WARNING FOR WINDOWS USERS!

[Guest]

by the way the source of entry this hack is using is outlook.exe i have news
groups, but outlookimap.dll is one of the changing files, and my outlook
folder is huge already from work alone.

 

[Shenan Stanley]

sorry i was unaware of the various interfaces available here. i do
not post on anything at all usually, so...the post you are
feferring to was not directed your way. i am tired of arguing with
people just to try and do a good deed.

The problem is that you made a confusing post with little to no facts to
back it up.

You say that you were infested with some virus or something and how you had
associated *.ini with notepad while troubleshooting - then you proceed to
explain how you scrubbed your computer's hard disk drive, installed anew and
how your *.ini files were still associated with notepad (I can tell you
right now - I just finished three installations from CD of Windows XP
Professional - if you double-click on a *.ini file, it opens in notepad by
default) so you were convinced you were infested again.

Somewhere in there was the mention of 'outlook.exe' and 'svchost.exe' and
the 'slow sending of email'. You even mention (later) 'gotomeeting.exe'
which is not even a default Windows XP file. Somehow, in all this - you
replace your motherboard too. You even flash your BIOS (CMOS) for good
measure. You throw out names like 'Kaspersky labs' and 'Dell' and how they
are 'investigating it further' and they 'know *.ini files are not associated
with notepad by default' as you defend your loose premise that there is
something 'new' out in the virus world.

If you want to be taken seriously - you have to sound serious and describe
things carefully and precisely. Maybe you don't know all the terminology -
but that does not prevent you from 'telling a good story that is easy to
follow and just makes sense'. Your story jumps around, you seemingly start
out frustrated and making things up to fill in gaps. It really feels like a
chicken little scenario when one reads stuff like that.

So - if you really want to do your 'good deed' - go for it. Take a deep
breath and calmly type out, step-by-step, what happened. Start at the
beginning, don't jump to the end, back to the middle, 2/3 of the way through
and back to the beginning of the story - keep it in a logical progressive
timeline. Make sure you give as many details as you can. (If you sent
something to Kaspersky labs to investigate - you will have MUCH more
detail - because they are not going to investigate "my outlook went crazy, I
scrubbed my hard drive and my *ini association keeps reverting to notepad."
They would ask for details, filenames, they might even ask for specific
files (sipped up and sent to them.) Dell - they might just go through the
script and talk you down enough to hang up - could happen. heh)

Right now - all you have done is basically tell everyone... "The sky is
falling and there is nothing you can do because the experts don't know why
either... Have a nice day!"

I'm not saying all that to attack you - I am saying all that so you know
what your posting looks like to those who might read it. I am saying all
this in hopes that you might sit down and take the time to 'do your good
deed' and tell us a more concise and clear story about what happened to
you - in case this is *not* a chicken little scenario.

 

[Guest]

you have been quite pompous. and made sure to be be chicken belittleing at
every possibility . i was simply trying to be brief. and explain a problem .
the botnot net is nothing new but approaches change.

 

[Bruce Chambers]

i have used multiple scanning tools, and nothing finds it!

If nothing finds it, why should we believe anything is there?


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Bruce Chambers]

the INI file is a system file, from the OS. wehn you do a fresh install a
previous ini setting will not remain, unless there is something in the BIOS,
or c-moss that also has an ini file to retain the setting.

That's absolute nonsense. Go away. No one with a lick of sense is
going to fall for this tripe.





--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Gordon]

sounds like a bug, or like using different browsers, i see them all in
context, which is the way it is on the page through internet explorer.
however this is my first time posting here, so i do not know how it acts
all
the time. i posted this because of the Botnet, and the similarities with
what
is going on with my system.

Exactly - you are using a horrible web interface to access a Usenet
NEWSGROUP - which most of the regulars here access via a News READER, not
the awful web interface

 

[Guest]

Let me explain this problem again, while I am not juggling work, multiple
support techs, and trying to get a quick blurb out there for the user base,
and maybe some insight.
There is a hack coming in through the Outlook.exe this occurs during the
send/receive process, at which time while the outlook.exe file is being
changed, it will hang for some time. Eventually the email goes out, but the
time it takes is more than it would have taken to have emailed over 10x the
information being sent, moreover, I get a System Admin return mail ( I am
System Admin) telling me this recipient is not in their list of allowed hosts
error #5.7.1. Also after the Outlook.exe gets changed, the Outlookimap.dll,
and the vviewer.dll get changed as well.
After the Outlook.exe change (it may be changed up to three more times)
during the send and receive process. The scvhost.exe ends up getting changed
after there are no more changes to the Outlook.exe being made.
Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
gotomeeting.exe. Gotomeeting is OBVIOUSLY not part of either the XP or Vista
OS, but it is another .exe that has access to the internet!
This keeps happening and is not just happening to me, my boss has had
similar issues, and several reports have come in to our security solution
provider regarding the Outlook.exe change. However they have done system
captures and cannot find anything. Which, according to the security solution
provider, means that the virus/Bot is on the same “levelâ€, not that it does
not exist.
This aspect may be unrelated, but just in case it is not. In the Vista
environment, I made a change to the open with selection for a hidden system
file, and accidentally left the box checked to apply my selection to all
files of this type, and the system did so with a slight pause. I believed
this to be an “INI†file as this changed the metrics for the smaller pop-up
windows in Vista were now full screen windows. These windows include the Copy
To and Move To,etc… windows which are normally smaller and not sizeable when
you are selecting which folder to send , copy, or move the file to. The
windows do not get bigger unless you mess with the metrics, which is why I
assumed that it is an “INI†file I am talking about.
This setting to open my Mysterious “INI†file, which may not have been an
ini file (as was so helpfully pointed out yesterday by some of the people
here) was retained by my system after flashing the BIOS, scrubbing my hard
drive, reformatting with NTFS, and reinstalling the OS only with NO internet
connection, these windows were still opening up full screen, but this only
happens in Vista, these windows stay the same size in XP, even after
installing other software, and importing my files. But the change, or lack
thereof, remains obvious in Vista.
I have repeated these steps multiple times, and included in the last effort
was a replacement of the motherboard, but the old CMOS and the Old raw hard
drive were still used, and the windows metrics setting that had been
accidentally changed, was still there and the windows that should be smaller
are still opening up full screen in Vista.
As I said I do not know if there is a relationship between the two, but
there is usually something left behind in a system for the hacker to use
later, so… Thanks for all the friendly advice!

 

[Guest]

Let me explain this problem again, while I am not juggling work, multiple
support techs, and trying to get a quick blurb out there for the user base,
and maybe some insight.
There is a hack coming in through the Outlook.exe this occurs during the
send/receive process, at which time while the outlook.exe file is being
changed, it will hang for some time. Eventually the email goes out, but the
time it takes is more than it would have taken to have emailed over 10x the
information being sent, moreover, I get a System Admin return mail ( I am
System Admin) telling me this recipient is not in their list of allowed hosts
error #5.7.1. Also after the Outlook.exe gets changed, the Outlookimap.dll,
and the vviewer.dll get changed as well.
After the Outlook.exe change (it may be changed up to three more times)
during the send and receive process. The scvhost.exe ends up getting changed
after there are no more changes to the Outlook.exe being made.
Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
gotomeeting.exe. Gotomeeting is OBVIOUSLY not part of either the XP or Vista
OS, but it is another .exe that has access to the internet!
This keeps happening and is not just happening to me, my boss has had
similar issues, and several reports have come in to our security solution
provider regarding the Outlook.exe change. However they have done system
captures and cannot find anything. Which, according to the security solution
provider, means that the virus/Bot is on the same “levelâ€, not that it does
not exist.
This aspect may be unrelated, but just in case it is not. In the Vista
environment, I made a change to the open with selection for a hidden system
file, and accidentally left the box checked to apply my selection to all
files of this type, and the system did so with a slight pause. I believed
this to be an “INI†file as this changed the metrics for the smaller pop-up
windows in Vista were now full screen windows. These windows include the Copy
To and Move To,etc… windows which are normally smaller and not sizeable when
you are selecting which folder to send , copy, or move the file to. The
windows do not get bigger unless you mess with the metrics, which is why I
assumed that it is an “INI†file I am talking about.
This setting to open my Mysterious “INI†file, which may not have been an
ini file (as was so helpfully pointed out yesterday by some of the people
here) was retained by my system after flashing the BIOS, scrubbing my hard
drive, reformatting with NTFS, and reinstalling the OS only with NO internet
connection, these windows were still opening up full screen, but this only
happens in Vista, these windows stay the same size in XP, even after
installing other software, and importing my files. But the change, or lack
thereof, remains obvious in Vista.
I have repeated these steps multiple times, and included in the last effort
was a replacement of the motherboard, but the old CMOS and the Old raw hard
drive were still used, and the windows metrics setting that had been
accidentally changed, was still there and the windows that should be smaller
are still opening up full screen in Vista.
As I said I do not know if there is a relationship between the two, but
there is usually something left behind in a system for the hacker to use
later, so… Thanks for all the friendly advice!

 

[Guest]

yes the web interface does suck! that was why i deleted the other text as
it seemed more legable.

 

[Bruce Chambers]

Let me explain this problem again, while I am not juggling work, multiple
support techs, and trying to get a quick blurb out there for the user base,
and maybe some insight.

What is the above nonsensical babble about? Are you trying to
impersonate someone with a technical background? If so, the remainder
of your post gives lie to your act.

There is a hack coming in through the Outlook.exe ....

That is not even remotely possible. "Hacks" are not objects that
arrive or "come through" anything. Hacks are actions performed by a person.



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Guest]

:

what is the above nonsensical babble about? Are you trying to
impersonate someone with a technical background? If so, the remainder
of your post gives lie to your act.

This 'Ian' is not the one who regularly posts in here.

 

[Guest]

it is a mass mailer hack, i spoke with some one i work with from a
fincancing company, as i had sent him informataion for someone who needed
financing, he never got the email, as his email had been hijacked, and was
sending out mass mailers, after i heard this, i checked the bounce back mail,
i had gotten, and while the firstname was the same, the domain was not eveb
close to the person i had emailed to. in fact the email address the email
address which bounced back was sent to wasn not and had never been in my
database!
Thanks to all who were so concerned with proving me to be a fake, that they
could not realize i was explaining something that was not normal, and
including everything that was going on rather or not it was related to the
actual problem, since i do not know which of the symptoms were actually
symptoms, and which were actually unrelated. My email would not come in from
time to time, from my boss and others, so the end result of my warning; a
outlook hijack, that does not get stopped by security software, which uses
your email account, to send mass mailers.

 

[Guest]

Actually Hacks can be implemented by Bots, and also in the wild, viruses can
augement other virusres with their code, and while changes can vary, they can
become quite devasting to a system. my refrence for this is:
The Art of Computer Virus Research and Defense, by Peter Szor (his
qualifactions are extensive and impresive)
ISBN: 0-321-30454-3.
and if you do not think it is remotely possible you are clueless to the
modern possiblities of hacking!!!!