Detailed Report - Self-inflicted Infestation and MSAS 1.0.501

[plun]

Well - I was way off on my geographic guessing! My IP is dynamic, although
I'll admit to having been hit by two viruses today in the TIF--an unusual
level of activity, and I'd like to know why and how they are getting there.
Neither was anything dangerous or unusual, and I did spend 1/2 hour
listening to a Quicktime video from a local news site, so there may be
something happening with that site.

Two viruses

The most important thing is removing any IP adresses from this
reference link. In future we will have these links with
reference number
in all forums, all over the world.

IP adresses can be attacked, analysed in several ways as you
know.
You can do a lot of puzzling to track a person if you have
an IP adress.

And in future we will have our own IP adress at home, from
my ISP I can get
it if I want. It costs about $7 /month. With fixed IP,s it
more important
to not view it on several places on Internet.

So remove everything about ISP and IP adresses within these
links
from Spynet.

IMHO

 

[Bill Sanderson]

As you've noted, my IP is in the headers of every message, so that's hard to
eliminate. Future betas will probably use the new web interface, which, if
I used it, would hide my IP address completely, and my email as well.
Will I be able to stand the web interface enough to actually use it--not
full time.

You didn't find the IP address in the report, though, correct?

 

[plun]

As you've noted, my IP is in the headers of every message, so that's hard to
eliminate. Future betas will probably use the new web interface, which, if
I used it, would hide my IP address completely, and my email as well.
Will I be able to stand the web interface enough to actually use it--not
full time.

You didn't find the IP address in the report, though, correct?

To see IP adresses within mails is important but not in forums
etc, you can need this for abuse etc. In forums sysops
control this.

No, it was your statement about ISP information which I took for
also IP adress information.

I run a test report and nothing shows about ISP or IP adress.

I´m sorry about that.


One thing about this, I can´t see OS , servicepacksversion
and so on within
this list.

So let this IDs be spread all over our planet in all forums
to help people
out of these spywares.

 

[Bill Sanderson]

I don't see that in the report either, at this point, not sure what I was
thinking of. You can see some utilities that I run-the background app that
I run that does grid computing with spare cpu cycles, for example. You can
certainly fingerprint the OS that I am running.

 

[plun]

I don't see that in the report either, at this point, not sure what I was
thinking of. You can see some utilities that I run-the background app that
I run that does grid computing with spare cpu cycles, for example. You can
certainly fingerprint the OS that I am running.

Never ending story........

With "fingerprint" i mean this.

-----------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:22:23, on 2005-03-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe

-----------------------------------------------------

Logfile of MSAS v1.509
Spyware Definition Version: 5693 (2005-02-26 17:05:38)
Scan saved at 23:22:23, on 2005-03-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Direct clue about important information.

Install SP2! Update MSAS ! Update definition! for example

 

[JohnF.]

I ran Housecall Security Check on the MSAS 501 cleaned machine for fun - 7
left over registry entries found.

JohnF.

 

[plun]

I ran Housecall Security Check on the MSAS 501 cleaned machine for fun - 7
left over registry entries found.

You can make a "print report" from Housecall and then
copy and paste these entries to this fora.

More and more work.........