IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Windows vX.X Forum / Re: Got it...didn't help...and its getting worse....
Post #172,981
by deSitter
Picture of deSitter
9/7/04 4:11:25 PM
Reply
New Re: Got it...didn't help...and its getting worse....
You don't understand - you don't have to be infected with ANYTHING. Your machine is scanned and found to be vulnerable. A rogue file is downloaded to your machine - really a tftp server riding on the back of a legitimate Windows file. This happens WITHOUT any beastie being on your machine prior to the scan. Every time you connect to the net you'll be rescanned. Until you fix the root problem you'll never be able to get back on the net.

Did you install service pack 1a? Not 1, 1a. You can't install it over the net, you have to DOWNLOAD the entire thing and install it locally with the net cable unplugged.

(Can you imagine the numbers of machines with the same problem and their owners completely unaware? The net is a cesspool, and Windows is a scandal.)

-drl
Post #173,115
by jb4
Picture of jb4
9/8/04 1:23:13 PM
Reply
New Service Pack 1a for what?
W2K? No, I only installed W2K, then immediately W2K-SP2 (which, as I said, is the end of the line for Windows, as far as I am concerned.)

What is SP1a?

Now, as far as the beastie is concerned, what you're talking about, if I read you correctly, is a Trojan. AVG is supposed to identify trojans of this sort. If I am being pinged by someone trying to activate it, I would expect that 1) the firewall would bitch about the incoming ping, and 2) that the trojan infected file would be rooted out by AVG or somebody like that (McAfee might just miss it if it were relatively new).

There is a third possibility, of course. That being that Real replaced a Windows DLL with one of its own, and the uninstaller for it "conveniently" declined to replace it when I uninstalled it. Of course, Micros~1 swears up and down that that can't happen in Win2K, but I don't believe it for a minute. So, does anybody have details about Real...I seem to recal some kind of brouhaha over Real's "phoning home" some time back....

thanx-
jb4
shrub\ufffdbish (Am., from shrub + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf. BULLSHIT
Post #173,118
by deSitter
Picture of deSitter
9/8/04 1:28:07 PM
Reply
New Sorry, thought you were on XP
Install Service Pack 4. D/L the entire thing and install locally.

It sounds like you've got the RPC server exploit, see here:

[link|http://z.iwethey.org/forums/render/content/show?contentid=127320|http://z.iwethey.org...?contentid=127320]

You need at least SP3. Installing 4 will fix it.
-drl
Post #173,421
by jb4
Picture of jb4
9/9/04 7:57:20 PM
Reply
New The trouble w/ SP>2 is
That Micros~1 added the "Phone Home" virusfeature to W2K at that point. While I'd like very much to be rid of that problem, I don't want BillG(e) mucking around in my machine...not sure which is better.

Now if there were a way to disable the "Phone Home" virusfeature....
jb4
shrub\ufffdbish (Am., from shrub + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf. BULLSHIT
Post #173,450
by deSitter
Picture of deSitter
9/9/04 11:03:13 PM
Reply
New Re: The trouble w/ SP>2 is
Well you're not going to fix it any other way.

There is no 'phone home' feature in W2K. That's hooey.
-drl
Post #173,586
by jake123
9/10/04 4:15:44 PM
Reply
New He's talking about an implementation in the license
more than in actual software.
--\n-------------------------------------------------------------------\n* Jack Troughton                            jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca]                   [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Kingston Ontario Canada               [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #173,167
by pwhysall
Picture of pwhysall
9/8/04 5:08:31 PM
Reply
New Re: Service Pack 1a for what?
[link|http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx|http://www.microsoft.../sp1/default.mspx]

Just in case anyone was wondering.

Install this, then SP2.

Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
Post #173,190
by deSitter
Picture of deSitter
9/8/04 5:59:49 PM
Reply
New SP4 on W2K
-drl
     Any ideas as to WTF is going on? - (jb4) - (53) - Sept. 1, 2004, 01:55:55 PM EDT
         Re: Any ideas as to WTF is going on? - (altmann) - (16) - Sept. 1, 2004, 05:28:34 PM EDT
             Thanx...BTW I'm running W2Ksp2 - (jb4) - (14) - Sept. 1, 2004, 05:49:33 PM EDT
                 I've got tons of systems on SP4 with no home-phoning. - (Silverlock) - (13) - Sept. 14, 2004, 10:16:32 PM EDT
                     OK, Now I'm confused... - (jb4) - (12) - Sept. 15, 2004, 10:00:04 AM EDT
                         Sigh. - (pwhysall) - (11) - Sept. 15, 2004, 10:07:43 AM EDT
                             What he said. - (Silverlock) - Sept. 15, 2004, 12:21:27 PM EDT
                             Unroll yer eyes, and use them to read! - (jb4) - (9) - Sept. 15, 2004, 01:33:36 PM EDT
                                 Wow, approaching Conrattitude! -NT - (deSitter) - (1) - Sept. 15, 2004, 01:48:26 PM EDT
                                     Conrattitude! /me likes! ;-) -NT - (jb4) - Sept. 15, 2004, 01:59:09 PM EDT
                                 Ooh, snippy. - (pwhysall) - Sept. 15, 2004, 02:35:00 PM EDT
                                 Oh, and I did. - (pwhysall) - (5) - Sept. 15, 2004, 02:36:35 PM EDT
                                     Yerah, but read for *contex*t, and you'll hafta admit... - (CRConrad) - (4) - Sept. 15, 2004, 02:49:23 PM EDT
                                         I know, I know... - (pwhysall) - (3) - Sept. 15, 2004, 02:50:40 PM EDT
                                             How the **** could I? Effing bastidge. -NT - (CRConrad) - (2) - Sept. 15, 2004, 03:46:36 PM EDT
                                                 buy ticket, fly over, drink beer, fly home, nurse hangover. -NT - (Steve Lowe) - (1) - Sept. 15, 2004, 04:00:20 PM EDT
                                                     Nurse Hangover? sounds like a chr from MASH -NT - (deSitter) - Sept. 15, 2004, 04:02:35 PM EDT
             Yep exactly - he's RPC exploited seems like -NT - (deSitter) - Sept. 1, 2004, 06:33:56 PM EDT
         Antivirus installed? - (pwhysall) - (23) - Sept. 1, 2004, 11:53:28 PM EDT
             Tried Avast? Very nice, very free - (deSitter) - (1) - Sept. 2, 2004, 12:18:57 AM EDT
                 Not tried, AVG is adequate. And free. -NT - (pwhysall) - Sept. 2, 2004, 12:22:34 AM EDT
             Yes...McAfee - (jb4) - (20) - Sept. 2, 2004, 10:09:45 AM EDT
                 AVG seems to be more... - (folkert) - (19) - Sept. 2, 2004, 03:02:37 PM EDT
                     What's the oldest Win 9X AVG will run on? - (lincoln) - (18) - Sept. 2, 2004, 05:59:57 PM EDT
                         Avast www.avast.com - (deSitter) - (2) - Sept. 2, 2004, 06:01:45 PM EDT
                             Arrr -NT - (altmann) - (1) - Sept. 2, 2004, 08:24:21 PM EDT
                                 scurrrrvay knave :) -NT - (deSitter) - Sept. 2, 2004, 09:04:14 PM EDT
                         Take a look here... - (folkert) - (14) - Sept. 2, 2004, 09:18:52 PM EDT
                             Thanks for finding the info! - (lincoln) - (1) - Sept. 3, 2004, 04:53:04 PM EDT
                                 No probs. -NT - (folkert) - Sept. 3, 2004, 10:12:35 PM EDT
                             Got it...didn't help...and its getting worse.... - (jb4) - (11) - Sept. 7, 2004, 12:08:56 PM EDT
                                 Re: what cpd.exe is? - (a6l6e6x) - (2) - Sept. 7, 2004, 12:40:00 PM EDT
                                     Caveat - (drewk) - Sept. 7, 2004, 12:59:03 PM EDT
                                     Thanks. - (jb4) - Sept. 8, 2004, 01:25:49 PM EDT
                                 Re: Got it...didn't help...and its getting worse.... - (deSitter) - (7) - Sept. 7, 2004, 04:11:25 PM EDT
                                     Service Pack 1a for what? - (jb4) - (6) - Sept. 8, 2004, 01:23:13 PM EDT
                                         Sorry, thought you were on XP - (deSitter) - (3) - Sept. 8, 2004, 01:28:07 PM EDT
                                             The trouble w/ SP>2 is - (jb4) - (2) - Sept. 9, 2004, 07:57:20 PM EDT
                                                 Re: The trouble w/ SP>2 is - (deSitter) - (1) - Sept. 9, 2004, 11:03:13 PM EDT
                                                     He's talking about an implementation in the license - (jake123) - Sept. 10, 2004, 04:15:44 PM EDT
                                         Re: Service Pack 1a for what? - (pwhysall) - (1) - Sept. 8, 2004, 05:08:31 PM EDT
                                             SP4 on W2K -NT - (deSitter) - Sept. 8, 2004, 05:59:49 PM EDT
         I found something you might want to do. - (folkert) - (11) - Sept. 11, 2004, 01:11:34 AM EDT
             Oooohh! Nice! - (jb4) - Sept. 13, 2004, 09:36:30 AM EDT
             Done! - (jb4) - (9) - Sept. 13, 2004, 09:59:03 PM EDT
                 How'd it do for you? - (folkert) - (8) - Sept. 14, 2004, 01:49:23 PM EDT
                     Well.... - (jb4) - (7) - Sept. 14, 2004, 04:21:13 PM EDT
                         !!! - (deSitter) - (6) - Sept. 14, 2004, 04:23:36 PM EDT
                             Not if it means that I have to go beyond W2K SP2!!! - (jb4) - (5) - Sept. 14, 2004, 04:42:06 PM EDT
                                 Yes, you are. - (inthane-chan) - (4) - Sept. 14, 2004, 04:52:15 PM EDT
                                     Dude...I'm on DIALUP! - (jb4) - (3) - Sept. 14, 2004, 07:10:43 PM EDT
                                         I used my D-Link DI-704P on dialup before I got cable... - (Another Scott) - (2) - Sept. 14, 2004, 08:45:49 PM EDT
                                             Yep... - (folkert) - Sept. 14, 2004, 09:01:39 PM EDT
                                             What he said. What I said. -NT - (deSitter) - Sept. 14, 2004, 09:05:47 PM EDT

Anality R'US.
95 ms