i have a virus called 'W32/Hybris-B' how do i get it off my computer? Help!!! Regards David
----- Original Message ----- From: "David Arguelles" <davida@bevisco.com.au>
i have a virus called 'W32/Hybris-B' how do i get it off my computer?
You also have a bug called Kakworm. Head to Symantec to get a program to fix this problem, and then to Microsoft to get a patch for Outlook to block the horrible evil gaping security hole that this nasty proggy came in through.
On Tue, 30 Jan 2001, Me wrote:
----- Original Message ----- From: "David Arguelles" <davida@bevisco.com.au>
i have a virus called 'W32/Hybris-B' how do i get it off my computer?
You also have a bug called Kakworm.
Head to Symantec to get a program to fix this problem, and then to Microsoft to get a patch for Outlook to block the horrible evil gaping security hole that this nasty proggy came in through.
I thought that involved removing Outlook. (Microsoft has pretty much absolved themselves of any responsibility for the scripting hols that allow this kind of crap. I don't think that they ever fixed the preview mode so that it would auto-run this kind of virus if you just look at a message, for example.) alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."
I thought that involved removing Outlook. (Microsoft has
absolved themselves of any responsibility for the scripting hols that allow this kind of crap. I don't think that they ever fixed
----- Original Message ----- From: "Alan Olsen" <alan@clueserver.org> pretty much the preview
mode so that it would auto-run this kind of virus if you just look at a message, for example.)
Microsoft did release a patch for this, which can be found here: http://www.microsoft.com/TechNet/security/bulletin/ms99-032.asp When I view his message on my patched machine, Windows pops up a 'You crazy?' dialogue box as the script starts to run. OTOH, Microsoft can't be trusted too far, so please let me know if I am sending out a snippet of evil code with this message. :)
On Tue, 30 Jan 2001, David Arguelles wrote:
i have a virus called 'W32/Hybris-B' how do i get it off my computer?
Help!!! Regards David
Before you start, save all the important stuff you're working on. But don't save it in any format (such as .doc, .xls, etc) that can include executable code. Just go for plain text or comma- delimited ascii. Put that on a floppy disk. Once you've done that: 1) Run out and buy a Linux distribution. 2) Stick the bootable CD in your hard drive. 3) turn the machine off and then back on. 4) follow the prompts. Answer "Yes" when it asks whether you want to repartition/reformat your hard drive. BE SURE you tell it to use the whole drive. This will not only get rid of your virii (plural), it will make your machine run faster and make it more stable. PS. You realize that attached to the message you sent was another Macrovirus, don't you? Bear
----- Original Message ----- From: "Ray Dillinger" <bear@sonic.net> >>i have a virus called 'W32/Hybris-B' how do i get it off my computer? >1) Run out and buy a Linux distribution. >This will not only get rid of your virii (plural), it will >make your machine run faster and make it more stable. Of course it will be faster and more stable, he will never run a single program on it. I'm sure your message was a joke, but, he won't get it and everyone else first heard it years ago. Also, if you are running W2K and are suffering regular crashes the problem is operator error, not Windows. I have been running it for a bit more than a year, and have never had a box crash or had to reboot for a problem that wasn't related to electricity. I can't say either of those things about a single one of the comps running Linux here.
On Tue, 30 Jan 2001, Me wrote:
Of course it will be faster and more stable, he will never run a single program on it.
I'm sure your message was a joke, but, he won't get it and everyone else first heard it years ago.
Not a joke: I was dead serious. Windows/Outlook is the preferred platform for viruses. If he wants to run a virus free system, he should get a system that is not the preferred platform for viruses. Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system, broken security programs that leave unencrypted temp files lying around, "encrypted" systems that just XOR the plaintext with a short repeating key, etc ad nauseam. And this is just the stuff that auditors have been able to find without recourse to source code. If you want secure systems, get a system that you can read the source code for and *see* what the hell is going on -- or *fix* it if you find something broken. Finally, it's really nice to have a comprehensive system of permissions, etc -- that way some idiot running zork can't trash out anything that the system actually depends on, even if he runs a virus-infected zork. And let's not forget the "autoregister" feature in Whistler. Isn't it nice that I'll be able to upgrade hardware without buying a new operating system?
Also, if you are running W2K and are suffering regular crashes the problem is operator error, not Windows.
bear@bolt~>uptime 11:27am up 46 days, 21:30, 76 users, load average: 0.31, 0.28, 0.16 <<
The last downtime, a month and a half ago, was for a hard drive upgrade. The one before that was four months prior, and that was for physically relocating the machine. I don't even remember the last time it crashed; I don't think it ever has in the five years I've been using it. Bear
On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system,
Everything else is true, but I'm not sure about the above. You're talking about the NSA key, I assume. -Declan
On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system,
Everything else is true, but I'm not sure about the above. You're talking about the NSA key, I assume.
Don't encourage this freak and his mis-information Declan....
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does an active coderpunks list still exist? I'd like to sign off of cypherpunks because of the signal to noise ratio. I'm working on a partial RFC2440 and RFC2040 implementations, and some other related projects. It would be nice to get on a list with other crypto programmers. I'd appreciate any solid pointers. Thanks, - VAB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iD8DBQE6fHYw+pIJc5kqSz8RAgMUAKCsVcSkXCGwFD5OX42CbiCBLtP9KACglyEP 9vA2Yfkom6QCGVZAnzwynI4= =lJQm -----END PGP SIGNATURE-----
http://einstein.ssz.com/cdr/index.html#relres ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- -------------------------------------------------------------------- On Sat, 3 Feb 2001, V. Alex Brennen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Does an active coderpunks list still exist?
I'd like to sign off of cypherpunks because of the signal to noise ratio. I'm working on a partial RFC2440 and RFC2040 implementations, and some other related projects. It would be nice to get on a list with other crypto programmers.
I'd appreciate any solid pointers.
Thanks,
- VAB
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6
iD8DBQE6fHYw+pIJc5kqSz8RAgMUAKCsVcSkXCGwFD5OX42CbiCBLtP9KACglyEP 9vA2Yfkom6QCGVZAnzwynI4= =lJQm -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 3 Feb 2001, Jim Choate wrote:
Coderpunks:
Thanks to the many who have already replied. I mistakenly assumed that coderpunks@toad.com was deprecated along with cypherpunks@toad.com. - VAB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iD8DBQE6fKYb+pIJc5kqSz8RAukcAJ9aDh/D5adgR5msvP7fpFbv+D9bSwCfUMEa USFi4dQuy8JYip5p5LBGXNs= =iDX5 -----END PGP SIGNATURE-----
On Sat, Feb 03, 2001 at 04:20:30PM -0500, V. Alex Brennen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Does an active coderpunks list still exist?
Yes. coderpunks@toad.com -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
Coderpunks-request@toad.com will get you to a quiet list with a high signal-to-noise ratio. It's not dead, but it's usually not very busy, since nobody codes any more :-) Cryptography-request@c2.net will get you to Perry's probably-still-moderated list, which has more traffic, and does more cryptography discussion than coderpunks, plus occasional relevant political or business news. At 04:20 PM 2/3/01 -0500, V. Alex Brennen wrote:
Does an active coderpunks list still exist?
I'd like to sign off of cypherpunks because of the signal to noise ratio. I'm working on a partial RFC2440 and RFC2040 implementations, and some other related projects. It would be nice to get on a list with other crypto programmers.
Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Tue, 30 Jan 2001, Declan McCullagh wrote:
On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system,
Everything else is true, but I'm not sure about the above. You're talking about the NSA key, I assume.
Yes: Windows has one documented public key that it uses to check software that gets, eg, mailed to it via outlook, or downloads in a webpage via Explorer, or etc, to decide whether it is "trusted" software or not. If it is trusted software (presumably from Microsoft) then it can be run without popping up a dialog box and getting the user's attention/ permission. Otherwise, "normal" security methods apply. People with debuggers long since discovered that there is more than one key ( though there are conflicting reports about whether there are two or three), but had no idea why there would be more than one unless Microsoft wanted to enable some third party to create "trusted" applications without Microsoft's knowledge or review. Recently when a windows system was made available in a debug build (ie, with the symbolic names etc still in the code), it was discovered that one of the "extra" keys was named NSA_key, which gives at least a strong hint as to who else is allowed to create "trusted" downloadable software. Bear
Yes, I remember all that. And I'm as paranoid as anyone. But this once, the official MS/NSA explanation may be correct: That it's related to export approval, and does not in any way work as you describe. -Declan At 05:55 PM 1/30/01 -0800, Ray Dillinger wrote:
On Tue, 30 Jan 2001, Declan McCullagh wrote:
On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system,
Everything else is true, but I'm not sure about the above. You're talking about the NSA key, I assume.
Yes: Windows has one documented public key that it uses to check software that gets, eg, mailed to it via outlook, or downloads in a webpage via Explorer, or etc, to decide whether it is "trusted" software or not. If it is trusted software (presumably from Microsoft) then it can be run without popping up a dialog box and getting the user's attention/ permission. Otherwise, "normal" security methods apply.
People with debuggers long since discovered that there is more than one key ( though there are conflicting reports about whether there are two or three), but had no idea why there would be more than one unless Microsoft wanted to enable some third party to create "trusted" applications without Microsoft's knowledge or review.
Recently when a windows system was made available in a debug build (ie, with the symbolic names etc still in the code), it was discovered that one of the "extra" keys was named NSA_key, which gives at least a strong hint as to who else is allowed to create "trusted" downloadable software.
Bear
On Tue, 30 Jan 2001, Declan McCullagh wrote:
But this once, the official MS/NSA explanation may be correct: That it's related to export approval, and does not in any way work as you describe.
But does that really matter if the key is there and makes it possible for the NSA to produce 'secure' software? (Of course, I haven't seen any verified report that says the key is actually present in current non-debug builds, or that it is used in parallel with the m$ one. I'm assuming.) Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university
Background: http://www.politechbot.com/p-00590.html -Declan At 05:55 PM 1/30/01 -0800, Ray Dillinger wrote:
Yes: Windows has one documented public key that it uses to check software that gets, eg, mailed to it via outlook, or downloads in a webpage via Explorer, or etc, to decide whether
I'm not sure re: the 'trusted download applications' scenario. I have not stepped-through the microsoft capi code material, but I believe a more reasonable assumption is that law enforcement is more interested in "dummying-down" the strength of ssl (and e-mail, and .pst file key) sessions rather than trying to mask a trojan. Here's why I think this: your isp is capable of delivering a trojan, already provides updates to dialer apps, etc. and isp downloads are generally unchecked by end users. And, your isp is very likely to respond to a warrant to download a trojan to a user machine (this happens every day.) In contrast, Microsoft is unable to comply with a warrant to enable such a download on demand...the alternative is to purposefully lie to the entire world about pre-weakend 128-bit key strength, easily attracting lawsuits...I seriously doubt any rational us company would accept this level of exposure just to comply with a warrant (don't forget the #1 opponents of us crypto export laws are us companies, not individuals...shows us companies are more money driven than 'gee lets help law enforcement at the expense of our business' driven). Plus, microsoft doesn't have a huge session-tracking system which enables them to detect when a particular user logs into the net, etc....an isp does have this kind of info though and could target specific users in response to a warrant. I think the scenario I've outlined above is probably a legal and reasonable explanation (though I'm not a lawyer). As for multiple keys in the microsoft crypto stuff, don't forget about server-gated crypto. that particular technology, created by microsoft, relies on a different set of key generation/management rules than normal ssl. this is probably where the 'extra keys' come from. Phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Ray Dillinger Sent: Tuesday, January 30, 2001 8:56 PM To: Declan McCullagh Cc: Me; cypherpunks@einstein.ssz.com Subject: Re: Absolutely not a joke. On Tue, 30 Jan 2001, Declan McCullagh wrote:
On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system,
Everything else is true, but I'm not sure about the above. You're talking about the NSA key, I assume.
Yes: Windows has one documented public key that it uses to check software that gets, eg, mailed to it via outlook, or downloads in a webpage via Explorer, or etc, to decide whether it is "trusted" software or not. If it is trusted software (presumably from Microsoft) then it can be run without popping up a dialog box and getting the user's attention/ permission. Otherwise, "normal" security methods apply. People with debuggers long since discovered that there is more than one key ( though there are conflicting reports about whether there are two or three), but had no idea why there would be more than one unless Microsoft wanted to enable some third party to create "trusted" applications without Microsoft's knowledge or review. Recently when a windows system was made available in a debug build (ie, with the symbolic names etc still in the code), it was discovered that one of the "extra" keys was named NSA_key, which gives at least a strong hint as to who else is allowed to create "trusted" downloadable software. Bear
Me <commerce@home.com> wrote:
Of course it will be faster and more stable, he will never run a single program on it.
I'm sure your message was a joke, but, he won't get it and everyone else first heard it years ago.
Also, if you are running W2K and are suffering regular crashes the problem is operator error, not Windows.
I have been running it for a bit more than a year, and have never had a box crash or had to reboot for a problem that wasn't related to electricity. I can't say either of those things about a single one of the comps running Linux here.
#!/usr/bin/perl $str = "Also, if you are running W2K and are suffering regular crashes the problem is operator error, not Windows."; $str =~ s/W2K/Linux/; $str =~ s/Windows/Linux/; print $str; exit; -- Riad Wahby rsw@mit.edu MIT VI-2/A 2002 5105
#!/usr/bin/perl
$str = "Also, if you are running W2K and are suffering regular crashes the
----- Original Message ----- From: "Riad S. Wahby" <rsw@mit.edu> problem
is operator error, not Windows.";
$str =~ s/W2K/Linux/; $str =~ s/Windows/Linux/;
print $str; exit;
Yes, that is fairly accurate. Not particularly relevant though, since he was only knocking Windows. I wouldn't have gone to so much trouble to express it, either.
My uptime on my Linux server is 112 days, and that's just because I had to install memory. My uptime on my Windows 98 laptop is about 1 day. My previous Windows laptop was even worse. My previous Unix box was the same. -Declan
My uptime on my Linux server is 112 days, and that's just because I had to install memory. My uptime on my Windows 98 laptop is about 1 day.
We had--until the middle of december--a linux box running mysql that served as the solitary authentication DB for our (the company I work for) website. Approximately 500k users in the database. About 200k active in a given week. The *mysql* instance had been running for 246 days. The machine under it for a little longer. It had run for several months before that, but it was moved from one building to another. For space and saftey reasons we moved it to a Sun 420 with a big disk cluster with Veratas. It crashed and burned within a month. Never fuck with a working box. -- A quote from Petro's Archives: ********************************************** "As someone who has worked both in private industry and in academia, whenever I hear about academics wanting to teach ethics to people in business, I want to puke."--Thomas Sowell.
Declan McCullagh wrote:
My uptime on my Linux server is 112 days, and that's just because I had to install memory. My uptime on my Windows 98 laptop is about 1 day.
My previous Windows laptop was even worse. My previous Unix box was the same.
Roughly my experience. My Windows 98 can stay up for a week if I don't use it but I tend to do a reboot at least daily under real use (email & word-processing mainly - my daughter plays games & that's worse) Windows 3.1 used to be far less reliable & my iBook is pretty bad as well. I doubt if I've ever had 8 hours uninterrupted service from it. Linux is about the same as Solaris - I've seen it up for a year, though not on a machine that was doing much, and I'd be upset if one had to be restarted as often as once a month for bugfixes or maintenance. I have seen some unpleasant memory problems on Solaris though not on Linux, but I've used Linux less (just one box at work & another at home at the moment - but at a previous place of employment we managed to keep Linux-based firewalls and web caches going for 24/7 3 weeks out of 4) I guess Linux is maybe 100 times as reliable as Windows 98? I've had over a year's continuous online operation, with heavy use, from some of the more robust Unices, especially AIX & DGUX (I've known AIX systems continue to run quite happily after the system disk was totally trashed with an rm -fR *, also I've seen them carry on for months with real hardware errors on disks, screens and even memory) To be fair to Microsoft I have seen dedicated servers based on DOS that just ran one program all the time stay up for a very long time indeed. But as soon as Windows gets into the picture, reliability goes through the floor. NT can stand for weeks provided you don't use it as an IIS web server or Exchange server, that tends to kill it, as does MS Word of all things. I've been using NT since beta releases of 3.1 & I am very familiar with the way it hangs. I've also installed literally dozens, if not hundreds, of NT systems. It really is far, far, more reliable than W98 and far, far, less than a decent Unix (don't ask me about SCO though) Ken (who lost count of how many different OS he's installed & worked on at about 19. Systems that is, not years.)
participants (15)
-
Alan Olsen -
Bill Stewart -
David Arguelles -
Declan McCullagh -
Eric Murray -
Jim Choate -
Ken Brown -
Mario Contestabile -
Me -
petro -
Phillip H. Zakas -
Ray Dillinger -
Riad S. Wahby -
Sampo Syreeni -
V. Alex Brennen