MAKING YOUR COMPUTER SYSTEM SECURE AFTER =?iso-8859-1?Q?IT=92S?= BEENCOMPROMISED

You can share this information, but give credit where credit is due.

I highly recommend keeping the hacked hard drive and purchasing a new
one. Of course you could mirror the drive, but you still need a
replacement drive to perform this task. You can’t produce the same
results by replicating files versus viewing the actual hard drive
itself. If your system was used to attack and crash a Network, or
System, you have proof for the FBI or any Law Enforcement Agency. This
would show you were not involved in any illegal activities until you
discovered your system was hacked.

The proper method is to re-format your hard drive, and install from
original CD-ROM. To safe guard against software manufacturer employee
malicious activity always virus check your CD-ROM. Not too long ago, I
decided to install X Software Application on a computer, media form was
a CD-ROM. Immediately, Norton Anti-virus told me a suspicious file
named "install.exe" was trying to load into my hard drive boot sector.
We all know an application doesn’t need to load in a boot sector of a
drive. After telling the computer not to install this application, it
still made it’s way and changed the name of my hard drive. The computer
access slowed down, while viewing directories the screen started to move
back and forth.

Virus check all floppy disks because hackers DO install a Backdoor,
Trojan Horse, or Virus on disks. They enjoy doing this especially when
you’re online using your computer, with a floppy in the drive. My
preference is to obtain a replacement CD-ROM if your software
applications are on a floppy. What concerned me most is a Backdoor was
planted in a .zip file and unopened. Norton’s Anti-virus application
couldn’t detect it. Let’s one day you come along and for no reason, you
decide to open this .zip file, voila, the Backdoor is unleashed.

There will always be evil code applications (to knock your system into
becoming a victim) out in this world which anti-virus applications won’t
be able to catch. Either the Trojan Horse already installed on your
system will eat the floppies alive, or hacker’s will. Hackers will bind
or disguise their applications and install them on your floppy disks.
Many Trojan Horses "hide" all traces of their applications they run on
your system. On your computer perform a search for a file named
"backdoor.zip". I will warn you now, if you unleash this baby after a
complete application install and go online, you will unleash many of the
secrets to the "underground" hackers world.

A number of Internet Service Providers allow free dial-up access with
DSL and Cable connections. Note: Hackers are taking advantage of your
canceled accounts even when they were closed. Until certain Internet
Services Providers and Telecommunication Companies correct their major
error; telecon your ISP and ask them to change your password since
malicious hackers are abusing your canceled account, holding you liable.

Disabling all unnecessary Window Services will assist in making your
computer system secure. How to accomplish this task is presented under
"Windows Services you might want to disable". If running any type of
Server, update the latest application patches.

Once you are able to view all Hidden Files and Folders, it would be
smart to make a backup copy of your registry. To perform this, do the
following:

A. Select Start, Run, type in Regedit, and press enter.
B. Then Select Registry, Export Registry File
C. In the box, type a name like "3-21-02.txt"
D. Select Save.

You can open this file in any text editor. What you want to do first is
check the bottom of the file. Hardware/Application/Device Driver
information can be setup by hackers at the bottom of the file. What I
did was "incorporate" one registry entry at a time. You could see a
major difference. Each time you save the registry file it will create a
file called RB000.CAB and so forth, depending on how many copies that
you have saved. If you perform the backup when the hackers are abusing
your system, you might only see 30 lines of text, the next time 100, and
so on. This is a clear sign that your computer is compromised.

Tracker
Shining and Glowin
(new Website address)
The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking,
Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus,
Windows and different types of Servers can be found at:
http://geocities.com/secure20032220000/

tracker

> You can share this information, but give credit where credit is due.

Okay: It's worthless trash as always.


--


(Quote from one who found just the right words)

USENET POST WARNING
====================
The User by the name "Tracker" aka "Debbie", VPNSISHACKERSSECRET, aka
"snailmail" regularly posts incorrect, misleading and damaging information,
to rely on the advice of this person could result in irreparable damage to
your system. It is my personal advice not to listen to anything that this
person posts and certainly to not attempt or believe anything this person
advises.

(End Quote)

Regards

Tocis (commoner AT carcosa DOT de)
For answers include HI-AK 523 in your email subject!

Thore Schmechtig

tracker wrote:
> You can share this information, but give credit where credit is due.
>
> I highly recommend keeping the hacked hard drive and purchasing a new
> one.

I hacked an old hard drive, use the magnets for playing geek darts. I
also recommend keeping the old drive as it makes a cool novelty ashtray
or a really speccy tray for serving oysters.

> Of course you could mirror the drive, but you still need a
> replacement drive to perform this task.

the term is clone sweetie. Mirror implies that you will be running it as
a failover measure.

> You can’t produce the same
> results by replicating files versus viewing the actual hard drive
> itself.

i dunno. I removed a hard drive, duct taped it to my helm and charged a
sheild wall during the opening melee of a stupid-weapons-tourney.

> If your system was used to attack and crash a Network, or
> System, you have proof for the FBI or any Law Enforcement Agency.

i went to Victim support and said I had a hard one that had been rooted
recently and they were most unsympathetic. Mace is a real bitch.

> This
> would show you were not involved in any illegal activities until you
> discovered your system was hacked.

Any hacker or cracker worthy of the name would delete any logs or
evidence of entry.

> The proper method is to re-format your hard drive, and install from
> original CD-ROM.

And if a virus/trojan is lurking in the MBR, what good would that do?

To safe guard against software manufacturer employee
> malicious activity always virus check your CD-ROM. Not too long ago, I
> decided to install X Software Application on a computer, media form was
> a CD-ROM.

I'd be curious to know the exact title of this cdrom.

Immediately, Norton Anti-virus told me a suspicious file
> named "install.exe" was trying to load into my hard drive boot sector.

You gotta hate it when an OS tries to write to the boot sector. That's
almost as stupid as trying to install an OS with an AV prog running, or
BIOS boot sector protection loaded.

This wouldn't be the *same* unupdated copy of NAV running on your system
would it?

> We all know an application doesn’t need to load in a boot sector of a
> drive. After telling the computer not to install this application, it
> still made it’s way and changed the name of my hard drive. The computer
> access slowed down, while viewing directories the screen started to move
> back and forth.

....and further shots of vodka made the floor move in a similar
manner.... So you got hit by a script-kiddy trojan. Deal with it.

> Virus check all floppy disks because hackers DO install a Backdoor,
> Trojan Horse, or Virus on disks.

Best place to install a backdoor is on removeable media. That way, when
the victim removes the disk or reboots it's not accessable. Makes
perfect sense.
heaven forbid installing something like VBE6a.dll in
c:\prog...\common...\m...shared\vba\vba6 and modifying
HKLM\Soft..\MS..\vba..:vbe6dllpath to point to it or any of the other
million and one ways of hiding something.

They enjoy doing this especially when
> you’re online using your computer, with a floppy in the drive.

Hey! You stole my idea. I have already patented the idea of mirroring
the entire internet onto floppy, and have a project going at
http://www.sourceforge.net/projects/i'm****ingstupid.php to acheive this
end. I've already got ftp.ibm.com and windowsupdate.microsoft.com on 5 1/4.


> My
> preference is to obtain a replacement CD-ROM if your software
> applications are on a floppy.

How do you get it in the floppy drive?

> What concerned me most is a Backdoor was
> planted in a .zip file and unopened.

You gotta hate those unopened files. they're so antisocial.

> Norton’s Anti-virus application
> couldn’t detect it. Let’s one day you come along and for no reason, you
> decide to open this .zip file, voila, the Backdoor is unleashed.

This says to me: there wasn't a trojan in the file ~or~ your NAV wasn't
up to date. AS you run Win95, and the versions of NAV that run on 95
(last was 01 iirc), then you haven't been able to update.

> There will always be evil code applications (to knock your system into
> becoming a victim)

My system got hit by a very virulent splooge. It gave birth to 3 286
triplets the other day. I think my processor has been cheating on me.
Never trust an AMD. I think it's had an Intel inside .

> out in this world which anti-virus applications won’t
> be able to catch.

Virus of the week comes out. Me goes "ho hum. properly setup system
unaffected"

> Either the Trojan Horse already installed on your
> system will eat the floppies alive, or hacker’s will.

****! I went to macca's the other day and this stooge walks in and asks
for a McChicken with live floppies. he musta been one of those evil
hacker types.

> Hackers will bind
> or disguise their applications and install them on your floppy disks.

i'm invulnerable as I load my system from cassete. None of this evil
floppy or hard drive **** in my world.

> Many Trojan Horses "hide" all traces of their applications they run on
> your system.

****! i thought they all popped up in 48 point flourescent purple italic
text and said "i'm a trojan!!"

> On your computer perform a search for a file named
> "backdoor.zip".

Makes much more sense than giving it an innocous name like service32.exe
and calling it from the registry.
I shipped some computers overseas a few years back, but before doing so
I renamed win386spart.par to kiddypr0n.zip. Customs wankers didn't even
check it.

> I will warn you now, if you unleash this baby after a
> complete application install and go online,

I always perform a clean install, then load a trojan on my system. Why
wouldn't you?

> you will unleash many of the
> secrets to the "underground" hackers world.

And here's me thing it was grass grubs eating the roots of my lawn.
Bloody vegan online below-ground hactivists.

> A number of Internet Service Providers allow free dial-up access with
> DSL and Cable connections.

Is called a backup service in case of outage. Some of the smaller
Watchguard units have dialup backup, but that's because Watchguard is
owned by Al-Qaeada and performs mind-melds with galapagos turtles in the
rainy season.

> Note: Hackers are taking advantage of your
> canceled accounts even when they were closed.

Like the time that phreakers used my disconnected number? Oh wait, that
was in a parrallel universe where all the fish had afro's and
impersonated elvis. I hate eating fish with sideburns.

> Until certain Internet
> Services Providers and Telecommunication Companies correct their major
> error; telecon your ISP and ask them to change your password since
> malicious hackers are abusing your canceled account, holding you liable.

Why don't you start an ISP, seeng as you're such an expert? Or offer to
work for one as a consultant.

> Disabling all unnecessary Window Services will assist in making your
> computer system secure.

I tried to disable all the windows services on my woody box, but
couldn't find any. Am I secure?

> How to accomplish this task is presented under
> "Windows Services you might want to disable". If running any type of
> Server, update the latest application patches.

Wow! What a nugget of pure gold! "update your system".
You should tell MS, RH, Mandrake, Debian, BSD, Hp, SCO et al: they may
wish to inform their clients.
>
> Once you are able to view all Hidden Files and Folders, it would be
> smart to make a backup copy of your registry. To perform this, do the
> following:
>
> A. Select Start, Run, type in Regedit, and press enter.
> B. Then Select Registry, Export Registry File
> C. In the box, type a name like "3-21-02.txt"
> D. Select Save.

Or you could just let scanregw do it at startup. Anyway, isn't it better
to export registry files as .reg, or create a restore point?

>
> You can open this file in any text editor. What you want to do first is
> check the bottom of the file.

Checked it. nappy's clean. Now wot?

> Hardware/Application/Device Driver
> information can be setup by hackers at the bottom of the file. What I
> did was "incorporate" one registry entry at a time. You could see a
> major difference. Each time you save the registry file it will create a
> file called RB000.CAB and so forth, depending on how many copies that
> you have saved. If you perform the backup when the hackers are abusing
> your system, you might only see 30 lines of text, the next time 100, and
> so on. This is a clear sign that your computer is compromised.

I must be owned! My registry file had over 30 lines in it.
i deleted all the extra's and now it won't boot. Wot do I do now?

> Tracker
> Shining and Glowin
stop eating nuclear waste.
E.

E.

On Mon, 22 Sep 2003 10:26:23 GMT, "E." <> wrote:

>My system got hit by a very virulent splooge. It gave birth to 3 286
>triplets the other day. I think my processor has been cheating on me.
>Never trust an AMD. I think it's had an Intel inside .
>

Dude, you *HAVE* to stop. It's 6:15 am, and I'm falling out of my
chair. That's going to be my sig if you don't mind.

FANTASTIC STUFF!!!!

fyrfaktry

"tracker" <"snailmail(remove/valid)222000"@yahoo.com> wrote in message
news:...
> You can share this information, but give credit where credit is due.

I don't think you need to worrry about someone else trying to take credit
for your ideas . You're one in a million.

>
> Many Trojan Horses "hide" all traces of their applications they run on
> your system. On your computer perform a search for a file named
> "backdoor.zip". I will warn you now, if you unleash this baby after a
> complete application install and go online, you will unleash many of the
> secrets to the "underground" hackers world.

Deb- do you really think you're going to find a file on a compromised system
called "backdoor.zip"?

>
> A number of Internet Service Providers allow free dial-up access with
> DSL and Cable connections. Note: Hackers are taking advantage of your
> canceled accounts even when they were closed. Until certain Internet
> Services Providers and Telecommunication Companies correct their major
> error; telecon your ISP and ask them to change your password since
> malicious hackers are abusing your canceled account, holding you liable.

If it's cancelled, how's that going to happen? Hello?

> Tracker
> Shining and Glowin
> (new Website address)
> The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking,
> Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus,
> Windows and different types of Servers can be found at:
> http://geocities.com/secure20032220000/
>
>
. Shining & Glowin........

optikl

"optikl" <> wrote in message
news:lrBbb.404791$Oz4.196509@rwcrnsc54...
> > Tracker
> > Shining and Glowin

> . Shining & Glowin........

Lithium overdose again Debbie?

nicky

"fyrfaktry" <> wrote in message
news:...
> On Mon, 22 Sep 2003 10:26:23 GMT, "E." <> wrote:
>
> >My system got hit by a very virulent splooge. It gave birth to 3 286
> >triplets the other day. I think my processor has been cheating on me.
> >Never trust an AMD. I think it's had an Intel inside .
> >
>
> Dude, you *HAVE* to stop. It's 6:15 am, and I'm falling out of my
> chair. That's going to be my sig if you don't mind.
>
> FANTASTIC STUFF!!!!

I'm trying to figure out what he's drinking!!! I might want some of it
myself!!!

Wesley C. Martin

> On your computer perform a search for a file named
>"backdoor.zip". I will warn you now, if you unleash this baby after a
>complete application install and go online, you will unleash many of the
>secrets to the "underground" hackers world.

Damn! And I thought I created that file so I could email pictures of
my backdoor to the contractor replacing it!

Jeff

Jeff Cochran

Get real dude, this hacking isn't all about computers and the Internet. Do
you think this babe enjoys watching how biker gangs commit credit card fraud,
phone phreaking, selling of drugs world wide, murder and terrorism; to name
only a few? Because all of the innocent victim computers are being used for
these purposes. The world needs to open their damn eyes to what is going on
with their computers. How many people in this world would appreciate knowing
that "THEIR" computer was used to accomplish what happened on 9-11 in New
York? Think about it!

Hackers and terrorists don't use Mabell, they use innocent victims computers
to commit crimes. This babe is stepping out of line only because no one
knows where I live and they never will.

Tracker

The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies,
The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and
different types of Servers can be found at:
http://geocities.com/secure20032220000/

tracker

tracker <"snailmail(remove/valid)222000"@yahoo.com> wrote in
news::

> I highly recommend keeping the hacked hard drive and purchasing a new
> one.

What hacked hard drive? What if I have a RAID array? What if I've
imaged a tape?

> Of course you could mirror the drive, but you still need a
> replacement drive to perform this task.

Clone already explained.


> You can’t produce the same
> results by replicating files versus viewing the actual hard drive
> itself.

But you can if you archive an exact image of the drive and mount the
image.

> If your system was used to attack and crash a Network, or
> System, you have proof for the FBI or any Law Enforcement Agency.

Let's clarify, shall we? If Debbie's system was used to attack and
crash a network, she would need proof to substantiate her claims.

> The proper method is to re-format your hard drive, and install from
> original CD-ROM.

Are you referring to the hacked drive? The one you want to keep for FBI
proof?

> To safe guard against software manufacturer employee
> malicious activity always virus check your CD-ROM. Not too long ago,
> I decided to install X Software Application on a computer, media form
> was a CD-ROM. Immediately, Norton Anti-virus told me a suspicious
> file named "install.exe" was trying to load into my hard drive boot
> sector.

Again, let's clarify. Debbie tried to install a buggered application
not from a known manufacturer (X). There is no mention that this
suspect CD-ROM is OEM, retail, or homebrewed. Likely the latter.

> Virus check all floppy disks because hackers DO install a Backdoor,
> Trojan Horse, or Virus on disks.

They DO NOT!. No hacker has ever installed anything on any disk I have
ever purchased.

> They enjoy doing this especially when
> you’re online using your computer, with a floppy in the drive.

Okay, let's put on our thinking beanie. If there is a malicious person
who, for whatever reason, is attempting to write something to your
floppy disk, are you implying that the solution is to remove the disk?
Do you think it might be worth a small consideration to remove the
malicious person's access instead?

> My
> preference is to obtain a replacement CD-ROM if your software
> applications are on a floppy.

Since nearly all applications are sold on CD these days, anything
distributed on floppy is likely obsolete. Get rid of it and upgrade.

> Let’s one day you come along and for no reason, you
> decide to open this .zip file, voila, the Backdoor is unleashed.

For no reason? If there was no reason to open the archive, why did you
open it?

Second, simply opening a ZIP file does not unleash a backdoor. Contrary
to your belief, one must execute a program to execute a program.
Opening the archive that contains the program does not execute it.

> There will always be evil code applications (to knock your system into
> becoming a victim) out in this world which anti-virus applications
> won’t be able to catch.

Well, this is almost a given as well. Since a virus must first be
detected, then reported to the AV lab, it may be some variable amount of
time (depending on the complexity and uniqueness of the virus) before an
AV update is made available.


> Either the Trojan Horse already installed on your
> system will eat the floppies alive, or hacker’s will.

Whoa, Nellie. There's a trojan horse already on my system? Really? Or
are you lying?

> Hackers will bind
> or disguise their applications and install them on your floppy disks.

Again, no dangerous software on floppies (well, I do still have OS/2
Warp 3 on floppies, alongside Windows 3.11 and DOS 6.22).

> Many Trojan Horses "hide" all traces of their applications they run on
> your system. On your computer perform a search for a file named
> "backdoor.zip".

Um, if the trojan horse hides all its traces, what good will searching
for some file do? Besides, it's hardly likely someone is going to be so
obvious as to name their file backdoor.zip. It's kind of like putting
"THIS IS A VIRUS" in the subject line of a SWEN email.

> I will warn you now, if you unleash this baby after a
> complete application install and go online, you will unleash many of
> the secrets to the "underground" hackers world.

I imagine they're waiting to learn these secrets, too.

>
> A number of Internet Service Providers allow free dial-up access with
> DSL and Cable connections. Note: Hackers are taking advantage of
> your canceled accounts even when they were closed.

No they're not, you dolt. As explained before, the hacker must know your
login ID AND password (my login ID and email ID are different) to use
your cancelled account. And because you're only talking about a 10- or
20-hour account, it's quite worthless to hackers.


Until certain
> Internet Services Providers and Telecommunication Companies correct
> their major error; telecon your ISP and ask them to change your
> password since malicious hackers are abusing your canceled account,
> holding you liable.

No ISP that I've worked with will change the password on a cancelled
account.

> How to accomplish this task [of disabling services] is presented
> under "Windows Services you might want to disable".

And where is this?

> If running any
> type of Server, update the latest application patches.

What is your audience? You seem to waffle between the complete newbie
idiot to system administrator who already knows this.

> Once you are able to view all Hidden Files and Folders, it would be
> smart to make a backup copy of your registry.

Twilight Zone. Did I miss something? How do you segue from disabling
services to already having your hidden files displayed?

And why is it important to display hidden files in order to export the
registry?

> C. In the box, type a name like "3-21-02.txt"

Where does this file end up? Does it find its way off the hacked drive?

> You can open this file in any text editor. What you want to do first
> is check the bottom of the file. Hardware/Application/Device Driver
> information can be setup by hackers at the bottom of the file.

Again, you're completely wrong. Here's the bottom of my registry file:

[HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates
\Disallowed\CTLs]

[HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates
\trust]

[HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\ trust
\Certificates]

[HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\ trust
\CRLs]

[HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\ trust
\CTLs]

[HKEY_USERS\S-1-5-18\UNICODE Program Groups]

All the Hardware/Application/Device Driver information you refer to goes
into the HKEY_LOCAL_MACHINE container, two branches up from HKEY_USERS.

> This is a clear sign that your computer is
> compromised.

Constantly watching your registry is a really stupid way to determine if
someone is attacking your machine. There are better ways, including
various IDS packages, but preventing their access in the first place is
the best place to start.

If you think your computer has been attacked, or is being used to attack
another, TAKE IT OFF THE NET! Anyone who is stupid enough to leave their
computer online should be taken out and flogged. You have no idea what
you are doing, you are not running a trap, and you certainly are not
qualified to even make the slightest attempt to aid others in restoring
their system.

Do yourself a favor Debbie and fire those assholes you call the trackers.
They are making you look like a real blithering idiot who has absolutely
no idea how to even turn a computer off let alone operate one with any
competency.

n1pop@hotmail.com