The guide to not being virused / hacked
- Mine is black letters. You are at no risk of giving acess to your computer
through a trojan unless you have run an *.exe that is not from a trusted
source. Things like music files and screen savers from non commercial sites
are examples. You should watch for very tell tale signs that someone is
accessing your PC without your wish:
Modem is sending and recieving even though you are not using it
(Excessively, because it will send and recieve every now and again to be
sure it's still connected to the host) This activity is them looking through
your hard drive and taking files from it, or they have captured your screen
/ mic / web cam
New files appear (Sort all your files to show latest modified and see if it
was you who modified it)
Ports open and close themselves
Hard drive is abnormally active while you're not using it
Floppy drive checks itself
PC restarts or shuts down
Properties have changed
File names change themselves
There is suddenly a massive trail on your mouse or it's speed changes
Keys reassign themselves, as well as mouse buttons
Windows start menu opens itself
Applications start running themselves
A chat box appears from no where
Music starts playing itself
CD drive starts itself
Mouse stops working
CD drive opens by itself
Files open themselves
You're mouse starts working while you're not moving it
Monitor turns itself off while you're using it or before it should
automatically power down (A big warning, they're either doing it for fun or
to make it so you can't see what they're doing for a minute. Restart NOW!)
Files print themselves
Window's colours change
The minute you see any of that happen turn your PC off !straight! away,
don't wait around because they will know you know they're doing it by then.
Start it back up and don't use the net until you have run a virus check over
the entire hard disc. They WILL know when you connect to the internet as the
trojans send them a warning and your IP from your PC when it connects to
tell them who and where you are. Running the command NETSTAT.EXE in dos the
minute you connect will show you all the active ports on your PC. Close
you're web browser and mail and any other web tool and watch the ports. Type
NETSTAT.EXE 5 and it'll refresh itself. Keep watching and if it's an older
trojan, and you haven't already deleted it, you'll see the port open, some
wierd number like 1784, and the IP connecting to it. Newer ones hide their
port activity. If you feel brave, get the police round, purposefully set up
your PC to be sacrificed and watch them do it, then report the IP. Remember
if they feel you have noticed them they may pick up pace and start wrekcing
things faster, hold back until you can get someone to watch it happen.
Netstat will annoy them if they see you run it because it's a tell tale sign
that you know they're there and you're looking for them. You will need very
firm evidence! A police officer to watch it happen would be enough. Get the
POLICE to phone the ISP the IP is on and ask for the records immediately.
The record is wiped every few hours so be QUICK! Remember the trojans often
give visual access too, so they can see what you are doing on your screen.
Some can even listen on your mic, so unplug it. The most horrible of all is
that they can also watch you through you web cam, so unplug that too. They
can capture your key board's output so do not type any pin numbers or credit
card things in. Don't try talking to them by opening word and typing in big
letters for them to see because you'll just scare them away, until they come
back to break something. Clear your tempory net files incase there are any
credit details still in there. The trojan will be bedded and hidden away in
some directory like windows\system that you never look at, proberly with a
Microsoft icon and name to hide it. The Matrix and things like MI:2 would
want you to think of these people as smart, they aren't. You will not have
to 'trace' them or anything like that because it's all push button, most of
the people doing it don't even have a clue what a proxy server is and how to
'hide' so they can't be found. They assume that you have no idea what you're
Trojans like Sub 7 can be attached directly to other .exe's and even other
extensions like .mp3 With an .exe it can be made so when you try to run the
program it either does run, like it plays you a demo of a product or it
comes up with an error telling you something is wrong with the .exe Then you
delete it and forget it. All that's happened is the Trojan has installed
when you ran it and now you think it's useless you've deleted the installer.
'I LOVE YOU' had to be clicked to install it. All these companies and banks
have thousands of pounds worth of virus scanner but they can't tell their
staff when they join never to run an executable they don't trust. That means
if I'd sent one of the newer versions of say Sub 7 to them that hadn't been
listed as being a Trojan yet I could very likely have got access to
computers in banks, insurance companies and all the rest that ran it. It
makes you wonder how safe your money really is when you have what are quite
computer illiterate people who are willing to run .exe's like 'I LOVE YOU'
managing your accounts. I would guess 90% of the people doing it are doing
it purely to see if they can and to boast. The other 10% are the ones who
might be looking to steel. It's sad that I have to say that I'm worried
about how many millions of people join the net not understanding anything at
all about computers (I saw many when I worked at a computer store last year
for a week or so) and there are people watching for 'newbies' just like
them. There should be a crash course in this sort of thing. Just watching
for the list I wrote above would cut the amount of fraud over the net by
atleast 50% I think. Because it's mainly just that new people on the net
don't know what's happening and think it's normal so they let it go on.
Eventually the PC stops working and ten K dissappear from their bank
account. Take care anyway, I've talked for far too long.
Best wishes list,
> Hi All,http://members.nbci.com/HWilkinson/
> On my other computer the w32/kriz 4050 virus is in the sulfnbk.exe
> file, thats why the file is bigger than it should be. I know that the
> e-mail is a hoax but this message is from the Mcafee site
> "Remember that virus writers can use known hoaxes to their
> advantage. For example, AOL4FREE began as a hoax virus warning. Then
> somebody distributed a destructive trojan attached to the original
> hoax virus warning! The lessons are clear:
> Always remain vigilant
> Never open a suspicious attachment" ***
> I got the Mcafee despatch too but that dosn't alter the fact that
> it's in my other computer in the sulfnbk.exe file.
> I would still like to know what the windows logo for the sulfnbk.exe
> file looks like. Is it the standard logo for a MS app or has it got
> the black letters lfngk.
> --- In hobbicast@y..., wanliker@a... wrote:
> > In a message dated 5/31/01 8:43:57 AM Mountain Daylight Time,
> > terrybrown@o... writes:
> > << Hi All
> > Bloody hell. My main computer(this one) is clean but the other one
> > that hasn't been connected to the net for several weeks has a
> > in the sulfnbk.exe file. that's probably why it keeps growing in
> > everytime I check the properties of it. I copied the file to a
> > and just now scanned it with McAfee active shield on line scan.
> > had that program on thi >>
> > Here are the facts straight from the Horses mouth, The following
> was in the
> > latest, ((((((((((((((((( McAfee.com Dispatch )))))))))))))))))))))
> > <<
> > Dear McAfee.com Dispatch Subscriber:
> > An email HOAX has been circulating recently that has
> > received a lot of press and public attention. The subject
> > line may contain "***Virus Alert***" or mention SULFNBK.exe.
> > If you receive a copy of this message, you should ignore it.
> > Do NOT pass it on as this is how an email hoax spreads. You
> > may receive a copy of this message from addresses that you
> > recognize.
> > DO NOT DELETE ANY FILES FROM YOUR COMPUTER.
> > There are several versions of this message circulating, in
> > several different languages. The email message may appear
> > in part as follows:
> > "A VIRUS could be in your computer files now, dormant but
> > will become active on June 1. Try not to USE your Computer
> > on June 1st. FOLLOW DIRECTIONS BELOW TO CHECK IF YOU HAVE IT
> > AND TO REMOVE IT NOW."
> > "No Virus software can detect it. It will become active
> > on June 1, 2001. It might be too late by then. It wipes out
> > all files and folders on the hard drive. This virus travels
> > thru E-mail and migrates to the C:\windows\command' folder."
> > The email will also instruct you to delete SULFNBK.exe and
> > to pass the message along to everyone you know.
> > SULFNBK.exe is a standard part of the Windows operating
> > system and SHOULD NOT BE REMOVED.
> > For more information about this hoax or for instructions on
> > how to replace SULFNBK.exe if you have already deleted it,
> > <A HREF="http://clinic.mcafee.com/clinic/ibuy/campaign.asp?
> cid=2274"> click
> > here</A>. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2274
> > >>
> Please visit our sponsor: Budget Casting Supply
> The Home Foundrymen's Association website may be found here:
> It includes member project pages & links
> To unsubscribe from this group, send an email to:
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/