Lambs to the slaughter perhaps?

[Guest ~BD~]

I did not come to these groups to solve my malware problems, rather to

investigate how, and by whom, machines are infected in the first place. I

basically trust no-one and don't believe something simply because it is

showing on a screen in front of me. Nor do I blindly follow 'instructions'

from any Tom, Dick or Harry.

 

The average guy who proceeds to a forum, downloads all manner of magical

programmes to help fix his /her PC (under instruction, of course) will have

absolutely no idea if their machine has really been cleaned - as long as

it 'works', that will be sufficient. Lambs to the slaughter perhaps?

<smile>

[Guest Øyvind Granberg]

That's just what my intentions were. To come here and see if someone else

has had the same problems as I have and was willing to share some of his or

hers thoughts of the matter.

 

I have frequently returned to various newsgroups over the last twenty years,

and have always met people which have been able to help. Regardless of my

level of knowledge or intelligence.

 

I hvae during my present journey towards a clean computer stumbled upon a

few offerings of solutions that seems more as a undercover introduction to a

fountain of malware. I get a little skeptical.

 

What is different this time is that the malware takes into all kinds of

shapes. Last time, a few years back I fought the Sasser virus the solutions

were few. This time there seems to me not to be a facit to follow.

 

In desperation I downloaded Multi AV, which in fact do about the same as Mr.

Lipmans suggestions, and now Sophos have gnawed through my hard disk for

about eleven hours and seem just to have started. After Sophos there is at

least McAfee and Kapersky awaiting to do the same.

 

May be I should take out my Viking sword and chop this computer into tiny

pieces and mix it into the pigs' fodder!!

 

 

--

 

Vennlig hilsen

Øyvind Granberg

 

tresfjording@live.no

www.tresfjording.com

 

"~BD~" <~BD~@nomail.afraid.com> skrev i nyhetsmeldingen:

OTuYwXlRJHA.5056@TK2MSFTNGP04.phx.gbl ...<span style="color:blue">

> I did not come to these groups to solve my malware problems, rather to

> investigate how, and by whom, machines are infected in the first place. I

> basically trust no-one and don't believe something simply because it is

> showing on a screen in front of me. Nor do I blindly follow 'instructions'

> from any Tom, Dick or Harry.

>

> The average guy who proceeds to a forum, downloads all manner of magical

> programmes to help fix his /her PC (under instruction, of course) will

> have

> absolutely no idea if their machine has really been cleaned - as long as

> it 'works', that will be sufficient. Lambs to the slaughter perhaps?

> <smile>

>

>

> </span>

[Guest John Mason Jr]

~BD~ wrote:<span style="color:blue">

> I did not come to these groups to solve my malware problems, rather to

> investigate how, and by whom, machines are infected in the first place. I

> basically trust no-one and don't believe something simply because it is

> showing on a screen in front of me. Nor do I blindly follow 'instructions'

> from any Tom, Dick or Harry.

>

> The average guy who proceeds to a forum, downloads all manner of magical

> programmes to help fix his /her PC (under instruction, of course) will have

> absolutely no idea if their machine has really been cleaned - as long as

> it 'works', that will be sufficient. Lambs to the slaughter perhaps?

> <smile>

>

>

> </span>

You might try getting a copy of Windows Internals have having a good

read, newest version includes Vista & Server 2008.

 

 

John

[Guest RJK]

~BD~ ranted thus :-

 

"Nor do I blindly follow 'instructions'

from any Tom, Dick or Harry."

 

....Cough ...splutter ! ...neither does anyone else, who posesses at least

half an ounce of common sense but, then again, there are lots that seem not

to posess that half ounce !

On the odd occasion, when I feel the urge to allow Multi-AV's 4 CLS's to

grind away, for a day or so, on some poor souls under-powered machine, I

feel very grateful to David H. Lipman for his making his Windows Console

app. available. It saves me, (and doubtless lots of other people), a vast

amount of time using the CLS's in the "normal" manual manner. i.e.

collecting them all oneself, trying to work out which siignature database is

the correct one, ...getting familiar with all the switches, trialling and

erroring each one on a spare PC that won't matter should it collapse,

....maybe knocking up a flashy batch file or two, (I used to knock up some

quite clever batch files - years ago - though I say it myself).

 

"...no idea if their machine has really been cleaned..."

 

This is a VERY interesting area, and the layman, Mr. Average, and even Mr

Pretty PC competent, (I think), often wonder if there is a sneaky something

or other, lurking in their PC despite their best efforts in detecting it -

using all manner of anti-malware software. I've read some fascinating items

on the web, during the many past years, on PC security. The one I remember

most described how the "government officials" present themselves at the

software house demanding "back-door" facilities because "powers-that-be"

will not tolerate home user security that ASCII-White type supercomputers

can't beat in a reasonable amount of time :-) e.g. PGP :-)

 

regards, Richard

 

 

"~BD~" <~BD~@nomail.afraid.com> wrote in message

news:OTuYwXlRJHA.5056@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

>I did not come to these groups to solve my malware problems, rather to

> investigate how, and by whom, machines are infected in the first place. I

> basically trust no-one and don't believe something simply because it is

> showing on a screen in front of me. Nor do I blindly follow 'instructions'

> from any Tom, Dick or Harry.

>

> The average guy who proceeds to a forum, downloads all manner of magical

> programmes to help fix his /her PC (under instruction, of course) will

> have

> absolutely no idea if their machine has really been cleaned - as long as

> it 'works', that will be sufficient. Lambs to the slaughter perhaps?

> <smile>

>

>

> </span>

[Guest ~BD~]

"John Mason Jr" <notvalid@cox.net.invalid> wrote in message

news:3Iidnc7dc8PHf4DUnZ2dnUVZ_uGdnZ2d@supernews.com...<span style="color:blue">

> ~BD~ wrote:<span style="color:green">

>> I did not come to these groups to solve my malware problems, rather to

>> investigate how, and by whom, machines are infected in the first place.

>> I

>> basically trust no-one and don't believe something simply because it is

>> showing on a screen in front of me. Nor do I blindly follow

>> 'instructions'

>> from any Tom, Dick or Harry.

>>

>> The average guy who proceeds to a forum, downloads all manner of

>> magical

>> programmes to help fix his /her PC (under instruction, of course) will

>> have

>> absolutely no idea if their machine has really been cleaned - as long

>> as

>> it 'works', that will be sufficient. Lambs to the slaughter perhaps?

>> <smile>

>>

>>

>></span>

> You might try getting a copy of Windows Internals have having a good read,

> newest version includes Vista & Server 2008.

>

>

> John</span>

 

--

 

Many thanks for that suggestion, John.

 

Amongst other places, I did look here

http://technet.microsoft.com/en-us/sysinte...s/bb963901.aspx

 

I'll not be buying the book - but I may see if our library service can

obtain a copy. If they can and we have a cold, wet and windy winter, I may

just peep inside the covers!

 

Whilst I do have an interest in the technicalities of machines of all types

(not just computers) my research over the last three years has been directed

towards Cybercrime, how it is conducted and by whom.

 

Dave

 

--

[Guest David H. Lipman]

From: "~BD~" <~BD~@nomail.afraid.com>

 

 

| Whilst I do have an interest in the technicalities of machines of all types

| (not just computers) my research over the last three years has been directed

| towards Cybercrime, how it is conducted and by whom.

 

| Dave

 

At no time have I seen you discuss the RBN.

Hosts such as ESTDomains or companies such as Zango.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest ~BD~]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:uNE9O1qRJHA.1908@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

> From: "~BD~" <~BD~@nomail.afraid.com>

>

>

> | Whilst I do have an interest in the technicalities of machines of all

> types

> | (not just computers) my research over the last three years has been

> directed

> | towards Cybercrime, how it is conducted and by whom.

>

> | Dave

>

> At no time have I seen you discuss the RBN.

> Hosts such as ESTDomains or companies such as Zango.

>

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

></span>

 

--

 

That's not strictly true. A quick 'Google' took me here - where you will

note that there are posts from me ........ AND YOU! <smile>

 

http://www.eggheadcafe.com/software/aspnet.../crimeware.aspx

 

Dave

 

--

[Guest PA Bear [MS MVP]]

Please don't feed the troll:

http://groups.google.com/groups/search?enc...PT-4A&scoring=d

 

Thank you.

--

~PAÞ

 

John Mason Jr wrote:<span style="color:blue">

> ~BD~ wrote:<span style="color:green">

>> I did not come to these groups to solve my malware problems, rather to

>> investigate how, and by whom, machines are infected in the first place.

>> I

>> basically trust no-one and don't believe something simply because it is

>> showing on a screen in front of me. Nor do I blindly follow

>> 'instructions'

>> from any Tom, Dick or Harry.

>>

>> The average guy who proceeds to a forum, downloads all manner of

>> magical

>> programmes to help fix his /her PC (under instruction, of course) will

>> have absolutely no idea if their machine has really been cleaned - as

>> long as it 'works', that will be sufficient. Lambs to the slaughter

>> perhaps? <smile>

>>

>>

>></span>

> You might try getting a copy of Windows Internals have having a good

> read, newest version includes Vista & Server 2008.

>

>

> John </span>

[Guest David H. Lipman]

From: "~BD~" <~BD~@nomail.afraid.com>

 

 

 

| --

 

| That's not strictly true. A quick 'Google' took me here - where you will

| note that there are posts from me ........ AND YOU! <smile>

 

| http://www.eggheadcafe.com/software/aspnet.../crimeware.aspx

 

| Dave

 

| --

 

 

You had to find something from June and I had to tell 'ya about the RBN.

How many posts have you made since then and before then unrelated to CyberCrime ?

I think you find the perponderance of the information belies your statement.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest ~BD~]

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

news:OY7UOMrRJHA.1160@TK2MSFTNGP02.phx.gbl...<span style="color:blue">

> Please don't feed the troll:

> http://groups.google.com/groups/search?enc...PT-4A&scoring=d

>

> Thank you.

> --

> ~PAÞ</span>

 

Just WHY do you wish to interfere PA Bear? That's question one.

 

The second question is in connection with the use of your signature block,

viz:

 

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

 

Designed to impress no doubt. You didn't include same in your post above,

chosing to simply use '~PAÞ'

 

I understand that the letter thorn, the þ character, is accessible using

AltGr+t on a modern US-International keyboard.

 

Why did you use same in this instance? Not a typographical mistake, surely!

 

--

[Guest ~BD~]

"RJK" <notatospam@hotmail.com> wrote in message

news:uPZxUoqRJHA.4504@TK2MSFTNGP02.phx.gbl...<span style="color:blue">

> ~BD~ ranted thus :-

>

> "Nor do I blindly follow 'instructions'

> from any Tom, Dick or Harry."

>

> ...Cough ...splutter ! ...neither does anyone else, who posesses at least

> half an ounce of common sense but, then again, there are lots that seem

> not to posess that half ounce !

> On the odd occasion, when I feel the urge to allow Multi-AV's 4 CLS's to

> grind away, for a day or so, on some poor souls under-powered machine, I

> feel very grateful to David H. Lipman for his making his Windows Console

> app. available. It saves me, (and doubtless lots of other people), a vast

> amount of time using the CLS's in the "normal" manual manner. i.e.

> collecting them all oneself, trying to work out which siignature database

> is the correct one, ...getting familiar with all the switches, trialling

> and erroring each one on a spare PC that won't matter should it collapse,

> ...maybe knocking up a flashy batch file or two, (I used to knock up some

> quite clever batch files - years ago - though I say it myself).

>

> "...no idea if their machine has really been cleaned..."

>

> This is a VERY interesting area, and the layman, Mr. Average, and even Mr

> Pretty PC competent, (I think), often wonder if there is a sneaky

> something or other, lurking in their PC despite their best efforts in

> detecting it - using all manner of anti-malware software. I've read some

> fascinating items on the web, during the many past years, on PC security.

> The one I remember most described how the "government officials" present

> themselves at the software house demanding "back-door" facilities because

> "powers-that-be" will not tolerate home user security that ASCII-White

> type supercomputers can't beat in a reasonable amount of time :-) e.g.

> PGP :-)

>

> regards, Richard

></span>

 

--

 

Hello Richard - thanks for your reply! style_emoticons/

 

I strongly suspect that my telehone wire has been tapped - the concern is

that I don't know whether this has been done by "government officials" or

the real bad guys.

 

Maybe you think they are one and the same!

 

My connection is forever dropping off and reconnecting. I'm fairly certain

that my router (to which I connect wirelessly) has a 'T-junction' inside -

it can direct my newsgroup posts and/or web page requests either left or

right, dependent upon the content.

 

Am I bothered? No longer - but I'd like to know how it is done, by whom and,

most importantly, why!

 

I've also been just a little frustrated when I've asked you - on a number of

occasions now - why you were ? ... irritated? by the responses you

personally 'enjoyed' when seeking help /advice at Aumha - and you have

completely ignored my requests. You no doubt have your reasons and are in no

way obliged to tell me.

 

Dave

 

--

 

--

[Guest Andrew Taylor]

"~BD~" <~BD~@nomail.afraid.com> wrote in message

news:uvbSzEASJHA.4916@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

>

> I strongly suspect that my telehone wire has been tapped - the concern

> is that I don't know whether this has been done by "government officials"

> or the real bad guys.

></span>

If you set government agencies over three continents onto someone who is

proved to be squeaky clean, the government will check you to see why you

would make false accusations.

[Guest BoaterDave]

On Nov 17, 5:33 am, "Andrew Taylor"

<andrewcrumpleh...@spamcopSUBVERSIVE.com> wrote:<span style="color:blue">

> "~BD~" <~...@nomail.afraid.com> wrote in message

>

> news:uvbSzEASJHA.4916@TK2MSFTNGP06.phx.gbl...

><span style="color:green">

> > I strongly suspect that my telehone wire has been tapped - the concern

> > is that I don't know whether this has been done by "government officials"

> > or the real bad guys.</span>

>

> If you set government agencies over three continents onto someone who is

> proved to be squeaky clean, the government will check you to see why you

> would make false accusations.</span>

 

--

 

So you'd rather believe someone who says he's been in living in North

America since he was four years old, yet cannot write English very

well (and also tells pork pies) ........ than someone who may be found

in The Navy List by anyone who cares to look? http://en.wikipedia.org/wiki/Navy_List

 

I have made NO false accusations - I have simply expressed my

concerns.

 

Dave

[Guest Andrew Taylor]

"BoaterDave" <BoaterDave@hotmail.co.uk> wrote in message

news:5bbcb468-7826-4b23-8123-a84ac4d9da18@i20g2000prf.googlegroups.com...

 

So you'd rather believe someone who says he's been in living in North

America since he was four years old, yet cannot write English very

well (and also tells pork pies) ........ than someone who may be found

in The Navy List by anyone who cares to look?

http://en.wikipedia.org/wiki/Navy_List

 

I have made NO false accusations - I have simply expressed my

concerns.

 

You accused him of being an international terrorist, which is a very long

stretch of the imagination based on someone who may write with a European

accent and helps people whenever they need it and he happens to be awake.

[Guest ~BD~]

"Andrew Taylor" <andrewcrumplehorn@spamcopSUBVERSIVE.com> wrote in message

news:4922557e@newsgate.x-privat.org...<span style="color:blue">

> "BoaterDave" <BoaterDave@hotmail.co.uk> wrote in message

> news:5bbcb468-7826-4b23-8123-a84ac4d9da18@i20g2000prf.googlegroups.com...

>

> So you'd rather believe someone who says he's been in living in North

> America since he was four years old, yet cannot write English very

> well (and also tells pork pies) ........ than someone who may be found

> in The Navy List by anyone who cares to look?

> http://en.wikipedia.org/wiki/Navy_List

>

> I have made NO false accusations - I have simply expressed my

> concerns.

>

> You accused him of being an international terrorist, which is a very long

> stretch of the imagination based on someone who may write with a European

> accent and helps people whenever they need it and he happens to be awake.

></span>

 

I cannot recall so doing, Andrew. I know you keep most everything and no

doubt have Google Desktop. Perhaps you'll be able to locate some documentary

evidence of when I accused Mr Peter Foldes of being a terrorist?

 

Btw, I've never known anyone else who can write with an accent, European or

otherwise! :-)))

 

My point was that as he's supposed to have lived in North America since the

age of 4, he should be able to write English properly. Most folk would

have lost any accent they might have had at the age of four!

 

Margaret Thatcher was supposed to need only 2 hours sleep in every 24 hours!

 

Dave

[Guest Andrew Taylor]

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:ODNg%23oaSJHA.408@TK2MSFTNGP02.phx.gbl...<span style="color:blue">

>

> I cannot recall so doing, Andrew. I know you keep most everything and no

> doubt have Google Desktop. Perhaps you'll be able to locate some

> documentary evidence of when I accused Mr Peter Foldes of being a

> terrorist?

>

> Btw, I've never known anyone else who can write with an accent, European

> or otherwise! :-)))

>

> My point was that as he's supposed to have lived in North America since

> the age of 4, he should be able to write English properly. Most folk

> would have lost any accent they might have had at the age of four!

></span>

Just read Peter's post from a few weeks back.

 

I don't use any Desktop, Google or otherwise :>)

 

Many people write with an accent, and you of all people note when people

write in a particular style, that is an 'accent'. You and I write with

English accents, our colonial brothers write as Americans. Diction, word

choice, arrangement of words in a sentence all give the clues to this.

[Guest ~BD~]

"Andrew Taylor" <andrewcrumplehorn@spamcopSUBVERSIVE.com> wrote in message

news:4923a527@newsgate.x-privat.org...<span style="color:blue">

> "~BD~" <~BD~@no.mail.afraid.com> wrote in message

> news:ODNg%23oaSJHA.408@TK2MSFTNGP02.phx.gbl...</span>

<span style="color:blue">

> Just read Peter's post from a few weeks back.</span>

 

 

You really needed to be more specific, Andrew - but you may notice that I

have added to a previous thread which should now pop to the surface (Should

we be suspicious?). Perhaps that's the one to which you refer. Please

confirm. TIA

<span style="color:blue">

>

> I don't use any Desktop, Google or otherwise :>)

></span>

 

It's very good! Microsoft have a similar facility which you may download,

detail here:

http://www.microsoft.com/windows/products/...ab=Install%20It

 

<span style="color:blue">

> Many people write with an accent, and you of all people note when people

> write in a particular style, that is an 'accent'. You and I write with

> English accents, our colonial brothers write as Americans. Diction, word

> choice, arrangement of words in a sentence all give the clues to this.</span>

 

 

I'll not argue, Andrew. You refer to a 'style' of writing I'm sure. As far

as I'm concerned, anyone who has been brought up in North America since the

age of four should be able to compose a sentence correctly. There again,

if in Canada I suppose his first language there could be French - yet I have

never seen mention of this! <grin>

 

Dave

 

--

[Guest Andrew Taylor]

"~BD~" <~BD~@nomail.afraid.com> wrote in message

news:%23I37lQiSJHA.5900@TK2MSFTNGP05.phx.gbl...

<span style="color:blue"><span style="color:green">

>></span>

>

> It's very good! Microsoft have a similar facility which you may

> download, detail here:

> http://www.microsoft.com/windows/products/...ab=Install%20It

>

></span>

That is a co-incidence David. I installed it from the Windows Update site on

Friday, but it caused a problem with Outlook Express constantly requesting

to Compact Folders. The dialogue box just wouldn't go away. I compacted the

folders, but the message still came up. I uninstalled MS Search 4 and the

problem was fixed.

[Guest Geoff]

On Mon, 24 Nov 2008 10:50:07 -0500, "Andrew Taylor"

<andrewcrumplehorn@spamcopSUBVERSIVE.com> wrote:

<span style="color:blue">

>

>"~BD~" <~BD~@nomail.afraid.com> wrote in message

>news:%23I37lQiSJHA.5900@TK2MSFTNGP05.phx.gbl...

><span style="color:green"><span style="color:darkred">

>>></span>

>>

>> It's very good! Microsoft have a similar facility which you may

>> download, detail here:

>> http://www.microsoft.com/windows/products/...ab=Install%20It

>>

>></span>

>That is a co-incidence David. I installed it from the Windows Update site on

>Friday, but it caused a problem with Outlook Express constantly requesting

>to Compact Folders. The dialogue box just wouldn't go away. I compacted the

>folders, but the message still came up. I uninstalled MS Search 4 and the

>problem was fixed.

></span>

 

The indexer in MS Search 4 probably had a lock on the OE message files

while trying to complete the index on them. Setting the indexer to allow it

to continue indexing while you are using the computer or letting it go

overnight might have freed the files eventually.

 

Search4 is a wannabe Spotlight tool. I think Apple did a better job with

Spotlight.

 

When you install Search4 the Search Companion in Explorer turns on the

stupid animated screen character and loses a lot of it's initial

functionality that I was used to. One has to spend time resetting the

options to get back to usability and it's always the secondary search tool.

If you have the Search4 device in the task bar, there is no need for it to

be primary in the Explorer. (There's no Spotlight in Finder, it's always on

the menu bar.)

 

Search4 also fails to find many items if you have documents outside your

document tree. You have to spend time customizing it's search parameters. I

don't remember ever having to tweak Spotlight.

 

If this is the 4th revision it might be usable at about revision 9. I ended

up uninstalling it after 6 months of using it on my laptop.