy-nilly browsing, stop falling for BS >> cons, etc. >> > > I wasn't even actively browsing at the time of infection. I had just > used Excel's "MSN Stockquote Update" add-on to update my financial > spreadsheets when all hell broke loose. So I had multiple FF windows > and tab open, but I wasn't using, or browsing, in FF when I got > infected. How the hell does that happen? I don't think it really matters that you weren't actively browsing when it appeared you became infected. Assuming that really is when you got infected, then simply having FF loaded into memory and doing whatever it does with ports, etc., would be enough exposure for a lot of malware, I'm sure. It's also possible the infection happened x number of Restarts or FF starts/closures, or a malware-specified length of time and after FF has been open for yy seconds, etc. etc.. -- Regards, Twayne` -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From not at home.today Fri Feb 5 13:01:20 2010 From: not at home.today (Ant) Date: Fri Feb 5 13:05:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: "Mike Easter" wrote: > Ant wrote: >> Unfortunately I no longer have access to binary groups. > > Does that mean that your provider stopped providing a newsserver with > (free) binaries and you are currently accessing a free (or otherwise) > newsserver which doesn't carry binaries My provider has some deal with Giganews and one day the binaries just disappeared. I don't know why and didn't feel like going through the pain of trying to get an answer from them. I still use their server, which is pretty good, and consider myself lucky that they continue to keep it going since so many others have dropped free access to usenet. > and you (also) don't feel like > 'fooling with' paying $3-4 for access to a small amount of binaries That sounds pretty cheap depending on how much you get for it. Many cheap/free servers are text only. In any case, I wasn't that bothered as much usenet malware has just been the same old stuff packaged in different ways. I'm only interested to know if what David Bolt is seeing is another example of this or something different. Perhaps I'll find a sample by other means... From DLipman~nospam~ at Verizon.Net Fri Feb 5 16:21:58 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 16:25:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: From: "Ant" | "David Bolt" wrote: >> Ant painted this mural: >>> I s'pose that could be me but I usually use wget from a command line. >> I much prefer curl to wget when checking out malware on the web. | I use Win versions of these 'nix tools and should check that out some | time. Wget does have its limitations but I have other ways... >> However, at the moment, that's not my main interest. I'm presently >> rather more interested in the new, and presently unidentified, malware >> that's being spread about using Usenet. | Unfortunately I no longer have access to binary groups. Most usenet | malware has been data stealers (web/email/ftp account passwords, etc.) And backdoors. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From blacklist-me at davjam.org Fri Feb 5 17:13:52 2010 From: blacklist-me at davjam.org (David Bolt) Date: Fri Feb 5 17:15:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: <1779721.bC2pHGDlbC@dev.null.davjam.org> On Friday 05 Feb 2010 18:01, while playing with a tin of spray paint, Ant painted this mural: > That sounds pretty cheap depending on how much you get for it. Many > cheap/free servers are text only. Astraweb isn't too bad. I paid $25 for a block of 180GB. It'll most likely last me several years before I need to get any more. I also have the advantage in that I don't actually _need_ to use Astraweb, or the other paid news server, as my ISP recently outsourced their news servers to Highwinds. There is, in theory, no limits to how much I could download, except that imposed by the 3 connection limit and 64Kb/s per connection while retrieving binaries. > In any case, I wasn't that bothered > as much usenet malware has just been the same old stuff packaged in > different ways. It's not just old malware. There has been some that almost all of the major anti-virus packages haven't immediately recognised. A few days later and some more of the anti-virus packages have recognised the samples. The bad news is that even several weeks later, some still don't recognise them. > I'm only interested to know if what David Bolt is seeing is another > example of this or something different. Perhaps I'll find a sample by > other means... The last batch of samples I've seen, of which I presently have kept only 91, are presently unknown to all the anti-virus packages used by virustotal.com. I can't recall which group they were retrieved from, but I do know they were presented as cracks for various software packages. While they were posted over three weeks ago, I only submitted samples for scanning a couple of days ago, and so I don't really expect them to be detected by the major commercial and free anti-virus packages for another couple of days, the more minor commercial and free packages will probably be another week or more, and some other anti-virus packages may never detect them[0]. My favourite group to retrieve samples are either alt.binaries.games or alt.binaries.cd.image. You'll need to do a lot of filtering out as these contain a great deal of pirated software and also the malware masquerading as cracks. My way of filtering is to check the size of the articles and dump anything over 2-3MB. Next I dump multi-part RAR files, par2, nfo and nzb files. Often there will be a huge batch of them posted, very often with virtually the same size as each other, so it can be fairly easy to spot them. I've just started another batch download and, sometime tomorrow, I'll go through the haul, delete the pirated software and submit what looks to be malware. [0] I presently have 716 samples, in a password-protected archive, that date back over four years. They were identified by the various packages I was using, either using the Windows or more normally Linux. Often the samples were identified by less than 50% of the packages used by virustotal.com, and sometimes significantly less. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From nobody at spamcop.net Fri Feb 5 18:06:34 2010 From: nobody at spamcop.net (Heidi) Date: Fri Feb 5 18:10:09 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Ant" wrote in message news:hkg1da$9v7$1@news.spamcop.net... > > You said about "social engineering" that you didn't visit social sites, > as if you didn't know the meaning of the term. My comment was to give > examples of what it meant - not to suggest you did those particular > things. My mind went on a tangent to 'social sites', not phishing attempts. No, I really don't believe my bank would email me looking for my updated information, nor do I look at or click on anything spam, for heaven's sake. If I didn't specifically ask for it, or sign up for it, and know for sure where it comes from, it gets deleted, as does almost everything with a "FW" in the subject line. I don't follow links, except for trusted accounts, if I want to go to a site, I go there directly, don't do click thru's. > > The problems you've had indicate an insecure system configuration > where otherwise the damage would have been limited. Your remark in an > earlier post: "What do administrator rights have to do with anything?" > suggests that paranoia is not the answer. My virus program and browser are set to the highest security, I have a firewall that has to ask for permission for everything and is set to block incoming and outgoing, and if I don't recognize it I refuse and investigate. Aside from using NoScript (which I will, just to monitor what's going on), or going to another OS (no), then if whatever is out there is getting by that kind of security, I don't think there's a whole lot else I can do. Wiping and reinstalling my OS could become a weekly event....and pointless. From nobody at spamcop.net Fri Feb 5 18:09:23 2010 From: nobody at spamcop.net (Heidi) Date: Fri Feb 5 18:10:10 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Farelf" wrote in message news:hkfq78$7kq$1@news.spamcop.net... >> > (Microsoft Security Advisory: Vulnerability in Internet Explorer could > allow information disclosure - tools provided "Enable Network Protocol > Lockdown" and the "undo" for that.) "Information disclosure", some say, > includes access to every file you have. With sufficient 'intent' (and > knowledge) a follow-up attack could leave your machine totally owned by > the attacker and you would never know. > > Dunno what the heck we're supposed to do to really stay safe (other than > using less 'mainstream' OS and/or applications) - it's actually impossible > in theory. Well, my theory. The protection of most is the protection of > the herd - there are so many of us they can't 'eat' us all. But they give > it a darn good try. What a revolting turn of events. > > Maybe the "Network Protocol Lockdown" thing is of interest to you. All > magic to me, I'm afraid (and I use IE8 minimally). That's why I don't use IE at all, and I'm not that keen on MS Security Essentials, because if I were a malware writer, I'd figure out a way to disable that as well. From nobody at spamcop.net Fri Feb 5 18:19:31 2010 From: nobody at spamcop.net (Heidi) Date: Fri Feb 5 18:20:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: "AndrewB" wrote in message news:hkghb4$f3s$1@news.spamcop.net... > > > Check this link: > > http://www.pandasecurity.com/homeusers/security-info/208237/information/Hiloti > > The Tech details tab will give you some things to scope out. I would > suggest you close your browser and ensure it's not running on the > Processes tab of Task Manager prior to doing anything in terms of removing > Firefox Hiloti files and such. If you can, print the Hiloti information > first before closing the browser. :) > > The 'means of transmission' section looks interesting. Hiloti needs human > intervention to spread. > > You may also think about contacting a local computer repair shop and get > some quotes on removing the crap you have. Best bet, find someone who can > refer you to a store/shop. Just for shits and giggles, I tried Panda's free scan last night. Did not find Hiloti, in fact did not find anything worthy of buying their program, but the things it did find, IMO were a stretch specfically to scare people into buying their software. "YOU ARE INFECTED!!!" Hah. This is what it found, which, BTW, has not been found by any other scanner: W97M/Generic not an specific virus, but a generic detection for future variants of the Generic family. This group of viruses has the following characteristics: a.. They infect Word 97 files, rendering them unusuable. b.. They do not spread automatically using their own means. They need the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc. c.. They can always be disinfected. Yassist does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc. I don't think any of these AV programs are worth a crap! From nobody at spamcop.net Fri Feb 5 18:36:03 2010 From: nobody at spamcop.net (Heidi) Date: Fri Feb 5 18:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> <1371422.SPYKUYFuaP@dev.null.davjam.org> Message-ID: "David Bolt" wrote in message news:1371422.SPYKUYFuaP@dev.null.davjam.org... > On Thursday 04 Feb 2010 23:15, while playing with a tin of spray paint, > Heidi painted this mural: >> I'm resisting that, mostly because my software binder is in a safe place >> (read, 'I can't find it') > > You have one of those "safe places" too[0]? I have MANY of those places.....I find surprises all the time. Like the big box of Bubu Lubus that someone sent me for Christmas... mmm.... > So you're machine was shop bought, not home built? You might want to > check and see if there is a hidden rescue partition on the hard drive > that is used for fresh installs? It's possible that you may be able to > return the machine to the state it was initially in without having > those discs. As for other software, well I hope you manage to remember > where that safe place is. I know there is a rescue partition and a recovery option, I just don't want it to be my only option if something goes wrong, so until I have disks in my hot little hands, I won't be wiping. > > That's probably not going to work with Windows 7, although there are > alternatives. I used to use a freeware PDF creator that was installed > as a printer. I have a couple, Ronyasoft and something else, oh, Bullzip, it is, good for making them but not so good for moving pages, deleting pages, etc. I'm trying to find a Version 8 upgrade that doesn't cost an arm and a leg so I can at least upgrade and not have to buy the whole thing. >> There must be a way to get rid of it without reinventing my wheel...... > > Not if you really want to be sure. > > At one time, Microsoft themselves used to say on their site that the > only way to really get rid of an infection was a wipe and reinstall. > Unfortunately, a search brings up loads of other pages except the one > that had that advice. > > > Except that you don't even need to click on links to become infected. > It's possible to look at a page and have malware installed because the > server was itself infected and served some malware as a part of the > page. As others have said, adverts are a common way for this type of > infection to spread. And what are "WE" (the royal WE) supposed to do about that? NoScript, fine but other than that? WE are all screwed... > > Social engineering is nothing to do with social sites. Social > engineering is case of conning you to think something you wouldn't > and/or shouldn't trust, is something you do trust, and so give up > information useful to whoever is doing the social engineering. A common > example of this is some form of phish. You say 'social', I either go down there to the next group, or think 'social sites'. Phishing, con emails, etc., I am way too long in the tooth to fall for any of that crap. I do tend to save my friends from scams though, one friend answered an ad for a horse, oh, he was beautiful, a lovely Fresian (breed of the month for scammers, apparently). She asked for details, and of course it all came back in broken English, with the requisite sob story from some who is in the Pacific northwest, (and an IP addy in Africa), and the promise to send her more pictures.... of the "puppy". Puppy? "Oh, I meant Roberth (the horse)". Uh huh. From nobody at spamcop.net Fri Feb 5 18:45:14 2010 From: nobody at spamcop.net (Heidi) Date: Fri Feb 5 18:50:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "bar0" wrote in message news:hkfmja$6ei$1@news.spamcop.net... > > I'm also about to uninstall AdAware, it doesn't do anything, except advise > me to remove the odd cookie, which Snorton does also anyway and like a > virus it keeps on restarting even after I disable it. Between Norton , > Windows defender and Tea Timer , I've got enough stuff chewing CPU cycles > and memory. AdAware sucks, the new version is really intrusive, like you say almost viral, and it never finds anything but tracking cookies for me either. > Also that super spyware program (from earlier in the thread) is going the > way of ad-aware, I ran it somewhere in the middle of your thread, it found > nothing besides cookies, and wants to start every time I boot. I've tried several scanners, Malwarebytes, and then AVG finally found some real threats, but the rest have found nothing but low level threats, one of which was a gaming program that came installed on my machine and which I never use. I will try Spybot, just for the hell of it. So here's this - I ran Trend Micro's Sysclean last night, after disabling (or so I thought) AVG. Sysclean found absolutely nothing, but when AVG scan ran this morning, this is what showed up in the Resident Sheild Detection. I'm not sure what to make of it - was AVG blocking Sysclean from actually working to remove an infection? I have no idea..... The last entry says a MS Security Essentials file was moved to the virus vault, only there's nothing in my virus vault. Security Essentials was downloaded and ran, found nothing, so I uninstalled it again. "Trojan horse Generic14.QAL";"C:\Documents and Settings\Owner.HEIDI.000\Local Settings\Temp\VS02G3EC.01H";"Infected";"2/4/2010, 9:30:06 PM";"file";"C:\Downloads\Sysclean\vscantm.bin" "Trojan horse Generic2.JTG";"C:\Documents and Settings\Owner.HEIDI.000\Local Settings\Temp\VS02G3EC.01J";"Infected";"2/4/2010, 9:30:06 PM";"file";"C:\Downloads\Sysclean\vscantm.bin" "Adware Generic2.DZS";"C:\Documents and Settings\Owner.HEIDI.000\Local Settings\Temp\VS02G3EC.01I";"Potentially dangerous object";"2/4/2010, 9:30:06 PM";"file";"C:\Downloads\Sysclean\vscantm.bin" "Trojan horse Downloader.Agent.ABMQ";"C:\WINDOWS\Temp\TMP00000B1DE26217019152E2AC";"Moved to Virus Vault";"2/4/2010, 7:40:22 PM";"file";"C:\Program Files\Microsoft Security Essentials\MsMpEng.exe" From DLipman~nospam~ at Verizon.Net Fri Feb 5 19:33:15 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 19:35:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> <1779721.bC2pHGDlbC@dev.null.davjam.org> Message-ID: From: "David Bolt" < snip > | The last batch of samples I've seen, of which I presently have kept | only 91, are presently unknown to all the anti-virus packages used by | virustotal.com. I can't recall which group they were retrieved from, | but I do know they were presented as cracks for various software | packages. While they were posted over three weeks ago, I only submitted | samples for scanning a couple of days ago, and so I don't really expect | them to be detected by the major commercial and free anti-virus | packages for another couple of days, the more minor commercial and free | packages will probably be another week or more, and some other | anti-virus packages may never detect them[0]. | My favourite group to retrieve samples are either alt.binaries.games or | alt.binaries.cd.image. You'll need to do a lot of filtering out as | these contain a great deal of pirated software and also the malware | masquerading as cracks. My way of filtering is to check the size of the | articles and dump anything over 2-3MB. Next I dump multi-part RAR files, | par2, nfo and nzb files. | Often there will be a huge batch of them posted, very often with | virtually the same size as each other, so it can be fairly easy to spot | them. I've just started another batch download and, sometime tomorrow, | I'll go through the haul, delete the pirated software and submit what | looks to be malware. | [0] I presently have 716 samples, in a password-protected archive, that | date back over four years. They were identified by the various packages | I was using, either using the Windows or more normally Linux. Often the | samples were identified by less than 50% of the packages used by | virustotal.com, and sometimes significantly less. | Regards, | David Bolt Examples come from: Razor1911 poster -core-.exe files (mostly Bifrost) Your filtering may be filtering out. There are many that may appear to be legitimate but they are in fact packaged files re-packanged with malware. The same poster will post say 2 ~ 10 different programs. They'll be broken into parts and be different sizes BUT, all repackaged with the same malware. Often there will be a TXT file saying something like ... "Hey, I could be an ass and password the file, all im asking you to do is download Sly-ThankYou.rar Its a free and earns me a few poits. I am not asking you to do an offer.Just Visit the link and download the file, which contains this readme." Many are re-engineered Bifrosts that once installed will make your PC a "SlysBitch" thanx to SlySpy v2.0. The binaries are full of malware. A year ago Usenet was under attack. There were *numereous* Aviteo accounts that were compramised and used to post malware floods. In fact there were actual trojans posted to steal more accounts. Many were CODESOFT based password/data stealers. Thankfully many NSP admins. are actively filtering. Thus I have to have a couple of NSPs. You mentioned a.b.g so you've probably seen the following example subject x-posted to a.b.g Software&Games [041/189] - "Call Of Juarez Bound In Blood Razor1911 MAXSPEED.exe" yEnc (4/6) The above is an example of one malware posted 189 times in a six part multi-part attachment. It was posted via GigaNews. GigaNews is *very* proactive when it comes to malware posts :-) I love the strings in some of them like... C:\Users\Milan\Desktop\Hacking\Fly Crypter v2f USG 0.5.1 -updated kaspersky bypass25.10.2009-fixed\Fly Crypter v2f + USG 0.5.1 -updated kaspersky bypass25.10.2009-fixed\UaChmid5.vbp Others have strings in them that actually tell anti virus companies what their detection name SHOULD be { LOL } I'd discuss more but, not in public. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Fri Feb 5 20:29:09 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 20:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Heidi" wrote in message news:hkiaib$2d4$1@news.spamcop.net... > > "bar0" wrote in message > news:hkfmja$6ei$1@news.spamcop.net... >> > So here's this - I ran Trend Micro's Sysclean last night, after > disabling (or so I thought) AVG. Sysclean found absolutely nothing, but > when AVG scan ran this morning, this is what showed up in the Resident > Sheild Detection. I'm not sure what to make of it - was AVG blocking > Sysclean from actually working to remove an infection? I have no > idea..... The last entry says a MS Security Essentials file was moved to > the virus vault, only there's nothing in my virus vault. Security > Essentials was downloaded and ran, found nothing, so I uninstalled it > again. > > "Trojan horse Generic14.QAL";"C:\Documents and > Settings\Owner.HEIDI.000\Local > Settings\Temp\VS02G3EC.01H";"Infected";"2/4/2010, 9:30:06 > PM";"file";"C:\Downloads\Sysclean\vscantm.bin" > "Trojan horse Generic2.JTG";"C:\Documents and > Settings\Owner.HEIDI.000\Local you can Google Generic2.JTG anyway whatever it is, was found in your browser cache, and the name of the relevant file in the cache is VS02G3EC.01H, that doesn't mean you are infected, jsut that it's included in the baggage of your temporary internet files. > Settings\Temp\VS02G3EC.01J";"Infected";"2/4/2010, 9:30:06 > PM";"file";"C:\Downloads\Sysclean\vscantm.bin" > "Adware Generic2.DZS";"C:\Documents and Settings\Owner.HEIDI.000\Local See above except giggle doesn;t know this one yet, likely just a variant > Settings\Temp\VS02G3EC.01I";"Potentially dangerous object";"2/4/2010, > 9:30:06 PM";"file";"C:\Downloads\Sysclean\vscantm.bin" > "Trojan horse > Downloader.Agent.ABMQ";"C:\WINDOWS\Temp\TMP00000B1DE26217019152E2AC";"Moved > to Virus Vault";"2/4/2010, 7:40:22 PM";"file";"C:\Program Files\Microsoft again giggle for Downloader.Agent.ABMQ > Security Essentials\MsMpEng.exe" > > From nobody at spamcop.net Fri Feb 5 21:04:45 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: "Chris Willoughby" wrote in message news:hkg2hf$abq$1@news.spamcop.net... > > Smells like some sort of rootkit to me.. *shrug* I don't really have > anything useful to add though. SuperAntispyware found a rootkit invader on my PC after I became infected with the "Antivirus 2010" affliction. From user at domain.invalid Fri Feb 5 21:12:18 2010 From: user at domain.invalid (Farelf) Date: Fri Feb 5 21:15:10 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: Heidi wrote: > > That's why I don't use IE at all, and I'm not that keen on MS Security > Essentials, because if I were a malware writer, I'd figure out a way to > disable that as well. > Oh, okay - though you might have it (IE) on hand for the odd manual/optional Windows update - but there should be little risk in that if you did. I just tightened up my IE8 installation a little but didn't bother with the protocol lockdown. Even so, there would be lots of sites where IE wouldn't work well any more with my configuration/options so fairly useless except for the updates. I find myself using three browsers as a consequence of all that. I worry about FF extensions and don't use that much any more, mostly I use SeaMonkey which is probably the least secure {sigh} - but so far ... From nobody at spamcop.net Fri Feb 5 21:13:55 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:15:11 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Heidi" wrote in message news:hkiaib$2d4$1@news.spamcop.net... > So here's this - I ran Trend Micro's Sysclean last night, after > disabling (or so I thought) AVG. I have found that it is totally impossible to disable all of AVG's variant apps in real-time -- you kill off some processes and they automagically restart. The only way to "get rid of AVG" to run an uninterrupted scan with another AV app is to disable it in the startup menu and reboot. From not at home.today Fri Feb 5 21:15:56 2010 From: not at home.today (Ant) Date: Fri Feb 5 21:20:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: "David H. Lipman" wrote: > From: "Ant" >> Most usenet >> malware has been data stealers (web/email/ftp account passwords, etc.) > > And backdoors. RATs, such as Bifrost and PoisonIvy. I include those as data stealers because that seems to be their main focus although, being remote admin tools, they're much more powerful. From not at home.today Fri Feb 5 21:18:46 2010 From: not at home.today (Ant) Date: Fri Feb 5 21:20:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> <1779721.bC2pHGDlbC@dev.null.davjam.org> Message-ID: "David Bolt" wrote: > Ant painted this mural: >> That sounds pretty cheap depending on how much you get for it. Many >> cheap/free servers are text only. > > Astraweb isn't too bad. I paid $25 for a block of 180GB. It'll most > likely last me several years before I need to get any more. I'll bear that in mind. Aside from malware, the only group I miss is alt.binaries.humor.skewed ! >> much usenet malware has just been the same old stuff packaged in >> different ways. > > It's not just old malware. Sorry, I meant "same old" as in "usual", in other words you tend to see the same set of familiar trojans once the executables are unpacked. > There has been some that almost all of the > major anti-virus packages haven't immediately recognised. A few days > later and some more of the anti-virus packages have recognised the > samples. The bad news is that even several weeks later, some still > don't recognise them. Many are encrypted with a unique key then wrapped in executables made with MS VB6. This makes them tricky to distinguish from legitimate VB programs. Same applies to those wrapped in .NET assemblies. When they are detected, about the best AV companies can do is put them in a generic malware category. Until they're unpacked (maybe more than one stage) you don't know what they really are. > The last batch of samples I've seen, of which I presently have kept > only 91, are presently unknown to all the anti-virus packages used by > virustotal.com. I'm not surprised. > I can't recall which group they were retrieved from, > but I do know they were presented as cracks for various software > packages. Sounds familiar. Thanks for the feedback and tips. From nobody at spamcop.net Fri Feb 5 21:23:47 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:25:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Ant" wrote in message news:hkfuti$96e$1@news.spamcop.net... > I take your point but my reaction was based on the suggestion that > Indigo fell for a con. Which I definitely did not.... >> The business about everyone scurrying around trying to find the most >> popular or effective tools seems to put the emphasis in the wrong place; > > Definitely. The best tool is your brain and if that fails, a registry > editor and a somewhat in-depth knowledge of how Windows works! Exactly. After discovering that I couldn't install MalwareByte's software post-infection, I started scanning the reg file and some C: drive directories for the traces of the infection, found and deleted a bunch of them before SuperAntiSpyware had actually finished scanning my system. Whether what I did by hand was enough will never be proven, but I'm guessing it would have gone a long way to cleaning up my machine without the added benefit of SAS's search and clean operation (more than 2/3 of the files it found were already gone when it finished scanning). FastCopy's "delete and wipe" function is a wonderful thing to have available in such situations....I was running in safe mode, disconnected from the net, and some of my other "completely destroy this file" apps weren't available to me, but FastCopy was up and running. From nobody at spamcop.net Fri Feb 5 21:26:41 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:30:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: <5653805.EvYhyI6sBW@dev.null.davjam.org> Message-ID: "Ant" wrote in message news:hkhmeq$rf4$1@news.spamcop.net... > "Mike Easter" wrote: > >> Ant wrote: >>> Unfortunately I no longer have access to binary groups. >> >> Does that mean that your provider stopped providing a newsserver with >> (free) binaries and you are currently accessing a free (or otherwise) >> newsserver which doesn't carry binaries > > My provider has some deal with Giganews and one day the binaries just > disappeared. I don't know why and didn't feel like going through the > pain of trying to get an answer from them. I still use their server, > which is pretty good, and consider myself lucky that they continue to > keep it going since so many others have dropped free access to usenet. Comcast used to have a deal with Giganews with a limited number of downloaded bytes/month, but they totally cut off free access to USENET ~2 years ago. Of course the price for the Internet connection didn't drop by a single cent when they cut us off either! From blacklist-me at davjam.org Fri Feb 5 21:26:34 2010 From: blacklist-me at davjam.org (David Bolt) Date: Fri Feb 5 21:35:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> <1779721.bC2pHGDlbC@dev.null.davjam.org> Message-ID: <6700307.qXVLH7GnMW@dev.null.davjam.org> On Saturday 06 Feb 2010 00:33, while playing with a tin of spray paint, David H. Lipman painted this mural: > Examples come from: > Razor1911 poster > -core-.exe files (mostly Bifrost) Those sound extremely familiar. I don't note the posters name, mainly because it's a waste of time trying to track them. The file names do match though. Various RAR files all pretending to have the keygen, all with the name -CORE-.exe which AVG identified as a trojan called Downloader.Generic9.AFTS. There were two other groups of files fetched at the same time, one lot being about 101-102KB, and the second being around 748KB, which are RAR archives containing just a single EXE. These won't get resubmitted to virustotal.com for a couple of weeks, unless either Clamav or AVG identify them beforehand. Once one of those two have identified them, usually the commercial ones will do as well. > Your filtering may be filtering out. Possibly. I'm still using the MK1 eyeball and wetware to do the picking and choosing. I haven't quite figured out how to make a script perform semi-intelligent decisions on what to keep and what to ignore. > There are many that may appear to be legitimate but > they are in fact packaged files re-packanged with malware. I've noticed. My last batch appears to have a lot of archives split at around the 1.4MB mark, so I'm going to have a closer look at some of those. I decided to have a look at some of those I've downloaded today and, Clamav spotted several of them. AVG seems to have spotted a large number of the others. Those that weren't are in the process of being uploaded to virustotal. > The same poster will post say > 2 ~ 10 different programs. They'll be broken into parts and be different sizes BUT, all > repackaged with the same malware. I've noticed there's nowhere near as many big batches. Somewhere between August and October last year I was having to picking random ones from batches of several thousand almost identical sized posts, all from the same poster. Now there's not so many to pick and choose. > Often there will be a TXT file saying something like ... > > "Hey, > > I could be an ass and password the file, all im asking you to do is download > Sly-ThankYou.rar > > Its a free and earns me a few poits. > > I am not asking you to do an offer.Just Visit the link and download the file, which > contains this readme." I might have to start looking at those sort of things again. I'm a little wary about that though, especially after suffering a DDOS while doing exactly that to Storm worm infected systems. Took over three weeks for me to be able to use my link properly, especially since my ISP didn't take too kindly to getting 10GB down it in less than a day, and so throttled it. > Many are re-engineered Bifrosts that once installed will make your PC a "SlysBitch" thanx > to SlySpy v2.0. > > The binaries are full of malware. A year ago Usenet was under attack. Was it really a year ago? I could have sworn it was less than 6 months. > There were > *numereous* Aviteo accounts that were compramised and used to post malware floods. In > fact there were actual trojans posted to steal more accounts. Many were CODESOFT based > password/data stealers. That wouldn't surprise me. > Thankfully many NSP admins. are actively filtering. Thus I have > to have a couple of NSPs. That could be why I'm not seeing anywhere near as many malware posts as before. > You mentioned a.b.g so you've probably seen the following example subject x-posted to > a.b.g > Software&Games [041/189] - "Call Of Juarez Bound In Blood Razor1911 MAXSPEED.exe" yEnc > (4/6) That would have passed my EXE filtering, as long as it didn't get coped by the size filter. I'll have to check the maximum size virustotal will accept and then I think I may have to up my size limit a bit. > The above is an example of one malware posted 189 times in a six part multi-part > attachment. > It was posted via GigaNews. GigaNews is *very* proactive when it comes to malware posts > :-) As I said, I use Highwinds almost all the time, with the occasional Astraweb downloads. Not sure how proactive either of those are but, as I said, there does seem to be a lot less to find. > I love the strings in some of them like... > > C:\Users\Milan\Desktop\Hacking\Fly Crypter v2f USG 0.5.1 -updated kaspersky > bypass25.10.2009-fixed\Fly Crypter v2f + USG 0.5.1 -updated kaspersky > bypass25.10.2009-fixed\UaChmid5.vbp Some of them really do seem to have a hard-on for Kaspersky. That's the only reason I can think of for them to keep adding it into their malware. > Others have strings in them that actually tell anti virus companies what their detection > name SHOULD be { LOL } > > I'd discuss more but, not in public. I'm not really surprised. I'd be a little wary about giving too much away. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From nobody at spamcop.net Fri Feb 5 21:31:12 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:35:10 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkh0g2$k79$1@news.spamcop.net... > From: "Indigo" > > | That's apparently what happened to me last night -- how do I turn off > | active-x in FF? I just looked at the tools/options section and didn't > see > | anything related to active-x. > > > There is NO such thing as "ActiveX" in FireFox ! Ok genius, so how did I get infected while not actively browsing and clicking on links in FF? It was running in the background with several Yahoo web pages open. I was working in Excel when I got infected. From nobody at spamcop.net Fri Feb 5 21:33:31 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:35:11 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkh0l3$kbs$1@news.spamcop.net... > From: "Indigo" > | I wasn't even actively browsing at the time of infection. I had just > used > | Excel's "MSN Stockquote Update" add-on to update my financial > spreadsheets > | when all hell broke loose. So I had multiple FF windows and tab open, > but I > | wasn't using, or browsing, in FF when I got infected. How the hell does > that > | happen? > > > Who said it happened then ? > You can get infected and it doesn't show up until period +X down the road > or until a > reboot plus period +X. ALL of the "weird" new files appeared at exactly 7:22 or 7:23 pm EST, as per the "date modified" and "date created" info. From nobody at spamcop.net Fri Feb 5 21:38:10 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 21:40:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hkhkr7$qt1$1@news.spamcop.net... > > Firefox and other browsers that work on multiple operating systems use the > Netscape Plugin Application Programming Interface (NPAPI) system. NPAPI > performs functions similar to those of ActiveX. The only thing I had active was the Netscape DivX extension, I just disabled it as a preventive measure, but I'm not sure what websites even require that extension to be enabled to work properly. Note: this is an extension, not an "add-in", for FF. From joegill at removethis Fri Feb 5 21:37:41 2010 From: joegill at removethis (Joe Gill) Date: Fri Feb 5 21:40:09 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: "Heidi" wrote in message news:hkdbi5$cei$1@news.spamcop.net... > Last night (without No Script running, in the latest FF ) I clicked on a > google search result that I know was a legit site, (Safe Search is on) and > got redirected to ' can't load meta7 search site" or something like that. > I backed up, hit the link again, and went where it should. The same thing > happened again only went to a different site, also the page didn't load. > > When I reboot, I get a 'windows' message saying it can't find > "azapujaxa.dll". That file was infected with the Hiloti trojan when it > last found something, and was moved to the virus vault and then deleted. > A google search on "azapujaxa.dll" gets no hits - so something must be > hiding, but four programs found no threats. Aside from that, everything > seems to be working as it should. Browser redirects are making me nervous > though.... :(. > Suggestion: A) Download...but do not install latest/greatest AVG B) Download...but do not insttall lastest/greates SUPERANTISPYWARE C) Download...but do not install latest/greatest MALWAREBYTES D) Disconnect from the 'net E) Uninstall SPYBOT, ADAware F) Uninstall AVG, SUPERANTISPYWARE G) Uninstall MALWAREBYTES H) Install AVG I) Install MALWAREBYTES J) Install SUPERANTISPYWARE. K) Reconnect to the 'net L) Run AVG FULLSCAN, allowing it to update M) Run MALWAREBYTES FULLSCAN, allowing it to update N) Run SUPERANTISPYWARE FULLSCAN, allowing it to update! O) Reboot M) Run AVG FULLSCAN N) Reboot ..... wait and see if anything happens....... From nobody at spamcop.net Fri Feb 5 21:50:04 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 21:50:09 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Farelf" wrote in message news:hkij5u$5aq$1@news.spamcop.net... > Heidi wrote: > >> >> That's why I don't use IE at all, and I'm not that keen on MS Security >> Essentials, because if I were a malware writer, I'd figure out a way to >> disable that as well. >> > > Oh, okay - though you might have it (IE) on hand for the odd > manual/optional Windows update - but there should be little risk in that > if you did. I just tightened up my IE8 installation a little but didn't > bother with the protocol lockdown. Even so, there would be lots of sites > where IE wouldn't work well any more with my configuration/options so > fairly useless except for the updates. I find myself using three browsers > as a consequence of all that. I worry about FF extensions and don't use > that much any more, mostly I use SeaMonkey which is probably the least > secure {sigh} - but so far ... UMM.... I've gotten Windows and IE updates using Firefox too, there seems to be no problem. From nobody at spamcop.net Fri Feb 5 21:55:45 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 22:00:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Indigo" wrote in message news:hkik9f$5oc$1@news.spamcop.net... > > "David H. Lipman" wrote in message > news:hkh0g2$k79$1@news.spamcop.net... >> From: "Indigo" >> >> | That's apparently what happened to me last night -- how do I turn off >> | active-x in FF? I just looked at the tools/options section and didn't >> see >> | anything related to active-x. >> >> >> There is NO such thing as "ActiveX" in FireFox ! > > Ok genius, so how did I get infected while not actively browsing and > clicking on links in FF? It was running in the background with several > Yahoo web pages open. I was working in Excel when I got infected. JS From nobody at spamcop.net Fri Feb 5 21:56:54 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 5 22:00:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Indigo" wrote in message news:hkikmi$5tk$1@news.spamcop.net... > > "Twayne" wrote in message > news:hkhkr7$qt1$1@news.spamcop.net... >> >> Firefox and other browsers that work on multiple operating systems use >> the Netscape Plugin Application Programming Interface (NPAPI) system. >> NPAPI performs functions similar to those of ActiveX. > > The only thing I had active was the Netscape DivX extension, I just > disabled it as a preventive measure, but I'm not sure what websites even > require that extension to be enabled to work properly. Note: this is an > extension, not an "add-in", for FF. used to be for watching DivX movies, or at least was purported to be. From DLipman~nospam~ at Verizon.Net Fri Feb 5 21:57:17 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 22:00:10 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkh0g2$k79$1@news.spamcop.net... >> From: "Indigo" >> | That's apparently what happened to me last night -- how do I turn off >> | active-x in FF? I just looked at the tools/options section and didn't >> see >> | anything related to active-x. >> There is NO such thing as "ActiveX" in FireFox ! | Ok genius, so how did I get infected while not actively browsing and | clicking on links in FF? It was running in the background with several Yahoo | web pages open. I was working in Excel when I got infected. Somewhere else I stated something to the effect that you could have been infected anytime and you didn't know until infected +X time or a reboot plus infected +X time. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From user at domain.invalid Fri Feb 5 22:04:56 2010 From: user at domain.invalid (Farelf) Date: Fri Feb 5 22:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: bar0 wrote: > > UMM.... I've gotten Windows and IE updates using Firefox too, there seems to > be no problem. > Wow - I haven't tried for quite a while, must have another look at that. It's been a few years ... From DLipman~nospam~ at Verizon.Net Fri Feb 5 22:06:41 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 22:10:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> <1779721.bC2pHGDlbC@dev.null.davjam.org> <6700307.qXVLH7GnMW@dev.null.davjam.org> Message-ID: From: "David Bolt" | On Saturday 06 Feb 2010 00:33, while playing with a tin of spray paint, | David H. Lipman painted this mural: >> Examples come from: >> Razor1911 poster >> -core-.exe files (mostly Bifrost) | Those sound extremely familiar. I don't note the posters name, mainly | because it's a waste of time trying to track them. The file names do | match though. Various RAR files all pretending to have the keygen, all | with the name -CORE-.exe which AVG identified as a trojan called | Downloader.Generic9.AFTS. | There were two other groups of files fetched at the same time, one lot | being about 101-102KB, and the second being around 748KB, which are RAR | archives containing just a single EXE. These won't get resubmitted to | virustotal.com for a couple of weeks, unless either Clamav or AVG | identify them beforehand. Once one of those two have identified them, | usually the commercial ones will do as well. >> Your filtering may be filtering out. | Possibly. I'm still using the MK1 eyeball and wetware to do the picking | and choosing. I haven't quite figured out how to make a script perform | semi-intelligent decisions on what to keep and what to ignore. >> There are many that may appear to be legitimate but >> they are in fact packaged files re-packanged with malware. | I've noticed. My last batch appears to have a lot of archives split at | around the 1.4MB mark, so I'm going to have a closer look at some of | those. | I decided to have a look at some of those I've downloaded today and, | Clamav spotted several of them. AVG seems to have spotted a large | number of the others. Those that weren't are in the process of being | uploaded to virustotal. >> The same poster will post say >> 2 ~ 10 different programs. They'll be broken into parts and be different sizes BUT, >> all >> repackaged with the same malware. | I've noticed there's nowhere near as many big batches. Somewhere | between August and October last year I was having to picking random | ones from batches of several thousand almost identical sized posts, all | from the same poster. Now there's not so many to pick and choose. >> Often there will be a TXT file saying something like ... >> "Hey, >> I could be an ass and password the file, all im asking you to do is download >> Sly-ThankYou.rar >> Its a free and earns me a few poits. >> I am not asking you to do an offer.Just Visit the link and download the file, which >> contains this readme." | I might have to start looking at those sort of things again. I'm a | little wary about that though, especially after suffering a DDOS while | doing exactly that to Storm worm infected systems. Took over three | weeks for me to be able to use my link properly, especially since my | ISP didn't take too kindly to getting 10GB down it in less than a day, | and so throttled it. >> Many are re-engineered Bifrosts that once installed will make your PC a "SlysBitch" >> thanx >> to SlySpy v2.0. >> The binaries are full of malware. A year ago Usenet was under attack. | Was it really a year ago? I could have sworn it was less than 6 months. >> There were >> *numereous* Aviteo accounts that were compramised and used to post malware floods. In >> fact there were actual trojans posted to steal more accounts. Many were CODESOFT >> based >> password/data stealers. | That wouldn't surprise me. >> Thankfully many NSP admins. are actively filtering. Thus I have >> to have a couple of NSPs. | That could be why I'm not seeing anywhere near as many malware posts as | before. >> You mentioned a.b.g so you've probably seen the following example subject x-posted to >> a.b.g >> Software&Games [041/189] - "Call Of Juarez Bound In Blood Razor1911 MAXSPEED.exe" yEnc >> (4/6) | That would have passed my EXE filtering, as long as it didn't get coped | by the size filter. I'll have to check the maximum size virustotal will | accept and then I think I may have to up my size limit a bit. >> The above is an example of one malware posted 189 times in a six part multi-part >> attachment. >> It was posted via GigaNews. GigaNews is *very* proactive when it comes to malware >> posts >> :-) | As I said, I use Highwinds almost all the time, with the occasional | Astraweb downloads. Not sure how proactive either of those are but, as | I said, there does seem to be a lot less to find. >> I love the strings in some of them like... >> C:\Users\Milan\Desktop\Hacking\Fly Crypter v2f USG 0.5.1 -updated kaspersky >> bypass25.10.2009-fixed\Fly Crypter v2f + USG 0.5.1 -updated kaspersky >> bypass25.10.2009-fixed\UaChmid5.vbp | Some of them really do seem to have a hard-on for Kaspersky. That's the | only reason I can think of for them to keep adding it into their | malware. >> Others have strings in them that actually tell anti virus companies what their >> detection >> name SHOULD be { LOL } >> I'd discuss more but, not in public. | I'm not really surprised. I'd be a little wary about giving too much away. | Regards, | David Bolt UsenetServer.Com and HighWinds Media are malware distribution friendly ! As they put it... "The Abuse Department will NOT deal with flame wars , arguments between users, insults, name-calling, offensive posts, newsgroup FAQ violations (we are not the FAQ police), viruses, or off-topic posting." I really do hate it when a NSP deliberately fails to protect the asset they provide as a paid-for service. When a NSP is told that a subscriber is deliberately posting malware they should take immediate action. UsenetServer.Com and HighWinds Media do not. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Fri Feb 5 22:07:49 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 22:10:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> <1779721.bC2pHGDlbC@dev.null.davjam.org> Message-ID: From: "Ant" | Sounds familiar. Thanks for the feedback and tips. :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Fri Feb 5 22:09:26 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 22:10:10 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkh0l3$kbs$1@news.spamcop.net... >> From: "Indigo" >> | I wasn't even actively browsing at the time of infection. I had just >> used >> | Excel's "MSN Stockquote Update" add-on to update my financial >> spreadsheets >> | when all hell broke loose. So I had multiple FF windows and tab open, >> but I >> | wasn't using, or browsing, in FF when I got infected. How the hell does >> that >> | happen? >> Who said it happened then ? >> You can get infected and it doesn't show up until period +X down the road >> or until a >> reboot plus period +X. | ALL of the "weird" new files appeared at exactly 7:22 or 7:23 pm EST, as per | the "date modified" and "date created" info. Often that data is faked. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Fri Feb 5 22:12:35 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 22:15:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "bar0" wrote in message news:hkilnj$665$1@news.spamcop.net... > >> Ok genius, so how did I get infected while not actively browsing and >> clicking on links in FF? It was running in the background with several >> Yahoo web pages open. I was working in Excel when I got infected. > > JS I have FF enabled for JS, but none of the checkboxes are checked.....and I do need to allow JS to run for certain websites I use nearly every day, but the option to choose which websites to allow JS to run doesn't appear in tools/options like it does for say, loading images..... From nobody at spamcop.net Fri Feb 5 22:14:12 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 5 22:15:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkimh6$6i4$1@news.spamcop.net... > From: "Indigo" > > | ALL of the "weird" new files appeared at exactly 7:22 or 7:23 pm EST, as > per > | the "date modified" and "date created" info. > > > Often that data is faked. But it also happens to be the exact time when the infection became active...... From DLipman~nospam~ at Verizon.Net Fri Feb 5 22:17:49 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Fri Feb 5 22:20:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkimh6$6i4$1@news.spamcop.net... >> From: "Indigo" >> | ALL of the "weird" new files appeared at exactly 7:22 or 7:23 pm EST, as >> per >> | the "date modified" and "date created" info. >> Often that data is faked. | But it also happens to be the exact time when the infection became | active...... Right "became active". "Became active" does NOT have to be equal to the time of "being infected". -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From blacklist-me at davjam.org Fri Feb 5 22:43:48 2010 From: blacklist-me at davjam.org (David Bolt) Date: Fri Feb 5 22:45:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> <1371422.SPYKUYFuaP@dev.null.davjam.org> Message-ID: <7768302.gRusQuhbGJ@dev.null.davjam.org> On Friday 05 Feb 2010 23:36, while playing with a tin of spray paint, Heidi painted this mural: > > "David Bolt" wrote in message > news:1371422.SPYKUYFuaP@dev.null.davjam.org... >> You have one of those "safe places" too[0]? > > I have MANY of those places.....I find surprises all the time. Like the big > box of Bubu Lubus that someone sent me for Christmas... mmm.... At least that's one pleasant thing to come out of this. >> So you're machine was shop bought, not home built? You might want to >> check and see if there is a hidden rescue partition on the hard drive >> that is used for fresh installs? It's possible that you may be able to >> return the machine to the state it was initially in without having >> those discs. As for other software, well I hope you manage to remember >> where that safe place is. > > I know there is a rescue partition and a recovery option, I just don't want > it to be my only option if something goes wrong, so until I have disks in my > hot little hands, I won't be wiping. That I can understand. I know that when I bought my laptop several years ago, one of the things it wanted to do was to create a set of rescue discs. Up until the OS was replaced, it was possible to recreate these rescue discs. However, I'd be very wary about doing so with a machine in an indeterminate state. You can't know if the rescue discs would contain a copy of whatever malware may still be there. >> Except that you don't even need to click on links to become infected. >> It's possible to look at a page and have malware installed because the >> server was itself infected and served some malware as a part of the >> page. As others have said, adverts are a common way for this type of >> infection to spread. > > And what are "WE" (the royal WE) supposed to do about that? NoScript, fine > but other than that? WE are all screwed... You can't do very much about it. Locking everything down as tight as possible, having a restricted account for browsing, and the customary reinstall when you get infected are about the only things that can be done. >> Social engineering is nothing to do with social sites. Social >> engineering is case of conning you to think something you wouldn't >> and/or shouldn't trust, is something you do trust, and so give up >> information useful to whoever is doing the social engineering. A common >> example of this is some form of phish. > > You say 'social', I either go down there to the next group, or think 'social > sites'. Phishing, con emails, etc., I am way too long in the tooth to fall > for any of that crap. I do tend to save my friends from scams though, one > friend answered an ad for a horse, oh, he was beautiful, a lovely Fresian > (breed of the month for scammers, apparently). If I didn't know better, I'd have said that sounded almost like a breed of cattle. > She asked for details, and > of course it all came back in broken English, Not a good sign. It's this sort of thing that makes me wonder why so many people keep falling for these types of scam. > with the requisite sob story > from some who is in the Pacific northwest, (and an IP addy in Africa), Now, most people wouldn't know how to check that up. It's also one of the reasons I tend to burst out laughing as soon as I see these types of mail. > and > the promise to send her more pictures.... of the "puppy". Puppy? "Oh, I > meant Roberth (the horse)". Uh huh. Maybe it was just a really large puppy, one that had hooves instead of paws. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From not at home.today Sat Feb 6 07:11:02 2010 From: not at home.today (Ant) Date: Sat Feb 6 07:15:07 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Heidi" Wrote: > "Ant" Wrote: >> The problems you've had indicate an insecure system configuration >> where otherwise the damage would have been limited. Your remark in an >> earlier post: "What do administrator rights have to do with anything?" >> suggests that paranoia is not the answer. > > My virus program and browser are set to the highest security, I have a > firewall that has to ask for permission for everything and is set to block > incoming and outgoing, and if I don't recognize it I refuse and investigate. The firewall won't stop http traffic requested by the browser unless you have rules to block specific sites, otherwise you wouldn't be able to browse. Once a machine is infected all bets are off with regard to outgoing traffic because malware with admin rights can change any system settings it wants. > Aside from using NoScript (which I will, just to monitor what's going on), > or going to another OS (no), then if whatever is out there is getting by > that kind of security, I don't think there's a whole lot else I can do. You could use an unprivileged user account for browsing or you could run the browser in a virtual machine like SandboxIE or VMWare. > Wiping and reinstalling my OS could become a weekly event....and pointless. Yes, but it's not so much trouble to delete a temporary user account or VM image. From not at home.today Sat Feb 6 07:12:42 2010 From: not at home.today (Ant) Date: Sat Feb 6 07:15:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: <5653805.EvYhyI6sBW@dev.null.davjam.org> <1779721.bC2pHGDlbC@dev.null.davjam.org> Message-ID: "David H. Lipman" wrote: > From: "Ant" >> Sounds familiar. Thanks for the feedback and tips. > > > :-) I think I'll leave usenet binaries to the two Davids and be satisfied with the occasional interesting sample appearing in the usual place! From blacklist-me at davjam.org Sat Feb 6 10:39:17 2010 From: blacklist-me at davjam.org (David Bolt) Date: Sat Feb 6 10:45:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: <1358409.AgFLt9SDvc@dev.null.davjam.org> On Saturday 06 Feb 2010 12:11, while playing with a tin of spray paint, Ant painted this mural: > "Heidi" Wrote: >> Aside from using NoScript (which I will, just to monitor what's going on), >> or going to another OS (no), then if whatever is out there is getting by >> that kind of security, I don't think there's a whole lot else I can do. > > You could use an unprivileged user account for browsing or you could > run the browser in a virtual machine like SandboxIE or VMWare. There's also the possibility of using a virtual machine, my preference being VirtualBox, and using it to run a different OS[0]. If you prefer Windows, install a virtual machine on Windows, create a virtual machine and then install one of the many different Linux distributions[1] and then use that for web browsing. You can add a shared directory to allow files to be transferred between the host and guest OSes, at the same time as protecting the host from possible drive-by infections. And when you're finished browsing, pause the virtual machine until the next time you want a browser. >> Wiping and reinstalling my OS could become a weekly event....and pointless. > > Yes, but it's not so much trouble to delete a temporary user account > or VM image. Agreed. Although with a virtual machine, or at least VirtualBox, you can take a snapshot and revert to it virtually at will. It means you end up with the ability to wipe out any changes made returning you to a known clean state. [0] Or, if you have the license available, maybe run another copy/version of Windows. [1] The Ubuntu family are quite popular but there are many others around[2]. Since they're free to download and run, there's no cost involved except the time it takes to download and check them out. And as most of them are available as a live CD, you can check each of them out before picking one. [2] My preference is for openSUSE, which is pretty obvious from my .sig, although I've looked at several others, and even have kept the live CDs for some of them. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From nobody at spamcop.net Sat Feb 6 11:07:37 2010 From: nobody at spamcop.net (bar0) Date: Sat Feb 6 11:10:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> <1358409.AgFLt9SDvc@dev.null.davjam.org> Message-ID: "David Bolt" wrote in message news:1358409.AgFLt9SDvc@dev.null.davjam.org... > On Saturday 06 Feb 2010 12:11, while playing with a tin of spray paint, > Ant painted this mural: > >> "Heidi" Wrote: > > >>> Aside from using NoScript (which I will, just to monitor what's going >>> on), >>> or going to another OS (no), then if whatever is out there is getting by >>> that kind of security, I don't think there's a whole lot else I can do. >> >> You could use an unprivileged user account for browsing or you could >> run the browser in a virtual machine like SandboxIE or VMWare. > > There's also the possibility of using a virtual machine, my preference > being VirtualBox, and using it to run a different OS[0]. If you prefer > Windows, install a virtual machine on Windows, create a virtual machine > and then install one of the many different Linux distributions[1] and > then use that for web browsing. You can add a shared directory to allow > files to be transferred between the host and guest OSes, at the same > time as protecting the host from possible drive-by infections. And when > you're finished browsing, pause the virtual machine until the next time > you want a browser. > >>> Wiping and reinstalling my OS could become a weekly event....and >>> pointless. >> >> Yes, but it's not so much trouble to delete a temporary user account >> or VM image. .... Curious as to where one might obtain a worthwhile inexpensive VM? From not at home.today Sat Feb 6 12:01:39 2010 From: not at home.today (Ant) Date: Sat Feb 6 12:05:07 2010 Subject: [Scgeeks] Re: Cool Hidden Admin Tools References: <82nnk5d0bappuu0knb0p5i9c94ej9nrav8@4ax.com> Message-ID: "Ant" wrote: > "Indigo" wrote: >> And if I would have actually opened *that* link before replying I wouldn't >> have needed to ask who invented hex -- it was IBM, kinda sorta what I >> guessed, but a lot later (1963) than I expected. What base did earlier >> computers use? IIRC, the first "computers" were actually analog devices of >> sorts, so perhaps a new base system wasn't needed until the invention of >> IC's? (if that's the appropriate term, what I mean is silicone chip based >> computing devices) > > Any particular base would depend on accumulator or register size and I > think in the early days they just used binary for arbitrary sequences > of bits. This much is probably reasonable for the very early days. > You'll notice that with the introduction of microprocessors > registers became standardised at 8 or 16 bits wide so it was useful to > invent new number bases (octal: 8 and hex: 16) to represent values > that could be stored. This is bunk or at least misleading. Pardon me for updating an old thread but I was going through some sent messages, saw my muddle, and thought I'd better try to correct it for the record. Octal needs 3 bits to represent its largest digit (7) whereas hex requires 4 bits (F). Early mainframes used 24 or 36 bit words so it was convenient to use octal to display binary because these numbers are evenly divisible by the number of bits (3) required for each digit. Later processors used 16 & 32 bit words and 8-bit bytes where one more bit (4) makes an even divider - hence the birth of hex. For a history start point see the "In computers" section at: http://en.wikipedia.org/wiki/Octal From blacklist-me at davjam.org Sat Feb 6 12:00:38 2010 From: blacklist-me at davjam.org (David Bolt) Date: Sat Feb 6 12:15:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> <1358409.AgFLt9SDvc@dev.null.davjam.org> Message-ID: <1928178.O833rMHq7A@dev.null.davjam.org> On Saturday 06 Feb 2010 16:07, while playing with a tin of spray paint, bar0 painted this mural: > Curious as to where one might obtain a worthwhile inexpensive VM? Define worthwile inexpensive VM. If you mean the software to run a virtual machine, you can get VirtualBox from here: http://www.virtualbox.org/ You can get VMplayer, which allows you to run a VMware virtual machine, but not create your own. The player available from here: http://www.vmware.com/products/player/ There are also a large number of ready-made virtual machines hosted by vmware.com, although not all of them are free to download and use. These don't need to be used by VMplayer as VirtualBox is able to use the vmware format machines as well as its own machines. There are other places where you can download the ready-made virtual machines, although you are extremely unlikely to find Windows running in them due to licensing issues. My own choice is to use VirtualBox, which I mainly use for testing different distros on the off-chance there's some new feature that I might like in them, one that's not yet present in my main OS. As for creating a virtual machine with VirtualBox, it's very easy to do and the virtualbox website has quite a lot of information about how to do it if you need help. The basic creation consists of clicking on "New" to start the new virtual machine wizard. Next step is to give the machine a name, so you can identify it later, pick the type of OS it's going to be running, how much memory it should have, and either assigning a pre-existing hard drive, or creating a new one for it. After that, you can customise what hardware you want the machine to have, adding new hard drives, DVD drives, changing the video memory size, etc. After that, it's just a case of installing the choice of OS and using it when it's finished. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M1 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11 From joegill at removethis Sat Feb 6 13:32:43 2010 From: joegill at removethis (Joe Gill) Date: Sat Feb 6 13:35:08 2010 Subject: [Scgeeks] Firefox users ....beware Message-ID: Malware laced add-ons http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/ Fake download site http://www.theregister.co.uk/2010/02/03/fake_firefox_download/ From nobody at spamcop.net Sat Feb 6 15:49:18 2010 From: nobody at spamcop.net (Indigo) Date: Sat Feb 6 15:50:07 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Ant" wrote in message news:hkjmcp$hrn$1@news.spamcop.net... Once a machine is infected all bets are off with regard to > outgoing traffic because malware with admin rights can change any > system settings it wants. > That fscking "AntiVirus 2010" malware can and DOES change system settings. After I cleaned up my machine, I discovered that Windows Firewall and Defender had been disabled! Luckily checking my security settings was the first thing I did once I recovered, and I was still disconnected from the net (had unplugged my modem). From nobody at spamcop.net Sun Feb 7 00:46:40 2010 From: nobody at spamcop.net (Heidi) Date: Sun Feb 7 00:50:08 2010 Subject: [Scgeeks] I'm hopeful that ComboFix did it.... Message-ID: Time will tell... So far I have not had a browser hijack. http://www.computing.net/answers/security/another-google-hijack/24184.html AVG is beyond annoying, I disabled everything I could see, restarted and ComboFix still shot up a warning that it was still active. It's worse than the damn trojan.... From MikeE at ster.invalid Sun Feb 7 07:07:20 2010 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 7 07:10:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: Heidi wrote: > Time will tell... So far I have not had a browser hijack. > http://www.computing.net/answers/security/another-google-hijack/24184.html > > AVG is beyond annoying, I disabled everything I could see, restarted and > ComboFix still shot up a warning that it was still active. It's worse than > the damn trojan.... AVG disabling should be straightforward http://free.avg.com/ww-en/kb.num-2429 How to disable AVG Free temporarily Resident shield; email; link scanner. -- Mike Easter From nobody at spamcop.net Sun Feb 7 09:41:46 2010 From: nobody at spamcop.net (Heidi) Date: Sun Feb 7 09:45:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... References: Message-ID: "Mike Easter" wrote in message news:hkmado$f20$1@news.spamcop.net... >> AVG disabling should be straightforward > http://free.avg.com/ww-en/kb.num-2429 How to disable AVG Free temporarily > > Resident shield; email; link scanner. > Should be straightforward, those are the instructions I followed because they're linked from that page. As soon as Combo Fix started to run, it flashed as warning balloon that AVG was running. I couldn't see it anywhere but something was still running, Combo Fix said it would continue to run at my risk. Heaven help all of us if one of the AVG techies decides to go to the dark side. From MikeE at ster.invalid Sun Feb 7 10:36:48 2010 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 7 10:40:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: Heidi wrote: > "Mike Easter" >>> AVG disabling should be straightforward >> http://free.avg.com/ww-en/kb.num-2429 How to disable AVG Free temporarily >> >> Resident shield; email; link scanner. >> > Should be straightforward, those are the instructions I followed because > they're linked from that page. As soon as Combo Fix started to run, it > flashed as warning balloon that AVG was running. I couldn't see it anywhere > but something was still running, Combo Fix said it would continue to run at > my risk. Heaven help all of us if one of the AVG techies decides to go to > the dark side. There are two email scanner server functions to turn off, pop & smtp. If there is some kind of bogus avg running, it would be good to whack it. -- Mike Easter From loyal at spamcop.user Sun Feb 7 13:15:45 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 7 13:20:09 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: Heidi wrote: > I don't think any of these AV programs are worth a crap! I wouldn't touch any of the free anti-virus programs for Windows. It's a question of quality and accountability. Windows is way to big of a valuable target for malware writers, and I'd want security software that is well regarded, gotten good reviews, and is updated frequently. You need to think about security on multiple dimensions: - malware - spam / mail scanning - malicious scripts - suspicious or hacked sites - network attacks Big names to consider: Norton, Kaspersky, BitDefender, McAfee, Checkpoint, Trend Micro, and probably a few others that don't come to mind. Don't consider my list to be conclusive. :) Plenty of web sites offer reviews of security software, such as Computerworld, PCWorld, CNet, etc. AndrewB From nobody at spamcop.net Sun Feb 7 13:55:04 2010 From: nobody at spamcop.net (Heidi) Date: Sun Feb 7 13:55:07 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... References: Message-ID: "Mike Easter" wrote in message news:hkmmmh$j7b$1@news.spamcop.net... > > There are two email scanner server functions to turn off, pop & smtp. If > there is some kind of bogus avg running, it would be good to whack it. > It's probably not bogus, but I maybe missed one of the check boxes, although I don't get how. So this morning, after all that, AVG says it's found and quarantined JS/Downloader. Agent. I deleted the files, emptied the vault, then scanned again with both MWB and SSD. Neither found anything. Sigh................ From loyal at spamcop.user Sun Feb 7 15:24:54 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 7 15:30:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: Indigo wrote: > > "David H. Lipman" wrote in message > news:hkh0l3$kbs$1@news.spamcop.net... >> From: "Indigo" >> | I wasn't even actively browsing at the time of infection. I had just >> used >> | Excel's "MSN Stockquote Update" add-on to update my financial >> spreadsheets >> | when all hell broke loose. So I had multiple FF windows and tab >> open, but I >> | wasn't using, or browsing, in FF when I got infected. How the hell >> does that >> | happen? >> >> >> Who said it happened then ? >> You can get infected and it doesn't show up until period +X down the >> road or until a >> reboot plus period +X. > > ALL of the "weird" new files appeared at exactly 7:22 or 7:23 pm EST, as > per the "date modified" and "date created" info. Tell us more about this "MSN Stockquote Update" thing. Is this an official Microsoft utility, or a third party utility you downloaded? Since Excel probably doesn't have a HTTP stack protocol included, Excel, or whatever you installed, relies upon Internet Explorer components that negotiate with MSN and your stock portfolio to get stock quotes and to stick those in Excel for you. If this is a third party tool, not of Microsoft, maybe it shows some ads or at least downloads them, and perhaps one of their advertising partners got compromised and introduced malware via a Internet Explorer flaw. Such that, while it was updating stock quotes for you, it was downloading and launching the malware on your PC. There are other avenues into this. Just because Internet Explorer wasn't up and running, you may find it difficult or outright impossible to know if Internet Explorer components are loaded by other programs. Several years ago, I quit using AOL's AIM client because a Harry Potter advertisement flew across my screen from a display ad in the client. Literally, Harry on a broomstick flying across my screen. Components of Internet Explorer were probably at play, as the area on the chat client would update frequently, show HTML, and do other web like things. I can't say for sure it was IE, but IE can be embedded in other programs where you might not expect it. AndrewB From loyal at spamcop.user Sun Feb 7 15:33:56 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 7 15:35:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: Twayne wrote: > In news:hkeiad$pfa$1@news.spamcop.net, > bar0 typed: >> "Heidi" wrote in message >> news:hkecmi$nj4$1@news.spamcop.net... >>> >>> "David H. Lipman" wrote in message >>> news:hkeb4u$n05$1@news.spamcop.net... >>>> From: "Indigo" >>>> >>>> >>>>> I just successfully installed MBAM and I'm running a complete scan >>>>> of all my drives, hopefully it won't find anything. But I forget >>>>> all the advice given to Heidi on how to prevent re-infections: do >>>>> I have to disable Active-X? >>>> >>>> >>>> Not neccessarily. Stop willy-nilly browsing, stop falling for BS >>>> cons, etc. >>> >>> You are beyond just offensive now, sliding right into "rude and >>> obnoxious". >>> >> >> Yahoo in particular, and hotmail/msn also to a lesser degree offer up >> malware advertizing pages and frames. If you allow scripting and >> activex, you can just be passively on a yahoo mail page and ads may >> cycle right into malware. > > That might call for a good HOSTS file to help that out. I originally > used the MVP's free HOSTS file offering and then added to it myself plus > allow Spybot etc. to add to it. I seldom see an ad anymore while I surf > and when I do, unless it's someone major, it goes right into the HOSTS > file. If one does a lot of Yahoo surfing, they might have to remove a > couple entries from the original file: but I don't recommend it. I had > to do it for my sister's PC so she could keep a user forum working and > it's never posed any problems but only do things like that carefully. > With a HOSTS file you can grow a pretty effective blocker. Be sure you > set it so you're notified whenever a change is made, though; Winpatrol > does a good job of that and many other things too, but lots of apps will > also do so. Interesting approach. That might be too difficult for the average user to maintain and perform. And sort of risky if they introduce an error in the HOSTS file. If one is using Firefox, simply using the NoScript and AdBlock Plus addons make this easier to maintain for most people. Not perfect, but most ads will be blocked (and for those that get through, you can right click and they'll go away) and scripts can be configured to run as you wish. NoScript: https://addons.mozilla.org/en-US/firefox/addon/722 AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865 Each has more than 60 million downloads from addons.mozilla.org. Oh, and another thing to mention, Firefox 3.6 introduces that private browsing mode, invoked from the menu or ctrl-shift-p on Windows. AndrewB From nobody at spamcop.net Sun Feb 7 16:41:16 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 7 16:45:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: "AndrewB" wrote in message news:hkn00m$m86$1@news.spamcop.net... > Big names to consider: Norton, Kaspersky, BitDefender, McAfee, > Checkpoint, Trend Micro, and probably a few others that don't come to > mind. Don't consider my list to be conclusive. :) I can't believe you honestly recommend Norton, given how disruptive it can be and hard it is to completely uninstall ....besides the fact that it is total bloatware. From nobody at spamcop.net Sun Feb 7 16:48:23 2010 From: nobody at spamcop.net (Twayne) Date: Sun Feb 7 16:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkn83q$p49$1@news.spamcop.net, AndrewB typed: > Twayne wrote: >> In news:hkeiad$pfa$1@news.spamcop.net, >> bar0 typed: >>> "Heidi" wrote in message >>> news:hkecmi$nj4$1@news.spamcop.net... >>>> >>>> "David H. Lipman" wrote in message >>>> news:hkeb4u$n05$1@news.spamcop.net... >>>>> From: "Indigo" >>>>> >>>>> >>>>>> I just successfully installed MBAM and I'm running a complete >>>>>> scan of all my drives, hopefully it won't find anything. But I >>>>>> forget all the advice given to Heidi on how to prevent >>>>>> re-infections: do I have to disable Active-X? >>>>> >>>>> >>>>> Not neccessarily. Stop willy-nilly browsing, stop falling for BS >>>>> cons, etc. >>>> >>>> You are beyond just offensive now, sliding right into "rude and >>>> obnoxious". >>>> >>> >>> Yahoo in particular, and hotmail/msn also to a lesser degree offer >>> up malware advertizing pages and frames. If you allow scripting and >>> activex, you can just be passively on a yahoo mail page and ads may >>> cycle right into malware. >> >> That might call for a good HOSTS file to help that out. I originally >> used the MVP's free HOSTS file offering and then added to it myself >> plus allow Spybot etc. to add to it. I seldom see an ad anymore >> while I surf and when I do, unless it's someone major, it goes right >> into the HOSTS file. If one does a lot of Yahoo surfing, they might >> have to remove a couple entries from the original file: but I don't >> recommend it. I had to do it for my sister's PC so she could keep a >> user forum working and it's never posed any problems but only do >> things like that carefully. With a HOSTS file you can grow a >> pretty effective blocker. Be sure you set it so you're notified >> whenever a change is made, though; Winpatrol does a good job of that >> and many other things too, but lots of apps will also do so. > > Interesting approach. That might be too difficult for the average > user to maintain and perform. And sort of risky if they introduce an > error > in the HOSTS file. > > If one is using Firefox, simply using the NoScript and AdBlock Plus > addons make this easier to maintain for most people. Not perfect, but > most ads will be blocked (and for those that get through, you can > right click and they'll go away) and scripts can be configured to run > as you wish. > NoScript: https://addons.mozilla.org/en-US/firefox/addon/722 > AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865 > > > Each has more than 60 million downloads from addons.mozilla.org. > > Oh, and another thing to mention, Firefox 3.6 introduces that private > browsing mode, invoked from the menu or ctrl-shift-p on Windows. > > > > AndrewB Pretty much agree and FF 3.6 is an excellent choice right now as it's secure from some of the crap flying around according to what I've read. I use FF quite a bit, depending on what I'm doing but I don't keep up technically with it all that much. Moreso lately though. As for the HOSTS file, it's actually very easy to work with and the only real "damage" one could do to themselves would be to redirect a site they typed wrong. As long as the first column is always 127.0.0.1 and the website to be banned is entered correctly, that's all there is to it. Oh, and you can also spread about as many comments as you with by preceding the line with # (octothorpe, or pound, as some call it). If you do something wrong like enter the URL or part of it incorrectly then just nothing will happen. The only thing to watch for with the HOSTS file is, well, there are actually 2 things: 1. It must remain as a text file, be all CAPITAL letters, and have NO extension or dot in it. 2. If it gets too large (> ~300k?) it can start to slow down your system but that's easily handled, too. I've been building on mine for about 4 years now; I seldom if ever see an ad on any site unless it's first party ads which I want to see, and don't waste the download time on the ads since they never get downloaded. If you'd like more info, these sites are pretty good at explaining it: First one of many forums on the subject: http://forum.hosts-file.net/ Wikipedia's long description/history: http://en.wikipedia.org/wiki/Hosts_file Help with managing the HOSTS file: http://majorgeeks.com/HOSTS_File_Manager_d5731.html Where is the HOSTS file? http://www.answerbag.com/q_view/170197 A good description and how-to; also includes the "fix" adjustment for a large hosts file: http://www.mvps.org/winhelp2002/hosts.htm Yes, it covers XP. Has a downloadable HOSTS file and batch file to install the "fix". Some places recommend downloading new HOSTS files periodically but I personally don't recommend it IF you are going to add your own entries on top of the ones they already provide. You'll see an almost immediate difference in surfing with a good HOSTS file installed. Actually, brief instructions on how to use the XP HOSTS file are included right at the top of the file in commented form. Even if it has no entries, you have a HOSTS file by default located at: C:\windows\system32\drivers\etc Careful: the folder "etc" does NOT have a period at the end. The HOSTS file resides in the ...\etc\ directory. Most HOSTS file downloaders also back up the original file for you too, just in case you don't want the one you downloaded. Caveat: The mvps.org hosts file does include some sites that people do use. I had to go thru my sister's HOSTS file and remove two entries so she could access her Corel user groups, some fairly slimy and malware prone places. She knows her way around though and has no problems so I didn't mind reopening the access for her. Caveat: Several malware and anti-spy programs use the HOSTS file to store their discoveries in. That's another reason not to upgrade them willy nilly because all that data gets thrown out if you download a new one. They don't append to the files, they simply replace everything with THEIR opinions of the latest problem sites. You malware detectors may well have a better listing. And finally, HOSTS files are available from many places, not just the mvps site I referenced. I only used it because it's a known-safe place to download from. Be sure wherever you get yours from is a realiable and reputable site that doesn't toss in its own malicious redirects, etc.. You know it's a redirect if you ever see anything but 127.0.0.1. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Sun Feb 7 16:59:59 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 7 17:00:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "AndrewB" wrote in message news:hkn7jd$ost$1@news.spamcop.net... > Tell us more about this "MSN Stockquote Update" thing. Is this an > official Microsoft utility, or a third party utility you downloaded? > > Since Excel probably doesn't have a HTTP stack protocol included, Excel, > or whatever you installed, relies upon Internet Explorer components that > negotiate with MSN and your stock portfolio to get stock quotes and to > stick those in Excel for you. MSN Stockquote is an official MS Excel Add-in available at http://www.microsoft.com/downloads/details.aspx?FamilyID=485FCCD8-9305-4535-B939-3BF0A740A9B1&displaylang=en When you enable the function and want to update a financial spreadsheet with new stock prices (20 min delay), you click on the "update quotes" button, it opens an IE-Frame window to go grab the info from the MSN Money website, updates the prices, then you have to manually close the IE window. Here's the script that runs, see anything dangerous in there?: Money Stock Quotes
http://moneycentral.msn.com
Stock Quotes (1)
Quotes are delayed at least 15-20 minutes
Terms of Use.? 2010 Microsoft Corporation and/or its suppliers. All rights reserved.
From nobody at spamcop.net Sun Feb 7 17:00:23 2010 From: nobody at spamcop.net (Twayne) Date: Sun Feb 7 17:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: In news:hkn00m$m86$1@news.spamcop.net, AndrewB typed: > Heidi wrote: > >> I don't think any of these AV programs are worth a crap! > > I wouldn't touch any of the free anti-virus programs for Windows. It's a > question of quality and accountability. Windows is way to big > of a valuable target for malware writers, and I'd want security > software that is well regarded, gotten good reviews, and is updated > frequently. > You need to think about security on multiple dimensions: > > - malware > - spam / mail scanning > - malicious scripts > - suspicious or hacked sites > - network attacks > > Big names to consider: Norton, Kaspersky, BitDefender, McAfee, > Checkpoint, Trend Micro, and probably a few others that don't come to > mind. Don't consider my list to be conclusive. :) > > Plenty of web sites offer reviews of security software, such as > Computerworld, PCWorld, CNet, etc. > > > AndrewB Andrew, I think if you take a look at some of the better reviews, you'll find a mix of free, open source (free) and proprietary pay-for programs in the lists. There are indeed some good free AV programs out there that will do an excellent job, often better than several of the paid versions. ComputerWorld and PCWorld in particular are biased in most of their reviews and it's obvious if you watch carefully how/what they test with/for. The truth is, some are better than others, none are all inclusive or better than all the rest 100% of the time. Each will have their strengths and weaknesses, and each will be different strengths/weaknesses than the others. It's not nearly as bad as malware/spyware detectors, but there are still differences. Then of course you have the issues of which ones get updated first and which ones are the quickest about getting reliable, useful updates to their virus signatures. Foremost on the list, IMO is how well the user gets along with them. The best program in the world would be useless to one who doesn't understand what it's telling them or suggesting what they should do. AVG is still a reasonable freebie IMO, AVAST used to be good but not so much lately, but that could change at any minute, as could AVG's reputation. These things fluctuate and especially lately with all the "crap" going on for IE, can even change on an hourly or daily basis. I wouldn't be so quick to write off free AV programs if I were you. Just my 2 ?, Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Sun Feb 7 17:11:33 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 7 17:15:07 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "Heidi" wrote in message news:hklk42$7gv$1@news.spamcop.net... > Time will tell... So far I have not had a browser hijack. > http://www.computing.net/answers/security/another-google-hijack/24184.html > > AVG is beyond annoying, I disabled everything I could see, Using what App? AVG is IMPOSSIBLE to "unload" in realtime, if you try to kill off any of the processes they will automagically restart. The only way to get rid of it is to make sure it is disabled from running (using multiple tools to look for auto-starting apps helps unless you want to manually disable it in the registry yourself), then reboot. I'm still curious why AVG slows down your machine so badly....the only time I have a problem with it is when it's doing some kind of scan, which gobbles up over 50% of my memory in realtime. The offending process is usually C:\Program Files\AVG\AVG9\avgcsrvx.exe, which is called "AVG Scanning Core Module - Server Part". Once that fscker starts taking over, it interferes so badly at times that I'll put it into "suspend" mode so I can get some work done without waiting forever when trying to move between open windows. I've been meaning to reschedule the regular scan time, but have't gotten around to it yet. From nobody at spamcop.net Sun Feb 7 17:14:46 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 7 17:15:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hkndqj$r5v$1@news.spamcop.net... > C:\Program Files\AVG\AVG9\avgcsrvx.exe, which is called "AVG Scanning Core > Module - Server Part". Once that fscker starts taking over, it interferes > so badly at times that I'll put it into "suspend" mode so I can get some > work done without waiting forever when trying to move between open > windows. > > I've been meaning to reschedule the regular scan time, but have't gotten > around to it yet. Doh! No wonder it was screwing with me....I had it set to run at noon! From nobody at spamcop.net Sun Feb 7 17:19:30 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 7 17:20:07 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "Mike Easter" wrote in message news:hkmado$f20$1@news.spamcop.net... > Heidi wrote: >> Time will tell... So far I have not had a browser hijack. >> http://www.computing.net/answers/security/another-google-hijack/24184.html >> >> AVG is beyond annoying, I disabled everything I could see, restarted and >> ComboFix still shot up a warning that it was still active. It's worse >> than the damn trojan.... > > AVG disabling should be straightforward > http://free.avg.com/ww-en/kb.num-2429 How to disable AVG Free temporarily > > Resident shield; email; link scanner. Mike, those are just a couple of parts of AVG you can disable, the rest of the services CANNOT be stopped or unloaded in realtime. From loyal at spamcop.user Sun Feb 7 17:58:07 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 7 18:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: Indigo wrote: > > "AndrewB" wrote in message > news:hkn00m$m86$1@news.spamcop.net... >> Big names to consider: Norton, Kaspersky, BitDefender, McAfee, >> Checkpoint, Trend Micro, and probably a few others that don't come to >> mind. Don't consider my list to be conclusive. :) > > I can't believe you honestly recommend Norton, given how disruptive it > can be and hard it is to completely uninstall ....besides the fact that > it is total bloatware. I didn't recommend anything if you read my message. You assumed that just because I mentioned it, I recommended it, despite my mentioning people to read reviews. :) No sweat though. AndrewB From loyal at spamcop.user Sun Feb 7 18:02:39 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 7 18:05:07 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: Twayne wrote: > In news:hkn00m$m86$1@news.spamcop.net, > AndrewB typed: >> Heidi wrote: >> >>> I don't think any of these AV programs are worth a crap! >> >> I wouldn't touch any of the free anti-virus programs for Windows. It's >> a question of quality and accountability. Windows is way to big >> of a valuable target for malware writers, and I'd want security >> software that is well regarded, gotten good reviews, and is updated >> frequently. >> You need to think about security on multiple dimensions: >> >> - malware >> - spam / mail scanning >> - malicious scripts >> - suspicious or hacked sites >> - network attacks >> >> Big names to consider: Norton, Kaspersky, BitDefender, McAfee, >> Checkpoint, Trend Micro, and probably a few others that don't come to >> mind. Don't consider my list to be conclusive. :) >> >> Plenty of web sites offer reviews of security software, such as >> Computerworld, PCWorld, CNet, etc. >> >> >> AndrewB > > Andrew, I think if you take a look at some of the better reviews, you'll > find a mix of free, open source (free) and proprietary pay-for programs > in the lists. There are indeed some good free AV programs out there > that will do an excellent job, often better than several of the paid > versions. ComputerWorld and PCWorld in particular are biased in most of > their reviews and it's obvious if you watch carefully how/what they test > with/for. > The truth is, some are better than others, none are all inclusive or > better than all the rest 100% of the time. Each will have their > strengths and weaknesses, and each will be different > strengths/weaknesses than the others. It's not nearly as bad as > malware/spyware detectors, but there are still differences. Then of > course you have the issues of which ones get updated first and which > ones are the quickest about getting reliable, useful updates to their > virus signatures. Foremost on the list, IMO is how well the user gets > along with them. The best program in the world would be useless to one > who doesn't understand what it's telling them or suggesting what they > should do. > > AVG is still a reasonable freebie IMO, AVAST used to be good but not so > much lately, but that could change at any minute, as could AVG's > reputation. These things fluctuate and especially lately with all the > "crap" going on for IE, can even change on an hourly or daily basis. > > I wouldn't be so quick to write off free AV programs if I were you. Well, as it's now tax season, many stores offer free or almost free commercial security programs with the purchase of tax software. Also, there are stores, like Fry's, that often have free security software as a way to draw sales throughout the year. I've noticed, that usually once a week each quarter, Zone Alarm's packages are free after rebate, and often Kaspersky is as well. So, why not get a free commercial package? I don't see how free AV solutions can be competitive and responsive to a new threat as compared to a commercial package. There are millions of variants available. So, I'll stick with a few commercial packages, but if one finds a good free program, go for it. I just haven't seen one that can convince me for protecting Windows machines. Cheers, AndrewB From nobody at spamcop.net Sun Feb 7 19:47:48 2010 From: nobody at spamcop.net (Heidi) Date: Sun Feb 7 19:50:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: "AndrewB" wrote in message news:hkngqi$s78$1@news.spamcop.net... > Well, as it's now tax season, many stores offer free or almost free > commercial security programs with the purchase of tax software. Also, > there are stores, like Fry's, that often have free security software as a > way to draw sales throughout the year. I've noticed, that usually once a > week each quarter, Zone Alarm's packages are free after rebate, and often > Kaspersky is as well. > > So, why not get a free commercial package? > > I don't see how free AV solutions can be competitive and responsive to a > new threat as compared to a commercial package. There are millions of > variants available. So, I'll stick with a few commercial packages, but if > one finds a good free program, go for it. I just haven't seen one that > can convince me for protecting Windows machines. I have had both Norton and McAfee, and they both sucked, mostly in the maintenance department. Rarely would they update without a problem, and good luck to you if you bought a license, downloaded your software and then it either got borked or you had to move to a new PC. Norton *never* wasn't a problem to update or reinstall, and you just couldn't get help. McAfee was no better. AVG is the only AV program I've used that updates flawlessly, and had I had all the components active (I didn't because they seemed to slow down the machine), perhaps it might have caught the virus before it did anything. Given a choice between the three, no way would I go back to Norton or McAfee, they're just not user friendly or reliable, nor is their customer support. From loyal at spamcop.user Sun Feb 7 20:53:57 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 7 20:55:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: <4B6F6EB5.9030006@spamcop.user> Heidi wrote: > "AndrewB" wrote in message > news:hkngqi$s78$1@news.spamcop.net... >> Well, as it's now tax season, many stores offer free or almost free >> commercial security programs with the purchase of tax software. Also, >> there are stores, like Fry's, that often have free security software as a >> way to draw sales throughout the year. I've noticed, that usually once a >> week each quarter, Zone Alarm's packages are free after rebate, and often >> Kaspersky is as well. >> >> So, why not get a free commercial package? >> >> I don't see how free AV solutions can be competitive and responsive to a >> new threat as compared to a commercial package. There are millions of >> variants available. So, I'll stick with a few commercial packages, but if >> one finds a good free program, go for it. I just haven't seen one that >> can convince me for protecting Windows machines. > > I have had both Norton and McAfee, and they both sucked, mostly in the > maintenance department. Rarely would they update without a problem, and > good luck to you if you bought a license, downloaded your software and then > it either got borked or you had to move to a new PC. Norton *never* wasn't > a problem to update or reinstall, and you just couldn't get help. McAfee > was no better. AVG is the only AV program I've used that updates > flawlessly, and had I had all the components active (I didn't because they > seemed to slow down the machine), perhaps it might have caught the virus > before it did anything. Given a choice between the three, no way would I go > back to Norton or McAfee, they're just not user friendly or reliable, nor is > their customer support. Wasn't Norton completely overhauled 1-2 years ago? I read that in a review, and it's gotten high marks this year and last year in a number of reviews. So unless you've tried a recent version, it might be an invalid comparison to the current product. So as software can change from year to year, it's always best to see the reviews on an annual basis, and to try out some other products. That's why I said that in my original post in this thread. Oh, and never lose the keys. Write those on the CD case, PDA, phone, fridge, forehead, or anything convenient. There was an interview I read this past week (I'll try and find it) with Eugene Kaspersky. I wasn't aware that their engine and services were in commercial grade routers and switches, as well as other products. I did a scan of Sunbelt, as I used their firewall for a year once - and I have a suspicion that they are using Kaspersky's malware engine. I currently have Kaspersky's Suite, and I'm thrilled with it. Only two nits: - the anti-spam integration with Thunderbird does not work with SSL mail connections - the anti-spam integration seems to neutralize the Bayesian filtering Thunderbird can do on it's own (which found a fair amount of my spam in my non-spamcop accounts). I think I last paid for security software back in 2002. Other than that, it's only cost me the sales tax and a first class stamp [free after rebate]. AndrewB From not at home.today Sun Feb 7 20:54:05 2010 From: not at home.today (Ant) Date: Sun Feb 7 20:55:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Twayne" wrote: >[hosts file] > 1. It must remain as a text file, be all CAPITAL letters, and have NO > extension or dot in it. Win file systems aren't case sensitive so it should be ok in lower case. The system DLLs actually use the string "hosts" when calling fopen() to open the file. > 2. If it gets too large (> ~300k?) it can start to slow down your system but > that's easily handled, too. It's an inefficient way to block many sites and not something it's best suited for. The purpose is to assign IP addresses to host names, e.g. host1.example.com. That means to block an entire domain requires knowing the names of all hosts it uses. You cannot use wildcards like *.example.com. Better that your firewall has the capability to do this. From MikeE at ster.invalid Sun Feb 7 22:47:57 2010 From: MikeE at ster.invalid (Mike Easter) Date: Sun Feb 7 22:50:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: Indigo wrote: > "Mike Easter" >> AVG disabling should be straightforward >> http://free.avg.com/ww-en/kb.num-2429 How to disable AVG Free >> temporarily >> >> Resident shield; email; link scanner. > > Mike, those are just a couple of parts of AVG you can disable, the rest > of the services CANNOT be stopped or unloaded in realtime. No. You are wrong. First, let us start with what you are saying, specifically. A - are you saying that the information at the link is wrong? That is an AVG knowledgebase instructions for disabling AVG. Do you say there is something wrong in instructions? B - are you saying that something other than the instructions for disabling AVG should be done *instead of* or *in addition to* what is stated at the link? If so, what specific are you saying should be done to disable AVG different than what is in the kb article? -- Mike Easter From nobody at spamcop.net Sun Feb 7 23:29:04 2010 From: nobody at spamcop.net (Heidi) Date: Sun Feb 7 23:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <4B6F6EB5.9030006@spamcop.user> Message-ID: "AndrewB" wrote in message news:4B6F6EB5.9030006@spamcop.user... > > Wasn't Norton completely overhauled 1-2 years ago? I read that in a > review, and it's gotten high marks this year and last year in a number of > reviews. So unless you've tried a recent version, it might be an invalid > comparison to the current product. I don't know about Norton, except that in the past it has not been worth the money. I lost six months of what I paid for because I could not get it installed after I wiped my drive (my keys didn't work and they were no help), and there was no way to get assistance, much less get a refund. > > Oh, and never lose the keys. Write those on the CD case, PDA, phone, > fridge, forehead, or anything convenient. When you HAVE the keys, and you try to reinstall, and they don't work, and you can't get help? Personally, I cannot be arsed with a program that makes it THAT HARD to install properly or help the customer when there are problems. They are non-reachable, no such thing as an 800 number for customer support, even in an emergency. > > There was an interview I read this past week (I'll try and find it) with > Eugene Kaspersky. I wasn't aware that their engine and services were in > commercial grade routers and switches, as well as other products. I did a > scan of Sunbelt, as I used their firewall for a year once - and I have a > suspicion that they are using Kaspersky's malware engine. > > I think I last paid for security software back in 2002. Other than that, > it's only cost me the sales tax and a first class stamp [free after > rebate]. I don't mind paying for a program that works, but AVG works ten times better than either of the two paid programs I've had. I did use Kaspersky's free scanner, which didn't seem to find anything, but it's no longer available on line, they're offering a free trial of their big suite instead. From nobody at spamcop.net Sun Feb 7 23:30:59 2010 From: nobody at spamcop.net (Heidi) Date: Sun Feb 7 23:35:07 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Indigo" wrote in message news:hkkkkd$ska$1@news.spamcop.net... > > > That fscking "AntiVirus 2010" malware can and DOES change system settings. > After I cleaned up my machine, I discovered that Windows Firewall and > Defender had been disabled! Luckily checking my security settings was the > first thing I did once I recovered, and I was still disconnected from the > net (had unplugged my modem). Yes it does, that's why I kept getting security popups - some of them were from the malware but some of them were legit because the settings (self monitored AV and firewall) had been changed. Once the malware was gone and the settings were fixed, no more balloon messages. From nobody at spamcop.net Mon Feb 8 13:50:57 2010 From: nobody at spamcop.net (Twayne) Date: Mon Feb 8 13:55:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hknqta$vju$1@news.spamcop.net, Ant typed: > "Twayne" wrote: > >> [hosts file] >> 1. It must remain as a text file, be all CAPITAL letters, and have NO >> extension or dot in it. > > Win file systems aren't case sensitive so it should be ok in lower > case. The system DLLs actually use the string "hosts" when calling > fopen() to open the file. I know: But I invite you to try it. Hosts, hosts, hOSts, etc. all will NOT work. You can refer to the file in either upper or lower case but the filename itself must be in all capitals. So it's no surprise that fopen works, but ... change the letter case of the HOSTS files to, say, Hosts and you'll find it will no longer function to ban sites, etc.. All I can say is, if you don't believe it, try it. HTH, Twayne > >> 2. If it gets too large (> ~300k?) it can start to slow down your >> system but that's easily handled, too. > > It's an inefficient way to block many sites and not something it's > best suited for. The purpose is to assign IP addresses to host names, > e.g. host1.example.com. That means to block an entire domain > requires knowing the names of all hosts it uses. You cannot use > wildcards like *.example.com. Better that your firewall has the > capability to do this. -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Mon Feb 8 13:55:21 2010 From: nobody at spamcop.net (Twayne) Date: Mon Feb 8 14:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: In news:hknc1q$qhu$1@news.spamcop.net, Indigo typed: > "AndrewB" wrote in message > news:hkn00m$m86$1@news.spamcop.net... >> Big names to consider: Norton, Kaspersky, BitDefender, McAfee, >> Checkpoint, Trend Micro, and probably a few others that don't come to >> mind. Don't consider my list to be conclusive. :) > > I can't believe you honestly recommend Norton, given how disruptive > it can be and hard it is to completely uninstall ....besides the fact > that it is total bloatware. I mean no offense by this correction, but you are referring to pre-2009/2010 versions of Norton. It's not disruptive (actually never has been) and is not bloatware. Check it out. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Mon Feb 8 13:55:33 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 8 14:00:09 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "Mike Easter" wrote in message news:hko1he$248$1@news.spamcop.net... > > First, let us start with what you are saying, specifically. > > A - are you saying that the information at the link is wrong? > > That is an AVG knowledgebase instructions for disabling AVG. Do you say > there is something wrong in instructions? Absolutely. While those steps disable the email scanner, the resident shield, and the link scanner, they do NOT disable the Network scanner service, the Scanning core module - Server part, or the Watchdog service. Now I'm not saying that disabling those 3 services is all you need to do to install software or whatever without AVG interfering with the process is untrue, I _am_ saying that that disabling them _does not_ completely stop AVG from running other background services. Said services cannot be stopped in real time, like I said before, they auto-restart if you try to kill them off. Trust me, I've tried to do it plenty of times with several pieces of software, like Taskinfo, SysInternal's ProcMon, and others. From nobody at spamcop.net Mon Feb 8 14:28:00 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 8 14:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: "AndrewB" wrote in message news:hknghu$s0t$1@news.spamcop.net... > Indigo wrote: >> >> "AndrewB" wrote in message >> news:hkn00m$m86$1@news.spamcop.net... >>> Big names to consider: Norton, Kaspersky, BitDefender, McAfee, >>> Checkpoint, Trend Micro, and probably a few others that don't come to >>> mind. Don't consider my list to be conclusive. :) >> >> I can't believe you honestly recommend Norton, given how disruptive it >> can be and hard it is to completely uninstall ....besides the fact that >> it is total bloatware. > > > I didn't recommend anything if you read my message. You assumed that just > because I mentioned it, I recommended it, despite my mentioning people to > read reviews. :) A question of semantics I guess.....I parsed "Big names to consider" as "these apps are ok". > No sweat though. Aye. From nobody at spamcop.net Mon Feb 8 14:32:02 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 8 14:35:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hkpmml$jqp$1@news.spamcop.net... > > I mean no offense by this correction, but you are referring to > pre-2009/2010 versions of Norton. It's not disruptive (actually never has > been) and is not bloatware. Check it out. Yes, I was. But once a dissatisfied customer, always one.... From DLipman~nospam~ at Verizon.Net Mon Feb 8 16:53:45 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 8 16:55:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Twayne" | In news:hknqta$vju$1@news.spamcop.net, | Ant typed: >> "Twayne" wrote: >>> [hosts file] >>> 1. It must remain as a text file, be all CAPITAL letters, and have NO >>> extension or dot in it. >> Win file systems aren't case sensitive so it should be ok in lower >> case. The system DLLs actually use the string "hosts" when calling >> fopen() to open the file. | I know: But I invite you to try it. Hosts, hosts, hOSts, etc. all will NOT | work. You can refer to the file in either upper or lower case but the | filename itself must be in all capitals. So it's no surprise that fopen | works, but ... change the letter case of the HOSTS files to, say, Hosts and | you'll find it will no longer function to ban sites, etc.. | All I can say is, if you don't believe it, try it. | HTH, | Twayne Tested -- all variations work as expected. (WinXP SP3) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From MikeE at ster.invalid Mon Feb 8 18:55:19 2010 From: MikeE at ster.invalid (Mike Easter) Date: Mon Feb 8 19:00:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: Indigo wrote: > > "Mike Easter" wrote in message > news:hko1he$248$1@news.spamcop.net... >> >> First, let us start with what you are saying, specifically. >> >> A - are you saying that the information at the link is wrong? >> >> That is an AVG knowledgebase instructions for disabling AVG. Do you >> say there is something wrong in instructions? > > Absolutely. While those steps disable the email scanner, the resident > shield, and the link scanner, they do NOT disable the Network scanner > service, the Scanning core module - Server part, or the Watchdog > service. Now I'm not saying that disabling those 3 services is all you > need to do to install software or whatever without AVG interfering with > the process is untrue, I _am_ saying that that disabling them _does not_ > completely stop AVG from running other background services. Said > services cannot be stopped in real time, like I said before, they > auto-restart if you try to kill them off. Trust me, I've tried to do it > plenty of times with several pieces of software, like Taskinfo, > SysInternal's ProcMon, and others. Unfortunately, the only computer which was running AVG has made its last gasp and I'm going to be disassembling it (Disassemble!? No disassemble number five! - Short Circuit 1986) instead of repairing it. There isn't any other computer here that I'm inclined to re-rig to install and run AVG to see for myself; but I'm finding with further research that you are correct. The information I'm finding discusses all of the things that you can do - further disable - after disabling the above 3 functions - which 'lesser' disabling is the only disabling FAQ which AVG supports. People who comment that avg/grisoft won't 'certify' explain that you can go to task manager and disable some more, ie avgcsrvx.exe avgrsx.exe & avgwdsvc.exe. A recommended tool for getting everything stopped is sysinternals. The freshly dead computer had about 4 different hardware afflictions before the switch/PS finally quit cooperating with each other altogether after acting up for years. The only things I plan to salvage from it are an 80g hdd with some old stuff which isn't even backed up, a removable hdd tray&caddy, and a well used CD burner. It also has an operational floppy and cdrom I don't need to put into anything at this time; and its working external peripherals which will get moved to something else are a very old inkjet printer which I love and an external datafax modem. -- Mike Easter From nobody at spamcop.net Mon Feb 8 19:59:57 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 8 20:00:07 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "Mike Easter" wrote in message news:hkq897$q2f$1@news.spamcop.net... > The information I'm finding discusses all of the things that you can do - > further disable - after disabling the above 3 functions - which 'lesser' > disabling is the only disabling FAQ which AVG supports. People who > comment that avg/grisoft won't 'certify' explain that you can go to task > manager and disable some more, ie avgcsrvx.exe avgrsx.exe & > avgwdsvc.exe. A recommended tool for getting everything stopped is > sysinternals. Like I said before, I've tried using SysInternal's Process Monitor app to kill off the scanning core module (avgcsrvx) and it doesn't work. The only thing I've managed to do is "suspend" the process, i.e. temporarily stop it from running. But I've never managed to kill it permanently. From DLipman~nospam~ at Verizon.Net Mon Feb 8 20:13:34 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Mon Feb 8 20:15:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... References: Message-ID: From: "Indigo" | "Mike Easter" wrote in message | news:hkq897$q2f$1@news.spamcop.net... >> The information I'm finding discusses all of the things that you can do - >> further disable - after disabling the above 3 functions - which 'lesser' >> disabling is the only disabling FAQ which AVG supports. People who >> comment that avg/grisoft won't 'certify' explain that you can go to task >> manager and disable some more, ie avgcsrvx.exe avgrsx.exe & >> avgwdsvc.exe. A recommended tool for getting everything stopped is >> sysinternals. | Like I said before, I've tried using SysInternal's Process Monitor app to | kill off the scanning core module (avgcsrvx) and it doesn't work. The only | thing I've managed to do is "suspend" the process, i.e. temporarily stop it | from running. But I've never managed to kill it permanently. You can't kille a running EXE that's loaded as a NT Service. You have to STOP the NT Service ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Mon Feb 8 20:41:34 2010 From: nobody at spamcop.net (Twayne) Date: Mon Feb 8 20:45:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: Message-ID: In news:hkpori$klg$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hkpmml$jqp$1@news.spamcop.net... >> >> I mean no offense by this correction, but you are referring to >> pre-2009/2010 versions of Norton. It's not disruptive (actually >> never has been) and is not bloatware. Check it out. > > Yes, I was. But once a dissatisfied customer, always one.... Yeah; I actually understand that. -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From not at home.today Mon Feb 8 21:18:13 2010 From: not at home.today (Ant) Date: Mon Feb 8 21:20:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "David H. Lipman" wrote: > From: "Twayne" >> Ant typed: >>> Win file systems aren't case sensitive so it should be ok in lower >>> case. The system DLLs actually use the string "hosts" when calling >>> fopen() to open the file. >> >> I know: But I invite you to try it. Hosts, hosts, hOSts, etc. all will NOT >> work. You can refer to the file in either upper or lower case but the >> filename itself must be in all capitals. So it's no surprise that fopen >> works, If it's no surprise the system is using fopen and it works, it should be a surprise that the case matters. >> but ... change the letter case of the HOSTS files to, say, Hosts and >> you'll find it will no longer function to ban sites, etc.. >> All I can say is, if you don't believe it, try it. Now I check the file and find mine is lower case! It works just fine. > Tested -- all variations work as expected. > (WinXP SP3) W2k here. From MikeE at ster.invalid Tue Feb 9 08:23:27 2010 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 9 08:25:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: David H. Lipman wrote: > "Indigo" > | "Mike Easter" >>> The information I'm finding discusses all of the things that you can do - >>> further disable - after disabling the above 3 functions - which 'lesser' >>> disabling is the only disabling FAQ which AVG supports. People who >>> comment that avg/grisoft won't 'certify' explain that you can go to task >>> manager and disable some more, ie avgcsrvx.exe avgrsx.exe & >>> avgwdsvc.exe. A recommended tool for getting everything stopped is >>> sysinternals. > > | Like I said before, I've tried using SysInternal's Process Monitor app to > | kill off the scanning core module (avgcsrvx) and it doesn't work. The only > | thing I've managed to do is "suspend" the process, i.e. temporarily stop it > | from running. But I've never managed to kill it permanently. > > > You can't kille a running EXE that's loaded as a NT Service. > You have to STOP the NT Service ! > The advice I was reading about using sysinternals was recommending to use the autoruns tool. Here's a snip from a forum: Download the autoruns program from www.sysinternals.com. Run the program and uncheck all AVG processes,reboot,and no avg processes running. To turn it back on just reverse. This will not uninstall but will not let any avg processes run. -- Mike Easter From nobody at spamcop.net Tue Feb 9 13:46:38 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 9 13:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkqgn4$svo$1@news.spamcop.net, Ant typed: > "David H. Lipman" wrote: > >> From: "Twayne" >>> Ant typed: >>>> Win file systems aren't case sensitive so it should be ok in lower >>>> case. The system DLLs actually use the string "hosts" when calling >>>> fopen() to open the file. >>> >>> I know: But I invite you to try it. Hosts, hosts, hOSts, etc. all >>> will NOT work. You can refer to the file in either upper or lower >>> case but the filename itself must be in all capitals. So it's no >>> surprise that fopen works, > > If it's no surprise the system is using fopen and it works, it should > be a surprise that the case matters. > >>> but ... change the letter case of the HOSTS files to, say, Hosts and >>> you'll find it will no longer function to ban sites, etc.. >>> All I can say is, if you don't believe it, try it. > > Now I check the file and find mine is lower case! It works just fine. > >> Tested -- all variations work as expected. >> (WinXP SP3) > > W2k here. Well, it appears there are two things I have to say: 1. I think it was misunderstood: HOSTS doesn't need to be capitalized in an fopen() or any kind of statement/command/function etc.; those truly are case insensitive. What I was saying was that the name of the file itself, had to be all caps. 2. But it is starting to appear that I may have to stand corrected but ... . The 'net used to be full of comments about the filename having to be all caps but no more. My research for verification links this morning was a dismal failure I'm afraid! That's what I get for not verifying first; I should know better but I was so damned sure, lol! I said "appear" because after changing the filename to "Hosts" instead of HOSTS, it dutifully quit working for me. However, NOW it would appear that my HOSTS file isn't working, period even after "properly" renaming it back to all caps! The old "cannot display" messages are no longer happening in particular. They WERE working; of that I'm certain because of the several differences it makes to ZDNet. All the ads are showing perfectly now where most of them were previously blocked! So, I'll probably be back hanging my head in shame, but I'll be back, one way or another :-( or :-). I've done everything but a cold boot so far - that's next and if it still doesn't work as expected, I plan to get even more confusedered! Regards, Twayne` -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Tue Feb 9 15:13:34 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 9 15:15:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkqgn4$svo$1@news.spamcop.net, Ant typed: > "David H. Lipman" wrote: > >> From: "Twayne" >>> Ant typed: >>>> Win file systems aren't case sensitive so it should be ok in lower >>>> case. The system DLLs actually use the string "hosts" when calling >>>> fopen() to open the file. >>> >>> I know: But I invite you to try it. Hosts, hosts, hOSts, etc. all >>> will NOT work. You can refer to the file in either upper or lower >>> case but the filename itself must be in all capitals. So it's no >>> surprise that fopen works, > > If it's no surprise the system is using fopen and it works, it should > be a surprise that the case matters. > >>> but ... change the letter case of the HOSTS files to, say, Hosts and >>> you'll find it will no longer function to ban sites, etc.. >>> All I can say is, if you don't believe it, try it. > > Now I check the file and find mine is lower case! It works just fine. > >> Tested -- all variations work as expected. >> (WinXP SP3) > > W2k here. Well, I'm back. I'm running XP Pro SP3+ and that's all I meant to speak for, but ... it doesn't matter because I DO have to stand corrected. I'm a little baffled, but I am wrong about the HOSTS filename having to be all caps and I have also proven it. I don't know what I did that it quit working completely earlier, but the cold start straightened everything out, plus I noticed a couple of other things that were the cause of some of my confusion. It turns out some of the ZDNet articles rotate their ad images but it doesn't appear to be all of them by any means. So naturally, some of the ads would show and some wouldn't, and that was one of the pages I was using when I was renaming and removing the HOSTS file and putting it back. YUK! So it's apparently true that at least for winXP Pro and win2k plus my own win2k Server don't give a whig what case letters you use for HOSTS. I am convinced however, that it USED TO have to be all capitals in order for it to work, because I recall a discussion very close to this one, and doing the tests at that time it had to be in all caps. I recall it well because I wondered specifically how it was done and why they'd make it case sensitive in that manner. Maybe I'm mistaken and it was win98 that was like that, but I sure feel like it was XP. XP has had a lot of updates & hot fixes so I suppose it's possible. AT ANY RATE: David and Ant: Thanks for straightening me out so I don't embarass myself again. Next time something so "simple" comes up I'll verify before opening my BIG key-mouth! LOL, and thanks for being patient also. It was apparently necessary some-when and some-where because there is a lot of discussion over it on the web. Here are a couple excerpts from my archives though I didn't search extensively. I guess I'm just rationalizing where I was coming from on the HOSTS vs hosts etc, business. Interestingly enough, every old link I have archived about the HOSTS file comes back as not existing. MS is pretty rude sometimes. =============== http://www.computergripes.com/ttdir/hosts.html <---------------- working link The web site says that the HOSTS file must be in capital letters. This was not my experience under Windows 2000. Still, in this MS KB article How to Use a HOSTS File to Test a Site that Uses Host Headers on an Intranet it specifically says the HOSTS file should be upper case. On my Windows 2000 computer however, the existing HOSTS file was in lower case. Conflicting signals from Microsoft. Not the first time. Mike Burgess was nice enough to respond to an email and he warned that testing he and others did has found that the HOSTS file may still function in lower case, but there were several cases where it either became corrupted or failed to function properly. ============ I didn't test nearly enough to be able to agree/disagree with the above. I had some strange results but attributed them to whatever had glitches in my machine. The amount of conflicting information around is strange, IMO. Anyway, FWIW: ============ reply to pandora A nicked post regarding HOSTS file naming... Hi Dennis - Well, here's some data on this FWIW - While XP per se may not distinguish between upper and lower case, there's evidently legacy code somewhere underneath XP (and most other Windows code apparently) that does. While it may appear to work OK and will most of the time in some fashion when named lower case in W98x, Win2k and XP, a good bit of experimentation has been done in these OS's which shows that it will respond erratically upon occasion (blocking incorrectly, translating IPs incorrectly, and/or freezing the browser) if not named upper case. I (and some other MVPs who've looked at it) have never been able to determine the specific cause, but that does appear to be the case. (I found, for example, that I had to add a little .bat file (HostsSuspend.bat) to reset the name to all caps after using HostsToggle in order to get proper subsequent operation. I've since gone to RenHosts.bat which renames it correctly.) YMMV, and, of course, you're free to choose to name it as you please. See here, for example: ?support.microsoft.com/d?efau???y;228760 "4. Save the HOSTS file. NOTE: This file must be upper case, and should NOT have a file name extension. In other words, the file name should simply be HOSTS." ============== So I guess I'll stick to upper case but surely if there really were any problems with other combinations, they should have fixed it by now. I'll bet in the end it's really just a "practice" that was used for denoting it. Who knows? Regards, Twayne` -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Tue Feb 9 15:27:04 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 9 15:30:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkqcs0$rne$1@news.spamcop.net... > From: "Indigo" > > > You can't kille a running EXE that's loaded as a NT Service. > You have to STOP the NT Service ! > But you cripple the PC if you can manage to do that....if you look at how many modules that are attached to avgcsrvx.exe and which ones they are, you'll see what I mean. Unless we're not talking about the same thing.... From nobody at spamcop.net Tue Feb 9 15:41:01 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 9 15:45:08 2010 Subject: [Scgeeks] Re: I'm hopeful that ComboFix did it.... In-Reply-To: References: Message-ID: "Mike Easter" wrote in message news:hkrnkf$ah9$1@news.spamcop.net... > The advice I was reading about using sysinternals was recommending to use > the autoruns tool. Here's a snip from a forum: > > Download the autoruns program from www.sysinternals.com. > Run the program and uncheck all AVG processes,reboot,and no avg > processes running. > To turn it back on just reverse. > This will not uninstall but will not let any avg processes run. Now that DOES work. That's what I told Heidi to do when I said "use some startup item search tools to make sure you find all the pieces of AVG that auto-start". Autoruns is a very good example of those types of tools (guess I should have specifically mentioned that one, although I also use some others like "What's InStartup" and "Easy Startup"), and you can save the changes to a txt file so you can go back and make sure you re-enable everything when you're done doing what you need to do. The only problem with Autoruns, if you want to call it a problem, is that it's not a tool designed for the unwashed masses to use....it shows EVERYTHING that's in your reg file startup section, and many folks will be overwhelmed and not even know what they're looking at, which can lead to some serious problems if they disable something important.....although there is an option to "hide" all MS related stuff and only show non-system app entries if you look for it. From nobody at spamcop.net Tue Feb 9 15:45:47 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 9 15:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hksfl9$ish$1@news.spamcop.net... > So it's apparently true that at least for winXP Pro and win2k plus my own > win2k Server don't give a whig what case letters you use for HOSTS. I am > convinced however, that it USED TO have to be all capitals in order for it > to work, because I recall a discussion very close to this one, and doing > the tests at that time it had to be in all caps. I recall it well because > I wondered specifically how it was done and why they'd make it case > sensitive in that manner. > Maybe I'm mistaken and it was win98 that was like that, but I sure feel > like it was XP. I think your first guess is the correct one -- it was Win98 of various flavors that was picky about HOSTS being in all caps. The last time I actively tinkered with my HOSTS file was on a 98 machine, and I remember having to use all caps for the filename. From DLipman~nospam~ at Verizon.Net Tue Feb 9 16:18:37 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 16:20:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Twayne" | In news:hkqgn4$svo$1@news.spamcop.net, | Ant typed: >> "David H. Lipman" wrote: >>> From: "Twayne" >>>> Ant typed: >>>>> Win file systems aren't case sensitive so it should be ok in lower >>>>> case. The system DLLs actually use the string "hosts" when calling >>>>> fopen() to open the file. >>>> I know: But I invite you to try it. Hosts, hosts, hOSts, etc. all >>>> will NOT work. You can refer to the file in either upper or lower >>>> case but the filename itself must be in all capitals. So it's no >>>> surprise that fopen works, >> If it's no surprise the system is using fopen and it works, it should >> be a surprise that the case matters. >>>> but ... change the letter case of the HOSTS files to, say, Hosts and >>>> you'll find it will no longer function to ban sites, etc.. >>>> All I can say is, if you don't believe it, try it. >> Now I check the file and find mine is lower case! It works just fine. >>> Tested -- all variations work as expected. >>> (WinXP SP3) >> W2k here. | Well, it appears there are two things I have to say: | 1. I think it was misunderstood: HOSTS doesn't need to be capitalized in an | fopen() or any kind of statement/command/function etc.; those truly are case | insensitive. What I was saying was that the name of the file itself, had to | be all caps. | 2. But it is starting to appear that I may have to stand corrected but ... . | The 'net used to be full of comments about the filename having to be all | caps but no more. My research for verification links this morning was a | dismal failure I'm afraid! That's what I get for not verifying first; I | should know better but I was so damned sure, lol! | I said "appear" because after changing the filename to "Hosts" instead of | HOSTS, it dutifully quit working for me. However, NOW it would appear that | my HOSTS file isn't working, period even after "properly" renaming it back | to all caps! The old "cannot display" messages are no longer happening in | particular. | They WERE working; of that I'm certain because of the several differences | it makes to ZDNet. All the ads are showing perfectly now where most of them | were previously blocked! | So, I'll probably be back hanging my head in shame, but I'll be back, one | way or another :-( or :-). I've done everything but a cold boot so far - | that's next and if it still doesn't work as expected, I plan to get even | more confusedered! | Regards, | Twayne` Well with Unix and NFS the etc/hosts file WAS case sensitive. However, we are talking abouut MS Windows and the MS Windows OS' have always been case insensitive. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Tue Feb 9 16:19:54 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 16:20:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "Twayne" wrote in message | news:hksfl9$ish$1@news.spamcop.net... >> So it's apparently true that at least for winXP Pro and win2k plus my own >> win2k Server don't give a whig what case letters you use for HOSTS. I am >> convinced however, that it USED TO have to be all capitals in order for it >> to work, because I recall a discussion very close to this one, and doing >> the tests at that time it had to be in all caps. I recall it well because >> I wondered specifically how it was done and why they'd make it case >> sensitive in that manner. >> Maybe I'm mistaken and it was win98 that was like that, but I sure feel >> like it was XP. | I think your first guess is the correct one -- it was Win98 of various | flavors that was picky about HOSTS being in all caps. The last time I | actively tinkered with my HOSTS file was on a 98 machine, and I remember | having to use all caps for the filename. Nope ! Never This includes WFG/Win v3.11 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Tue Feb 9 16:41:48 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 9 16:45:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message > | I think your first guess is the correct one -- it was Win98 of various > | flavors that was picky about HOSTS being in all caps. The last time I > | actively tinkered with my HOSTS file was on a 98 machine, and I remember > | having to use all caps for the filename. > > > Nope ! > > Never > > This includes WFG/Win v3.11 While you may be correct, everything I can remember reading about how to use the HOSTS file stated that it had to be in caps.......course, we're talking about 10 years ago....but the fact that both Twayne and I seem to be remembering the same thing points in the direction as being accurate as far as what the available advice said back then. From nobody at spamcop.net Tue Feb 9 16:50:16 2010 From: nobody at spamcop.net (bar0) Date: Tue Feb 9 16:55:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hksjff$k58$1@news.spamcop.net... > From: "Twayne" .... > > Well with Unix and NFS the etc/hosts file WAS case sensitive. > > However, we are talking abouut MS Windows and the MS Windows OS' have > always been case > insensitive. And Enuchs have always been sensitive to case. From DLipman~nospam~ at Verizon.Net Tue Feb 9 18:28:31 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 18:30:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "bar0" | "David H. Lipman" wrote in message | news:hksjff$k58$1@news.spamcop.net... >> From: "Twayne" | .... >> Well with Unix and NFS the etc/hosts file WAS case sensitive. >> However, we are talking abouut MS Windows and the MS Windows OS' have >> always been case >> insensitive. | And Enuchs have always been sensitive to case. Enlighten me... What is "Enuchs" ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Tue Feb 9 18:43:37 2010 From: nobody at spamcop.net (bar0) Date: Tue Feb 9 18:45:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hksr31$mqe$1@news.spamcop.net... > From: "bar0" > > > | "David H. Lipman" wrote in message > | news:hksjff$k58$1@news.spamcop.net... >>> From: "Twayne" > | .... > >>> Well with Unix and NFS the etc/hosts file WAS case sensitive. > >>> However, we are talking abouut MS Windows and the MS Windows OS' have >>> always been case >>> insensitive. > > | And Enuchs have always been sensitive to case. > > > Enlighten me... > > What is "Enuchs" ? > Eunuchs .....homonym for Unix, From DLipman~nospam~ at Verizon.Net Tue Feb 9 19:01:03 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 19:05:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message > | I think | your first guess is the correct one -- it was Win98 of various >> | flavors that was picky about HOSTS being in all caps. The last time I >> | actively tinkered with my HOSTS file was on a 98 machine, and I remember >> | having to use all caps for the filename. >> Nope ! >> Never >> This includes WFG/Win v3.11 | While you may be correct, everything I can remember reading about how to use | the HOSTS file stated that it had to be in caps.......course, we're talking | about 10 years ago....but the fact that both Twayne and I seem to be | remembering the same thing points in the direction as being accurate as far | as what the available advice said back then. I have been working with networking protocols for years. I am very good with protocol 'stacks' and fully understand such protocol managers as; MS NDISs, Crynwr Packet Driver and Novell ODI. The version of 16bit DOS (MS/PC/DR/FREE) are case insensitive and the TCP/IP stacks that run ontop of them are as well. Win16, Win32 and Win64 are all case insensitive. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Tue Feb 9 19:07:01 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 19:10:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "bar0" | "David H. Lipman" wrote in message | news:hksr31$mqe$1@news.spamcop.net... >> From: "bar0" >> | "David H. Lipman" wrote in message >> | news:hksjff$k58$1@news.spamcop.net... >>>> From: "Twayne" >> | .... >>>> Well with Unix and NFS the etc/hosts file WAS case sensitive. >>>> However, we are talking abouut MS Windows and the MS Windows OS' have >>>> always been case >>>> insensitive. >> | And Enuchs have always been sensitive to case. >> Enlighten me... >> What is "Enuchs" ? | Eunuchs .....homonym for Unix, D'oh ! :-) I'm trying to remember for sure but I believe Netware TCP/IP via NLM was also case insensitive. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From DLipman~nospam~ at Verizon.Net Tue Feb 9 19:07:55 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 19:10:10 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "David H. Lipman" | I have been working with networking protocols for years. I am very good with protocol | 'stacks' and fully understand such protocol managers as; MS NDISs, Crynwr Packet | Driver and Novell ODI. That should have been "MS NDIS2" -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Tue Feb 9 19:42:33 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 9 19:45:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "David H. Lipman" wrote in message news:hkst01$nfa$1@news.spamcop.net... > I have been working with networking protocols for years. I am very good > with protocol > 'stacks' and fully understand such protocol managers as; MS NDISs, Crynwr > Packet Driver > and Novell ODI. > > The version of 16bit DOS (MS/PC/DR/FREE) are case insensitive and the > TCP/IP stacks that > run ontop of them are as well. I'm not doubting your credentials. What I'm trying to communicate to you (without success so far) is back then the available advice online stated that HOSTS had to be all caps.....not whether it was true or not. From DLipman~nospam~ at Verizon.Net Tue Feb 9 20:01:56 2010 From: DLipman~nospam~ at Verizon.Net (David H. Lipman) Date: Tue Feb 9 20:05:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: From: "Indigo" | "David H. Lipman" wrote in message | news:hkst01$nfa$1@news.spamcop.net... >> I have been working with networking protocols for years. I am very good >> with protocol >> 'stacks' and fully understand such protocol managers as; MS NDISs, Crynwr >> Packet Driver >> and Novell ODI. >> The version of 16bit DOS (MS/PC/DR/FREE) are case insensitive and the >> TCP/IP stacks that >> run ontop of them are as well. | I'm not doubting your credentials. What I'm trying to communicate to you | (without success so far) is back then the available advice online stated | that HOSTS had to be all caps.....not whether it was true or not. What I'm trying to relay is based upon my own experience and and that the etc/hosts file under Microsoft Windows has always been case insensitive. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp From nobody at spamcop.net Tue Feb 9 20:05:20 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 9 20:10:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkst01$nfa$1@news.spamcop.net, David H. Lipman typed: > From: "Indigo" > > >> "David H. Lipman" wrote in message > | >> I think your first guess is the correct one -- it was Win98 of >> various >>>> flavors that was picky about HOSTS being in all caps. The last >>>> time I actively tinkered with my HOSTS file was on a 98 machine, >>>> and I remember having to use all caps for the filename. > > >>> Nope ! > >>> Never > >>> This includes WFG/Win v3.11 > >> While you may be correct, everything I can remember reading about >> how to use the HOSTS file stated that it had to be in >> caps.......course, we're talking about 10 years ago....but the fact >> that both Twayne and I seem to be remembering the same thing points >> in the direction as being accurate as far as what the available >> advice said back then. > > > I have been working with networking protocols for years. I am very > good with protocol 'stacks' and fully understand such protocol > managers as; MS NDISs, Crynwr Packet Driver and Novell ODI. > > The version of 16bit DOS (MS/PC/DR/FREE) are case insensitive and the > TCP/IP stacks that run ontop of them are as well. > > Win16, Win32 and Win64 are all case insensitive. No one is saying the operating systems are case sensitive; that has nothing to do with anything that I mentioned. Regardless of your credentials etc., it was true somewhere and somewhen or there wouldn't be the discussions around that are on it. In my little bit of research I came across many forums where they discussed the same things (seems like we've reinvented the wheel here) and supposed successes with correcting the case of the filename. Also as previously mentioned, a bunch of the Microsoft URLs I had stashed away about it are no longer any good and aren't forwarded to anything to replace them. But old forum posts found with a search engine and no longer functional links are about as useful as tits on a boar hog, so ... . I'm not Linux/Unix or MAC; this would only have come from windows since I have no real experience with any other OS. All it means is we have differing events in your memory. I've no problem with you having your own opinions and I having mine and so forth; heck, it's not the end of the world, regardless of who's right. Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From MikeE at ster.invalid Tue Feb 9 20:21:42 2010 From: MikeE at ster.invalid (Mike Easter) Date: Tue Feb 9 20:25:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: My own recollections are that the instructions frequently /referred to/ the hosts file as a HOSTS (or LMHOSTS) file (as that uppercase) and that there was emphatic emphasis (how is /that/ for alliterative redundance) on the absence of extender, but I don't recall there being any such similar emphasis at all on the /case/ of the filename part. -- Mike Easter From not at home.today Tue Feb 9 22:12:37 2010 From: not at home.today (Ant) Date: Tue Feb 9 22:15:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Twayne" wrote: > I don't know what I did that it quit working completely earlier, but the > cold start straightened everything out, plus I noticed a couple of other > things that were the cause of some of my confusion. > It turns out some of the ZDNet articles rotate their ad images but it > doesn't appear to be all of them by any means. So naturally, some of the ads > would show and some wouldn't, and that was one of the pages I was using when > I was renaming and removing the HOSTS file and putting it back. YUK! You can't change its name or contents and expect the system to pick that up without a reboot, as you discovered! It may be that only the DNS resolver cache needs to be flushed using ipconfig but I haven't tested that. > It was apparently necessary some-when and some-where because there is a lot > of discussion over it on the web. Here are a couple excerpts from my > archives ... Yes, lots of confusion and the problems were never really pinned down. I suspect they may have been caused by other things but see my penultimate paragraph. > So I guess I'll stick to upper case but surely if there really were any > problems with other combinations, they should have fixed it by now. I'll bet > in the end it's really just a "practice" that was used for denoting it. Who > knows? The hosts file concept comes from unix, where it must be upper case, and so does the MS implementation of sockets Perhaps that's why they stick to the naming convention in documentation. However, MS does/did provide support for unix in the form of a POSIX subsystem and services for unix (I believe on server platforms only for the latter). This is one of the reasons NTFS allows mixed case in filenames, although it doesn't allow duplicate names with different case in the same directory. It's possible that in these environments some unixy software may check the "hosts" filename is upper case with a directory scan before it tries to open the file. I can say that after grepping the system executables, DLLs and drivers for the "hosts" string case-insensitively in both ASCII and unicode, there are only three DLLs which reference the file on my Win2k workstation. They help implement name resolution and sockets and a disassembly of the binaries confirms they don't care about case. From nobody at spamcop.net Tue Feb 9 22:51:04 2010 From: nobody at spamcop.net (bar0) Date: Tue Feb 9 22:55:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Ant" wrote in message news:hkt892$ron$1@news.spamcop.net... > "Twayne" wrote: > .... > > The hosts file concept comes from unix, where it must be upper case, > and so does the MS implementation of sockets Perhaps that's why they > stick to the naming convention in documentation. Eh? in which implementation of Unix?I've used BSD, (Sun 3,4, Mac); ATTSVR4&5 (Sun 5, SGI, DEC Alpha} GNU, and RedHat Linux, and hosts was simply " /etc/hosts" I'm sure "/etc/HOSTS" would NOT have worked. Well it's jjust possible it mught have but not with normal fopen() commands built with standard includes. HOSTS and hosts are different files to Unix. I know this because I open hosts all the time to avoid typing FQDN's to access computers on different subnets. From nobody at spamcop.net Wed Feb 10 10:13:35 2010 From: nobody at spamcop.net (Twayne) Date: Wed Feb 10 10:15:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkt1n7$p6c$1@news.spamcop.net, Mike Easter typed: > My own recollections are that the instructions frequently /referred > to/ the hosts file as a HOSTS (or LMHOSTS) file (as that uppercase) > and that there was emphatic emphasis (how is /that/ for alliterative > redundance) on the absence of extender, but I don't recall there > being any such similar emphasis at all on the /case/ of the filename > part. In my short bit of research I also came across some sites that always spelled it HOSTS but only a couple of them mentioned keeping it upper case but then not why. There were a few posts about how it was supposedly unreliable but still worked if it wasn't all upper case. But no big names behind them and no references to verify it. Sometimes I wonder if it's not just a convention, like "HTTP" is supposed to be capitalized, etc.. But then I come back to remembering experimenting with it and ... well ... no sense repeating so many times. O well! It's been interesting. Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Wed Feb 10 10:46:14 2010 From: nobody at spamcop.net (Twayne) Date: Wed Feb 10 10:50:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkt892$ron$1@news.spamcop.net, Ant typed: > "Twayne" wrote: > >> I don't know what I did that it quit working completely earlier, >> but the cold start straightened everything out, plus I noticed a >> couple of other things that were the cause of some of my confusion. >> It turns out some of the ZDNet articles rotate their ad images >> but it doesn't appear to be all of them by any means. So naturally, >> some of the ads would show and some wouldn't, and that was one of >> the pages I was using when I was renaming and removing the HOSTS >> file and putting it back. YUK! > > You can't change its name or contents and expect the system to pick > that up without a reboot, as you discovered! It may be that only the > DNS resolver cache needs to be flushed using ipconfig but I haven't > tested that. > >> It was apparently necessary some-when and some-where because there >> is a lot of discussion over it on the web. Here are a couple >> excerpts from my archives ... > > Yes, lots of confusion and the problems were never really pinned down. > I suspect they may have been caused by other things but see my > penultimate paragraph. > >> So I guess I'll stick to upper case but surely if there really were >> any problems with other combinations, they should have fixed it by >> now. I'll bet in the end it's really just a "practice" that was used >> for denoting it. Who knows? > > The hosts file concept comes from unix, where it must be upper case, > and so does the MS implementation of sockets Perhaps that's why they > stick to the naming convention in documentation. > > However, MS does/did provide support for unix in the form of a POSIX > subsystem and services for unix (I believe on server platforms only > for the latter). This is one of the reasons NTFS allows mixed case in > filenames, although it doesn't allow duplicate names with different > case in the same directory. It's possible that in these environments > some unixy software may check the "hosts" filename is upper case with > a directory scan before it tries to open the file. > > I can say that after grepping the system executables, DLLs and drivers > for the "hosts" string case-insensitively in both ASCII and unicode, > there are only three DLLs which reference the file on my Win2k > workstation. They help implement name resolution and sockets and a > disassembly of the binaries confirms they don't care about case. Thanks, that's a rather believable and easy to read explanation, at least. Appreciate the benefit of your experience here. It's been fairly interesting postings but I think I'm about to bow out of the thread. Well, response-wise anyway. I think I have only one more thing to comment on and if IT opens another can of worms, I may just keep silent: The "cold start" reinitialized my computer and got the HOSTS file working again, but it wasn't the reason it wasn't working. Initially I was doing Restarts when I'd change the HOSTS filename letter cases, but if there's one thing I abhor, it's sitting and waiting nearly 4 minutes at a time for a computer to shut down and restart. Then I started instead logging off and then back on and it seemed to keep it working. Finally I tried it without doing anything re logging or restarts and it still functioned according to the name that was there (or not there). All it took to use the file was to refresh the browser window (IE8 and FF3.6). Now, I'm talking XP Peo SP3 ONLY here, but it is not necessary to Restart or cold boot to reinitialize the HOSTS file, which I found interesting. With 'hosts' in place I discovered I could open a web page, see the "can't display" message/s, go change "hosts" to "testing" and the "can't display"s went away. Change it back to "HostS" and the "can't display" came back. It seems the "hosts" file is read every time its contents are needed. Or something is smart enough to change if it's sitting in memory. So I don't know if it's READ from memory or not, but there is a disk access every time I changed the filename but had not restarted or logged off/on or anything else. Simply reloading the web page is enough. You do of course have to watch to be sure you're getting a page reload, not a refresh from cache while doing this, but that's not a hard thing to do. I don't know just how they do it, but I also noticed that, in FF, sometimes instead of "can't display" you'll get a "click here" just under "advertisement" instead. In the case of the page I just looked at the "advertisement" brought up a survey of sorts about how I liked the ad, but the "click here" was blocked and inaccessible. So they apparently use MLR methods IMO. Well, that's about the last I have to say about the HostS file I guesS. Hmm, just occurred to me we probably should have 'x-no archive YES'd these posts. Day late and a $ short I guess. Cheers, Twayne` -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From not at home.today Wed Feb 10 11:47:11 2010 From: not at home.today (Ant) Date: Wed Feb 10 11:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "bar0" wrote: > "Ant" wrote: >> The hosts file concept comes from unix, where it must be upper case, >> and so does the MS implementation of sockets Perhaps that's why they >> stick to the naming convention in documentation. > > Eh? in which implementation of Unix?I've used BSD, (Sun 3,4, Mac); ATTSVR4&5 > (Sun 5, SGI, DEC Alpha} GNU, and RedHat Linux, and hosts was simply " > /etc/hosts" I'm sure "/etc/HOSTS" would NOT have worked. Well it's jjust > possible it mught have but not with normal fopen() commands built with > standard includes. HOSTS and hosts are different files to Unix. You are right; now it's my turn to eat humble pie. My Knoppix live CD has it in lower case. I tried to fire up my ancient Sun Sparc-station but it's lost the settings and won't give the boot prompt (loops trying to find a nonexistant network connection). I don't know how the upper case for unix came into my head. Perhaps I was remembering the old HOSTS.TXT from ARPANET days. I do know that MS sockets is based on Berkeley Sockets. Must remember to check everything next time! Now I'm mystified as to why the upper case usage, according to the MS excerpt Twayne posted, was mandated, considering a default install of XP SP2 has it in lower case. From not at home.today Wed Feb 10 12:36:43 2010 From: not at home.today (Ant) Date: Wed Feb 10 12:40:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: "Twayne" wrote: > Thanks, that's a rather believable and easy to read explanation, at least. > Appreciate the benefit of your experience here. A fair bit with DOS & Win, some early minicoputers and IBM mainframes but not so much with unix, apparently! > It's been fairly interesting > postings but I think I'm about to bow out of the thread. Before you do, please see my response to bar0 where I admit to talking off the top of my head without checking in regard to unix hosts case. > It seems the "hosts" file is read every time its contents are needed. Or > something is smart enough to change if it's sitting in memory. So I don't > know if it's READ from memory or not, but there is a disk access every time > I changed the filename but had not restarted or logged off/on or anything > else. Simply reloading the web page is enough. > You do of course have to watch to be sure you're getting a page reload, > not a refresh from cache while doing this, but that's not a hard thing to > do. I think that relates to what I said about flushing the DNS cache. In other words, that's effectively what you're doing (probably!). > Hmm, just occurred to me we probably should have 'x-no archive YES'd > these posts. Day late and a $ short I guess. Not at all. It's been an interesting discussion (for geeks) and I've also learnt something. From nobody at spamcop.net Wed Feb 10 13:52:39 2010 From: nobody at spamcop.net (Twayne) Date: Wed Feb 10 13:55:07 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? References: Message-ID: In news:hkuqt3$ef7$1@news.spamcop.net, Ant typed: > "Twayne" wrote: > >> Thanks, that's a rather believable and easy to read explanation, at >> least. Appreciate the benefit of your experience here. > > A fair bit with DOS & Win, some early minicoputers and IBM mainframes > but not so much with unix, apparently! lol, I know EGGSactly what you mean! > >> It's been fairly interesting >> postings but I think I'm about to bow out of the thread. > > Before you do, please see my response to bar0 where I admit to talking > off the top of my head without checking in regard to unix hosts case. I saw that; "stuff" happens. This is like 2 + 2 = 4 for a lot of people; so "simple" it doesn't need qualification. Only as it turns out, sometimes 2 + 2 = 4.000000009. > >> It seems the "hosts" file is read every time its contents are >> needed. Or something is smart enough to change if it's sitting in >> memory. So I don't know if it's READ from memory or not, but there >> is a disk access every time I changed the filename but had not >> restarted or logged off/on or anything else. Simply reloading the >> web page is enough. You do of course have to watch to be sure >> you're getting a page reload, not a refresh from cache while doing >> this, but that's not a hard thing to do. > > I think that relates to what I said about flushing the DNS cache. In > other words, that's effectively what you're doing (probably!). Yes. Same difference. > >> Hmm, just occurred to me we probably should have 'x-no archive >> YES'd these posts. Day late and a $ short I guess. > > Not at all. It's been an interesting discussion (for geeks) and I've > also learnt something. Ain't we all? It has been interesting, I agree. Haven't used a pocket protector in years, so I can't be a GEEK! Can I? lol, it's all in the eye of the ... . luck, Twayne` -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From me at privacy.net Wed Feb 10 15:34:40 2010 From: me at privacy.net (Frog Prince) Date: Wed Feb 10 15:35:08 2010 Subject: [Scgeeks] Need a recommendion on a good & free portioning application for XP and Vista. Message-ID: Need a recommendation on a good & free portioning application for XP and Vista. TIA FP From nobody at spamcop.net Wed Feb 10 15:46:00 2010 From: nobody at spamcop.net (bar0) Date: Wed Feb 10 15:50:07 2010 Subject: [Scgeeks] Re: Need a recommendion on a good & free portioning application for XP and Vista. In-Reply-To: References: Message-ID: "Frog Prince" wrote in message news:hkv58i$i7u$1@news.spamcop.net... > Need a recommendation on a good & free portioning application for XP and > Vista. > > TIA > > FP You mean Partitioning? From nobody at spamcop.net Wed Feb 10 15:49:42 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 10 15:50:08 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Ant" wrote in message news:hkuo05$de2$1@news.spamcop.net... I tried to fire up my ancient Sun Sparc-station Man, that thing IS old....last time I used one was in the early 90's.... From nobody at spamcop.net Wed Feb 10 15:55:14 2010 From: nobody at spamcop.net (bar0) Date: Wed Feb 10 16:00:09 2010 Subject: [Scgeeks] Re: What is WITH all the trojans? In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hkv654$ifm$1@news.spamcop.net... > > "Ant" wrote in message > news:hkuo05$de2$1@news.spamcop.net... > I tried to fire up my ancient Sun Sparc-station > > Man, that thing IS old....last time I used one was in the early 90's.... Anyway it'll be /etc/hosts there too From nobody at spamcop.net Wed Feb 10 16:00:39 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 10 16:05:08 2010 Subject: [Scgeeks] Re: Need a recommendion on a good & free portioning application for XP and Vista. In-Reply-To: References: Message-ID: "bar0" wrote in message news:hkv5u8$ie4$1@news.spamcop.net... > > "Frog Prince" wrote in message > news:hkv58i$i7u$1@news.spamcop.net... >> Need a recommendation on a good & free portioning application for XP and >> Vista. >> >> TIA >> >> FP > > You mean Partitioning? > > I assume he does, and Vista's built in Disk Manager makes it quite simple to create and change partitions. It's in the MMC console app, although you may have to "create" your own console and add the Disk Management Snap-In to the console. If I type "C:\WINDOWS\System32\mmc.exe" into the Start/Run dialog box it MMC loads, but it's empty -- I have a file named "My Console" that I open in MMC that has all the Snap-Ins that I typically use installed. Some of the apps are available in Control Panel, but many of them are not. From nobody at spamcop.net Wed Feb 10 16:06:31 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 10 16:10:08 2010 Subject: [Scgeeks] Re: Need a recommendion on a good & free portioning application for XP and Vista. In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hkv6pm$ilg$1@news.spamcop.net... > If I type "C:\WINDOWS\System32\mmc.exe" into the Start/Run dialog box it > MMC loads, but it's empty -- I have a file named "My Console" Left out one piece of critical info -- the full filename is "My Console.msc" -- and you can save the file to your desktop (or elsewhere), and double-click on it to open MMC -- no need to open MMC first and _then_ load "My Console". From me at privacy.net Wed Feb 10 17:32:26 2010 From: me at privacy.net (Frog Prince) Date: Wed Feb 10 17:35:08 2010 Subject: [Scgeeks] Re: Need a recommendion on a good & free portioning application for XP and Vista. References: Message-ID: "bar0" wrote in message news:hkv5u8$ie4$1@news.spamcop.net... > > "Frog Prince" wrote in message > news:hkv58i$i7u$1@news.spamcop.net... >> Need a recommendation on a good & free portioning application for XP and >> Vista. >> >> TIA >> >> FP > > You mean Partitioning? Yea, dat two. From user at domain.invalid Wed Feb 10 19:58:45 2010 From: user at domain.invalid (Farelf) Date: Wed Feb 10 20:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: Farelf wrote: > bar0 wrote: > >> >> UMM.... I've gotten Windows and IE updates using Firefox too, there >> seems to >> be no problem. >> > Wow - I haven't tried for quite a while, must have another look at that. > It's been a few years ... No go - maybe different rules for different parts of the evil empire? Or you're using some sort of emulation ... or? http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us "Thank you for your interest in obtaining updates from our site. To use this site, you must be running Microsoft Internet Explorer 5 or later." If you get through this, the next step (on IE) is to check for ActiveX controls, which would be another stumbling block? Can't imagine, offhand, how to use vanilla-flavored FF unless (say) using Belkin to consider advised updates/patches etc then go to http://www.microsoft.com/downloads/en/default.aspx (or Belkin links?) to download and install them one by one. Would rather use WU and complain bitterly if and when it "does me wrong" - once I get back online :) From nobody at spamcop.net Thu Feb 11 10:42:19 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 11 10:45:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hkvknv$nqn$1@news.spamcop.net, Farelf typed: > Farelf wrote: >> bar0 wrote: >> >>> >>> UMM.... I've gotten Windows and IE updates using Firefox too, there >>> seems to >>> be no problem. >>> >> Wow - I haven't tried for quite a while, must have another look at >> that. It's been a few years ... > > No go - maybe different rules for different parts of the evil empire? > Or you're using some sort of emulation ... or? > > http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us > > "Thank you for your interest in obtaining updates from our site. > > To use this site, you must be running Microsoft Internet Explorer 5 or > later." > > If you get through this, the next step (on IE) is to check for ActiveX > controls, which would be another stumbling block? Can't imagine, > offhand, how to use vanilla-flavored FF unless (say) using Belkin to > consider advised updates/patches etc then go to > http://www.microsoft.com/downloads/en/default.aspx (or Belkin links?) > to download and install them one by one. Would rather use WU and > complain bitterly if and when it "does me wrong" - once I get back > online :) http://support.mozilla.com/en-US/kb/Using+Firefox+for+Windows+Update?bl=n&s=xp%20windows%20update says: The Windows Update site, and the newer Microsoft Update site, are designed to work only with Internet Explorer. The update sites depend on an ActiveX control which scans your computer to determine which updates are missing. Firefox does not run ActiveX controls. This article describes *other options* for updating Windows. ------------ It then goes on to describe Automatic Updates (which of course don't need a browser) and Manual Updates and add-ons to work around the issues. Personally I just let Update download but not install updates, then I look at them to see what they are, and install them or not, and mark the ones I don't install to not be offered anymore. It's a lot easier than messing around with a browser anyway. Regards, Twayne` -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 11 15:56:10 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 11 16:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hl18gq$alr$1@news.spamcop.net... > Personally I just let Update download but not install updates, then I look > at them to see what they are, and install them or not, and mark the ones I > don't install to not be offered anymore. It's a lot easier than messing > around with a browser anyway. I don't even let it get that far.....I have Win Update set to scan daily for new updates and inform me when any are available, but I go look at them, choose which ones to download and install, then mark the rest as "hidden". From nobody at spamcop.net Thu Feb 11 19:55:54 2010 From: nobody at spamcop.net (Twayne) Date: Thu Feb 11 20:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl1qtb$her$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hl18gq$alr$1@news.spamcop.net... >> Personally I just let Update download but not install updates, then >> I look at them to see what they are, and install them or not, and >> mark the ones I don't install to not be offered anymore. It's a lot >> easier than messing around with a browser anyway. > > I don't even let it get that far.....I have Win Update set to scan > daily for new updates and inform me when any are available, but I go > look at them, choose which ones to download and install, then mark > the rest as "hidden". That'd work too, I'm sure. It's too bad we feel like we have to do that, but that's now Silverlight or whatever it's called, IE7 at one point and several other things get installed that aren't anything to do with updates or fixes. It's too bad Microsoft has gotten to be so untrustworthy, expensive and inconsiderate of its users. How annoying are the updates the way you do it? It occurs to me that you might be seeing new updates avialable every few days. Especially like this last one; mine had a long list of updates between Office and XP. Even with all the checking, one still got by me a few months back; the CardSpace or whatever it's called. It uses the same tld as the old Cardfile program from win 95/98, which I still use, and of course screwed up the fiel association. OH well, that's the fun-side challenges of computers, I guess. Sometimes I miss the good ol' days of CP/M where double-sided 90k/side 5 1/4" floppies were an astoundingly huge amount of data storage. Cheers, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Thu Feb 11 20:16:45 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 11 20:20:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hl28uo$mme$1@news.spamcop.net... > That'd work too, I'm sure. It's too bad we feel like we have to do that, > but that's now Silverlight or whatever it's called, IE7 at one point and > several other things get installed that aren't anything to do with updates > or fixes. It's too bad Microsoft has gotten to be so untrustworthy, > expensive and inconsiderate of its users. > That, and adding useless junk like downloading huge anti-spam database updates for Outlook when I don't even have it installed! > How annoying are the updates the way you do it? It occurs to me that you > might be seeing new updates avialable every few days. Especially like this > last one; mine had a long list of updates between Office and XP. Well, I actually have the systray set to "hide" the update warning, but about once a week I check it, so yeah, I usually have 5-10 updates waiting for download and installation. Today there were 12, but only 8 pertained to my system and apps. Already downloaded and installed those, hid the rest, and will reboot to finish the job when I go watch "Grey's Anatomy" at 9:00 ;-) > > Even with all the checking, one still got by me a few months back; the > CardSpace or whatever it's called. It uses the same tld as the old > Cardfile program from win 95/98, which I still use, and of course screwed > up the fiel association. OH well, that's the fun-side challenges of > computers, I guess. You actually use CardSpace? I have that service disabled, no use for it around here. From user at domain.invalid Thu Feb 11 20:52:23 2010 From: user at domain.invalid (Farelf) Date: Thu Feb 11 20:55:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: Twayne wrote: > Sometimes I miss the good ol' days of CP/M where double-sided 90k/side 5 > 1/4" floppies were an astoundingly huge amount of data storage. > Thanks for comments on WU, Indigo too - I'm happy to let it notify me, then I go to the site, look at the (proposed) updates both critical and optional and authorize them. So far I've accepted them all. SWMBO's Vista in default mode was causing her extreme anxiety - "You must reboot now" - in the middle of a massive document update etc. "But dearest," I tell her (trouble remembering her name these days, but that's another story), "you don't have to do it *immediately*, please stop sobbing." She hasn't been near computers much for many years, and this being the first one that's "hers" and an HP (coupled to a HP printer), full of HP crapware and HP update processes as well - but we've changed all of that to something more under her control now. We weren't CPM users, but DOS from about 1.1 (and mainframes of like and earlier eras), both know what you're talking about "in the good ol' days". When a page of text was half a k. And computers were very 'literal minded' and did exactly what they were told, nothing else. That was easy to live with after a minor learning curve was surmounted. {sigh} From not at home.today Thu Feb 11 21:23:19 2010 From: not at home.today (Ant) Date: Thu Feb 11 21:25:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote: > Sometimes I miss the good ol' days of CP/M where double-sided 90k/side 5 > 1/4" floppies were an astoundingly huge amount of data storage. Never mind my old Sun Sparc, I have a CP/M machine which was given to me several years ago. No hard disk but two 5.25 drives and a few floppies. I really must dump it some day. I miss the fun we had at work; programming by punching instructions into the CPU via buttons on the front panel - but not too much! From nobody at spamcop.net Fri Feb 12 11:59:58 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 12 12:00:09 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Farelf" wrote in message news:hl2c8n$nqo$1@news.spamcop.net... > > SWMBO's Vista in default mode was causing her extreme anxiety - SWMBO? Single White Male's Best Other....? She hasn't been near computers much for many years, and > this being the first one that's "hers" and an HP (coupled to a HP > printer), full of HP crapware and HP update processes as well - but we've > changed all of that to something more under her control now. I haven't found HP updates to be much of an issue, I rarely get them. > > We weren't CPM users, but DOS from about 1.1 (and mainframes of like and > earlier eras), both know what you're talking about "in the good ol' days". > When a page of text was half a k. And computers were very 'literal minded' > and did exactly what they were told, nothing else. That was easy to live > with after a minor learning curve was surmounted. {sigh} > Except for when it came down to trying to sqeeze this or that into EMS or the lower extended memory, some apps wouldn't run in one or the other... From nobody at spamcop.net Fri Feb 12 12:28:46 2010 From: nobody at spamcop.net (Twayne) Date: Fri Feb 12 12:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl2a5t$n6d$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hl28uo$mme$1@news.spamcop.net... ... > > That, and adding useless junk like downloading huge anti-spam database > updates for Outlook when I don't even have it installed! Hmm, I haven't had the experience of getting updates for things I don't have installed. Even the Office updates are only for the programs I have installed. But then my stuff is "old", of the 2002 version vintage so maybe it was more accurate for the older stuff. What I despise the most is actual, new programs disguised as updates, especially critical updates when they clearly are not. > >> How annoying are the updates the way you do it? It occurs to me that >> you might be seeing new updates avialable every few days. Especially >> like this last one; mine had a long list of updates between Office >> and XP. > > Well, I actually have the systray set to "hide" the update warning, > but about once a week I check it, so yeah, I usually have 5-10 > updates waiting for download and installation. Today there were 12, > but only 8 pertained to my system and apps. Already downloaded and > installed those, hid the rest, and will reboot to finish the job when > I go watch "Grey's Anatomy" at 9:00 ;-) Oh, that doesn't sound so bad. I decided to leave mine as is; download but let me install. It's futile to expect MY memory to check on updates!! > >> >> Even with all the checking, one still got by me a few months >> back; the CardSpace or whatever it's called. It uses the same tld as >> the old Cardfile program from win 95/98, which I still use, and of >> course screwed up the fiel association. OH well, that's the fun-side >> challenges of computers, I guess. > > You actually use CardSpace? I have that service disabled, no use for > it around here. NO, I do not use CardSpace. I used CardFile, the old address/phone number program from win95/98. They both use .crd files so when CardSpace snuck thru on me it broke the file association for CardFile which took me a few minutes to realize. I like CardFile because it keeps all the information on one window, arranged as I choose to arrange it. I don't have any use for the 28 fields per tab in a 22 tab layout crap. The only downside to CardFile is it has a length limit to each record. Oh, and it won't dial a phone number for you of course, but ... small loss. Someday I'll sit down and write an analyzer/converter to take the CardFile database and put it into something a bit stronger and that takes longer sets of data. But until then CardFile is great for my needs, meager but high in volume as they are. No registry messing, stands alone, just drop it and run it. It'll even run on Vista; I gave it to a client awhile back because he liked the simplicity of it. No I didn't pirate; he owned 98 so it's legal. Nice chatting with you; so long. Twayne -- Newsgroups are great places to get assistance. But always verify important information with other sources to be certain you have a clear understanding of it and that it is accurate. From nobody at spamcop.net Fri Feb 12 12:35:19 2010 From: nobody at spamcop.net (Twayne) Date: Fri Feb 12 12:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl2c8n$nqo$1@news.spamcop.net, Farelf typed: > Twayne wrote: > >> Sometimes I miss the good ol' days of CP/M where double-sided >> 90k/side 5 1/4" floppies were an astoundingly huge amount of data >> storage. > > Thanks for comments on WU, Indigo too - I'm happy to let it notify me, > then I go to the site, look at the (proposed) updates both critical > and optional and authorize them. So far I've accepted them all. > > SWMBO's Vista in default mode was causing her extreme anxiety - "You > must reboot now" - in the middle of a massive document update etc. > "But dearest," I tell her (trouble remembering her name these days, > but that's another story), "you don't have to do it *immediately*, > please stop sobbing." She hasn't been near computers much for many > years, and this being the first one that's "hers" and an HP (coupled > to a HP printer), full of HP crapware and HP update processes as well > - but we've changed all of that to something more under her control > now. > We weren't CPM users, but DOS from about 1.1 (and mainframes of like > and earlier eras), both know what you're talking about "in the good > ol' days". When a page of text was half a k. And computers were very > 'literal minded' and did exactly what they were told, nothing else. > That was easy to live with after a minor learning curve was > surmounted. {sigh} lol, yeah, but life wasn't always great. For instance, typing DEL *.* on your C: directory (as my wife once did) didn't get you today's "Are you sure?" verification. So I guess you're right; they DID do EXACTLY as you told them to! Ahh, I miss the ol' "go 10000" to get the bootloader and all that. Still got an old Heath Z89 with hard sectored floppies stashed away in the attic. I remember agonizing for weeks over whether to build the kit or go for an Osborne. But I got that great, big, beautiful screen with the Heathkit! 12" or something like that? I don't recall now. Then came those huge, expensive 10 MegaByte Hard Drives! Wow!! < G > Guess I'm getting old; sure feel it right about this second! Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Fri Feb 12 12:44:30 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 12 12:45:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Indigo" wrote in message news:hl41ee$bcg$1@news.spamcop.net... > > "Farelf" wrote in message > news:hl2c8n$nqo$1@news.spamcop.net... >> >> SWMBO's Vista in default mode was causing her extreme anxiety - > > SWMBO? Single White Male's Best Other....? > > > She hasn't been near computers much for many years, and >> this being the first one that's "hers" and an HP (coupled to a HP >> printer), full of HP crapware and HP update processes as well - but we've >> changed all of that to something more under her control now. > > I haven't found HP updates to be much of an issue, I rarely get them. > >> >> We weren't CPM users, but DOS from about 1.1 (and mainframes of like and >> earlier eras), both know what you're talking about "in the good ol' >> days". When a page of text was half a k. And computers were very 'literal >> minded' and did exactly what they were told, nothing else. That was easy >> to live with after a minor learning curve was surmounted. {sigh} >> > > Except for when it came down to trying to sqeeze this or that into EMS or > the lower extended memory, some apps wouldn't run in one or the other... Thankfully I had access to Suns, Amigas, Macs,Vaxen, and Mainframes in the days of DOS/CPM and Win <95. From MikeE at ster.invalid Fri Feb 12 12:49:36 2010 From: MikeE at ster.invalid (Mike Easter) Date: Fri Feb 12 12:50:09 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: Indigo wrote: > "Farelf" >> SWMBO's Vista in default mode was causing her extreme anxiety - > > SWMBO? Single White Male's Best Other....? She Who Must Be Obeyed, pronounced 'swimbo'. -- Mike Easter From nobody at spamcop.net Fri Feb 12 12:51:33 2010 From: nobody at spamcop.net (Twayne) Date: Fri Feb 12 12:55:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl2e4b$okc$1@news.spamcop.net, Ant typed: > "Twayne" wrote: > >> Sometimes I miss the good ol' days of CP/M where double-sided >> 90k/side 5 1/4" floppies were an astoundingly huge amount of data >> storage. > > Never mind my old Sun Sparc, I have a CP/M machine which was given to > me several years ago. No hard disk but two 5.25 drives and a few > floppies. I really must dump it some day. Are they hard-sectored drives by any chance? Any chance you have any hard-sectored floppies to go with them? I might consider buying them from you. You could tell the hard-sectored floppies because they'd have ten holes around the ring plus the standard one for the sync-up. IN my "someday" list I have an item about firing up my old Heath Z89 (8080) and doing some benchmarks against a current OS. IIRC even the DOS GUI's were a LOT faster than todays, and the machines ran a LOT slower! Believe it or not, there are still a lot of CP/M programs online for download; most are for DOS 5 or higher, but that's OK. I've still got all the way to DOS 6.22 stored in my archives. I'm sure all the floppies are useless by now but I do wonder if any of them would still format. Fun to play with if it's not too full of mouse droppings! > > I miss the fun we had at work; programming by punching instructions > into the CPU via buttons on the front panel - but not too much! My first "at work" computer was an old IMSI 8080 like that. You had to key in the entire boot loader word by word, line by line, until it could pull in the supportware to live on its own. We had this little "machine" that only filled a 3 x 6 table with equipment, that could run rings around the VAX machines with their humongous tape drives and vacuum problems. It took 3 typists just to keep up with the number of punch cards we needed. We were the envy of the company (no such thing as IT there) when our tiny little machine demonstrated how it could take over the complete inventory system and maintain it on a day to day basis and have time left over for other jobs! Only trouble was, all we did was prove it "could" be done - even afer we devised a PROM to use to start the IMSI! Oh, and of course, it was all written in the inelegant Basic language. We just couldn 't pursuade management to switch from the "reliable" punch cards to direct entry. Ya gotta love the old days, and people's opinions and attitudes. Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Fri Feb 12 17:25:30 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 12 17:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hl434f$c21$1@news.spamcop.net... > In news:hl2a5t$n6d$1@news.spamcop.net, > Indigo typed: >> >> That, and adding useless junk like downloading huge anti-spam database >> updates for Outlook when I don't even have it installed! > > Hmm, I haven't had the experience of getting updates for things I don't > have installed. Even the Office updates are only for the programs I have > installed. But then my stuff is "old", of the 2002 version vintage so > maybe it was more accurate for the older stuff. What I despise the most > is actual, new programs disguised as updates, especially critical updates > when they clearly are not. I have Office 2003 installed, but also had to install the all of the Office 2007 viewers/readers so I could communicate with folks from my old workplace and occasionally help them analyze some data in Excel format (the rest of the business world has moved on to Office 2007 since I went on LTD). I used to get a tad upset when MS would slip something like Silverlight past me, but I actually ran across a website sometime within the last 3 months that required it for proper viewing (I think it was a NASA website, of all things!), so I had to re-install it and download all the missed updates. From nobody at spamcop.net Fri Feb 12 17:33:44 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 12 17:35:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "bar0" wrote in message news:hl441v$c9h$1@news.spamcop.net... > > Thankfully I had access to Suns, Amigas, Macs,Vaxen, and Mainframes in the > days of DOS/CPM and Win <95. It was a blessing to have a VAX or mini-VAX workstation back when I was writing code (a LONG time ago!). When we moved to PCs and had to use Fortran 77 it was a royal PITA to adjust to the new compiler...a steep learning curve, for me at least. From nobody at spamcop.net Fri Feb 12 17:36:36 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 12 17:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Mike Easter" wrote in message news:hl44bg$cdr$1@news.spamcop.net... > Indigo wrote: >> "Farelf" > >>> SWMBO's Vista in default mode was causing her extreme anxiety - >> >> SWMBO? Single White Male's Best Other....? > > She Who Must Be Obeyed, pronounced 'swimbo'. > Heh. Thanks for filling me in.....I should have known that, it's the _only_ term David Feherty uses whenever he refers to his wife in his monthly Golf Magazine column ;-) From not at home.today Fri Feb 12 19:37:40 2010 From: not at home.today (Ant) Date: Fri Feb 12 19:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote: > Ant wrote: >> Never mind my old Sun Sparc, I have a CP/M machine which was given to >> me several years ago. No hard disk but two 5.25 drives and a few >> floppies. I really must dump it some day. > > Are they hard-sectored drives by any chance? Any chance you have any > hard-sectored floppies to go with them? I might consider buying them from > you. You could tell the hard-sectored floppies because they'd have ten > holes around the ring plus the standard one for the sync-up. No, just the single hole. [...] > Ya gotta love the old days, and people's opinions and attitudes. Interesting to read your experiences. Best time of my working life was the mid-1970s with all this old kit. I started as a computer operator and taught myself how to program the beasts in slack times, usually on night shifts. I was absolutely fascinated by what I could make them do for my own use/education/entertainment when they would otherwise have been idle. It seems this group is populated by oldies (maybe I'm the youngster here!) much like the rest of Usenet nowadays, I suppose. From nobody at spamcop.net Fri Feb 12 19:46:30 2010 From: nobody at spamcop.net (bar0) Date: Fri Feb 12 19:50:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Indigo" wrote in message news:hl4l08$j9d$1@news.spamcop.net... > > "bar0" wrote in message > news:hl441v$c9h$1@news.spamcop.net... >> >> Thankfully I had access to Suns, Amigas, Macs,Vaxen, and Mainframes in >> the days of DOS/CPM and Win <95. > > It was a blessing to have a VAX or mini-VAX workstation back when I was > writing code (a LONG time ago!). When we moved to PCs and had to use > Fortran 77 it was a royal PITA to adjust to the new compiler...a steep > learning curve, for me at least. My real point was that despite it's success it was trhe crappiest imitation of a computer one could possibly imagine (Speaking of the ""IBM compatible" PC). I tried using Win 3.1 when colleagues had the temerity to suggest that it (the UI and OS) was as good as having a Mac, Amiga or Atari. The experience was abysmal. It didn't have real memory, it eas an 8 bit OS ona 16bit chip, and the Windows did nothing for the user beyond supplying the windows explorer. Whoopee, a file lister. Task switching, let alone preemptive mutlitasking didn't exist in a meaningful way. Coming from 32 bit hardware and 16 or 32 bit OS's I wasn't impressed. From nobody at spamcop.net Sat Feb 13 13:39:48 2010 From: nobody at spamcop.net (Twayne) Date: Sat Feb 13 13:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl4kgq$j73$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hl434f$c21$1@news.spamcop.net... >> In news:hl2a5t$n6d$1@news.spamcop.net, >> Indigo typed: >>> >>> That, and adding useless junk like downloading huge anti-spam >>> database updates for Outlook when I don't even have it installed! >> >> Hmm, I haven't had the experience of getting updates for things I >> don't have installed. Even the Office updates are only for the >> programs I have installed. But then my stuff is "old", of the 2002 >> version vintage so maybe it was more accurate for the older stuff. What I >> despise the most is actual, new programs disguised as >> updates, especially critical updates when they clearly are not. > > I have Office 2003 installed, but also had to install the all of the > Office 2007 viewers/readers so I could communicate with folks from my > old workplace and occasionally help them analyze some data in Excel > format (the rest of the business world has moved on to Office 2007 > since I went on LTD). > I used to get a tad upset when MS would slip something like > Silverlight past me, but I actually ran across a website sometime > within the last 3 months that required it for proper viewing (I think > it was a NASA website, of all things!), so I had to re-install it and > download all the missed updates. Ain't that a kick in the pants! Haven't been to NASA in awhile so guess I'll check that out! If it's on one page, that's NBD but if it spreads to all the others, that stinks IMO. I could understand if it was someting open-sourced but not with MS-ware. Does it live OK alongside Flash? Or does it create the occasional conflict? HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Sat Feb 13 13:50:52 2010 From: nobody at spamcop.net (Twayne) Date: Sat Feb 13 13:55:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl4sp8$mbt$1@news.spamcop.net, bar0 typed: > "Indigo" wrote in message > news:hl4l08$j9d$1@news.spamcop.net... >> >> "bar0" wrote in message >> news:hl441v$c9h$1@news.spamcop.net... >>> >>> Thankfully I had access to Suns, Amigas, Macs,Vaxen, and Mainframes >>> in the days of DOS/CPM and Win <95. >> >> It was a blessing to have a VAX or mini-VAX workstation back when I >> was writing code (a LONG time ago!). When we moved to PCs and had to >> use Fortran 77 it was a royal PITA to adjust to the new compiler...a >> steep learning curve, for me at least. > > My real point was that despite it's success it was trhe crappiest > imitation of a computer one could possibly imagine (Speaking of the > ""IBM compatible" PC). > > I tried using Win 3.1 when colleagues had the temerity to suggest > that it (the UI and OS) was as good as having a Mac, Amiga or Atari. > The experience was abysmal. It didn't have real memory, it eas an 8 > bit OS ona 16bit chip, and the Windows did nothing for the user > beyond supplying the windows explorer. Whoopee, a file lister. Task > switching, let alone preemptive mutlitasking didn't exist in a > meaningful way. Coming from 32 bit hardware and 16 or 32 bit OS's I > wasn't impressed. lol! Never once did I ever consider "IBM Compatible" in that context! But then I was just getting an interest in computing at that time so the only other thing I had any interest in were the VAX machines - BIG mistake! Whoever knew "the most" about anything at that time was the ipso facto IT department. I made the mistake of making the Tymnet connection my first foray into the VAX world. Uhh, my stomach's feeling funny! About all I recall about 3.1 was "finally" I was about to be able to see what "multitasking" was all about! Turned out 3.1 was, well, quite a bit different than I expected! It was great for me though because finally I was allowed to purchase some of that "new" stuff MS offered, like Office or whatever it was called then. Finally, I wasn't stuck to Edlin - which I'll be darned, is still part of XP Pro's offerings. Wat a woild! HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Sat Feb 13 13:54:27 2010 From: nobody at spamcop.net (Twayne) Date: Sat Feb 13 13:55:09 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl4sb1$m57$1@news.spamcop.net, Ant typed: > "Twayne" wrote: > >> Ant wrote: >>> Never mind my old Sun Sparc, I have a CP/M machine which was given >>> to me several years ago. No hard disk but two 5.25 drives and a few >>> floppies. I really must dump it some day. >> >> Are they hard-sectored drives by any chance? Any chance you have any >> hard-sectored floppies to go with them? I might consider buying >> them from you. You could tell the hard-sectored floppies because >> they'd have ten holes around the ring plus the standard one for the >> sync-up. > > No, just the single hole. > > [...] > >> Ya gotta love the old days, and people's opinions and attitudes. > > Interesting to read your experiences. Best time of my working life was > the mid-1970s with all this old kit. I started as a computer operator > and taught myself how to program the beasts in slack times, usually on > night shifts. I was absolutely fascinated by what I could make them do > for my own use/education/entertainment when they would otherwise have > been idle. > > It seems this group is populated by oldies (maybe I'm the youngster > here!) much like the rest of Usenet nowadays, I suppose. Well, for this thread anyway, I guess. But I don't consider myself an oldster; put a 40 year old naked woman in front of me and see how old I act and look! < G > No younger please; I do have blood pressure issues and then there's the arthritis and ... . HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Sat Feb 13 14:03:41 2010 From: nobody at spamcop.net (Indigo) Date: Sat Feb 13 14:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hl6rln$de9$1@news.spamcop.net... > Ain't that a kick in the pants! Haven't been to NASA in awhile so guess > I'll check that out! If it's on one page, that's NBD but if it spreads to > all the others, that stinks IMO. I could understand if it was someting > open-sourced but not with MS-ware. Well, there are a TON of various NASA related websites.....guessing which one (if it indeed it was a NASA site) would be pretty impossible. I agree that if Silverlight because more popular without options to bypass it that more and more folks will become upset at their inability to view certain sites....just think of the entire Mac population, to start with! The Acura website, for instance is TOTALLY Flash-driven with no Flash-free option. Drives me nuts! (heh, I made a punny) > > Does it live OK alongside Flash? Or does it create the occasional > conflict? > Haven't had any trouble having both installed (so far). From nobody at spamcop.net Sat Feb 13 14:14:36 2010 From: nobody at spamcop.net (Indigo) Date: Sat Feb 13 14:15:07 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hl6saf$dl8$1@news.spamcop.net... > > About all I recall about 3.1 was "finally" I was about to be able to see > what "multitasking" was all about! Turned out 3.1 was, well, quite a bit > different than I expected! It was great for me though because finally > I was allowed to purchase some of that "new" stuff MS offered, like Office > or whatever it was called then. Finally, I wasn't stuck to Edlin - which > I'll be darned, is still part of XP Pro's offerings. Wat a woild! Huh? DOS Edit was around long before Win 3.1.....for me, Edlin(e) disappeared the same time the Amiga cassete tape drives! And I recall having some kind of junior DOS version of a GUI too, it was basically (hah, another pun!) an app that presented you with a two column table that allowed you to assign different apps to one of the numbers in the columns, like 1 = start app1, 2 = start app2, etc. There were also some default choices at the bottom that were fixed, one of them was like Win Exploder, but it had a specific name that I can't recall at the moment....something called DOSxxxxx......damn, what was the name of that app...it was available all the way up to Win 98 IIRC.....aha! It was called DOSSHELL. From nobody at spamcop.net Sat Feb 13 20:02:52 2010 From: nobody at spamcop.net (Twayne) Date: Sat Feb 13 20:05:09 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl6tmr$e4k$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hl6saf$dl8$1@news.spamcop.net... >> >> About all I recall about 3.1 was "finally" I was about to be able to >> see what "multitasking" was all about! Turned out 3.1 was, well, >> quite a bit different than I expected! It was great for me >> though because finally I was allowed to purchase some of that "new" >> stuff MS offered, like Office or whatever it was called then. >> Finally, I wasn't stuck to Edlin - which I'll be darned, is still >> part of XP Pro's offerings. Wat a woild! > > Huh? DOS Edit was around long before Win 3.1.....for me, Edlin(e) > disappeared the same time the Amiga cassete tape drives! No, not "DOS Edit"; "Edlin". It was strictly a line editor. Wanna copy a paragraph? You had to do it a line at a time. LIterally. We used it exclusively for .asm development on the VAX eventually. If you have an XP machine around, you'll find Edlin at "C:\WINDOWS\system32\edlin.exe" if you'd like to verify it's the same program. It's Help is really complex : ========== C:\>edlin /? Starts Edlin, a line-oriented text editor. EDLIN [drive:][path]filename [/B] /B Ignores end-of-file (CTRL+Z) characters. ========== > > And I recall having some kind of junior DOS version of a GUI too, it > was basically (hah, another pun!) an app that presented you with a > two column table that allowed you to assign different apps to one of > the numbers in the columns, like 1 = start app1, 2 = start app2, etc. > There were also some default choices at the bottom that were fixed, > one of them was like Win Exploder, but it had a specific name that I > can't recall at the moment....something called DOSxxxxx......damn, > what was the name of that app...it was available all the way up to > Win 98 IIRC.....aha! It was called DOSSHELL. Actually there were a few different GUI's for DOS, some of them pretty elegant for the period. I can't recall their names but one of the later ones even let you use a mouse if it was loaded properly. "Real" computer users figured they were all toys though. What you describe sounds like it might just be a standard menu with ansi.sys (the one that gave you access to colors?) loaded and used. Gads, this old stuff's giving me head aches just thinking about it w/r to what we can do now. You know, there are quite a few of the old DOS commands I still use even today because they're so blazingly fast compared to any GUI in windows. I'm particularly attached to XXCOPY, a proprietary but very handy program, and I use it in quite a few batch files to do quickie backups. Before a GUI program can even get loaded, XXCopy is all done and has exited. Cheers, Twayne` From nobody at spamcop.net Sun Feb 14 15:26:25 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 14 15:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hl7i3u$llo$1@news.spamcop.net... > > No, not "DOS Edit"; "Edlin". It was strictly a line editor. Wanna copy a > paragraph? You had to do it a line at a time. LIterally. Oh, I remember all too well what a PITA Edlin was to use....the worse thing, IIRC, is that you couldn't see the line of code above or below the one you were currently editing. You basically had to first write all the code on paper and carefully type it in line by line. > > Actually there were a few different GUI's for DOS, some of them pretty > elegant for the period. I can't recall their names but one of the later > ones even let you use a mouse if it was loaded properly. "Real" computer > users figured they were all toys though. What you describe sounds like it > might just be a standard menu with ansi.sys (the one that gave you access > to colors?) loaded and used. No, it was a specially written (non-MS) program, I may even still have an old floppy stashed in the basement that contains the app. > > Gads, this old stuff's giving me head aches just thinking about it w/r to > what we can do now. You know, there are quite a few of the old DOS > commands I still use even today because they're so blazingly fast compared > to any GUI in windows. I'm particularly attached to XXCOPY, a proprietary > but very handy program, and I use it in quite a few batch files to do > quickie backups. Before a GUI program can even get loaded, XXCopy is all > done and has exited. One of the things I most hate about Vista is that MS completely abandonded all connections to DOS (IIRC all previous versions were still rooted in DOS at their core), so a lot of the good ol' DOS commands just won't run any more. Even worse, you can't boot to DOS like you could in older versions of Windows to make emergency repairs to the OS. From nobody at spamcop.net Sun Feb 14 20:39:14 2010 From: nobody at spamcop.net (Twayne) Date: Sun Feb 14 20:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hl9m9h$eqf$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hl7i3u$llo$1@news.spamcop.net... >> >> No, not "DOS Edit"; "Edlin". It was strictly a line editor. Wanna >> copy a paragraph? You had to do it a line at a time. LIterally. > > Oh, I remember all too well what a PITA Edlin was to use....the worse > thing, IIRC, is that you couldn't see the line of code above or below > the one you were currently editing. You basically had to first write > all the code on paper and carefully type it in line by line. I sort of recall that; but you did overtype the line as you typed. lol, I don't think I even knew what a version was in those days, but perhaps there were differeing versions or it varied by OS. The VAX was all I ever actually got my hands on and that was with plenty of supervision at first. > >> >> Actually there were a few different GUI's for DOS, some of them >> pretty elegant for the period. I can't recall their names but one of >> the later ones even let you use a mouse if it was loaded properly. >> "Real" computer users figured they were all toys though. What you >> describe sounds like it might just be a standard menu with ansi.sys >> (the one that gave you access to colors?) loaded and used. > > No, it was a specially written (non-MS) program, I may even still > have an old floppy stashed in the basement that contains the app. ... > > One of the things I most hate about Vista is that MS completely > abandonded all connections to DOS (IIRC all previous versions were > still rooted in DOS at their core), so a lot of the good ol' DOS > commands just won't run any more. Even worse, you can't boot to DOS > like you could in older versions of Windows to make emergency repairs > to the OS. Doesn't Vista have a Command Prompt like XP did? I've had a few Vista machines in but never really paid much attention to them. So far I haven't had to do anything with Vista but tweak a few settings and explain what I did so they could do it themselves next time. If I start getting enough in to worry about I'll be forced to learn it though, I suppose; no big deal but I'm not young enough to learn all those new tricks these days. I've often toyed with the idea of dual-boot and installing DOS 6.22. I was fortunately quick enough to get all my floppies onto DVDs before the floppies demagnetized. I still lost a lot though; they were all about two years old by the time I realized I might want to play with some of the stuff on all those floppies. Got most of the important stuff though, and even Ashton Tate's dBase II and III. IV was trashed, but I managed to get a copy of Vulcan to replace it. I still have a dBase program in use at the local psychiatric hospital, believe it or not! It's just a simple relational database with not many tables but lots of different ways of looking at the data. Only got it back once to tweak some things on it, mostly to automate database compacting every ten sessions. They're still running VAXes, too. That old equipment just seems to last and last and ... . Last one I fixed it was just a matter of replacing motors that finally wore out. Well, reality is calling, Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Tue Feb 16 10:17:50 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 16 10:20:09 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hla8jt$lfl$1@news.spamcop.net... > Doesn't Vista have a Command Prompt like XP did? Yes, it has a cmd prompt, but only AFTER critical parts of the OS has loaded, meaning you can't change or alter those files because they're in use. Booting to Safe mode is no longer "safe" in Vista, it's pretty much only useful for using system restore, recover to last known good config, or starting from scratch. For instance, there is no way to run chkdsk in _any_ mode Vista offers, you have to schedule it to run on the next boot before WinBloze gets loaded. From kenbrody at spamcop.net Tue Feb 16 11:02:53 2010 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Feb 16 11:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: On 2/16/2010 10:17 AM, Indigo wrote: > > "Twayne" wrote in message > news:hla8jt$lfl$1@news.spamcop.net... >> Doesn't Vista have a Command Prompt like XP did? > > Yes, it has a cmd prompt, but only AFTER critical parts of the OS has > loaded, meaning you can't change or alter those files because they're in > use. Booting to Safe mode is no longer "safe" in Vista, it's pretty much > only useful for using system restore, recover to last known good config, > or starting from scratch. For instance, there is no way to run chkdsk in > _any_ mode Vista offers, you have to schedule it to run on the next boot > before WinBloze gets loaded. Or, get BartPE (http://www.nu2.nu/pebuilder/) or Ultimate Boot CD for Windows (http://www.ubcd4win.com/), and run chkdsk from there. I'm trying to remember if the Win7 "recovery console" has chkdsk. I think it does. -- Kenneth Brody From nobody at spamcop.net Tue Feb 16 12:27:22 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 16 12:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hlecuu$7bi$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hla8jt$lfl$1@news.spamcop.net... >> Doesn't Vista have a Command Prompt like XP did? > > Yes, it has a cmd prompt, but only AFTER critical parts of the OS has > loaded, meaning you can't change or alter those files because they're > in use. Booting to Safe mode is no longer "safe" in Vista, it's > pretty much only useful for using system restore, recover to last > known good config, or starting from scratch. For instance, there is > no way to run chkdsk in _any_ mode Vista offers, you have to schedule > it to run on the next boot before WinBloze gets loaded. Hmm, interesting; thanks for your description/opinion. You've succeeded in getting me interested in Vista even if I don't have it available. I do have win7 and plan to install it "someday" when I can get around to it. This Dell came with both XP and win 7 setup disks/papers but I only installed XP; didn't want to mess with a learning curve right away. Luck, Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Tue Feb 16 12:36:55 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 16 12:40:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Kenneth Brody" wrote in message news:hlefj4$892$1@news.spamcop.net... > Ultimate Boot CD for > Windows (http://www.ubcd4win.com/), and run chkdsk from there. Oh...my.....ghod......what a gangbuster cluster of tools! While I already have more than a few of those apps, one of them, the MBR repair tool, may have saved me from having to do a clean install of Vista several months ago.....although my machine needed the clean install anyway, it's running sooooo much better now. Thnx for the great link! From nobody at spamcop.net Tue Feb 16 13:47:41 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 16 13:50:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hleki1$a7s$1@news.spamcop.net... > > Hmm, interesting; thanks for your description/opinion. You've succeeded > in getting me interested in Vista even if I don't have it available. I do > have win7 and plan to install it "someday" when I can get around to it. > This Dell came with both XP and win 7 setup disks/papers but I only > installed XP; didn't want to mess with a learning curve right away. Unless you're the caretaker for friends or family members PC's that run Vista, I'd never get close to it if I were you, it SUCKS! From nobody at spamcop.net Tue Feb 16 17:48:35 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 16 17:50:07 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: In news:hlep8d$brj$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hleki1$a7s$1@news.spamcop.net... >> >> Hmm, interesting; thanks for your description/opinion. You've >> succeeded in getting me interested in Vista even if I don't have it >> available. I do have win7 and plan to install it "someday" when I >> can get around to it. This Dell came with both XP and win 7 setup >> disks/papers but I only installed XP; didn't want to mess with a >> learning curve right away. > > Unless you're the caretaker for friends or family members PC's that > run Vista, I'd never get close to it if I were you, it SUCKS! LOL, That's exactly what I am, and I do think Vista sucks with great suckicity and vacuuosity! But if I want to keep my "beloved" status I have to keep looking like I know what I'm talking about and having occasional successes, or they'll end up rubbing rock salt on their butts and blame me for it! I'll bet you're in the same boat. Interestingly enough, from the business side, I see very few Vista machines and so far even fewer with win 7. Not that I do a huge volume, but still ... . It seems only the people that don't know what they're buying so far are ending up with Vista. I do admit to hyping XP over either one though; maybe it helps keep the numbers down. Cheers, From nobody at spamcop.net Tue Feb 16 22:02:32 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 16 22:05:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Twayne" wrote in message news:hlf7c9$gnb$1@news.spamcop.net... > LOL, That's exactly what I am, and I do think Vista sucks with great > suckicity and vacuuosity! But if I want to keep my "beloved" status I have > to keep looking like I know what I'm talking about and having occasional > successes, or they'll end up rubbing rock salt on their butts and blame me > for it! > I'll bet you're in the same boat. Well, not really....out of the five kids in my family, 4 are pretty much computer geeks, as is my Dad, and a lot of my friends, being engineers, are also very knowledgable about PC systems. Most of us took care of our own work machines since the IT dept. was filled with fresh-outs that couldn't even run a simple cmd line op to save their lives! They just got their MS certs, never learned the guts of how PCs really work. The only time I get or need to help someone with their 'puter is when I'm dating someone that treats her laptop and peripherals like appliances ;-) From me at privacy.net Tue Feb 16 23:41:13 2010 From: me at privacy.net (Frog Prince) Date: Tue Feb 16 23:55:07 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Indigo" wrote in message news:hlfm88$m60$1@news.spamcop.net... > > "Twayne" wrote in message > news:hlf7c9$gnb$1@news.spamcop.net... >> LOL, That's exactly what I am, and I do think Vista sucks with great >> suckicity and vacuuosity! But if I want to keep my "beloved" status I >> have to keep looking like I know what I'm talking about and having >> occasional successes, or they'll end up rubbing rock salt on their butts >> and blame me for it! >> I'll bet you're in the same boat. > > Well, not really....out of the five kids in my family, 4 are pretty much > computer geeks, as is my Dad, and a lot of my friends, being engineers, > are also very knowledgable about PC systems. Most of us took care of our > own work machines since the IT dept. was filled with fresh-outs that > couldn't even run a simple cmd line op to save their lives! They just got > their MS certs, never learned the guts of how PCs really work. > > The only time I get or need to help someone with their 'puter is when I'm > dating someone that treats her laptop and peripherals like appliances ;-) Based on your tails of woe ... you're either a laptop or peripheral ... definitely an appliance. From nobody at spamcop.net Wed Feb 17 16:25:27 2010 From: nobody at spamcop.net (bar0) Date: Wed Feb 17 16:30:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Frog Prince" wrote in message news:hlfshu$og5$1@news.spamcop.net... > ... > Based on your tails of woe ... you're either a laptop or peripheral ... > definitely an appliance. One of the best chuckles I've had in this froup for a long time. From nobody at spamcop.net Wed Feb 17 20:59:27 2010 From: nobody at spamcop.net (Heidi) Date: Wed Feb 17 21:00:08 2010 Subject: [Scgeeks] Re: Still something weird going on References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Frog Prince" wrote in message news:hlfshu$og5$1@news.spamcop.net... > > > Based on your tails of woe ... you're either a laptop or peripheral ... > definitely an appliance. ITYM 'Tool'......(D&R) From nobody at spamcop.net Wed Feb 17 21:24:21 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 17 21:25:08 2010 Subject: [Scgeeks] Re: Still something weird going on In-Reply-To: References: <2135124.b9nUPlyArG@dev.null.davjam.org> Message-ID: "Frog Prince" wrote in message news:hlfshu$og5$1@news.spamcop.net... > > Based on your tails of woe ... you're either a laptop or peripheral ... > definitely an appliance. > No, I'm either a handyman or an ATM..... From me at privacy.net Thu Feb 18 14:30:17 2010 From: me at privacy.net (Frog Prince) Date: Thu Feb 18 14:35:07 2010 Subject: [Scgeeks] Acer restoration Message-ID: I'm trying to tech an Acer 5100 computer with Vista. System required a restore. Hidden partition restore failed. Bought the CD restore set from Acer. No joy. Told I needed to do a low level format etc. did that and more no joy. Set the HDD up on another computer (dell) used their restore CD apparently works. All test I can run on the HDD (WD 1600 btw) indicates the HDD is good. Is there any way to fake/simulate an Acer computer but use another computer so the restore CDs can play nice with the HDD that came in the Acer and restore the Acer OS etc. Acer support is no help (they don't respond to email or phone calls) I get an error 0xa000000e from all attempts to restore using the Acer computer and their restore CD. Web search shows alot of other folk with the same problem but no solutions. From kenbrody at spamcop.net Thu Feb 18 15:38:58 2010 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Feb 18 15:40:09 2010 Subject: [Scgeeks] Re: Acer restoration In-Reply-To: References: Message-ID: On 2/18/2010 2:30 PM, Frog Prince wrote: > I'm trying to tech an Acer 5100 computer with Vista. > > System required a restore. Hidden partition restore failed. > Bought the CD restore set from Acer. No joy. [...] > I get an error 0xa000000e from all attempts to restore using the Acer > computer and their restore CD. > > Web search shows alot of other folk with the same problem but no solutions. Does your system have an IDE or SATA HD? I have seen restore disks that don't work if you have SATA, because the restore disks don't have SATA drivers. (I'd love to hear the story behind that one.) If you have SATA, see if the BIOS has "IDE emulation" or "IDE mode" available for the SATA HD, and enable it, and see if the restore now works. -- Kenneth Brody From me at privacy.net Thu Feb 18 16:55:58 2010 From: me at privacy.net (Frog Prince) Date: Thu Feb 18 17:00:08 2010 Subject: [Scgeeks] Re: Acer restoration References: Message-ID: "Kenneth Brody" wrote in message news:hlk8gp$ch4$1@news.spamcop.net... > On 2/18/2010 2:30 PM, Frog Prince wrote: >> I'm trying to tech an Acer 5100 computer with Vista. >> >> System required a restore. Hidden partition restore failed. >> Bought the CD restore set from Acer. No joy. > [...] >> I get an error 0xa000000e from all attempts to restore using the Acer >> computer and their restore CD. >> >> Web search shows alot of other folk with the same problem but no >> solutions. > > Does your system have an IDE or SATA HD? I have seen restore disks that > don't work if you have SATA, because the restore disks don't have SATA > drivers. (I'd love to hear the story behind that one.) > > If you have SATA, see if the BIOS has "IDE emulation" or "IDE mode" > available for the SATA HD, and enable it, and see if the restore now > works. > > -- > Kenneth Brody Thanks it's SATA and was OEM hardware. I'll check for an emulation From joegill at removethis Fri Feb 19 13:10:21 2010 From: joegill at removethis (Joe Gill) Date: Fri Feb 19 13:15:08 2010 Subject: [Scgeeks] Re: Acer restoration In-Reply-To: References: Message-ID: "Frog Prince" wrote in message news:hlk4gk$b1v$1@news.spamcop.net... > I'm trying to tech an Acer 5100 computer with Vista. > > System required a restore. Hidden partition restore failed. > Bought the CD restore set from Acer. No joy. > > Told I needed to do a low level format etc. did that and more no joy. > > Set the HDD up on another computer (dell) used their restore CD apparently > works. All test I can run on the HDD (WD 1600 btw) indicates the HDD is > good. > > Is there any way to fake/simulate an Acer computer but use another > computer so the restore CDs can play nice with the HDD that came in the > Acer and restore the Acer OS etc. > > Acer support is no help (they don't respond to email or phone calls) > > I get an error 0xa000000e from all attempts to restore using the Acer > computer and their restore CD. > > Web search shows alot of other folk with the same problem but no > solutions. > Did you 'wipe the partition' or wipe the entire drive including deleting all partition??? http://www.barrywheeler.ca/2009/04/acer-aspire-restore-failed-reason-0xa000000e/ Does this sound like your problem? A couple quotes... If you own an Acer laptop and are trying to do a system restore, the message Restore Failed - Reason 0xa000000e means you have to delete the existing partitions from the hard disk drive before you start the restore process. This will suck if you have data on any of those partitions, but if you are doingregular backups, you should have no concerns. In goes the UBCD, and this time, I decided to try some FileSystem Utilities. In here, I loaded some Partition Utilities and a free version of FDISK, a program that would allow me to delete any partitions that existed on the hard drive. I discovered 2 partitions - one was the Windows Vista NTFS partitition and the other was a "Non-DOS" partition" used by the Acer Aspire system restore process to reload the laptop In here, I loaded some Partition Utilities and a free version of FDISK, a program that would allow me to delete any partitions that existed on the hard drive. I discovered 2 partitions - one was the Windows Vista NTFS partitition and the other was a "Non-DOS" partition" used by the Acer Aspire system restore process to reload the laptop. With both partitions deleted, the Acer Aspire System Restore process started and voila - it continued and there was no Restore Failed - Reason 0xa000000e. I let the process finish and Windows Vista installed along with all the drivers and bundled software. From me at privacy.net Fri Feb 19 17:49:54 2010 From: me at privacy.net (Frog Prince) Date: Fri Feb 19 17:55:08 2010 Subject: [Scgeeks] Re: Acer restoration References: Message-ID: "Joe Gill" wrote in message news:hlmk72$8hg$1@news.spamcop.net... > > "Frog Prince" wrote in message > news:hlk4gk$b1v$1@news.spamcop.net... >> I'm trying to tech an Acer 5100 computer with Vista. >> >> System required a restore. Hidden partition restore failed. >> Bought the CD restore set from Acer. No joy. >> >> Told I needed to do a low level format etc. did that and more no joy. >> >> Set the HDD up on another computer (dell) used their restore CD >> apparently works. All test I can run on the HDD (WD 1600 btw) indicates >> the HDD is good. >> >> Is there any way to fake/simulate an Acer computer but use another >> computer so the restore CDs can play nice with the HDD that came in the >> Acer and restore the Acer OS etc. >> >> Acer support is no help (they don't respond to email or phone calls) >> >> I get an error 0xa000000e from all attempts to restore using the Acer >> computer and their restore CD. >> >> Web search shows a lot of other folk with the same problem but no >> solutions. >> > > Did you 'wipe the partition' or wipe the entire drive including deleting > all partition??? > > http://www.barrywheeler.ca/2009/04/acer-aspire-restore-failed-reason-0xa000000e/ > > Does this sound like your problem? > > A couple quotes... > > > > If you own an Acer laptop and are trying to do a system restore, the > message Restore Failed - Reason 0xa000000e means you have to delete the > existing partitions from the hard disk drive before you start the restore > process. This will suck if you have data on any of those partitions, but > if you are doingregular backups, you should have no concerns. > > In goes the UBCD, and this time, I decided to try some FileSystem > Utilities. In here, I loaded some Partition Utilities and a free version > of FDISK, a program that would allow me to delete any partitions that > existed on the hard drive. I discovered 2 partitions - one was the > Windows Vista NTFS partitition and the other was a "Non-DOS" partition" > used by the Acer Aspire system restore process to reload the laptop > > In here, I loaded some Partition Utilities and a free version of FDISK, a > program that would allow me to delete any partitions that existed on the > hard drive. I discovered 2 partitions - one was the Windows Vista NTFS > partitition and the other was a "Non-DOS" partition" used by the Acer > Aspire system restore process to reload the laptop. > > With both partitions deleted, the Acer Aspire System Restore process > started and voila - it continued and there was no Restore Failed - Reason > 0xa000000e. I let the process finish and Windows Vista installed along > with all the drivers and bundled software. Did that and more finally did a low level format, format and partition. HDD seems to be ok as it works in all the other applications and installs I've tried. Finally managed to get though to 2nd level support at WD and according to WD Acer had some special hardware/configuration (WD records do not reflect the nature of these mods) that may or may not explain the failure of the Acer Supplied restore disk to work. From nobody at spamcop.net Sun Feb 21 15:05:42 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 21 15:10:08 2010 Subject: [Scgeeks] Weird mouse behavior Message-ID: I have a Logitech wireless mouse, and for the last month or so it's been doing some really, really strange things. Sometimes when I'm typing email, with my left hand on the keyboard and my right gently holding the mouse to move the cursor, without actually moving the mouse the cursor will jump to somewhere else in the email and highlight text all by itself. It's actually even happened with BOTH hands on the keyboard! Even weirder (and scarier) is that sometimes while I'm away from the PC the mouse will "point and click" all by itself. For instance, yesterday morning I was googling for some info while listening to XM streaming audio. When I quit to go watch a basketball game, I pulled up the XM popup window, clicked on the "stop" button, and left my office. Twice during the game I heard voices coming from my office, went back to see what was going on, and the XM stream was back on, and even worse, a different preset (the last one) had been selected. That means not only did the mouse cursor move, it also had to left-click on the preset button to restart the stream! WTF is going on here, outside of a poltergiest? The ONLY thing that could possibly account for the cursor movement is that the mousepad sits on a small platform I built to rest over the top right drawer of my desk, and it's on a _very_ slight incline. So theoretically, vibrations from planes flying over my house or from a booming stereo/TV could make the mouse move a wee bit, but I cannot think of ANYTHING that can account for the clicking action. And it only does it's "tricks" in the top, or active, window. The one thing that negates my vibration movement theory is that in the XM window it's always the last, or bottom, preset that gets activated on it's own, and to get the cursor there you have to pull the mouse UP the incline, not down. So I guess I'm at a loss to explain the strange behavior, short of an intruder. Thoughts? From nobody at spamcop.net Sun Feb 21 15:28:33 2010 From: nobody at spamcop.net (bar0) Date: Sun Feb 21 15:30:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: "Indigo" wrote in message news:hls3mm$9dv$1@news.spamcop.net... Get any other mouse lying around that seems to work well and try it for a week, if the self clicking etc go away, buy a new mouse. ultimately all mice seem to behave like this, after some time, particularly the powered optical ones. From me at privacy.net Sun Feb 21 16:55:59 2010 From: me at privacy.net (anon) Date: Sun Feb 21 17:00:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: "bar0" wrote in message news:hls51l$9rs$1@news.spamcop.net... > > "Indigo" wrote in message > news:hls3mm$9dv$1@news.spamcop.net... > > Get any other mouse lying around that seems to work well and try it for a > week, if the self clicking etc go away, buy a new mouse. ultimately all > mice seem to behave like this, after some time, particularly the powered > optical ones. > I have a wired mouse that sometimes will move the cursor around on the screen with my hand off of it. I have a feeling that there may even be transients in the computer motherboard that cause that. NO VIRUSES. Does not happen often, At least mine does not right or left click. THAT'S SCARY. From nobody at spamcop.net Sun Feb 21 19:50:13 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 21 19:55:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "bar0" wrote in message news:hls51l$9rs$1@news.spamcop.net... > > ultimately all mice > seem to behave like this, after some time, particularly the powered > optical ones. Really? Any idea why? This mouse is about 4 years old, IIRC. My sister thought it might be electrical interference with my (very close) cordless phone, but it operates at 5.8 Ghz, mouse is 2.4 Ghz, so I doubt that's the problem, besides the fact that the phone and USB dongle have been in the same location for several years without any issues. From nobody at spamcop.net Sun Feb 21 19:51:35 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 21 19:55:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "anon" wrote in message news:hlsa5j$boh$1@news.spamcop.net... > > I have a feeling that there may even be transients in the computer > motherboard that cause that. NO VIRUSES. > None here either, I did another clean sweep today with AVG and M-BAM. > Does not happen often, At least mine does not right or left click. THAT'S > SCARY. Yes, it is! From nobody at spamcop.net Sun Feb 21 20:13:48 2010 From: nobody at spamcop.net (Twayne) Date: Sun Feb 21 20:15:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: In news:hlskc4$fff$1@news.spamcop.net, Indigo typed: > "bar0" wrote in message > news:hls51l$9rs$1@news.spamcop.net... >> > >> > ultimately all mice >> seem to behave like this, after some time, particularly the powered >> optical ones. > > Really? Any idea why? This mouse is about 4 years old, IIRC. > > My sister thought it might be electrical interference with my (very > close) cordless phone, but it operates at 5.8 Ghz, mouse is 2.4 Ghz, > so I doubt that's the problem, besides the fact that the phone and > USB dongle have been in the same location for several years without > any issues. Probably the same location for years, but I'm betting on that being the ultimate source of the annoyances. Planes off on the horizon, cabs driving by, trucker with a linear amp, data over power wires, phone line crosstalk, and all kinds of things can create a problem. 2.4 GHz and 5.8 GHz, BTW, means zip to them being able to bother each other. Those are simply the clock freqs, one of many used within the products. So if you're looking for harmonics or multiples of this 'n' that, those freqa aren't likely to be the ones causing problems. Interference isn't always through the air, either. Your power lines to your computer and other peripherals can have lots of signals on them from residue of valid powerline transmissions of data (electric meters, messaging, all kinds of things) to a mess of freqs coming from every peripheral you have connected -could- go out their power plug, transmitted along your 120Vac wires, and picked up either via the phone's brick or even thru that air. Try rotating your phone (and brick if it has one) 90 degrees inthe horizontal plane and see if anything changes. If not, next try rotating it 90 degrees in the vertical direction and see if that makes any difference. Note, 90 degrees, or 270 degrees, NOT 180 degrees. If it's air interference, one of those or both might show enough differences to put you on a track. If no joy that way, try going to RS or someplace like them and get a line filter for the 120Vac. Then start applying that to each component, one at a time, looking for a difference in the annoyances. If everything isn't on the same breaker (computer & peripherals, etc.) and your phone is in your computer room, they should technically be onthe same breaker for the best grouding controls. Sometiems the opposite works, too; for example you usually want a laser printer on a different line so ti won't pulse the computer line keeping the fusing wire warm & ready. So if it's not on another breaker, try putting it on one. And so on. As the FCC Part 15 notice says, if you get interference, try respositioning things to get rid of it. Passing Part 15 is no assurance a product doesn't radiate into the air or out onto the power lines. It just sets a minimum, and if you put a good enough receiver out there looking for those freqs, you're going to find them. Take the phone out of the room and see if it has the same issues in other rooms, on other breakers, the same breaker but in a different room, whatever possibilities you have available. Mostly it'll just take patience on your part. From past posts it sounds like you have a very large number of frequency productin equipment throughout your home and you could have an awful lot of stuff flying around so empirical is about the only thing that's going to work for you IMO. HTH, Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Sun Feb 21 20:46:54 2010 From: nobody at spamcop.net (bar0) Date: Sun Feb 21 20:50:07 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: "Indigo" wrote in message news:hlskc4$fff$1@news.spamcop.net... > > "bar0" wrote in message > news:hls51l$9rs$1@news.spamcop.net... >> > >> > ultimately all mice >> seem to behave like this, after some time, particularly the powered >> optical ones. > > Really? Any idea why? This mouse is about 4 years old, IIRC. No Idea, but I've been seeing this problem with mouse age ever since our software transitioned to Sun SPARC, after the SPARC1 came out. My guess on cabled mice is worn insulation, probably near the entry to the mouse or at catch points along the cable. I've only recently started occasional use of a BT wireless mouse. (No, I don't put that one in the bird bath) From loyal at spamcop.user Sun Feb 21 22:09:27 2010 From: loyal at spamcop.user (AndrewB) Date: Sun Feb 21 22:10:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: Indigo wrote: ... > WTF is going on here, outside of a poltergiest? The ONLY thing that > could possibly account for the cursor movement is that the mousepad sits > on a small platform I built to rest over the top right drawer of my > desk, and it's on a _very_ slight incline. So theoretically, vibrations > from planes flying over my house or from a booming stereo/TV could make > the mouse move a wee bit, but I cannot think of ANYTHING that can > account for the clicking action. And it only does it's "tricks" in the > top, or active, window. The one thing that negates my vibration movement > theory is that in the XM window it's always the last, or bottom, preset > that gets activated on it's own, and to get the cursor there you have to > pull the mouse UP the incline, not down. So I guess I'm at a loss to > explain the strange behavior, short of an intruder. > > Thoughts? Is your mouse infrared or bluetooth or something else? Trying a cabled mouse would at least rule out a computer problem vs a problem with the mouse itself. Have you tried a fresh set of batteries? AndrewB From nobody at spamcop.net Mon Feb 22 13:48:21 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 22 13:50:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hlslog$fvg$1@news.spamcop.net... > > Probably the same location for years, but I'm betting on that being the > ultimate source of the annoyances. Planes off on the horizon, cabs > driving by, trucker with a linear amp, data over power wires, phone line > crosstalk, and all kinds of things can create a problem. 2.4 GHz and 5.8 > GHz, BTW, means zip to them being able to bother each other. > Try > rotating your phone (and brick if it has one) 90 degrees inthe horizontal > plane and see if anything changes. If not, next try rotating it 90 > degrees in the vertical direction and see if that makes any difference. > Note, 90 degrees, or 270 degrees, NOT 180 degrees. If it's air > interference, one of those or both might show enough differences to put > you on a track. Hmmm....you may be onto something there....a few months ago I got tired of accidentally knocking the phone off of my desk so I velcroed the base unit to the desk top, at a 45 degree angle to me and the USB mouse dongle. Guess I could try rotating it, but I'd go with 45 degrees, not 90, because that's the position it was most often in before I glued it to the desk. I'm pretty sure you want me to go 90 for phase reasons, but that would basically put the phone exactly where it is now w/respect to the angle between it and the dongle. > > Mostly it'll just take patience on your part. From past posts it sounds > like you have a very large number of frequency productin equipment > throughout your home and you could have an awful lot of stuff flying > around so empirical is about the only thing that's going to work for you > IMO. > Yeah, I did, but I got rid of the audio hum by installing a ground loop isolator on my cable line as it enters the house - the cable signal has a different ground plane than my house electrics. I also installed a "cable modem optimizer" splitter to divide the signal between the modem and the PC's TV cable input, http://www.mcmelectronics.com/product/33-10395&CAWELAID=220402967 . Both of those have been in/on my system for many months, like over 6, long before the mouse problems erupted. From nobody at spamcop.net Mon Feb 22 13:52:00 2010 From: nobody at spamcop.net (Indigo) Date: Mon Feb 22 13:55:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "AndrewB" wrote in message news:hlssh6$if2$1@news.spamcop.net... > > Is your mouse infrared or bluetooth or something else? 2.4 Ghz wireless > > Trying a cabled mouse would at least rule out a computer problem vs a > problem with the mouse itself. > > Have you tried a fresh set of batteries? I have a Logitech app installed that monitors the mouse battery charge level and alerts me when to swap out old ones with freshly recharged ones. I get about 3 months/charge out of them, mouse is on 24/7/365. From loyal at spamcop.user Mon Feb 22 23:21:43 2010 From: loyal at spamcop.user (AndrewB) Date: Mon Feb 22 23:25:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: Indigo wrote: > > "AndrewB" wrote in message > news:hlssh6$if2$1@news.spamcop.net... >> >> Is your mouse infrared or bluetooth or something else? > > 2.4 Ghz wireless Thanks for confirming. Could anything else be near that might cause interference? Like a neighbor in a condo/apartment building? Other things I'm aware of in the 2.4 ghz space are microwaves, wireless routers (an especially vexing problem in a dense housing complex), bluetooth, security systems, and who knows what else. Since it seems by your description to happen randomly, your issues could be sporadic interference, perhaps from outside your residence. On a tangent, I did spot Logitech USB optical mice at Fry's recently for $9.99 each. Cheap! AndrewB From nobody at spamcop.net Tue Feb 23 13:51:41 2010 From: nobody at spamcop.net (Twayne) Date: Tue Feb 23 13:55:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: In news:hlujhl$6es$1@news.spamcop.net, Indigo typed: > "Twayne" wrote in message > news:hlslog$fvg$1@news.spamcop.net... >> >> Probably the same location for years, but I'm betting on that being >> the ultimate source of the annoyances. Planes off on the horizon, >> cabs driving by, trucker with a linear amp, data over power wires, >> phone line crosstalk, and all kinds of things can create a problem. >> 2.4 GHz and 5.8 GHz, BTW, means zip to them being able to bother >> each other. > Try rotating your phone (and brick if it has one) 90 >> degrees inthe horizontal plane and see if anything changes. If not, >> next try rotating it 90 degrees in the vertical direction and see if >> that makes any difference. Note, 90 degrees, or 270 degrees, NOT 180 >> degrees. If it's air interference, one of those or both might show >> enough differences to put you on a track. > > Hmmm....you may be onto something there....a few months ago I got > tired of accidentally knocking the phone off of my desk so I velcroed > the base unit to the desk top, at a 45 degree angle to me and the USB > mouse dongle. Guess I could try rotating it, but I'd go with 45 > degrees, not 90, because that's the position it was most often in > before I glued it to the desk. I'm pretty sure you want me to go 90 > for phase reasons, but that would basically put the phone exactly > where it is now w/respect to the angle between it and the dongle. That sounds logical. No harm in trying both either, but start with the 45 as you described. Also it wouldn't actually maintain the identical phase difference by going 90 though: It might reverse the phase difference which, depending on the antennae involved could change something. But by this point it's reaching the point of diminishing returns, I agree. > >> >> Mostly it'll just take patience on your part. From past posts it >> sounds like you have a very large number of frequency productin >> equipment throughout your home and you could have an awful lot of >> stuff flying around so empirical is about the only thing that's >> going to work for you IMO. >> > > Yeah, I did, but I got rid of the audio hum by installing a ground > loop isolator on my cable line as it enters the house - the cable > signal has a different ground plane than my house electrics. I also > installed a "cable modem optimizer" splitter to divide the signal > between the modem and the PC's TV cable input, > http://www.mcmelectronics.com/product/33-10395&CAWELAID=220402967 . > Both of those have been in/on my system for many months, like over 6, > long before the mouse problems erupted. If those worked for you, that's great. IME I've found that as often as not that kind of equipment can just move the ground loop to between another set/s of equipment. I'm not saying that type of product is no good; I am only saying they don't necessarily create what they claim (or neglect to claim) happens. But you indicate there is no time relationship between it and the problem, so assuming nothing changed, you're probably right. The following is a little straw-grabby but are a couple things I've used when I was in the industry. Have you tried, I'd assume, turning OFF all equipment and then turning it ON in a logical order, and watching to see if the symptoms start off gone and then appear? And remember, the worst radiator you have in all that equipment is going to be your monitor, especially behind and along the sides of it. Even LCD monitors spray a lot of noise. Get the monitor away from all bricks, power cords and data cords. Or get them away from the monitor, whichever is easier. I discovered the hard way that I cannot mount power bricks on the wall behind my monitor, regardless of their angle of mount. I thought it was a good idea because it got them all out of sight, but - nope; it definietly mattered. And my bench/desk has a 42" depth. Continuing with straw-grabby things that sometimes help a lot: Here's a thought for you that I used to my advantage once on avionics equipment. I've often thought an ammeter might be best for this but I used a 4.7 ohm 5% 1/2watt resistor instead so I could see both ac and DC. Then consider ALL the ground connections between all pieces of equipment. The highest reading will likely give a good indication of the major location of the fault/loop. Caveats: - Eliminate the most sensitive component; usually a turntable, by keeping it OFF until you think you've located a source of current flow. - In Earth ground, there should always be 0.00 mA on the lowest current scale flowing. Any current indicates a piece of equipment with a faulty isolation OR a ground loop. So check on low settings for any voltage that might develop across the resistor. - The resistor may increase the amount of, or even stop, ground currents. You'll know because symptoms stop or get worse. - Earth currents CAN be high if a piece of equipment has a fault. Watch out for a HOT resistor! - Surge protection type power bars should NOT be fed from another one with protection. - Connecting Power Strips in a daisy chain is counter protective to the protection they provide. Connecting them in this manner connects their surge protection trips in parallel, spreading any potential overload across each surge protector evenly. Where an overload of one size would trip one power strip, when two are connected, 2 times that overload is required to cause a trip to occur. Add a third to the end of the second and you need 3 times the original overload value to trip the surge protectors. http://www.compliance.gov/forms-pubs/eresources/fastfacts_extensioncords.pdf http://www.compliance.gov/forms-pubs/eresources/fastfacts_daisychains.pdf How certain it's a ground loop are you? Wasn't this a wireless mouse? Symptoms, as already discussed, caused by radiation thru the air to another piece of equipment. A piece of sheet steel (or copper if you're lucky enough to have some) with a clip lead to an earth ground preferably at the wall receptable, and wafted about between the various pieces of equipment, one at a time, can sometimes find a culprit. The shield has to be at least a little larger than the piece of equipment it's trying to shield and don't forget, there are three axis; x, y, and z (H, W, Depth). I have to admit, I'd never have the patience you do with these things. I think if it were me I'd have to do a "clean install" of all the hardware. Set out the UPS and a bunch of power bars (type with NO surge protection, which can create noise all by themselves), put the computer, monitor, mouse and any external drives on the desk and be sure it all works. And then continue adding pieces until something goes wrong. Boy, I'd just love to be turned loose in your rooms for a few days! If you haven't already, a schematic of every piece of gear you have in the entire house including all of the house wiring can often give some good information you can't otherwise see. I have a listing for every breaker and then for all equipment a schema of the pieces, like stereo center, TV stand, computer room, sewing machine, etc. etc. etc.. I know even breakers are on one side, odd numbered breakers on the other, etc. and can easily see whether there's a balance of any kind between the two. HTH, Twayne -- -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From nobody at spamcop.net Tue Feb 23 15:30:19 2010 From: nobody at spamcop.net (Indigo) Date: Tue Feb 23 15:35:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Twayne" wrote in message news:hm1843$a40$1@news.spamcop.net... I'm pretty sure you want me to go 90 >> for phase reasons, but that would basically put the phone exactly >> where it is now w/respect to the angle between it and the dongle. > > That sounds logical. > No harm in trying both either, but start with the 45 as you described. > Also it wouldn't actually maintain the identical phase difference by going > 90 though: It might reverse the phase difference which, depending on the > antennae involved could change something. But by this point it's reaching > the point of diminishing returns, I agree. Ok, I just moved it, rotated it about 40 degrees, just left a bit of an angle so I can still see the caller ID without having to move my chair. We'll see what happens. > > If those worked for you, that's great. IME I've found that as often as not > that kind of equipment can just move the ground loop to between another > set/s of equipment. I'm not saying that type of product is no good; I am > only saying they don't necessarily create what they claim (or neglect to > claim) happens. But you indicate there is no time relationship between it > and the problem, so assuming nothing changed, you're probably right. You probably aren't aware of _why_ I installed the ground loop isolator -- about a year ago, I bought a couple of audio splitters and ran wires from my PC audio output to my living room stereo and my downstairs stereo so I could listen to streaming audio on my PC anywhere in the house, even outdoors (have exterior speakers on my deck hooked up to the Speaker B outputs on the upstairs stereo). But instead of a nice clean line output signal, there was a significant level of humming interference, sometimes it got so loud it was almost as loud as the "real" audio signal. I posted here about the problem, got suggestions, tried different things, like moving the wires away from the power lines, but nothing I tried worked. Then I found the cause and solution on some obscure web page, the fact that my house ground is _not_ the same as the Comcast cable ground, creating the ground loop. Once I installed the isolator the noise disappeared instantly. I had purchased the other "optimizing splitter" prior to that to see if it would solve the problem, it didn't, but I left it installed anyway since I have a recurring problem with losing sync with the Comcast DNS server. > > The following is a little straw-grabby but are a couple things I've used > when I was in the industry. > > Have you tried, I'd assume, turning OFF all equipment and then turning it > ON in a logical order, and watching to see if the symptoms start off gone > and then appear? And remember, the worst radiator you have in all that > equipment is going to be your monitor, especially behind and along the > sides of it. Even LCD monitors spray a lot of noise. > Get the monitor away from all bricks, power cords and data cords. Or get > them away from the monitor, whichever is easier. No can do....my HP Touchsmart is all one unit....the LCD display is attached to the base of the PC with a two axis bracket (tilt and height). And some of the electronics are also contained in the sides and rear of the monitor case, i.e. the main case cannot be separated from the monitor like a typical desktop PC without losing functionality. It's more like a big laptop, in other words. > I discovered the hard way that I cannot mount power bricks on the wall > behind my monitor, regardless of their angle of mount. I thought it was a > good idea because it got them all out of sight, but - nope; it definietly > mattered. And my bench/desk has a 42" depth. Power bricks, meaning surge protectors? Didn't have much choice there either because of the way my hand-built desk and shelves are designed. My Dad built it for me as a wedding present, it's beautiful, REAL wood, not laminated particle board. The power strip is mounted in a gap in the center of the shelves behind the PC, slightly above and to the right, so I have easy access to it (the space was designed to make room for a monitor). > > Caveats: > - Eliminate the most sensitive component; usually a turntable, by keeping > it OFF until you think you've located a source of current flow. One of the first things I tried, no joy. > - Surge protection type power bars should NOT be fed from another one > with protection. > I've never heard of that "rule"....why? I do have one cheapo power strip that my inkjet printer/scanner/fax machine and desk lamp are plugged into, but it's plugged directly into the wall outlet, the switched socket, so the fax machine is turned off while I'm not working in the office. Otherwise, the fax machine picks up a phone call faster than my answering machine does -- fax picks up after 4 rings, answering machine after 8 rings -- so if I've got my hands full of stuff and can't get to a phone before the 4th ring, the fax machine would answer instead, an unworkable situation. And that phone line link is also another, different ground source, but it runs threw the same surge protector that my PC and peripherals are plugged into, and I haven't had an issue with any interference there that I know of. > - Connecting Power Strips in a daisy chain is counter protective to the > protection they provide. Connecting them in this manner connects their > surge protection trips in parallel, spreading any potential overload > across each surge protector evenly. Where an overload of one size would > trip one power strip, when two are connected, 2 times that overload is > required to cause a trip to occur. Add a third to the end of the second > and you need 3 times the original overload value to trip the surge > protectors. > Aha....guess I should have read more before I responded ;-) I never thought about that issue before, and dollars to donuts it's news to lots of other folks here, who may or may not be following this thread. AFAIK I don't have any daisy-chained suppressors in my house, but I'll put it on my "to do" list to check to make sure. I may have two ganged together in my workshop, now that I think about it.....but only lights and power tools like my table saw are plugged into them, no sensitive electronic equipment. > http://www.compliance.gov/forms-pubs/eresources/fastfacts_extensioncords.pdf > > http://www.compliance.gov/forms-pubs/eresources/fastfacts_daisychains.pdf > > > How certain it's a ground loop are you? Wasn't this a wireless mouse? Erm, getting two different issues mixed together here. The ground isolator was to solve the audio hum interference as described above (now I know that you weren't aware of why I installed it). The mouse is a completely different (and newish) problem. > > Symptoms, as already discussed, caused by radiation thru the air to > another piece of equipment. A piece of sheet steel (or copper if you're > lucky enough to have some) with a clip lead to an earth ground preferably > at the wall receptable, and wafted about between the various pieces of > equipment, one at a time, can sometimes find a culprit. The shield has to > be at least a little larger than the piece of equipment it's trying to > shield and don't forget, there are three axis; x, y, and z (H, W, Depth). > > I have to admit, I'd never have the patience you do with these things. I > think if it were me I'd have to do a "clean install" of all the > hardware. Set out the UPS and a bunch of power bars (type with NO surge > protection, which can create noise all by themselves), put the computer, > monitor, mouse and any external drives on the desk and be sure it all > works. And then continue adding pieces until something goes wrong. > Way too much work for me too ;-) Despite my best attempts at harness dressing, there's still a mess of cables and wires behind my shelves, no way am I going to start messing around with them again! For one, I'd have to move the desk, which weighs over 100 lbs (empty), probably over 200 lbs right now that it's full of stuff. That means emptying the shelves and desk so I can move it, nuh-uh! > Boy, I'd just love to be turned loose in your rooms for a few days! If > you haven't already, a schematic of every piece of gear you have in the > entire house including all of the house wiring can often give some good > information you can't otherwise see. I have a listing for every breaker > and then for all equipment a schema of the pieces, like stereo center, TV > stand, computer room, sewing machine, etc. etc. etc.. I know even > breakers are on one side, odd numbered breakers on the other, etc. and can > easily see whether there's a balance of any kind between the two. I do have two sets of detailed wiring schematics for two sections of my house, but not for the office. The first, and most critical to me, is the extremely complicated combination of optical, digital, analog RCA, and regular co-ax cabling the connects my stereo, TV, CD player, cable STB, and DVD/VHS recorder/player machines together, along with all the speakers (9 in all, 7 in the living room and the 2 on the deck), plus the audio input feed from my PC. I also have labels on all the different wires and power cords so if I add or replace a piece of equipment I know what connects to what and where. The second one is for the extra breakers and electrical lines I installed in my basement to provide power for my workshop, shed, and extra lighting systems, plus power to the alcove in my hallway and my pantry in the kitchen. I had to be very careful what got combined with what, my old sump pump drew 9-10 amps from the "as built" breaker and I originally hooked up the alcove, pantry, and shed to that one on the theory that I wouldn't be using the shed power if the sump pump was running because it would be wet outside. One of the new breakers is strictly for my table saw, it draws up to 13 amps, and the other one is for my workbench power strip and fluorescent light fixtures. I developed a strong sensitivity to chemical vapors and mold after I got sick with lyme disease, breathing paint fumes made me sick as hell, so when I had to replace my sump pump last year I decided to build an exhaust fan system for a spray painting booth, and I totally rewired everything to balance out the load amongst the various breakers. I also installed another 15 amp dedicated breaker so I could install a second outdoor GFI outlet on the other side of my house to power my high-amp leaf vac/blower when I was working on that side of my yard. As far as the breaker box itself goes, the schematics provided by the builder are "generics", the breaker numbers don't match up to the numbers hand written on the labels in the box, so I modified the schematics to reflect the actual breaker/power connections throughout the entire house. They didn't even make mention of the GFI outlets in my two bathrooms -- all the GFI's, including the one original outdoor outlet, are on the same breaker. But neither of my bathrooms have the standard GFI faceplates with resetable red/black buttons on them, so it took me a while to figure out that circuit....didn't finally discover all the connections until a few years ago when my ex-g/f was using a 1500 watt hair dryer in the hall bathroom while I was showering/shaving with my boombox on in my master bedroom bath at the same time, the circuit breaker popped, and I couldn't get it working again until I checked the outside GFI outlet and reset it. From joegill at removethis Mon Feb 22 20:26:57 2010 From: joegill at removethis (Joe Gill) Date: Wed Feb 24 11:20:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hlujog$6fj$1@news.spamcop.net... > > "AndrewB" wrote in message > news:hlssh6$if2$1@news.spamcop.net... >> >> Is your mouse infrared or bluetooth or something else? > > 2.4 Ghz wireless > >> >> Trying a cabled mouse would at least rule out a computer problem vs a >> problem with the mouse itself. >> >> Have you tried a fresh set of batteries? > > I have a Logitech app installed that monitors the mouse battery charge > level and alerts me when to swap out old ones with freshly recharged ones. > I get about 3 months/charge out of them, mouse is on 24/7/365. That same app, should allow you to check for updates to the drivers. If no new drivers, then I would reinstall the existing ones. If that fails, then look at mouse replacement.. From joegill at removethis Wed Feb 24 11:37:30 2010 From: joegill at removethis (Joe Gill) Date: Wed Feb 24 11:40:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hlujog$6fj$1@news.spamcop.net... > > "AndrewB" wrote in message > news:hlssh6$if2$1@news.spamcop.net... >> >> Is your mouse infrared or bluetooth or something else? > > 2.4 Ghz wireless > >> >> Trying a cabled mouse would at least rule out a computer problem vs a >> problem with the mouse itself. >> >> Have you tried a fresh set of batteries? > > I have a Logitech app installed that monitors the mouse battery charge > level and alerts me when to swap out old ones with freshly recharged ones. > I get about 3 months/charge out of them, mouse is on 24/7/365. Based on the fact that it is a 2.4Ghz mouse (which I missed the first time,,, I would look at: A) Interference B) Did you introduce anything in the 2.4Ghz range? C) Did you looking in your router logs to see who is conencted? Maybe someone on the outside! D) On your router, what channel are you using? Most people take the default (6, for Linksys). If so, change to 1 or 11, restart router and power cycle mouse. E) Are you in a apartment building or other close housing situation? Someone else may have a point of interference? F) Does this happen to be a Logitech MX610 or MX620 ? From nobody at spamcop.net Wed Feb 24 15:20:05 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 24 15:20:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Joe Gill" wrote in message news:hm3jht$aco$1@news.spamcop.net... > That same app, should allow you to check for updates to the drivers. > If no new drivers, then I would reinstall the existing ones. > If that fails, then look at mouse replacement.. Hmmmm....I did update the drivers a few months ago.....and rotating the cordless phone base like Twayne recommended trying didn't stop the problem. So you're suggesting that I "uninstall" the mouse and then reinstall it? I think I may have to turn it off to do that, or else the PnP service will find it as soon as I uninstall it and probably load generic drivers for it, not the multimedia mouse drivers from Logitech (it has something like 12 different buttons plus a wheel). Do you agree that I should turn off the mouse if I proceed this way? On the other hand....hmmm....if the PC doesn't "see" the mouse it might not let me add it as new hardware.... From nobody at spamcop.net Wed Feb 24 15:24:00 2010 From: nobody at spamcop.net (Indigo) Date: Wed Feb 24 15:25:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Joe Gill" wrote in message news:hm3kkk$ap6$1@news.spamcop.net... > > Based on the fact that it is a 2.4Ghz mouse (which I missed the first > time,,, I would look at: > A) Interference > B) Did you introduce anything in the 2.4Ghz range? No. > C) Did you looking in your router logs to see who is conencted? Maybe > someone on the outside! > D) On your router, what channel are you using? Most people take the > default (6, for Linksys). If so, change to 1 or 11, restart router and > power cycle mouse. No router, just a cable modem. > E) Are you in a apartment building or other close housing situation? > Someone else may have a point of interference? Only change is that my next door neighbors took down their big stand-alone TV antenna and got FIOS, that shouldn't have had a negative affect. The antenna used to be within 40-50 ft of the mouse. > F) Does this happen to be a Logitech MX610 or MX620 ? Don't think so, it's a Logitech MediaPlay cordless optical mouse. From nobody at nowhere.not Thu Feb 25 00:09:07 2010 From: nobody at nowhere.not (Robert Blair) Date: Thu Feb 25 00:10:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: On Wed, 24 Feb 2010 20:24:00 UTC, "Indigo" wrote: > > E) Are you in a apartment building or other close housing situation? > > Someone else may have a point of interference? > > Only change is that my next door neighbors took down their big stand-alone > TV antenna and got FIOS, that shouldn't have had a negative affect. The > antenna used to be within 40-50 ft of the mouse. If they have internet access with FIOS they have a 2.4Ghz wireless router. -- Robert Blair From nobody at spamcop.net Thu Feb 25 11:02:24 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 25 11:05:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-NdNOJSSOthsQ@Saturn.home... > On Wed, 24 Feb 2010 20:24:00 UTC, "Indigo" wrote: > >> > E) Are you in a apartment building or other close housing situation? >> > Someone else may have a point of interference? >> >> Only change is that my next door neighbors took down their big >> stand-alone >> TV antenna and got FIOS, that shouldn't have had a negative affect. The >> antenna used to be within 40-50 ft of the mouse. > > If they have internet access with FIOS they have a 2.4Ghz wireless router. > DOH'! Crap! If that's what's causing my mouse problem even buying a new mouse won't help! From nobody at spamcop.net Thu Feb 25 11:03:28 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 25 11:05:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-NdNOJSSOthsQ@Saturn.home... > On Wed, 24 Feb 2010 20:24:00 UTC, "Indigo" wrote: > >> > E) Are you in a apartment building or other close housing situation? >> > Someone else may have a point of interference? >> >> Only change is that my next door neighbors took down their big >> stand-alone >> TV antenna and got FIOS, that shouldn't have had a negative affect. The >> antenna used to be within 40-50 ft of the mouse. > > If they have internet access with FIOS they have a 2.4Ghz wireless router. And the time frame matches up too.....when they got FIOS and when my mouse went nuts... From nobody at spamcop.net Thu Feb 25 13:26:38 2010 From: nobody at spamcop.net (bar0) Date: Thu Feb 25 13:30:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hm670g$8l7$1@news.spamcop.net... > > "Robert Blair" wrote in message > news:TECQXhvKj0FX-pn2-NdNOJSSOthsQ@Saturn.home... >> On Wed, 24 Feb 2010 20:24:00 UTC, "Indigo" wrote: >> >>> > E) Are you in a apartment building or other close housing situation? >>> > Someone else may have a point of interference? >>> >>> Only change is that my next door neighbors took down their big >>> stand-alone >>> TV antenna and got FIOS, that shouldn't have had a negative affect. The >>> antenna used to be within 40-50 ft of the mouse. >> >> If they have internet access with FIOS they have a 2.4Ghz wireless >> router. > > And the time frame matches up too.....when they got FIOS and when my mouse > went nuts... That's why I said, round up the original mouse with tail, if the problem goes away, then it's either the mouse or the wireless kit. From nobody at spamcop.net Thu Feb 25 17:30:47 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 25 17:35:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "bar0" wrote in message news:hm6fcu$bjf$1@news.spamcop.net... > > That's why I said, round up the original mouse with tail, if the problem > goes away, then it's either the mouse or the wireless kit. Before I waste my time searching, are all wireless mouses 2.4 Ghz, or do they come in different flavors? And WTF did they choose the same goddamn frequency for routers and mice? If it's this bad in _my_ house, the interference in their house would render my mouse unusable over there! From nobody at spamcop.net Thu Feb 25 18:00:18 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 25 18:05:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "bar0" wrote in message news:hm6fcu$bjf$1@news.spamcop.net... > > That's why I said, round up the original mouse with tail, if the problem > goes away, then it's either the mouse or the wireless kit. No can do :-( My HP came with a wireless mouse, also 2.4 Ghz, it has no PS/2 mouse port, and I don't have the correct sex adapter to plug a wired mouse into a USB port. For some reason I have two PS/2 male to USB female connectors, the opposite of what I need, but no combination of cables and connectors I own (and there's a ton of them) will let me hook up the wired mouse. I just yanked the Logitech USB dongle and replaced it with the original HP one, turned off the Logitech mouse, and will try using the OEM HP mouse for a few days to see if there's any change in behavior. But I absolutely HATE the form and button action of the HP mouse, that's why the first thing I did after buying the computer was to throw it into a junk box and replace it with the Logitech mouse, cuz that's where that POS belongs. I assume if the HP mouse doesn't have issues that my Logitech mouse has worn out? It's had near daily use for 4 straight years, I would have run thru two wired ball mouses in that time frame based on how often I needed to replace the mouse on my work PC, so perhaps it's starting to fail like someone suggested. From nobody at spamcop.net Thu Feb 25 18:10:12 2010 From: nobody at spamcop.net (bar0) Date: Thu Feb 25 18:15:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hm6tmm$gst$1@news.spamcop.net... > > "bar0" wrote in message > news:hm6fcu$bjf$1@news.spamcop.net... >> >> That's why I said, round up the original mouse with tail, if the problem >> goes away, then it's either the mouse or the wireless kit. > > Before I waste my time searching, are all wireless mouses 2.4 Ghz, or do > they come in different flavors? And WTF did they choose the same goddamn > frequency for routers and mice? If it's this bad in _my_ house, the > interference in their house would render my mouse unusable over there! Allocations are from FCC, the 1-10GHz bands don't propagate far near earth, and so are allocated to short distance applications. So Allocations are based on both technical considerations and some political decisions and grandfathering of pioneering applications. From nobody at spamcop.net Thu Feb 25 18:12:31 2010 From: nobody at spamcop.net (bar0) Date: Thu Feb 25 18:15:10 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hm6ve1$hh5$1@news.spamcop.net... > > "bar0" wrote in message > news:hm6fcu$bjf$1@news.spamcop.net... >> >> That's why I said, round up the original mouse with tail, if the problem >> goes away, then it's either the mouse or the wireless kit. > > No can do :-( > > My HP came with a wireless mouse, also 2.4 Ghz, it has no PS/2 mouse port, > and I don't have the correct sex adapter to plug a wired mouse into a USB > port. For some reason I have two PS/2 male to USB female connectors, the > opposite of what I need, but no combination of cables and connectors I own > (and there's a ton of them) will let me hook up the wired mouse. > > I just yanked the Logitech USB dongle and replaced it with the original HP > one, turned off the Logitech mouse, and will try using the OEM HP mouse > for a few days to see if there's any change in behavior. But I absolutely > HATE the form and button action of the HP mouse, that's why the first > thing I did after buying the computer was to throw it into a junk box and > replace it with the Logitech mouse, cuz that's where that POS belongs. > > I assume if the HP mouse doesn't have issues that my Logitech mouse has > worn out? It's had near daily use for 4 straight years, I would have run > thru two wired ball mouses in that time frame based on how often I needed > to replace the mouse on my work PC, so perhaps it's starting to fail like > someone suggested. Goodwill computer stores have dozens of USB mice of all sorts for a coupl'a bucks. Also near end of life, but at least you'll know. From nobody at spamcop.net Thu Feb 25 19:11:29 2010 From: nobody at spamcop.net (Indigo) Date: Thu Feb 25 19:15:07 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "bar0" wrote in message news:hm704v$hr1$1@news.spamcop.net... > > Goodwill computer stores have dozens of USB mice of all sorts for a > coupl'a bucks. Also near end of life, but at least you'll know. I'm just going to use the HP mouse for a few days, that should give me my answer. It *is* brand new, after all, as far as time of use. From loyal at spamcop.user Fri Feb 26 00:21:29 2010 From: loyal at spamcop.user (AndrewB) Date: Fri Feb 26 00:25:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: Indigo wrote: > > "bar0" wrote in message > news:hm6fcu$bjf$1@news.spamcop.net... >> >> That's why I said, round up the original mouse with tail, if the >> problem goes away, then it's either the mouse or the wireless kit. > > Before I waste my time searching, are all wireless mouses 2.4 Ghz, or do > they come in different flavors? And WTF did they choose the same goddamn > frequency for routers and mice? If it's this bad in _my_ house, the > interference in their house would render my mouse unusable over there! Probably, unless the mouse is infrared. I thought I responded on this thread about this topic, but tons of things can emit interference in the 2.4ghz band: - bluetooth devices - microwaves - home security systems There aren't a lot of open frequencies that are designated for general home use. This situation of neighbor interference gets worse in dense housing. My complex is 2 floors, and I see dozens of visible routers (probably an additional third are invisible). AndrewB From nobody at spamcop.net Fri Feb 26 15:31:57 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 26 15:35:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "AndrewB" wrote in message news:hm7loq$pos$1@news.spamcop.net... > Probably, unless the mouse is infrared. I thought I responded on this > thread about this topic, but tons of things can emit interference in the > 2.4ghz band: > > - bluetooth devices > - microwaves > - home security systems > > There aren't a lot of open frequencies that are designated for general > home use. I used the old HP mouse most of the day yesterday without an problems (also 2.4 Ghz), but my pointer finger was sore this morning because the HP requires much effort to click. So I pulled out the HP dongle, replaced it with the Logitech one, turn the L mouse back on, Vista declared it new hardware (?) and installed some USB drivers, and so far today no weirdness. I just got done searching for a replacement, but that model is apparently discontinued (MediaPlay). Some loon on Amazon wants $115 for a new one! I did find another online store selling them for $70 (I paid about $45 originally), but reading various reviews and comments gave me an idea, another solution to try if the new driver installations don't solve the problem: A couple folks complained that the dongle had to be in a very precise location in their setup else the mouse malfunctioned. My dongle is plugged into a powered 4-port hub that sits on the left side of of the computer stand, barely has a line-of-sight to the mouse. I just moved the hub forward 2" so it's in clear view now. If that doesn't work, I can try the original Desktop USB stand that came with it and move the dongle to the right side of my PC, where it will be only 1 foot from the mouse. But so far so good..... I'm not terribly happy that Logitech doesn't produce the mouse anymore, and they don't sell anything that comes close to it either. It's by far the best mouse I've ever owned, an although I don't remember to use all the buttons very often, when I do it really speeds up surfing the net and working in big spreadsheets (mouse wheel tilts and scrolls left/right besides up/down). I'm half tempted to buy that $70 one and put it in storage for when the current one finally gives up the ghost. Oh, kewl...after some more googling, found one for $49! From joegill at removethis Fri Feb 26 18:07:39 2010 From: joegill at removethis (Joe Gill) Date: Fri Feb 26 18:10:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hm9b3t$cno$1@news.spamcop.net... > > "AndrewB" wrote in message > news:hm7loq$pos$1@news.spamcop.net... >> Probably, unless the mouse is infrared. I thought I responded on this >> thread about this topic, but tons of things can emit interference in the >> 2.4ghz band: >> >> - bluetooth devices >> - microwaves >> - home security systems >> >> There aren't a lot of open frequencies that are designated for general >> home use. > > I used the old HP mouse most of the day yesterday without an problems > (also 2.4 Ghz), but my pointer finger was sore this morning because the HP > requires much effort to click. So I pulled out the HP dongle, replaced it > with the Logitech one, turn the L mouse back on, Vista declared it new > hardware (?) and installed some USB drivers, and so far today no > weirdness. > > I just got done searching for a replacement, but that model is apparently > discontinued (MediaPlay). Some loon on Amazon wants $115 for a new one! I > did find another online store selling them for $70 (I paid about $45 > originally), but reading various reviews and comments gave me an idea, > another solution to try if the new driver installations don't solve the > problem: > > A couple folks complained that the dongle had to be in a very precise > location in their setup else the mouse malfunctioned. My dongle is plugged > into a powered 4-port hub that sits on the left side of of the computer > stand, barely has a line-of-sight to the mouse. I just moved the hub > forward 2" so it's in clear view now. If that doesn't work, I can try the > original Desktop USB stand that came with it and move the dongle to the > right side of my PC, where it will be only 1 foot from the mouse. But so > far so good..... > > I'm not terribly happy that Logitech doesn't produce the mouse anymore, > and they don't sell anything that comes close to it either. It's by far > the best mouse I've ever owned, an although I don't remember to use all > the buttons very often, when I do it really speeds up surfing the net and > working in big spreadsheets (mouse wheel tilts and scrolls left/right > besides up/down). I'm half tempted to buy that $70 one and put it in > storage for when the current one finally gives up the ghost. Oh, > kewl...after some more googling, found one for $49! Some observations: You say " My dongle is plugged into a powered 4-port hub that sits on the left side of of the computer stand, barely has a line-of-sight to the mouse. ...." I was under the understanding that Logitech would prefer they be plugged into an onboard port!! Also, I am using a Logitech V220 mouse it is great.... What else would I need? From nobody at spamcop.net Fri Feb 26 19:31:57 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 26 19:35:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Joe Gill" wrote in message news:hm9k8f$frt$1@news.spamcop.net... > > Some observations: > You say " My dongle is plugged > into a powered 4-port hub that sits on the left side of of the computer > stand, barely has a line-of-sight to the mouse. ...." > > I was under the understanding that Logitech would prefer they be plugged > into an onboard port!! Well, just minutes ago the mouse went nuts again, so I went downstairs to get the original USB dock and plugged it in, now it's only a foot from the mouse. Have to see what happens now. BTW, couldn't find a replacement after all, no one has them anymore. I just tried to buy one online for $69 but got an email minutes later rejecting my order, saying it was out of stock :-( Guess I'm not going to find a direct replacement, I'm not paying that outrageous $115 the guy on Amazon wants for his still-in-the-original-packaging mouse. > > > Also, I am using a Logitech V220 mouse it is great.... What else would I > need? That model doesn't have the forward/back buttons for navigating in your browser, which I really, really like. No way am I going to plug the dongle into one of the front ports on my PC, too easy to accidentally bump it and break it. I'm probably going to get this one if moving the dongle doesn't fix the problem: http://www.newegg.com/Product/Product.aspx?Item=N82E16826104342&Tpk=Logitech%20MX600%20Silver From nobody at spamcop.net Fri Feb 26 19:35:22 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 26 19:40:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hm9p5s$hlo$1@news.spamcop.net... > > http://www.newegg.com/Product/Product.aspx?Item=N82E16826104342&Tpk=Logitech%20MX600%20Silver In fact, I just bought one. Found it for only $24.99 at Buy.com via Amazon, and free shipping too! Can't beat that price. From joegill at removethis Fri Feb 26 19:36:19 2010 From: joegill at removethis (Joe Gill) Date: Fri Feb 26 19:40:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Indigo" wrote in message news:hm9p5s$hlo$1@news.spamcop.net... > > "Joe Gill" wrote in message > news:hm9k8f$frt$1@news.spamcop.net... >> >> Some observations: >> You say " My dongle is plugged >> into a powered 4-port hub that sits on the left side of of the computer >> stand, barely has a line-of-sight to the mouse. ...." >> >> I was under the understanding that Logitech would prefer they be plugged >> into an onboard port!! > > Well, just minutes ago the mouse went nuts again, so I went downstairs to > get the original USB dock and plugged it in, now it's only a foot from the > mouse. Have to see what happens now. BTW, couldn't find a replacement > after all, no one has them anymore. I just tried to buy one online for $69 > but got an email minutes later rejecting my order, saying it was out of > stock :-( Guess I'm not going to find a direct replacement, I'm not paying > that outrageous $115 the guy on Amazon wants for his > still-in-the-original-packaging mouse. > >> >> >> Also, I am using a Logitech V220 mouse it is great.... What else would I >> need? > > That model doesn't have the forward/back buttons for navigating in your > browser, which I really, really like. No way am I going to plug the dongle > into one of the front ports on my PC, too easy to accidentally bump it and > break it. I'm probably going to get this one if moving the dongle doesn't > fix the problem: > > http://www.newegg.com/Product/Product.aspx?Item=N82E16826104342&Tpk=Logitech%20MX600%20Silver OK, then connect a small USB 'extension cord' to move it away from the front... Also, is this a laptop? If so, there should be at least one side port. If this is a desktop, you can always was a USB card, if you have an open slot :) From nobody at spamcop.net Fri Feb 26 19:47:07 2010 From: nobody at spamcop.net (Indigo) Date: Fri Feb 26 19:50:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "Joe Gill" wrote in message news:hm9pen$hmg$1@news.spamcop.net... > OK, then connect a small USB 'extension cord' to move it away from the > front... That's what I just did -- the original USB dock has a 6' long cord. > Also, is this a laptop? If so, there should be at least one side port. > If this is a desktop, you can always was a USB card, if you have an open > slot :) > No, desktop: http://www.panbo.com/archives/2007/09/hp_touchsmart_a_good_pilothouse_pc.html On the lower right front of the case there's a flap that reveals various I/O ports, including 2 USB ports. You can imagine how exposed the dongle would be to damage if I plugged it in to one of those ports, I assume? From me at privacy.net Fri Feb 26 22:38:09 2010 From: me at privacy.net (anon) Date: Fri Feb 26 22:40:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: "Indigo" wrote in message news:hm9p5s$hlo$1@news.spamcop.net... > > "Joe Gill" wrote in message > news:hm9k8f$frt$1@news.spamcop.net... >> >> Some observations: >> You say " My dongle is plugged >> into a powered 4-port hub that sits on the left side of of the computer >> stand, barely has a line-of-sight to the mouse. ...." >> >> I was under the understanding that Logitech would prefer they be plugged >> into an onboard port!! > > Well, just minutes ago the mouse went nuts again, so I went downstairs to > get the original USB dock and plugged it in, now it's only a foot from the > mouse. Have to see what happens now. BTW, couldn't find a replacement > after all, no one has them anymore. I just tried to buy one online for $69 > but got an email minutes later rejecting my order, saying it was out of > stock :-( Guess I'm not going to find a direct replacement, I'm not paying > that outrageous $115 the guy on Amazon wants for his > still-in-the-original-packaging mouse. > >> >> >> Also, I am using a Logitech V220 mouse it is great.... What else would I >> need? > > That model doesn't have the forward/back buttons for navigating in your > browser, which I really, really like. No way am I going to plug the dongle > into one of the front ports on my PC, too easy to accidentally bump it and > break it. I'm probably going to get this one if moving the dongle doesn't > fix the problem: > You could always plug it into the back since you 'never' have to manually access it. RF will reach around to it. > http://www.newegg.com/Product/Product.aspx?Item=N82E16826104342&Tpk=Logitech%20MX600%20Silver From nobody at spamcop.net Sat Feb 27 12:10:50 2010 From: nobody at spamcop.net (Indigo) Date: Sat Feb 27 12:15:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "anon" wrote in message news:hma435$l8o$1@news.spamcop.net... > You could always plug it into the back since you 'never' have to manually > access it. RF will reach around to it. The little docking station is plugged into my hub and stashed safely under my PC platform. From nobody at spamcop.net Sat Feb 27 13:23:38 2010 From: nobody at spamcop.net (Twayne) Date: Sat Feb 27 13:25:08 2010 Subject: [Scgeeks] Re: Weird mouse behavior References: Message-ID: In news:hm9p5s$hlo$1@news.spamcop.net, Indigo typed: > "Joe Gill" wrote in message > news:hm9k8f$frt$1@news.spamcop.net... >> >> Some observations: >> You say " My dongle is plugged >> into a powered 4-port hub that sits on the left side of of the >> computer stand, barely has a line-of-sight to the mouse. ...." >> >> I was under the understanding that Logitech would prefer they be >> plugged into an onboard port!! > > Well, just minutes ago the mouse went nuts again, so I went > downstairs to get the original USB dock and plugged it in, now it's > only a foot from the mouse. Have to see what happens now. BTW, > couldn't find a replacement after all, no one has them anymore. I > just tried to buy one online for $69 but got an email minutes later > rejecting my order, saying it was out of stock :-( Guess I'm not > going to find a direct replacement, I'm not paying that outrageous > $115 the guy on Amazon wants for his still-in-the-original-packaging > mouse. Do you know you way around EBay? If so, it's a good place to look. > >> >> >> Also, I am using a Logitech V220 mouse it is great.... What else >> would I need? > > That model doesn't have the forward/back buttons for navigating in > your browser, which I really, really like. No way am I going to plug > the dongle into one of the front ports on my PC, too easy to > accidentally bump it and break it. I'm probably going to get this one > if moving the dongle doesn't fix the problem: > > http://www.newegg.com/Product/Product.aspx?Item=N82E16826104342&Tpk=Logitech%20MX600%20Silver The comment about plugging it into a port on the main board was a good one. A lot of peripherals don't like USB extenders for some reason. Plug it into one of the back ports, not the front ones, which might only be version 1.1. The barely "visible" bit makes sense as a probable cause, too, especially since you're constantly moving the mouse around pointing it off-center of the receptor, etc. etc. IMO you should be looking for a completely new mouse anyway, now you know it's not easily replaceable anymore. Sooner or later it WILL give out and IIRC you said 4 years, which is the latter part of sooner or later. Find a sub now so you won't end up dead in the water in the future. HTH, Twayne -- Life is the only real counselor; wisdom unfiltered through personal experience does not become a part of the moral tissue. From loyal at spamcop.user Sat Feb 27 22:31:03 2010 From: loyal at spamcop.user (AndrewB) Date: Sat Feb 27 22:35:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: Indigo wrote: > > "anon" wrote in message > news:hma435$l8o$1@news.spamcop.net... >> You could always plug it into the back since you 'never' have to >> manually access it. RF will reach around to it. > > The little docking station is plugged into my hub and stashed safely > under my PC platform. If you put the docking station on the desk, such that it's in line of sight to the mouse, will your problem recur? AndrewB From nobody at spamcop.net Sun Feb 28 14:21:49 2010 From: nobody at spamcop.net (Indigo) Date: Sun Feb 28 14:25:09 2010 Subject: [Scgeeks] Re: Weird mouse behavior In-Reply-To: References: Message-ID: "AndrewB" wrote in message news:hmco1m$isg$1@news.spamcop.net... >> >> The little docking station is plugged into my hub and stashed safely >> under my PC platform. > > If you put the docking station on the desk, such that it's in line of > sight to the mouse, will your problem recur? > Actually, it IS in direct line of sight. It's under one of the "wings" of the riser w/drawer that I placed the PC on, to it from protected from overhead falling objects but still in view of the mouse. Looks like this crude ASCI art of the riser, where "m" is the mouse dongle: ____________ | | m In any case, like Twayne mentioned I bought a Logitech MX600 just to be safe, got a great price from NewEgg, so if the new dongle location doesn't fix it I'll have a replacement with similar capabilities in hand. Oh, and Twayne? No USB 1.1 ports on this PC, all USB 2.0, as opposed to my downstairs PC, which came with a couple 1.1 ports, I added a card with Firewire and USB 2.0 ports to that machine. But it was a "classic" kind of case, very easy to open up and add cards, had about 4 empty slots on the MoBo. But my HP isn't built that way, I'm not even sure it's possible to "add" a card, although I know you can "replace", or upgrade, the existing cards, with some extra work. It doesn't have your typical brushed aluminum rear with those pop-out slot covers, i.e. it's not really made for swapping/adding cards since it came with every kind of port that exists right out of the box, both inputs and outputs (it's a multimedia machine, not an ordinary PC).