Loading ...
Sorry, an error occurred while loading the content.

The guide to not being virused / hacked

Expand Messages
  • info.host@btinternet.com
    Mine is black letters. You are at no risk of giving acess to your computer through a trojan unless you have run an *.exe that is not from a trusted source.
    Message 1 of 1 , Jun 1, 2001
      Mine is black letters. You are at no risk of giving acess to your computer
      through a trojan unless you have run an *.exe that is not from a trusted
      source. Things like music files and screen savers from non commercial sites
      are examples. You should watch for very tell tale signs that someone is
      accessing your PC without your wish:

      Modem is sending and recieving even though you are not using it
      (Excessively, because it will send and recieve every now and again to be
      sure it's still connected to the host) This activity is them looking through
      your hard drive and taking files from it, or they have captured your screen
      / mic / web cam
      New files appear (Sort all your files to show latest modified and see if it
      was you who modified it)
      Ports open and close themselves
      Hard drive is abnormally active while you're not using it
      Floppy drive checks itself
      PC restarts or shuts down
      Properties have changed
      File names change themselves
      There is suddenly a massive trail on your mouse or it's speed changes
      Keys reassign themselves, as well as mouse buttons
      Windows start menu opens itself
      Applications start running themselves
      A chat box appears from no where
      Music starts playing itself
      CD drive starts itself
      Mouse stops working
      Screen inverts
      CD drive opens by itself
      Files open themselves
      You're mouse starts working while you're not moving it
      Monitor turns itself off while you're using it or before it should
      automatically power down (A big warning, they're either doing it for fun or
      to make it so you can't see what they're doing for a minute. Restart NOW!)
      Files print themselves
      Window's colours change
      Background changes

      The minute you see any of that happen turn your PC off !straight! away,
      don't wait around because they will know you know they're doing it by then.
      Start it back up and don't use the net until you have run a virus check over
      the entire hard disc. They WILL know when you connect to the internet as the
      trojans send them a warning and your IP from your PC when it connects to
      tell them who and where you are. Running the command NETSTAT.EXE in dos the
      minute you connect will show you all the active ports on your PC. Close
      you're web browser and mail and any other web tool and watch the ports. Type
      NETSTAT.EXE 5 and it'll refresh itself. Keep watching and if it's an older
      trojan, and you haven't already deleted it, you'll see the port open, some
      wierd number like 1784, and the IP connecting to it. Newer ones hide their
      port activity. If you feel brave, get the police round, purposefully set up
      your PC to be sacrificed and watch them do it, then report the IP. Remember
      if they feel you have noticed them they may pick up pace and start wrekcing
      things faster, hold back until you can get someone to watch it happen.
      Netstat will annoy them if they see you run it because it's a tell tale sign
      that you know they're there and you're looking for them. You will need very
      firm evidence! A police officer to watch it happen would be enough. Get the
      POLICE to phone the ISP the IP is on and ask for the records immediately.
      The record is wiped every few hours so be QUICK! Remember the trojans often
      give visual access too, so they can see what you are doing on your screen.
      Some can even listen on your mic, so unplug it. The most horrible of all is
      that they can also watch you through you web cam, so unplug that too. They
      can capture your key board's output so do not type any pin numbers or credit
      card things in. Don't try talking to them by opening word and typing in big
      letters for them to see because you'll just scare them away, until they come
      back to break something. Clear your tempory net files incase there are any
      credit details still in there. The trojan will be bedded and hidden away in
      some directory like windows\system that you never look at, proberly with a
      Microsoft icon and name to hide it. The Matrix and things like MI:2 would
      want you to think of these people as smart, they aren't. You will not have
      to 'trace' them or anything like that because it's all push button, most of
      the people doing it don't even have a clue what a proxy server is and how to
      'hide' so they can't be found. They assume that you have no idea what you're
      Trojans like Sub 7 can be attached directly to other .exe's and even other
      extensions like .mp3 With an .exe it can be made so when you try to run the
      program it either does run, like it plays you a demo of a product or it
      comes up with an error telling you something is wrong with the .exe Then you
      delete it and forget it. All that's happened is the Trojan has installed
      when you ran it and now you think it's useless you've deleted the installer.
      'I LOVE YOU' had to be clicked to install it. All these companies and banks
      have thousands of pounds worth of virus scanner but they can't tell their
      staff when they join never to run an executable they don't trust. That means
      if I'd sent one of the newer versions of say Sub 7 to them that hadn't been
      listed as being a Trojan yet I could very likely have got access to
      computers in banks, insurance companies and all the rest that ran it. It
      makes you wonder how safe your money really is when you have what are quite
      computer illiterate people who are willing to run .exe's like 'I LOVE YOU'
      managing your accounts. I would guess 90% of the people doing it are doing
      it purely to see if they can and to boast. The other 10% are the ones who
      might be looking to steel. It's sad that I have to say that I'm worried
      about how many millions of people join the net not understanding anything at
      all about computers (I saw many when I worked at a computer store last year
      for a week or so) and there are people watching for 'newbies' just like
      them. There should be a crash course in this sort of thing. Just watching
      for the list I wrote above would cut the amount of fraud over the net by
      atleast 50% I think. Because it's mainly just that new people on the net
      don't know what's happening and think it's normal so they let it go on.
      Eventually the PC stops working and ten K dissappear from their bank
      account. Take care anyway, I've talked for far too long.

      Best wishes list,
      John H.

      > Hi All,
      > On my other computer the w32/kriz 4050 virus is in the sulfnbk.exe
      > file, thats why the file is bigger than it should be. I know that the
      > e-mail is a hoax but this message is from the Mcafee site
      > ***
      > "Remember that virus writers can use known hoaxes to their
      > advantage. For example, AOL4FREE began as a hoax virus warning. Then
      > somebody distributed a destructive trojan attached to the original
      > hoax virus warning! The lessons are clear:
      > Always remain vigilant
      > Never open a suspicious attachment" ***
      > I got the Mcafee despatch too but that dosn't alter the fact that
      > it's in my other computer in the sulfnbk.exe file.
      > I would still like to know what the windows logo for the sulfnbk.exe
      > file looks like. Is it the standard logo for a MS app or has it got
      > the black letters lfngk.
      > Cheers
      > Terry.
      > --- In hobbicast@y..., wanliker@a... wrote:
      > > In a message dated 5/31/01 8:43:57 AM Mountain Daylight Time,
      > > terrybrown@o... writes:
      > >
      > > << Hi All
      > > Bloody hell. My main computer(this one) is clean but the other one
      > > that hasn't been connected to the net for several weeks has a
      > virus
      > > in the sulfnbk.exe file. that's probably why it keeps growing in
      > size
      > > everytime I check the properties of it. I copied the file to a
      > floppy
      > > and just now scanned it with McAfee active shield on line scan.
      > I've
      > > had that program on thi >>
      > > Here are the facts straight from the Horses mouth, The following
      > was in the
      > > latest, ((((((((((((((((( McAfee.com Dispatch )))))))))))))))))))))
      > > <<
      > > Dear McAfee.com Dispatch Subscriber:
      > >
      > > An email HOAX has been circulating recently that has
      > > received a lot of press and public attention. The subject
      > > line may contain "***Virus Alert***" or mention SULFNBK.exe.
      > > If you receive a copy of this message, you should ignore it.
      > > Do NOT pass it on as this is how an email hoax spreads. You
      > > may receive a copy of this message from addresses that you
      > > recognize.
      > >
      > >
      > > There are several versions of this message circulating, in
      > > several different languages. The email message may appear
      > > in part as follows:
      > >
      > > "A VIRUS could be in your computer files now, dormant but
      > > will become active on June 1. Try not to USE your Computer
      > > AND TO REMOVE IT NOW."
      > >
      > > "No Virus software can detect it. It will become active
      > > on June 1, 2001. It might be too late by then. It wipes out
      > > all files and folders on the hard drive. This virus travels
      > > thru E-mail and migrates to the C:\windows\command' folder."
      > >
      > > The email will also instruct you to delete SULFNBK.exe and
      > > to pass the message along to everyone you know.
      > >
      > > SULFNBK.exe is a standard part of the Windows operating
      > > system and SHOULD NOT BE REMOVED.
      > >
      > > For more information about this hoax or for instructions on
      > > how to replace SULFNBK.exe if you have already deleted it,
      > > <A HREF="http://clinic.mcafee.com/clinic/ibuy/campaign.asp?
      > cid=2274"> click
      > > here</A>. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2274
      > > >>
      > Please visit our sponsor: Budget Casting Supply
      > http://budgetcastingsupply.com/
      > The Home Foundrymen's Association website may be found here:
      > It includes member project pages & links
      > To unsubscribe from this group, send an email to:
      > hobbicast-unsubscribe@egroups.com
      > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    Your message has been successfully submitted and would be delivered to recipients shortly.