Re: MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT’S BEEN COMPROMISED

From: E. (laughing_at_you.now)
Date: 09/22/03

  • Next message: adam: "Q822925 problem" 
    Date: Mon, 22 Sep 2003 10:26:23 GMT

    tracker wrote:
    > You can share this information, but give credit where credit is due.
    >
    > I highly recommend keeping the hacked hard drive and purchasing a new
    > one.

    I hacked an old hard drive, use the magnets for playing geek darts. I
    also recommend keeping the old drive as it makes a cool novelty ashtray
    or a really speccy tray for serving oysters.

    > Of course you could mirror the drive, but you still need a
    > replacement drive to perform this task.

    the term is clone sweetie. Mirror implies that you will be running it as
    a failover measure.

    > You can’t produce the same
    > results by replicating files versus viewing the actual hard drive
    > itself.

    i dunno. I removed a hard drive, duct taped it to my helm and charged a
    sheild wall during the opening melee of a stupid-weapons-tourney.

    > If your system was used to attack and crash a Network, or
    > System, you have proof for the FBI or any Law Enforcement Agency.

    i went to Victim support and said I had a hard one that had been rooted
    recently and they were most unsympathetic. Mace is a real bitch.

    > This
    > would show you were not involved in any illegal activities until you
    > discovered your system was hacked.

    Any hacker or cracker worthy of the name would delete any logs or
    evidence of entry.

    > The proper method is to re-format your hard drive, and install from
    > original CD-ROM.

    And if a virus/trojan is lurking in the MBR, what good would that do?

       To safe guard against software manufacturer employee
    > malicious activity always virus check your CD-ROM. Not too long ago, I
    > decided to install X Software Application on a computer, media form was
    > a CD-ROM.

    I'd be curious to know the exact title of this cdrom.

       Immediately, Norton Anti-virus told me a suspicious file
    > named "install.exe" was trying to load into my hard drive boot sector.

    You gotta hate it when an OS tries to write to the boot sector. That's
    almost as stupid as trying to install an OS with an AV prog running, or
    BIOS boot sector protection loaded.

    This wouldn't be the *same* unupdated copy of NAV running on your system
      would it?

    > We all know an application doesn’t need to load in a boot sector of a
    > drive. After telling the computer not to install this application, it
    > still made it’s way and changed the name of my hard drive. The computer
    > access slowed down, while viewing directories the screen started to move
    > back and forth.

    ...and further shots of vodka made the floor move in a similar
    manner.... So you got hit by a script-kiddy trojan. Deal with it.

    > Virus check all floppy disks because hackers DO install a Backdoor,
    > Trojan Horse, or Virus on disks.

    Best place to install a backdoor is on removeable media. That way, when
    the victim removes the disk or reboots it's not accessable. Makes
    perfect sense.
    heaven forbid installing something like VBE6a.dll in
    c:\prog...\common...\m...shared\vba\vba6 and modifying
    HKLM\Soft..\MS..\vba..:vbe6dllpath to point to it or any of the other
    million and one ways of hiding something.

       They enjoy doing this especially when
    > you’re online using your computer, with a floppy in the drive.

    Hey! You stole my idea. I have already patented the idea of mirroring
    the entire internet onto floppy, and have a project going at
    http://www.sourceforge.net/projects/i'mfuckingstupid.php to acheive this
    end. I've already got ftp.ibm.com and windowsupdate.microsoft.com on 5 1/4.

    > My
    > preference is to obtain a replacement CD-ROM if your software
    > applications are on a floppy.

    How do you get it in the floppy drive?

    > What concerned me most is a Backdoor was
    > planted in a .zip file and unopened.

    You gotta hate those unopened files. they're so antisocial.

    > Norton’s Anti-virus application
    > couldn’t detect it. Let’s one day you come along and for no reason, you
    > decide to open this .zip file, voila, the Backdoor is unleashed.

    This says to me: there wasn't a trojan in the file ~or~ your NAV wasn't
    up to date. AS you run Win95, and the versions of NAV that run on 95
    (last was 01 iirc), then you haven't been able to update.

    > There will always be evil code applications (to knock your system into
    > becoming a victim)

    My system got hit by a very virulent splooge. It gave birth to 3 286
    triplets the other day. I think my processor has been cheating on me.
    Never trust an AMD. I think it's had an Intel inside :-(.

    > out in this world which anti-virus applications won’t
    > be able to catch.

    Virus of the week comes out. Me goes "ho hum. properly setup system
    unaffected"

    > Either the Trojan Horse already installed on your
    > system will eat the floppies alive, or hacker’s will.

    ***! I went to macca's the other day and this stooge walks in and asks
    for a McChicken with live floppies. he musta been one of those evil
    hacker types.

    > Hackers will bind
    > or disguise their applications and install them on your floppy disks.

    i'm invulnerable as I load my system from cassete. None of this evil
    floppy or hard drive *** in my world.

    > Many Trojan Horses "hide" all traces of their applications they run on
    > your system.

    ***! i thought they all popped up in 48 point flourescent purple italic
      text and said "i'm a trojan!!"

    > On your computer perform a search for a file named
    > "backdoor.zip".

    Makes much more sense than giving it an innocous name like service32.exe
    and calling it from the registry.
    I shipped some computers overseas a few years back, but before doing so
    I renamed win386spart.par to kiddypr0n.zip. Customs wankers didn't even
    check it.

    > I will warn you now, if you unleash this baby after a
    > complete application install and go online,

    I always perform a clean install, then load a trojan on my system. Why
    wouldn't you?

    > you will unleash many of the
    > secrets to the "underground" hackers world.

    And here's me thing it was grass grubs eating the roots of my lawn.
    Bloody vegan online below-ground hactivists.

    > A number of Internet Service Providers allow free dial-up access with
    > DSL and Cable connections.

    Is called a backup service in case of outage. Some of the smaller
    Watchguard units have dialup backup, but that's because Watchguard is
    owned by Al-Qaeada and performs mind-melds with galapagos turtles in the
    rainy season.

    > Note: Hackers are taking advantage of your
    > canceled accounts even when they were closed.

    Like the time that phreakers used my disconnected number? Oh wait, that
    was in a parrallel universe where all the fish had afro's and
    impersonated elvis. I hate eating fish with sideburns.

    > Until certain Internet
    > Services Providers and Telecommunication Companies correct their major
    > error; telecon your ISP and ask them to change your password since
    > malicious hackers are abusing your canceled account, holding you liable.

    Why don't you start an ISP, seeng as you're such an expert? Or offer to
    work for one as a consultant.

    > Disabling all unnecessary Window Services will assist in making your
    > computer system secure.

    I tried to disable all the windows services on my woody box, but
    couldn't find any. Am I secure?

    > How to accomplish this task is presented under
    > "Windows Services you might want to disable". If running any type of
    > Server, update the latest application patches.

    Wow! What a nugget of pure gold! "update your system".
    You should tell MS, RH, Mandrake, Debian, BSD, Hp, SCO et al: they may
    wish to inform their clients.
    >
    > Once you are able to view all Hidden Files and Folders, it would be
    > smart to make a backup copy of your registry. To perform this, do the
    > following:
    >
    > A. Select Start, Run, type in Regedit, and press enter.
    > B. Then Select Registry, Export Registry File
    > C. In the box, type a name like "3-21-02.txt"
    > D. Select Save.

    Or you could just let scanregw do it at startup. Anyway, isn't it better
    to export registry files as .reg, or create a restore point?

    >
    > You can open this file in any text editor. What you want to do first is
    > check the bottom of the file.

    Checked it. nappy's clean. Now wot?

    > Hardware/Application/Device Driver
    > information can be setup by hackers at the bottom of the file. What I
    > did was "incorporate" one registry entry at a time. You could see a
    > major difference. Each time you save the registry file it will create a
    > file called RB000.CAB and so forth, depending on how many copies that
    > you have saved. If you perform the backup when the hackers are abusing
    > your system, you might only see 30 lines of text, the next time 100, and
    > so on. This is a clear sign that your computer is compromised.

    I must be owned! My registry file had over 30 lines in it.
    i deleted all the extra's and now it won't boot. Wot do I do now?

    > Tracker
    > Shining and Glowin
    stop eating nuclear waste.
    E.

  • Next message: adam: "Q822925 problem"
    Loading