Found A Trojan!

[Art]

If you don't mind me asking-Why did you feel you need to "swear off"
that kind of thing?

A few months back, I lost interest since I had no experience with the
NT based OS, and most users having problems are using Win XP. Then
I wound up with a couple of new machines with Win 2K Pro, and got
back to haunting the virus lists again. But I still have a "been there
and done that" feeling and attitude about supplying updaters and other
av utils.

Now, if you don't mind me asking ... why do you ask?

Art

http://home.epix.net/~artnpeg

 

[Art]

Worked great, thanks.

Glad to hear that after the initial mess I made

I did use C:\mwav, but couldn't I have named that folder almost anything on any
drive?
Sure.

Ex: F:\Kaspersky or would that long folder name mess it up?

It shouldn't.

PS:For those that have WinZip, you don't need to dl and install the 7-zip
program (7z423.exe)

Yes, thanks for reminding me. Someone had posted some time back that
WinZip works for the purpose. I'll put that in the instruction.

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Art" <[email protected]>


| A few months back, I lost interest since I had no experience with the
| NT based OS, and most users having problems are using Win XP. Then
| I wound up with a couple of new machines with Win 2K Pro, and got
| back to haunting the virus lists again. But I still have a "been there
| and done that" feeling and attitude about supplying updaters and other
| av utils.
|
| Now, if you don't mind me asking ... why do you ask?
|
| Art
|
| http://home.epix.net/~artnpeg

Maybe becuase you have such GOOD information !

 

[Buffalo]

Glad to hear that after the initial mess I made


It shouldn't.


Yes, thanks for reminding me. Someone had posted some time back that
WinZip works for the purpose. I'll put that in the instruction.

Art

Once again, Thanks.
Keep up the good advice and tips.

 

[Art]

Once again, Thanks.
Keep up the good advice and tips.

Thanks for that

For those interested, here's a cleaned up instruction:
******************************************
The following procedure will give you a on-demand scan
using the Kaspersky scan engine and the extra defs
---------------------------------------------------------
Download mwav from here:

http://www.spywareinfo.dk/download/mwav.exe

Allow it to extract the files to c:\Kaspersky

Next, download wget.exe from here:

http://users.ugent.be/~bpuype/wget/#download

And copy it to c:\Kaspersky

Use Notepad to create the following batch file:

@echo off
cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat and copy it to c:\Kaspersky
Now run c:\Kaspersky\update.bat
to update the def files. Then run c:\Kaspersky\mwavscan
-------------------------------------------------------
********************************************
In my haste this morning, I had forgotten that this particular
source for the old clean/delete capability version of mwav
has a self-extractor tacked on to it. That simplifies matters.

I might mention that the thing does include a updater named
kavupd.exe. But it doesn't include the extra defs, and it downloads
to c:\Bases. If it's used, all the files would have to be in c:\Bases.
I think it's better to use the batch file with wget. The extra defs
are worth using, IMO.

Art

http://home.epix.net/~artnpeg

 

[What's in a Name?]

A few months back, I lost interest since I had no experience with
the NT based OS, and most users having problems are using Win XP.
Then I wound up with a couple of new machines with Win 2K Pro, and
got back to haunting the virus lists again. But I still have a
"been there and done that" feeling and attitude about supplying
updaters and other av utils.

Now, if you don't mind me asking ... why do you ask?

Art

http://home.epix.net/~artnpeg

When I put together my first page,I had included a link to yours
about using Sysclean. As David said,"you have such good information"-
I was just wondering why you took it down.
-max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236

 

[Art]

When I put together my first page,I had included a link to yours
about using Sysclean. As David said,"you have such good information"-
I was just wondering why you took it down.

I appreciate your and David's comments, max. Another factor in my
disinterest in emergency utils is that there's no reason that users
who have just a little clue should ever take malware/spyware hits.
I'm far more interested in helping people learn a few simple things
about staying malware and spyware free.

Art

http://home.epix.net/~artnpeg

 

[kurt wismer]

Art wrote:
[snip]

I appreciate your and David's comments, max. Another factor in my
disinterest in emergency utils is that there's no reason that users
who have just a little clue should ever take malware/spyware hits.

oh my, mr. emperor, sir, what fabulous new clothes you have...

there are no perfect preventative measures - detection of preventative
failures and recovery from them will always have to be part of the
equation... they can be minimized, but never eliminated...

I'm far more interested in helping people learn a few simple things
about staying malware and spyware free.

ok, but just be careful you don't put all your eggs in one basket...

 

[Art]

Art wrote:
[snip]

I appreciate your and David's comments, max. Another factor in my
disinterest in emergency utils is that there's no reason that users
who have just a little clue should ever take malware/spyware hits.

oh my, mr. emperor, sir, what fabulous new clothes you have...

there are no perfect preventative measures - detection of preventative
failures and recovery from them will always have to be part of the
equation... they can be minimized, but never eliminated...

So what? Many of us never take hits. Prevention is no big mystery.
Anyone who is really interested can learn to be spyware and malware
free. You don't have to be a guru.

ok, but just be careful you don't put all your eggs in one basket...

I don't need or want your blessing or your warning mr. emperor, sir.

Art

http://home.epix.net/~artnpeg

 

[What's in a Name?]

Art wrote:
[snip]

I appreciate your and David's comments, max. Another factor in
my disinterest in emergency utils is that there's no reason that
users who have just a little clue should ever take
malware/spyware hits.

oh my, mr. emperor, sir, what fabulous new clothes you have...

there are no perfect preventative measures - detection of
preventative failures and recovery from them will always have to
be part of the equation... they can be minimized, but never
eliminated...

So what? Many of us never take hits. Prevention is no big mystery.
Anyone who is really interested can learn to be spyware and
malware free. You don't have to be a guru.

ok, but just be careful you don't put all your eggs in one
basket...

I don't need or want your blessing or your warning mr. emperor,
sir.

Art

http://home.epix.net/~artnpeg

I see that kurt has some issues with you. Oh well.....won't go there.
One thing though,I agree that "prevention is no big mystery" and that a
layered defence along with "safe-hex" is best.
-max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236

 

[Art]

One thing though,I agree that "prevention is no big mystery" and that a
layered defence along with "safe-hex" is best.

Depends on what you mean by layered defense and what the user's
particular wants and needs are. In my case, I've never used realtime
av or any other realtime defense method other than my head. I harden
my PCs and use good internet apps, and that's it.

Hardening (closing all ports, removing unnecessary services, and
patching) is easiest on the Win 9X/ME series. But it can be done on
the NT based OS as well. What's needed are good utils for helping
average users harden their OS. I'm aware of a few that at least do
a partial job on the NT based OS. After hardening, average users would
be ok by following a set of simple safe hex rules.

Then adding whatever realtime defenses they choose would be just
icing on the cake. And they could have far more confidence that
whatever prevention sw they use won't be disabled by malware and
spyware.

Art

http://home.epix.net/~artnpeg

 

[Stiks]

How do you close ports?
What services are unnecessary?

 

[Art]

How do you close ports?
What services are unnecessary?

There's a link to my claymania article/set of instructions at my web
site (for Win 2K). In the last three paragraphs you'll see some
suggestions concerning the disabling of services. My article also
has a link to Marchand's article which covers both Win 2K and XP,
though it's not easy to use his info in raw form without more
instructions. I dunno off hand whether or not someone has prepared
instructions for typical users for Win XP.

The particular services you want to disable depend on your personal
wants and needs. For example, strictly wideband users can safely
disable telephony. Now that I think of it, I have seen info
on the internet somewhere discussing which services are safe to
disable. Google on the phrase "disable services" and you'll probably
find some good info. You can disable services like FAX and TELNET
if you have no need for them. That will serve to harden your OS to
some small degree at least.

Win 98 and ME are much easier and simpler. What OS do you use?

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Art" <[email protected]>


| There's a link to my claymania article/set of instructions at my web
| site (for Win 2K). In the last three paragraphs you'll see some
| suggestions concerning the disabling of services. My article also
| has a link to Marchand's article which covers both Win 2K and XP,
| though it's not easy to use his info in raw form without more
| instructions. I dunno off hand whether or not someone has prepared
| instructions for typical users for Win XP.
|
| The particular services you want to disable depend on your personal
| wants and needs. For example, strictly wideband users can safely
| disable telephony. Now that I think of it, I have seen info
| on the internet somewhere discussing which services are safe to
| disable. Google on the phrase "disable services" and you'll probably
| find some good info. You can disable services like FAX and TELNET
| if you have no need for them. That will serve to harden your OS to
| some small degree at least.
|
| Win 98 and ME are much easier and simpler. What OS do you use?
|
| Art
|
| http://home.epix.net/~artnpeg

It will also be dependen on if the PC is part of a MS Windows Domain or Workgroup performing
MS Networking. Then you really must be careful about closing posrts on a PC as to not
disrupt LAN communications.

Here you want to use a FireWall to separate the LAN from the WAN. Even NAT Routers such as
the Linksys BEFSR41 with its simplistic FireWall capabilities can effectively close the
posrts from the LAN side from the WAN side.

 

[Art]

From: "Art" <[email protected]>


| There's a link to my claymania article/set of instructions at my web
| site (for Win 2K). In the last three paragraphs you'll see some
| suggestions concerning the disabling of services. My article also
| has a link to Marchand's article which covers both Win 2K and XP,
| though it's not easy to use his info in raw form without more
| instructions. I dunno off hand whether or not someone has prepared
| instructions for typical users for Win XP.
|
| The particular services you want to disable depend on your personal
| wants and needs. For example, strictly wideband users can safely
| disable telephony. Now that I think of it, I have seen info
| on the internet somewhere discussing which services are safe to
| disable. Google on the phrase "disable services" and you'll probably
| find some good info. You can disable services like FAX and TELNET
| if you have no need for them. That will serve to harden your OS to
| some small degree at least.
|
| Win 98 and ME are much easier and simpler. What OS do you use?

It will also be dependen on if the PC is part of a MS Windows Domain or Workgroup performing
MS Networking. Then you really must be careful about closing posrts on a PC as to not
disrupt LAN communications.

Yes, of course. But it should be pointed out that there are still some
ports that can be closed (and the associated service disabled).

Here you want to use a FireWall to separate the LAN from the WAN. Even NAT Routers such as
the Linksys BEFSR41 with its simplistic FireWall capabilities can effectively close the
posrts from the LAN side from the WAN side.

I use a LAN, of sorts, but I close all ports. My wireless router only
serves to give me internet connection sharing. I'm not interested in
file/printer sharing. So I wind up with this extra layer of protection
that I don't need. It's nice to have the freedom to bypass the
firewall/router at any time I want. And its always nice to be
independent of the need for a firewall/router. Much safer.

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Art" <[email protected]>


|
| I use a LAN, of sorts, but I close all ports. My wireless router only
| serves to give me internet connection sharing. I'm not interested in
| file/printer sharing. So I wind up with this extra layer of protection
| that I don't need. It's nice to have the freedom to bypass the
| firewall/router at any time I want. And its always nice to be
| independent of the need for a firewall/router. Much safer.
|
| Art
|
| http://home.epix.net/~artnpeg

How can it be much safer to be "...independent of the need for a firewall/router" ?

Using a NAT Router and private addresses is the way to go with an over-burdened Internet
where addresses that are used up. Using NAT gives a LAN private address space and NAT
translates this into WAN/LAN communications. That alone has an aspect of protection but
doing such things as blocking "pings" and/or ICMP messages and blocking NetBIOS over IP and
SMB over IP adds additional security, not insecurity.

You might not be interest in MS File and Print Sharing but the majority of users do. One
must provide both sides of the coin not just the obverse or reverse and then the is always
the edge of that coin that is not taken into account at all.

 

[Art]

From: "Art" <[email protected]>


|
| I use a LAN, of sorts, but I close all ports. My wireless router only
| serves to give me internet connection sharing. I'm not interested in
| file/printer sharing. So I wind up with this extra layer of protection
| that I don't need. It's nice to have the freedom to bypass the
| firewall/router at any time I want. And its always nice to be
| independent of the need for a firewall/router. Much safer.
|
| Art
|
| http://home.epix.net/~artnpeg

How can it be much safer to be "...independent of the need for a firewall/router" ?

Read as "sw firewall or "firewall router". I'm sure you've seen the
many reports of users posting on the virus lists who start of with "I
just disabled my firewall for a short time and ....". Presumably,
they're using a sw firewall. And likely they're suffering from the bad
advice I've seen to the effect that if you're on dialup or just online
for a short time you're ok.

Using a NAT Router and private addresses is the way to go with an over-burdened Internet
where addresses that are used up. Using NAT gives a LAN private address space and NAT
translates this into WAN/LAN communications. That alone has an aspect of protection but
doing such things as blocking "pings" and/or ICMP messages and blocking NetBIOS over IP and
SMB over IP adds additional security, not insecurity.

No doubt a external router/firewall is the way to go.

You might not be interest in MS File and Print Sharing but the majority of users do.

Are you certain of that? I know many people who don't.

must provide both sides of the coin not just the obverse or reverse and then the is always
the edge of that coin that is not taken into account at all.

I prefer to address the large numbers of home users who couldn't care
less about file/printer sharing. And after all, is the risk worth it?
I say piss on file/printer sharing There are safer ways to share
files, and printers are cheap. If I need to print something out, and
the file is too large for a floppy, I can attach it to a email and
send it to my wife's PC.

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

|
| Are you certain of that? I know many people who don't.


I have set up many SOHO LANs. It is a good niche market for extra $$. I haven't had a
situation where they didn't want to share data, CD drives or printers.


||
| I prefer to address the large numbers of home users who couldn't care
| less about file/printer sharing. And after all, is the risk worth it?
| I say piss on file/printer sharing There are safer ways to share
| files, and printers are cheap. If I need to print something out, and
| the file is too large for a floppy, I can attach it to a email and
| send it to my wife's PC.
|
| Art
|
| http://home.epix.net/~artnpeg


i still think providing all the information is better than one side.

 

[Art]

| I prefer to address the large numbers of home users who couldn't care
| less about file/printer sharing. And after all, is the risk worth it?
| I say piss on file/printer sharing There are safer ways to share
| files, and printers are cheap. If I need to print something out, and
| the file is too large for a floppy, I can attach it to a email and
| send it to my wife's PC.
|
i still think providing all the information is better than one side.

Soytenly. When do plan to start that project?

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Art" <[email protected]>

| On Mon, 05 Sep 2005 17:59:03 GMT, "David H. Lipman"

|> I prefer to address the large numbers of home users who couldn't care
|> less about file/printer sharing. And after all, is the risk worth it?
|> I say piss on file/printer sharing There are safer ways to share
|> files, and printers are cheap. If I need to print something out, and
|> the file is too large for a floppy, I can attach it to a email and
|> send it to my wife's PC.
|>

|
| Soytenly. When do plan to start that project?
|
| Art
|
| http://home.epix.net/~artnpeg

I'll leave that for Ian to start and add all input.

Ian are you monitoring ???

^2