Re: OT: Microsoft is really annoying

[Richmond Mathewson]

- There have been no automatic updates of WindowsXP since I have 
deactivated the Internet Explorer, which could mean that IE plays a 
role in the update process.


My limited experience with XP is that Internet Explorer is, somehow, 
part of the operating system

and IS the vehicle for Windows updates.

This is like using Konqueror on Debian Linux; as both a file browser and 
a web-browser - d**n dangerous

as one can lose sight of what is on your computer and what is elsewhere.
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Wilhelm Sanke]

On Wed Apr 21, 2010; Bob Sneidar bobs at twft.com wrote:



Hi Wilhelm.

(snip). So it does not surprise me that your visiting a reputable site 
resulted in an infection. What DOES surprise me is that your antivirus 
(assuming it is up to date) did not catch it. Perhaps this happened 
before you installed the antivirus?


The hsyfea.exe looks like a random file name, which was typical of a 
particularly nasty bit of malware I came across a while back called 
coolwebsearch. The installer installed several variants of itself 
using random file names, which required a program called HijackThis 
and a series of safe boots to remove the hijacker. Even then, with 
some flavors of the "adware" you never got all the pieces, and the 
recommendation at that point was a clean reinstall.


The other one turned up some interesting google hits. I believe this 
to be a particularly nasty one, but if your Antivirus found it, then 
it should have prevented it, unless as I said, you got it before you 
installed Antivirus. If you got it first, then there is a possibility 
it installed a rootkit, in which case nothing but a wipe and reinstall 
to a new partition, and to be safe, a reset of the CMOS first, will 
guarantee it's removal.


My condolences.

Bob



Hi Bob,

Again, thanks for your feedback and your condolences!

My Antivirus had been in place *before* my computer was infected. The 
software had been installed by an IT-competent colleague, but - as I 
understand now - set to a medium scan level to prevent too much delay on 
startup of the computer. I had changed the scan level to "high" after I 
had experienced the constantly appearing ads and subsequently found the 
two viruses.


Two findings concerning the Internet Explorer on my WindowsXP machine, 
which cannot be removed, but apparently somehow deactivated by 
transferring a number of movable supporting files to another folder:


- IE  can no longer be started even if you click directly on the exe-file.

- There have been no automatic updates of WindowsXP since I have 
deactivated the Internet Explorer, which could mean that IE plays a role 
in the update process.


Best regards,

Wilhelm
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Bob Sneidar]

Hi Wilhelm. 

I checked the URL with our corporate content filtering system and it came up 
clean, so the site seems reputable. However, I just read an article about how 
reputable sites are getting compromised, and either a redirect is put in place, 
or the site itself is being compromised. Simply visiting a compromised site can 
infect an unpatched machine. So it does not surprise me that your visiting a 
reputable site resulted in an infection. What DOES surprise me is that your 
antivirus (assuming it is up to date) did not catch it. Perhaps this happened 
before you installed the antivirus? 

The hsyfea.exe looks like a random file name, which was typical of a 
particularly nasty bit of malware I came across a while back called 
coolwebsearch. The installer installed several variants of itself using random 
file names, which required a program called HijackThis and a series of safe 
boots to remove the hijacker. Even then, with some flavors of the "adware" you 
never got all the pieces, and the recommendation at that point was a clean 
reinstall. 

The other one turned up some interesting google hits. I believe this to be a 
particularly nasty one, but if your Antivirus found it, then it should have 
prevented it, unless as I said, you got it before you installed Antivirus. If 
you got it first, then there is a possibility it installed a rootkit, in which 
case nothing but a wipe and reinstall to a new partition, and to be safe, a 
reset of the CMOS first, will guarantee it's removal. 

My condolences. 

Bob


On Apr 20, 2010, at 1:55 PM, Wilhelm Sanke wrote:

> I tried to recapitulate what I could have done "terribly wrong". First, I 
> have got both a virus scanner running in the background and one which I 
> invoke manually from time to time.
> 
> I was searching for programs that use the Gluas-plugin for embedding the Lua 
> language for image processing and - among other sites - arrived at
> 
> 
> 
> which seems to be safe.
> 
> From there I clicked the link to "Pixarra TwistedBrush Pro" and that seems to 
> me to be the source of all the trouble, meaning simply just going to that 
> site. I did not download anything from the TwistedBrush site. This happened 
> twice, I will not test this a third time. Maybe anybody else could check?
> 
> The following malware was then installed on my WindowsXP computer:
> 
> Hsyfea.exe (in C:Windows)
> sshanas21.dll (in C:windows\system32)
> 
> which then seems to have launched the Microsoft Internet Explorer about every 
> 5 minutes (until I "disassembled" the Internet Explorer).--
> 
> Wilhelm Sanke

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Wilhelm Sanke]

On Apr 16, 2010, at 12:27 PM, Paul D. DeRocco wrote:

> I use Windows day-in, day-out, for software engineering, electronic
> engineering, math, Photoshop editing, mapping, and constant web browsing.
> I've been a heavy Windows user since 3.0, and am currently running XP and
> Win7 on three machines. Although I have a virus scanner, I don't even 
bother

> to run it in the background, only invoking it manually when I download an
> install file from the internet.
>
> Despite all this, I've _never_ had a virus or any kind of malware. My 
only

> system failures have been the occasional result of a RAM or hard disk
> failure. So either I'm doing something terribly right, or you all are 
doing

> something terribly wrong.
>
> --
>
> Ciao,   Paul D. DeRocco
> Paulmailto:pderocco at ix.netcom.com

I repeat here for emphasis:


So either I'm doing something terribly right, or you all are doing
 something terribly wrong.



I tried to recapitulate what I could have done "terribly wrong". First, 
I have got both a virus scanner running in the background and one which 
I invoke manually from time to time.


I was searching for programs that use the Gluas-plugin for embedding the 
Lua language for image processing and - among other sites - arrived at




which seems to be safe.

From there I clicked the link to "Pixarra TwistedBrush Pro" and that 
seems to me to be the source of all the trouble, meaning simply just 
going to that site. I did not download anything from the TwistedBrush 
site. This happened twice, I will not test this a third time. Maybe 
anybody else could check?


The following malware was then installed on my WindowsXP computer:

Hsyfea.exe (in C:Windows)
sshanas21.dll (in C:windows\system32)

which then seems to have launched the Microsoft Internet Explorer about 
every 5 minutes (until I "disassembled" the Internet Explorer).--


Wilhelm Sanke

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

RE: OT: Microsoft is really annoying

[Paul D. DeRocco]

> From: Bob Sneidar
>
> I suspect the "something right" you are doing is keeping
> everything currently patched, using at least one if not two
> firewalls, and installing and maintaining a good
> Anti-virus/anti-spyware application. I am an IT guy, and I can
> testify to the exact same thing. But might I offer this, that the
> successful defense betrays the attack? If it weren't a real
> problem for everyone, you wouldn't have needed to do any of those things.

Yup, that's pretty much what I do. My only point is that if you use Windows
correctly, it's quite secure, so anyone who knows what he's doing, and who
needs a Windows box to test cross-platform stuff, needn't regard it as
automatically having cooties.

--

Ciao,   Paul D. DeRocco
Paulmailto:pdero...@ix.netcom.com

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Bob Sneidar]

I suspect the "something right" you are doing is keeping everything currently 
patched, using at least one if not two firewalls, and installing and 
maintaining a good Anti-virus/anti-spyware application. I am an IT guy, and I 
can testify to the exact same thing. But might I offer this, that the 
successful defense betrays the attack? If it weren't a real problem for 
everyone, you wouldn't have needed to do any of those things. 

Bob


On Apr 16, 2010, at 12:27 PM, Paul D. DeRocco wrote:

> I use Windows day-in, day-out, for software engineering, electronic
> engineering, math, Photoshop editing, mapping, and constant web browsing.
> I've been a heavy Windows user since 3.0, and am currently running XP and
> Win7 on three machines. Although I have a virus scanner, I don't even bother
> to run it in the background, only invoking it manually when I download an
> install file from the internet.
> 
> Despite all this, I've _never_ had a virus or any kind of malware. My only
> system failures have been the occasional result of a RAM or hard disk
> failure. So either I'm doing something terribly right, or you all are doing
> something terribly wrong.
> 
> --
> 
> Ciao,   Paul D. DeRocco
> Paulmailto:pdero...@ix.netcom.com

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Bob Sneidar]

I might agree, except that the recent bout of Apple security updates is due to 
a new flaw discovered that would allow complete control of a Mac system using a 
drive by browser exploit. And remember, we cannot use fully patched systems as 
a benchmark for "current vulnerabilities" as Microsoft could easily claim their 
system is almost 100% invulnerable using that standard. 

You might then argue that it wasn't the OS itself that was being exploited, but 
rather some piece of software running on the Mac. That will be poor fare for 
the person who is the next victim. The software that came on the Mac is for all 
practical purposes part and parcel with the OS. Virtually every process running 
on the Mac besides the kernel is "some piece of software". 

While I still maintain the Mac OS X to be the most stable and secure OS on the 
open market, I want to stop short of stating any absolutes, as there are a 
number of people who would take great joy in pointing out I was wrong about 
something. I mustn't ever give them that opportunity. On the rare occasions I 
have been "misguided" or "misquoted" I have done quite a good job at covering 
it up, and I want to preserve that reputation. ;-P

Bob


On Apr 16, 2010, at 10:14 AM, Bill Vlahos wrote:

> Not just "rare". There are no viruses for the Mac other than the old 
> Microsoft Office viruses.
> 
> There are some other trojans for the Mac but they are rare and are not really 
> found in the wild. Of course, those need the user's assistance to run as well.
> 
> One of the advantages of Sean Shao ssMacWindows is that he has made available 
> a feature on the Mac that prevents key loggers. I've implemented it in the 
> 1.1.x version of InfoWallet. I wish there was a similar feature for Windows. 
> If anyone knows of an option for Windows please let me know.
> 
> Bill Vlahos
> _
> InfoWallet (http://www.infowallet.com) is about keeping your important life 
> information with you, accessible, and secure.
> 
> On Apr 16, 2010, at 5:24 AM, Richard Gaskin wrote:
> 
>> Tempting as such a thought may be, consider that since most Win users smart 
>> enough to know they need anti-virus software have probably already done so, 
>> the more ripe opportunity would be to deploy viruses for OS X.  But such 
>> viruses remain rare, even proportionate to market share.
> 
> ___
> use-revolution mailing list
> use-revolution@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[David Coker]

Thought I might throw out some advice that has really made a huge and
very important difference for me...

I can't speak for others, but it takes between 25-28 hours for me to
re-install windows, all of the windows updates and my software in the
event of a major malfunction. (virus-wise or just the garden variety
windows fun and games)

These days I use a product from TeraByte Software, allowing me to
completely restore my entire system in roughly one hour if there any
problems. The key is that you do the backup right after a fresh
installation of the O/S, with updates and all of your software in
place. The name of the inexpensive product is "Image For Windows" and
it's gotta be worth 5 times what they charge for it.

...I've had to use it 3 times recently on a crappy Vista machine,
saving myself 80-90 hours and a lot of frustration. Here is a link if
you folks want to check it out:

http://www.terabyteunlimited.com/image-for-windows.htm

Best regards,
David
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Richmond Mathewson]

 On 16/04/2010 23:14, J. Landman Gay wrote:

Paul D. DeRocco wrote:

Despite all this, I've _never_ had a virus or any kind of malware. My 
only

system failures have been the occasional result of a RAM or hard disk
failure. So either I'm doing something terribly right, or you all are 
doing

something terribly wrong.


I haven't had a virus either -- that I know of, which is an important 
distinction -- but I'm spooked by the number of people who have. The 
numbers are astonishingly high. Reports like this makes me very 
uncomfortable:


"Across the globe, the average number of PCs hit by malware now stands 
around 59 percent, an all-time high for the year. Among 29 countries 
tracked, the U.S. ranked ninth with slightly more than 58 percent of 
its PCs infected. Taiwan hit first place with an infection ratio of 69 
percent, while Norway came in lowest with only 39 percent of its PCs 
attacked by malware."



Would you buy a car which had a 59% component failure rate? Personally 
I'd rather go for a FREE car with a very small component
failure rate (Linux); or a more expensive one with a very small 
component failure rate (Mac).


Would you teach a class of kids when 60% of them were infected with Flu? 
I wouldn't; last time I did I spent 48 hours in bed sweating

my way through a high fever.
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[J. Landman Gay]

Paul D. DeRocco wrote:


Despite all this, I've _never_ had a virus or any kind of malware. My only
system failures have been the occasional result of a RAM or hard disk
failure. So either I'm doing something terribly right, or you all are doing
something terribly wrong.


I haven't had a virus either -- that I know of, which is an important 
distinction -- but I'm spooked by the number of people who have. The 
numbers are astonishingly high. Reports like this makes me very 
uncomfortable:


"Across the globe, the average number of PCs hit by malware now stands 
around 59 percent, an all-time high for the year. Among 29 countries 
tracked, the U.S. ranked ninth with slightly more than 58 percent of its 
PCs infected. Taiwan hit first place with an infection ratio of 69 
percent, while Norway came in lowest with only 39 percent of its PCs 
attacked by malware."



--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software   | http://www.hyperactivesw.com
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

RE: OT: Microsoft is really annoying

[Paul D. DeRocco]

> >> Bernard Devlin wrote:
> >>
> >> I think all Windows installations must be assumed to be toxic.

> >   On 16/04/2010 21:05, J. Landman Gay wrote:
> >
> > Yes, that's the assumption I use too. It's also the reason I'm so much
> > in favor of running Windows in a virtual machine. In Parallels (and
> > maybe other emulators too, I'm not sure,) you can set a sort of
> > bookmark for the current state of the machine, and when you're done
> > working you can revert to that state. That removes anything that's
> > been installed on the virutal hard drive since the state was set.
> >
> > So I run Windows virtually, keep no important data on it, use it only
> > for testing Rev apps and creating installers, and never use it to for
> > email or web browsing. I've got virus detection software installed but
> > it has never identified any malware. Rev's direct internet access
> > works fine and I don't mess with anything else internet-related. So
> > far, so good, and I haven't had to revert to the saved state yet.

> From: Richmond Mathewson
>
> I run XP on a heap of old junk (Well; a COMPAQ Pentium 3, 256 MB RAM);
> headlessly - administered via my G4 Mac;
> it has no internet connexion and is ONLY there for checking
> Windows builds.
>
> Nevertheless I am already, after 3 months, getting endless error
> messages in the middle of the Desktop. I really
> wonder whether it is worth the effort reinstalling!

I use Windows day-in, day-out, for software engineering, electronic
engineering, math, Photoshop editing, mapping, and constant web browsing.
I've been a heavy Windows user since 3.0, and am currently running XP and
Win7 on three machines. Although I have a virus scanner, I don't even bother
to run it in the background, only invoking it manually when I download an
install file from the internet.

Despite all this, I've _never_ had a virus or any kind of malware. My only
system failures have been the occasional result of a RAM or hard disk
failure. So either I'm doing something terribly right, or you all are doing
something terribly wrong.

--

Ciao,   Paul D. DeRocco
Paulmailto:pdero...@ix.netcom.com

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Richmond Mathewson]

 On 16/04/2010 21:05, J. Landman Gay wrote:

Bernard Devlin wrote:

I think all Windows installations must be assumed to be toxic. 


Yes, that's the assumption I use too. It's also the reason I'm so much 
in favor of running Windows in a virtual machine. In Parallels (and 
maybe other emulators too, I'm not sure,) you can set a sort of 
bookmark for the current state of the machine, and when you're done 
working you can revert to that state. That removes anything that's 
been installed on the virutal hard drive since the state was set.


So I run Windows virtually, keep no important data on it, use it only 
for testing Rev apps and creating installers, and never use it to for 
email or web browsing. I've got virus detection software installed but 
it has never identified any malware. Rev's direct internet access 
works fine and I don't mess with anything else internet-related. So 
far, so good, and I haven't had to revert to the saved state yet.


I run XP on a heap of old junk (Well; a COMPAQ Pentium 3, 256 MB RAM); 
headlessly - administered via my G4 Mac;

it has no internet connexion and is ONLY there for checking Windows builds.

Nevertheless I am already, after 3 months, getting endless error 
messages in the middle of the Desktop. I really

wonder whether it is worth the effort reinstalling!
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[J. Landman Gay]

Bernard Devlin wrote:

I think all Windows installations must be assumed to be toxic. 


Yes, that's the assumption I use too. It's also the reason I'm so much 
in favor of running Windows in a virtual machine. In Parallels (and 
maybe other emulators too, I'm not sure,) you can set a sort of bookmark 
for the current state of the machine, and when you're done working you 
can revert to that state. That removes anything that's been installed on 
the virutal hard drive since the state was set.


So I run Windows virtually, keep no important data on it, use it only 
for testing Rev apps and creating installers, and never use it to for 
email or web browsing. I've got virus detection software installed but 
it has never identified any malware. Rev's direct internet access works 
fine and I don't mess with anything else internet-related. So far, so 
good, and I haven't had to revert to the saved state yet.


--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software   | http://www.hyperactivesw.com
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Bill Vlahos]

Not just "rare". There are no viruses for the Mac other than the old Microsoft 
Office viruses.

There are some other trojans for the Mac but they are rare and are not really 
found in the wild. Of course, those need the user's assistance to run as well.

One of the advantages of Sean Shao ssMacWindows is that he has made available a 
feature on the Mac that prevents key loggers. I've implemented it in the 1.1.x 
version of InfoWallet. I wish there was a similar feature for Windows. If 
anyone knows of an option for Windows please let me know.

Bill Vlahos
_
InfoWallet (http://www.infowallet.com) is about keeping your important life 
information with you, accessible, and secure.

On Apr 16, 2010, at 5:24 AM, Richard Gaskin wrote:

> Tempting as such a thought may be, consider that since most Win users smart 
> enough to know they need anti-virus software have probably already done so, 
> the more ripe opportunity would be to deploy viruses for OS X.  But such 
> viruses remain rare, even proportionate to market share.

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Richard Gaskin]

Bernard Devlin wrote:



As an aside, I have for years wondered if it wasn't the anti-virus
vendors themselves who pay certain shady characters to come up with
these viruses. Food for thought.
<<<

This thought has occurred to me too.


Tempting as such a thought may be, consider that since most Win users 
smart enough to know they need anti-virus software have probably already 
done so, the more ripe opportunity would be to deploy viruses for OS X. 
 But such viruses remain rare, even proportionate to market share.


The upside about Windows for makers of anti-virus tools is that they 
don't need to risk criminal penalties to make money; Microsoft's 
inherently brittle security architecture leaves plenty of opportunities 
for such companies to make money legally. ;)


--
 Richard Gaskin
 Fourth World
 Rev training and consulting: http://www.fourthworld.com
 Webzine for Rev developers: http://www.revjournal.com
 revJournal blog: http://revjournal.com/blog.irv
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Bernard Devlin]

>>>
As an aside, I have for years wondered if it wasn't the anti-virus
vendors themselves who pay certain shady characters to come up with
these viruses. Food for thought.
<<<

This thought has occurred to me too.

Bernard
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Bernard Devlin]

>>
In any case, since I have "disassembled" the Internet Explorer in the
way I described in my last post, I am - until now - no longer the
target of such annoying intrusions, or is this merely a coincidence in
time?
<<

I think the risk is too great to assume your PC is now safe.  At the
very least there can be keyloggers and screen-capture software
installed.  Such malware is designed to NOT draw attention to itself.

I think all Windows installations must be assumed to be toxic.  I've
seen people do comparisons of umpteen different anti-virus solutions.
Most of the AV solutions had a 10% miss rate on viruses that were
known to be on the machine.

Any institution should be running a standard, automated build, and
Windows installations should be replaced very frequently.  When I was
in charge of a NT/Win2K network, that's what we did.  At the time
there was no solution we could buy in, so it fell to me to develop the
solution.

My experience last week has just meant I've made the final leap away
from Windows as anything more than a toxic OS.  It's no wonder that I
know several people who've suffered identity theft, and at least two
of these were professional IT staff using Windows.  For at least 5
years I've advised all my friends and family to just buy a mac.  None
of those mac-only users have suffered identity theft.  I'm not even
entering into the argument about whether or not windows is insecure by
design - it is just obvious that it is the largest target.

Bernard
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Wilhelm Sanke]

On Thu Apr 15, 2010, Bob Sneidar bobs at twft.com wrote:


Hi Wilhelm.

I know pretty much why all of these things you mentioned work the way 
they do but I will not go into that here. What you have is a 
particularly nasty flavor of spyware, that has several processes that 
checks up on the other bits of itself to make sure you don't do 
exactly what you are doing. When they detect that you are attempting 
to remove the other pieces they simply restore them.


There are a couple of approaches I could recommend, but none of them 
are guaranteed to succeed, at least not completely. Once you get a bug 
like this, only a wipe (including deleting the partition and creating 
a new one) and reinstall of the OS is going to guarantee success.


(snip)

2. Install XP sp2 or higher (avoid Vista just because it sucks, Win 7 
is great)



Hello Bob,

Thank you for your comprehensive analysis of my troubles and the 
recommendations of how to proceed.


I am already runnning "XP sp2". - Just to make this clear, would you 
think it possible that the Microsoft "Internet Explorer" itself could be 
transformed into such a self-replicating spyware?


In any case, since I have "disassembled" the Internet Explorer in the 
way I described in my last post, I am - until now - no longer the target 
of such annoying intrusions, or is this merely a coincidence in time?


To test the protectiveness of Microsoft for the IE - as I had pointed 
out which was the cause for the European Union to sue Microsoft - I 
looked at one of my other Windows computers also running WindowsXP SP2 - 
an Asus laptop: I encountered the same problems here when trying to 
remove the Internet Explorer.
Renaming the folder is being denied, renaming file "iexplore.exe" is 
possible, but immediately after the renaming a new instance of 
"iexplore.exe" appears.


Maybe we could get the European Union to sue Apple as well in case they 
do not alter their presumed restrictive policy concerning the 
development of apps for IPhone and iPad? After all, although they have 
not yet introduced the new European currency, Edinburgh and the UK are 
indeed lying on the Northern fringe of Europe.



That about sums it up. If all that seems unreasonable, I would suggest 
looking into the Apple OS X. Nothing is perfect, but real exploits for 
this OS are very rare, and there are none I know about presently that 
a fully patched OS can be compromised by. I am an IT pro and I have to 
live and work in both worlds. Most of my time is spent fixing and 
protecting the Windows side of things.



I also live in both worlds and have used MacOS since the invention of 
Hypercard. But I need Windows, because most of the computers in our 
institution run Windows, with an increasing shift towards Linux. Only 
our College of Fine Arts relies mainly on MacOS.


Best regards,

Wilhelm

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Bob Sneidar]

Hi Wilhelm. 

I know pretty much why all of these things you mentioned work the way they do 
but I will not go into that here. What you have is a particularly nasty flavor 
of spyware, that has several processes that checks up on the other bits of 
itself to make sure you don't do exactly what you are doing. When they detect 
that you are attempting to remove the other pieces they simply restore them. 

There are a couple of approaches I could recommend, but none of them are 
guaranteed to succeed, at least not completely. Once you get a bug like this, 
only a wipe (including deleting the partition and creating a new one) and 
reinstall of the OS is going to guarantee success. 

If you take that approach, let me make a few suggestions: 
1. Buy and have ready a good Antivirus/antispyware package to install 
IMMEDIATELY as soon as your new OS boots

2. Install XP sp2 or higher (avoid Vista just because it sucks, Win 7 is great) 
to make sure the Windows Firewall is on by default. If you do not have these, 
as many old restore disks will not, then do not connect to ANY internet 
connection until you have enabled the Windows firewall and installed the AV 
package as described above. 

3. At this point you *should* be safe enough to connect to the internet and 
download and install ALL the Windows Updates you find. This process can take 3 
to 5 passes. Be patient. Do not give up. Your computer needs to be fully 
patched before you do anything else. 

4. Several things to keep in mind after you are up and running:
a. Stay away from questionable sites. I don't need to elaborate. 
Organized Crime pays good programmers to develop undetectable bugs. 
b. Never EVER click a link in an Email, no matter WHO sends you the 
email. Spam software can make an email look like it came from anyone. 
c. NEVER install software that you haven't paid money for. Nothing is 
free. NOTHING. 
d. Turn off the preview pane in your email, at least until you have 
trained your spam blocker about what is crap and what is not. 
e. Use a non-administrator account as much as possible. Yes it's a 
pain, but you've done half the hackers work for them by using an admin account. 
f. NEVER let anyone you do not trust implicitly, use (and especially 
"fix") your computer with the admin account. This includes your wife, kids and 
family pet. Especially not the kids. More compromises happen because an 
unwitting friend installs bad software to "fix" an ailing computer, than I can 
tell you about. 

That about sums it up. If all that seems unreasonable, I would suggest looking 
into the Apple OS X. Nothing is perfect, but real exploits for this OS are very 
rare, and there are none I know about presently that a fully patched OS can be 
compromised by. I am an IT pro and I have to live and work in both worlds. Most 
of my time is spent fixing and protecting the Windows side of things. 

Bob


On Apr 15, 2010, at 1:44 PM, Wilhelm Sanke wrote:

> The subject of this thread - which was started by me - sounds somewhat harsh 
> and unfair, but the ongoing story of annoying popups of phony messages 
> transported by the Microsoft Internet Explorer - without having been launched 
> by me in each case - reminds me of the fight between Microsoft and the EU - 
> the European Union - about forcing Microsoft to deliver a Windows platform 
> that is not necessarily tied to an embedded Internet Explorer. At the moment 
> I am not fully clear about the outcome of the fight. I remember that 
> Microsoft should pay an amount of several million dollars, but I do not know, 
> whether they have paid this sum and at the same time have changed their 
> strategy.

> 
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Bob Sneidar]

Sounds like you got ahold of one of the rare but not unheard of bugs that 
actually infect your boot sector. Sometimes you can mount a drive like that in 
an enclosure and connect it to a protected Windows computer and scan it. 
Typically if you are going to do a wipe and re-install, you should delete and 
recreate the partition, which the factory restore disk probably does not do. 

As an aside, I have for years wondered if it wasn't the anti-virus vendors 
themselves who pay certain shady characters to come up with these viruses. Food 
for thought. 

Bob


On Apr 15, 2010, at 1:09 AM, Bernard Devlin wrote:

> I just consigned windows to a read-only VM for ever.  If it wasn't for
> Rev and it's failings on Linux, I wouldn't be running Windows at all.
> 
> After getting a malware infection that disabled my AV and Windows
> Defender, and wouldn't let me reinstall AV (not even from "safe"
> mode), I restored the laptop from the official restore disks.  That
> restore failed.  Then I tried to install vanilla Vista.  That failed
> (wouldn't accept the license number that came with the DVD, a DVD that
> came directly from Microsoft themselves).  So I went back to use XP --
> multiple BSODs, during the install.  I considered getting Windows 7,
> but after reading the reviews over on Amazon, I decided I wasn't
> throwing more money at MS.
> 
> I tried ubuntu 9.10.  It asked a few questions, then installed in
> about 20 mins, everything working.  Ten years ago it was so hard to
> get Linux up and running compared to Windows.  Now the tables have
> turned.  If it wasn't for their abusive monopoly position, there is no
> way MS would be able to get away with such rubbish.
> 
> Bernard
> 
> On Wed, Apr 14, 2010 at 10:15 PM, Andrew Kluthe  wrote:
>> 
>> Sounds like you got some hijacks or some other kind of malware.
>> 
>> Look it over with Malware Bytes Anti-Malware.
>> 
>> I haven't used "Adaware" in quite a few years, but it might give you some
>> solutions as well.
>> --
>> View this message in context: 
>> http://n4.nabble.com/OT-Microsoft-is-really-annoying-tp1839949p1840457.html
>> Sent from the Revolution - User mailing list archive at Nabble.com.
>> ___
>> use-revolution mailing list
>> use-revolution@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription 
>> preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>> 
> ___
> use-revolution mailing list
> use-revolution@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying

[Wilhelm Sanke]

The subject of this thread - which was started by me - sounds somewhat 
harsh and unfair, but the ongoing story of annoying popups of phony 
messages transported by the Microsoft Internet Explorer - without having 
been launched by me in each case - reminds me of the fight between 
Microsoft and the EU - the European Union - about forcing Microsoft to 
deliver a Windows platform that is not necessarily tied to an embedded 
Internet Explorer. At the moment I am not fully clear about the outcome 
of the fight. I remember that Microsoft should pay an amount of several 
million dollars, but I do not know, whether they have paid this sum and 
at the same time have changed their strategy.


At least, from my experience during the last days, they have not yet - 
despite all the ongoing automatic updates - implemented the possibility 
to disengage their Internet Explorer from WindowsXP.


A virus scan found 3 viruses on my computer, interestingly two of them 
with names identical to such of Windows system files.
Removing this trojans did not help. After a while the ads via the 
popping-up Internet Explorer continued.


I then thought about deinstalling the Internet Explorer. Using the 
Windows-provided de-installer I was informed that about 150 listed 
programs were somehow tied to the Internet Explorer and that the removal 
of the IE could produce serious damage. Among the programs listed were 
such like "TwistAWord" (scripted in RevTalk), "Aquasoft DIASHOW mobile", 
"Route 66 Sync", "Lua for Windows", "Mozilla Firefox", "Nokia Ovi System 
Utilities", but of course also quite a number of programs which might 
indeed been somehow connected to the IE. I therefore discontinued this 
approach to remove the IE.


I then tried to move the whole IE folder into the trash can. This is 
however impossible!


Next step: I renamed the IE folder. Likewise impossible.

Then: I tried to rename the file "iexplore.exe". This was possible, but 
after a few moments a new copy of the IE appeared in the folder ( this 
was independent of the fact, whether I was connected to the net or not)


Last resort: I created a new folder (named "Hide") and tried to move the 
whole IE folder into that new one. This succeeded to some extent: Most 
of the files of the IE folder were moved into the new one, only file 
"iexplore.exe" itself along with two other files and an extra 
subdirectory refused to be moved.


At least I have now separated IE from a number of accompanying files, 
and since then - so far - no new information about having won a new 
"Toyota SUV", an iPad, or a journey around the world have appeared via IE.


I hope this state will now remain so, but I am not entirely sure.

Regards,

Wilhelm Sanke


___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Richmond Mathewson]

 On 15/04/2010 11:09, Bernard Devlin wrote:


   If it wasn't for
Rev and it's failings on Linux, I wouldn't be running Windows at all.



Wow! I wonder how many other RunRev developers that is true for?

Hello! Hello! Hello! It is time the RunRev folk in Edinburgh sat up and
took notice!

I am pretty sure, even if only because of financial considerations, that 
when

my PPC Macs go 'pop' the only thing that would stop me going 98% Linux
is the second-rate nature of the RunRev version for Linux.
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Bernard Devlin]

I just consigned windows to a read-only VM for ever.  If it wasn't for
Rev and it's failings on Linux, I wouldn't be running Windows at all.

After getting a malware infection that disabled my AV and Windows
Defender, and wouldn't let me reinstall AV (not even from "safe"
mode), I restored the laptop from the official restore disks.  That
restore failed.  Then I tried to install vanilla Vista.  That failed
(wouldn't accept the license number that came with the DVD, a DVD that
came directly from Microsoft themselves).  So I went back to use XP --
multiple BSODs, during the install.  I considered getting Windows 7,
but after reading the reviews over on Amazon, I decided I wasn't
throwing more money at MS.

I tried ubuntu 9.10.  It asked a few questions, then installed in
about 20 mins, everything working.  Ten years ago it was so hard to
get Linux up and running compared to Windows.  Now the tables have
turned.  If it wasn't for their abusive monopoly position, there is no
way MS would be able to get away with such rubbish.

Bernard

On Wed, Apr 14, 2010 at 10:15 PM, Andrew Kluthe  wrote:
>
> Sounds like you got some hijacks or some other kind of malware.
>
> Look it over with Malware Bytes Anti-Malware.
>
> I haven't used "Adaware" in quite a few years, but it might give you some
> solutions as well.
> --
> View this message in context: 
> http://n4.nabble.com/OT-Microsoft-is-really-annoying-tp1839949p1840457.html
> Sent from the Revolution - User mailing list archive at Nabble.com.
> ___
> use-revolution mailing list
> use-revolution@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Andrew Kluthe]

Sounds like you got some hijacks or some other kind of malware. 

Look it over with Malware Bytes Anti-Malware. 

I haven't used "Adaware" in quite a few years, but it might give you some
solutions as well.
-- 
View this message in context: 
http://n4.nabble.com/OT-Microsoft-is-really-annoying-tp1839949p1840457.html
Sent from the Revolution - User mailing list archive at Nabble.com.
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Wilhelm Sanke]

Thanks for the various hints!

As browsers on Windows I use "Firefox" and "SeaMonkey", the open-source 
successor of Netscape, the latter on recommendation of our "Information 
Science" department. SeaMonkey, like the older Netscape, preserves the 
unity of web browsing and mail services.


Regards,

Wilhelm Sanke
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Michael Kann]

The free program "Adaware" from lavasoft.com might help. I've used it to clean 
out malware.


--- On Wed, 4/14/10, Wilhelm Sanke  wrote:

> From: Wilhelm Sanke 
> Subject: Re: OT: Microsoft is really annoying!
> To: "RunRev Ltd" 
> Date: Wednesday, April 14, 2010, 11:09 AM
> I had just written:
> 
> > Since this morning - after 2 automatic updates on my
> WindowsXP PC, which took place when I shut my computer down
> after the first session - I am constantly being pestered by
> the Microsoft Internet Explorer popping up when I connect to
> the net. When I close the Explorer with the dialog "Internet
> Explorer is your default web browser? Yes, No" (or similar)
> with the "no" button, it closes, but reappears after a
> while.
> > 
> > This is a real nuisance!
> > 
> > Anybody else has experienced this, too? 
> 
> 
> In the meantime during a half hour this happened 4 times.
> 
> Last time the website
> 
> http://www.planet49.com/cgi-bin/wingame.pl?partner_pk=607&wingame_pk=74&sub_id=
> 
> came up with the Internet Explorer, featuring iMac, iPhone,
> and iPad, and telling me to choose my gift - and to solve a
> problem before and submit my data.
> 
> and 5 minutes later while I am writing this:
> 
> http://www.freelotto.com/register.asp?skin=Rainbow&noepu=1&partner=1060965&affiliateid=
> 
> congratulating me to have won 2,087.56 $.
> 
> Happily my - apparently my somewhat obsolete and slow-
> virus-detecting program stepped in at that point and I
> deleted the trojan. Hope this is the end of the story.
> 
> Sorry to have bothered  you with this crap.
> 
> Regards,
> 
> Wilhelm Sanke
> 
> ___
> use-revolution mailing list
> use-revolution@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage
> your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 



___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Wilhelm Sanke]

I had just written:

Since this morning - after 2 automatic updates on my WindowsXP PC, 
which took place when I shut my computer down after the first session 
- I am constantly being pestered by the Microsoft Internet Explorer 
popping up when I connect to the net. When I close the Explorer with 
the dialog "Internet Explorer is your default web browser? Yes, No" 
(or similar) with the "no" button, it closes, but reappears after a while.


This is a real nuisance!

Anybody else has experienced this, too? 



In the meantime during a half hour this happened 4 times.

Last time the website

http://www.planet49.com/cgi-bin/wingame.pl?partner_pk=607&wingame_pk=74&sub_id=

came up with the Internet Explorer, featuring iMac, iPhone, and iPad, 
and telling me to choose my gift - and to solve a problem before and 
submit my data.


and 5 minutes later while I am writing this:

http://www.freelotto.com/register.asp?skin=Rainbow&noepu=1&partner=1060965&affiliateid=

congratulating me to have won 2,087.56 $.

Happily my - apparently my somewhat obsolete and slow- virus-detecting 
program stepped in at that point and I deleted the trojan. Hope this is 
the end of the story.


Sorry to have bothered  you with this crap.

Regards,

Wilhelm Sanke

___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Jeff Massung]

So, I'm a Mac user, and I very often debate as to whether or not I want to
deal with these sorts of Windows issues over the Mac ones (yes, we Mac users
also have "issues" ;-)).

As for your issue, I think you can just go into the Internet Explorer
options and under advanced (iirc) is an option for "Check to see if IE is
your default browser". Just turn that off.

...or you could switch to Chrome/FireFox.

Jeff M.


On Wed, Apr 14, 2010 at 10:24 AM, Wilhelm Sanke wrote:

> Since this morning - after 2 automatic updates on my WindowsXP PC, which
> took place when I shut my computer down after the first session - I am
> constantly being pestered by the Microsoft Internet Explorer popping up when
> I connect to the net. When I close the Explorer with the dialog "Internet
> Explorer is your default web browser? Yes, No" (or similar) with the "no"
> button, it closes, but reappears after a while.
>
> This is a real nuisance!
>
>
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution

Re: OT: Microsoft is really annoying!

[Neal Campbell]

Obviously you have:
1. Automatic updates which is not a great idea, the most I recommend is
Download and notify.
2. It probably installed IE8 in the update which has, by default, check
whether its the default browser everytime it starts up. You can go into the
options and turn this check off.

73


Neal Campbell
Abroham Neal Software
www.abrohamnealsoftware.com
(540) 645 5394 NEW PHONE NUMBER

Amateur Radio: K3NC
Blog: http://www.abrohamnealsoftware.com/blog/
DXBase bug reports: email to ca...@dxbase.fogbugz.com
Abroham Neal forums: http:/www.abrohamnealsoftware.com/community/





On Wed, Apr 14, 2010 at 11:24 AM, Wilhelm Sanke wrote:

> Since this morning - after 2 automatic updates on my WindowsXP PC, which
> took place when I shut my computer down after the first session - I am
> constantly being pestered by the Microsoft Internet Explorer popping up when
> I connect to the net. When I close the Explorer with the dialog "Internet
> Explorer is your default web browser? Yes, No" (or similar) with the "no"
> button, it closes, but reappears after a while.
>
> This is a real nuisance!
>
> Anybody else has experienced this, too?
> ___
> use-revolution mailing list
> use-revolution@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution