WARNING FOR WINDOWS USERS!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

There is a hack out there that is coming in through Outlook.exe (MS OFFICE
Professional 2007) while in the
Send/Receive Process, it leads to more Outlook.exe changes, as well as
changes in svchost.exe. it leads to very slow sending of documents, and may
be part of the Bot Net. after this has happened, I noticed a .INI file. I
opend it with Notepad, but did not uncheck open with this program by default.
it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
reset the clock, but with a fresh format BIOS and install, i checked and all
the .INI files still opend by default with notepad.( asystem setting saved by
software only) I have done this entire process with Vista Business, and XP
Pro SP 2.
DELL has been helpful with hardware, but Kaspersky labs can not find the
issue in their moscow lab.
i have used multiple scanning tools, and nothing finds it!
 
Ian said:
There is a hack out there that is coming in through Outlook.exe (MS
OFFICE Professional 2007) while in the
Send/Receive Process, it leads to more Outlook.exe changes, as well
as changes in svchost.exe. it leads to very slow sending of
documents, and may be part of the Bot Net. after this has happened,
I noticed a .INI file. I opend it with Notepad, but did not uncheck
open with this program by default. it changed all of them.I
reinstalled on a Scrubbed (7 times) HD with a new mother board a
flashed bios, but put the old C- MOSS (spelling?) in. had to reset
the clock, but with a fresh format BIOS and install, i checked and
all the .INI files still opend by default with notepad.( asystem
setting saved by software only) I have done this entire process
with Vista Business, and XP Pro SP 2.
DELL has been helpful with hardware, but Kaspersky labs can not
find the issue in their moscow lab.
i have used multiple scanning tools, and nothing finds it!
Click to expand...

Not enough details

The *.ini files are - by default - associated with notepad.

Opening a file and not unchecking the 'always open with' box when you do so
is not a symptom of a virus - well, unless you usually do it, but have the
flu and the fever made you forget to do it that one time.

I believe this is somewhat of a troll attempt to scare (trick or treat?)
anyone who might be gullable enough to believe it.
 
I wish it was and it may be on the part of the hacker who has accomplished
it.. but i had my motherboard replaced yeasterday.
if you try to open a INI file it will not open until you the user tells the
system to open the INI with note pad.
this is very real. and Kaspersky has an open case as does dell.
I also reported the issue to microsoft.
The people in the lab at dell and kaspersky both know that the system
default on a freah install to open an ini is not notepad, but a system file.
the default to open it so you can see it and hack/change it is notepad but
you have to make that selection the system will give you the option to choose
from a list of programs or do an internet search, the search comes up empty
handed saying unknown file type.INI files are usually hidden system files
untill you select to show hidden system files you do not even see them and
they do not open.
 
Ian said:
I wish it was and it may be on the part of the hacker who has accomplished
it.. but i had my motherboard replaced yeasterday.
if you try to open a INI file it will not open until you the user tells
the
system to open the INI with note pad.
Click to expand...


Sorry, what on EARTH has that got to do with having your motherboard
replaced?
 
the INI file is a system file, from the OS. wehn you do a fresh install a
previous ini setting will not remain, unless there is something in the BIOS,
or c-moss that also has an ini file to retain the setting.
my motherboard was replaced, but not the c-moss nor the raw hard drive,
which means that the hack is hiding either in the c-moss or the small bit of
memory where the hard drive will store your password if you set that up in
the BIOS, or it is hiding in the c-moss where you clock file is stored that
is why even if you scrub you drive you system always knows what time it is.
that is the relevance, it is a virus or bot, that is residing not just on
the hard drive in whatever files it was written to use , but also hiding
somewhere where it will not be found, and can not be erased just by flashing
your BIOS, or Scrubbing your hard drive
 
Ian said:
There is a hack out there that is coming in through Outlook.exe (MS
OFFICE Professional 2007) while in the
Send/Receive Process, it leads to more Outlook.exe changes, as well
as changes in svchost.exe. it leads to very slow sending of
documents, and may be part of the Bot Net. after this has happened,
I noticed a .INI file. I opend it with Notepad, but did not uncheck
open with this program by default. it changed all of them.I
reinstalled on a Scrubbed (7 times) HD with a new mother board a
flashed bios, but put the old C- MOSS (spelling?) in. had to reset
the clock, but with a fresh format BIOS and install, i checked and
all the .INI files still opend by default with notepad.( asystem
setting saved by software only) I have done this entire process
with Vista Business, and XP Pro SP 2.
DELL has been helpful with hardware, but Kaspersky labs can not
find the issue in their moscow lab.
i have used multiple scanning tools, and nothing finds it!
Click to expand...
Not enough details

The *.ini files are - by default - associated with notepad.

Opening a file and not unchecking the 'always open with' box when you do
so
is not a symptom of a virus - well, unless you usually do it, but have the
flu and the fever made you forget to do it that one time.

I believe this is somewhat of a troll attempt to scare (trick or treat?)
anyone who might be gullable enough to believe it.
Click to expand...
I wish it was and it may be on the part of the hacker who has
accomplished it.. but i had my motherboard replaced yeasterday.
if you try to open a INI file it will not open until you the user
tells the system to open the INI with note pad.
Click to expand...

Works here - fresh install Windows XP Professional. I didn't tell it to
"Open With" - I just double-clicked.
this is very real. and Kaspersky has an open case as does dell.
I also reported the issue to microsoft.
Click to expand...

What did you actually report - because if it is anything like your original
post - they have nothing to investigate.
The people in the lab at dell and kaspersky both know that the
system default on a fresh install to open an ini is not notepad,
but a system file. the default to open it so you can see it and
hack/change it is notepad but you have to make that selection the
system will give you the option to choose from a list of programs
or do an internet search, the search comes up empty handed saying
unknown file type.INI files are usually hidden system files until
you select to show hidden system files you do not even see them and
they do not open.
Click to expand...

That's great - let's review what you said...

"I opend it with Notepad, but did not uncheck open with this program by
default. it changed all of them."

You changed it manually to whatever - however - having .ini associated with
anything (Notepad, Wordpad, Notepad+, whatever you want) does not harm the
usefulness of the ini. An INI file is just a set of defaults for a given
application - a cheat-sheet telling some application what settings to use.
It is *not* associated with said application - said application calls it *by
name*.

Again - nothing you have said points to a virus/hack of any type. You've
been duped (or are mistaken) and whom ever you are speaking to (at dell and
kaspersky - if anyone) is humoring you if you have given them what you have
given us as far as details. Others may continue to humor you - I will not.
If you have actual details - report them here - otherwise - I am sorry you
believe you got infested with something and hope the solution is found to
your liking.
 
Dude look you need to reread what i wrote. you want more detials okay.
My oulook.exe file was changed then outlook imapi.dll, and vviewer.dll were
changed, ieuser was changed, i explorer was changed, there were NO updates.
Gotomeeteing.exe was also changed, but this was after svchost.exe was changed.
the outlook.exe was changed when i ws sending and recieving.
okay i flashed the bios and durring the reboot booted to my scubbing tool
and scrubed the drive to NSA standards ( 7 times) also scrubbed the MBR again
after just in case.
the ini file now does not exist no bootable srctor on the drive, no utility
sector nothing. i reinstall just the OS vista first. the ini was no longer
set to open with the default system file, but retained my setting to open
with note pad. THIS IS SUSPICOUS!!!
this happened several times, so i got the motherboard replaced, but not the
c-moss, nor theraw hard drive. the onsite tech confirmed that it was raw and
had no bootable sectors.
i reinstalled this time with XP but still that setting was retained, which
means a bot or virus, which is hacking my executables, likes to also live in
the c-moss, or that small bit of memory on the hard drive that remembers your
password and cannot be scrubbed as it is not actually on the disc part of the
hard drive but the parts it is attaeched to so it can be hooked up to your
system.
so they were actually replacing my motherboard this time the c-moss, as well
but not the hard drive, which means i will be able to pin point where it is.
so the Virus or Bot contains an INI file which retains my setting to open
with notebook. which was what i was stating in my origanl post!

Ian Ellison Accounts Manager
Advanced Information Management
Specializing in:
Epicore
MAS 500
Star CD Project Accounting
Platinum for Windows
and Sales Logix
 
there was alot more than dude you need to read what i wrote.
and it is positioned directly under the post it was a response to.
 
Ian;
"it is positioned directly under the post"
Actually you do not know that.
Sometimes newsreaders do not act as they should.
As for the web interface you are using, that also has occasional
problems.
And when that happens, you post is all alone and without context.
You should quote at least as much of the original text as necessary to
keep context.
 
sounds like a bug, or like using different browsers, i see them all in
context, which is the way it is on the page through internet explorer.
however this is my first time posting here, so i do not know how it acts all
the time. i posted this because of the Botnet, and the similarities with what
is going on with my system.
and was in turn treated like i have no clue. i am trying top let people know
so if they have similar issues they can realize something more maywell be
happening, and everyone here acts like i have no idea what i am talking about.
i used to build PC when i micro PC was a desktop, i also did DOS
programming, but this was in the early and mid 80's alot has changed, but i
have been working in this industry now for 3 years, and using a pc again
since 2000.
it has been more of a hassle trying to bring what seems like critical
information to the user communtiy, and hopefully micrsoft will realize it
faster than they will frmo my report to some tech in india, if there is a
post here. Delli may have already let them know as well, i do not know.
 
<snipped>
( Sooner or later - it will be archived on Google Groups:
http://groups.google.com/ )
<sigh> - this is NOT a chat room, please QUOTE the post you are
replying to.....
Click to expand...
there was alot more than dude you need to read what i wrote.
and it is positioned directly under the post it was a response to.
Click to expand...
Ian;
"it is positioned directly under the post"
Actually you do not know that.
Sometimes newsreaders do not act as they should.
As for the web interface you are using, that also has occasional
problems.
And when that happens, you post is all alone and without context.
You should quote at least as much of the original text as necessary
to keep context.
Click to expand...
sounds like a bug, or like using different browsers, i see them all
in context, which is the way it is on the page through internet
explorer.
Click to expand...
<snip>

You are posting using the Microsoft Web Page Interface.

Not everyone gets their news from these groups from the particular server
that interface is connected to and not everyone uses the web interface (I
would say that as users start using the newsgroups more and more, they drift
towards newsreaders - applications made to interface with newsgroups.)

For those who do not get their news from the same newsgroup as you - the
rules on said server (for synchronizing with the other thousands of servers
around the world) may be different on their server than on the one you
utilize. The posts may be erased daily, weekly, monthly, yearly - so that a
post made yesterday may no longer be on one person's server of choice
tmorrow and on another person's server of choice even after a decade.

These articles may help explain newsgroups, news servers and the usenet to
you a little better than I could in a response.

http://jmm.aaa.net.au/articles/9742.htm
http://en.wikipedia.org/wiki/Usenet
http://computer.howstuffworks.com/newsgroup4.htm

If you plan on using the newsgroups more often - I highly recommend a
newsreader or at least Outlook Express.

Setting up Outlook Express Newsreader
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

If you want to search for older posts than you may choose to keep on your
computer (in your newsreader)...
http://groups.google.com/
 
i posted this so the user base could know, as the bot net and many Advanced
hacks are becoming a even more serious problem on a global scale.Particularly
the BotNet
so i wanted to post to help let people know how my problem is starting and
what happened as a result.
 
i avoid google thanks though

Shenan Stanley said:
<snipped>
( Sooner or later - it will be archived on Google Groups:
http://groups.google.com/ )




<snip>

You are posting using the Microsoft Web Page Interface.

Not everyone gets their news from these groups from the particular server
that interface is connected to and not everyone uses the web interface (I
would say that as users start using the newsgroups more and more, they drift
towards newsreaders - applications made to interface with newsgroups.)

For those who do not get their news from the same newsgroup as you - the
rules on said server (for synchronizing with the other thousands of servers
around the world) may be different on their server than on the one you
utilize. The posts may be erased daily, weekly, monthly, yearly - so that a
post made yesterday may no longer be on one person's server of choice
tmorrow and on another person's server of choice even after a decade.

These articles may help explain newsgroups, news servers and the usenet to
you a little better than I could in a response.

http://jmm.aaa.net.au/articles/9742.htm
http://en.wikipedia.org/wiki/Usenet
http://computer.howstuffworks.com/newsgroup4.htm

If you plan on using the newsgroups more often - I highly recommend a
newsreader or at least Outlook Express.

Setting up Outlook Express Newsreader
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

If you want to search for older posts than you may choose to keep on your
computer (in your newsreader)...
http://groups.google.com/
Click to expand...
 
<snipped>
I avoid Google thanks though
Click to expand...

Then let me give you what you chose not to read again:

The assumptions you are making are due to you posting using the
Microsoft Web Page Interface.

Not everyone gets their news from these groups from the particular server
that interface is connected to and not everyone uses the web interface (I
would say that as users start using the newsgroups more and more, they drift
towards newsreaders - applications made to interface with newsgroups.)

For those who do not get their news from the same newsgroup as you - the
rules on said server (for synchronizing with the other thousands of servers
around the world) may be different on their server than on the one you
utilize. The posts may be erased daily, weekly, monthly, yearly - so that a
post made yesterday may no longer be on one person's server of choice
tomorrow and on another person's server of choice even after a decade.

These articles may help explain newsgroups, news servers and the Usenet to
you a little better than I could in a response.

http://jmm.aaa.net.au/articles/9742.htm
http://en.wikipedia.org/wiki/Usenet
http://computer.howstuffworks.com/newsgroup4.htm

If you plan on using the newsgroups more often - I highly recommend a
newsreader or at least Outlook Express.

Setting up Outlook Express Newsreader
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

Good Luck!

And since this means I eliminated the context above (also known to some as
top-posting) - I am including it here so one can see the context that the
above response was manifested within.

<snipped>
( Sooner or later - it will be archived on Google Groups:
http://groups.google.com/ )
<sigh> - this is NOT a chat room, please QUOTE the post you are
replying to.....
Click to expand...
there was alot more than dude you need to read what I wrote.
and it is positioned directly under the post it was a response to.
Click to expand...
Ian;
"it is positioned directly under the post"
Actually you do not know that.
Sometimes newsreaders do not act as they should.
As for the web interface you are using, that also has occasional
problems.
And when that happens, you post is all alone and without context.
You should quote at least as much of the original text as necessary
to keep context.
Click to expand...
sounds like a bug, or like using different browsers, I see them all
in context, which is the way it is on the page through internet
explorer.
Click to expand...
<snip>
 
no i said i was new and did not know all the ways you can interface with this
newsgroup. and explained i was using IE that all, i am not trying to cause
problems, i am trying to reveal one
 
sorry i was unaware of the various interfaces available here. i do not post
on anything at all usually, so...the post you are feferring to was not
directed your way. i am tired of arguing with people just to try and do a
good deed.
 
<snipped>
( Sooner or later - it will be archived on Google Groups:
http://groups.google.com/ )
<sigh> - this is NOT a chat room, please QUOTE the post you are
replying to.....
Click to expand...
there was alot more than dude you need to read what i wrote.
and it is positioned directly under the post it was a response to.
Click to expand...
Ian;
"it is positioned directly under the post"
Actually you do not know that.
Sometimes newsreaders do not act as they should.
As for the web interface you are using, that also has occasional
problems.
And when that happens, you post is all alone and without context.
You should quote at least as much of the original text as necessary
to keep context.
Click to expand...
sounds like a bug, or like using different browsers, i see them all
in context, which is the way it is on the page through internet
explorer.
Click to expand...
<snip>

Shenan said:
The assumptions you are making are due to you posting using the
Microsoft Web Page Interface.

Not everyone gets their news from these groups from the particular
server that interface is connected to and not everyone uses the web
interface (I would say that as users start using the newsgroups
more and more, they drift towards newsreaders - applications made
to interface with newsgroups.)

For those who do not get their news from the same newsgroup as you
- the rules on said server (for synchronizing with the other
thousands of servers around the world) may be different on their
server than on the one you utilize. The posts may be erased daily,
weekly, monthly, yearly - so that a post made yesterday may no
longer be on one person's server of choice tomorrow and on another
person's server of choice even after a decade.

These articles may help explain newsgroups, news servers and the
Usenet to you a little better than I could in a response.

http://jmm.aaa.net.au/articles/9742.htm
http://en.wikipedia.org/wiki/Usenet
http://computer.howstuffworks.com/newsgroup4.htm

If you plan on using the newsgroups more often - I highly recommend
a newsreader or at least Outlook Express.

Setting up Outlook Express Newsreader
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

Good Luck!
Click to expand...
i avoid google thanks though
Click to expand...
no i said i was new and did not know all the ways you can interface
with this newsgroup. and explained i was using IE that all, i am
not trying to cause problems, i am trying to reveal one
Click to expand...

I mentioned no concern (I have none) for what your purpose is here in this
thread of the conversation.

I am just trying to give you the tools to properly access and understand
what it is you are actually doing (posting to internationally distributed
newsgroups amongst thousands of news servers all with different
configurations) and the easiest way to do it (a newsreader or at least
something like Outlook Express.)
 
Thank you very much, i appreiciate it.
Shenan Stanley said:
<snipped>
( Sooner or later - it will be archived on Google Groups:
http://groups.google.com/ )




<snip>





I mentioned no concern (I have none) for what your purpose is here in this
thread of the conversation.

I am just trying to give you the tools to properly access and understand
what it is you are actually doing (posting to internationally distributed
newsgroups amongst thousands of news servers all with different
configurations) and the easiest way to do it (a newsreader or at least
something like Outlook Express.)
Click to expand...
 
Back
Top