Warning for Windows Users

[Ian]

There is a hack out there that is coming in through Outlook.exe (MS OFFICE
Professional 2007) while in the
Send/Receive Process, it leads to more Outlook.exe changes, as well as
changes in svchost.exe. it leads to very slow sending of documents, and may
be part of the Bot Net. after this has happened, I noticed a .INI file. I
opend it with Notepad, but did not uncheck open with this program by default.
it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
reset the clock, but with a fresh NTFS format (not Quick), fresh flashed
BIOS and brand new install, after just installing the OS i open the hidden
system files and lo and behold the .INI files still opend by default with
notepad.( a system setting saved by software only).
I have done this entire process with Vista Business, and XP Pro SP 2. DELL
has been helpful with hardware, but Kaspersky labs can not find the
issue in their moscow lab.
I have used multiple scanning tools since the problem, and nothing finds it!

 

[Alun Jones]

"Ian" <Ian@discussions.microsoft.com> wrote in message
news:2195F293-AE95-4B21-8C48-5442A22D2CF1@microsoft.com...
> There is a hack out there that is coming in through Outlook.exe (MS OFFICE
> Professional 2007) while in the
> Send/Receive Process, it leads to more Outlook.exe changes, as well as
> changes in svchost.exe. it leads to very slow sending of documents

No, slow operation is a normal feature of Outlook.

Alun.
~~~~

 

[Ian]

Not like this, I am a Accounting and Manufacturing Software reseller. I know
when things are off

"Alun Jones" wrote:

> "Ian" <Ian@discussions.microsoft.com> wrote in message
> news:2195F293-AE95-4B21-8C48-5442A22D2CF1@microsoft.com...
> > There is a hack out there that is coming in through Outlook.exe (MS OFFICE
> > Professional 2007) while in the
> > Send/Receive Process, it leads to more Outlook.exe changes, as well as
> > changes in svchost.exe. it leads to very slow sending of documents
>
> No, slow operation is a normal feature of Outlook.
>
> Alun.
> ~~~~
>
>
>

 

[Paul Adare]

On Wed, 31 Oct 2007 12:16:05 -0700, Ian wrote:

> There is a hack out there that is coming in through Outlook.exe (MS OFFICE
> Professional 2007) while in the
> Send/Receive Process, it leads to more Outlook.exe changes, as well as
> changes in svchost.exe. it leads to very slow sending of documents, and may
> be part of the Bot Net. after this has happened, I noticed a .INI file. I
> opend it with Notepad, but did not uncheck open with this program by default.
> it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
> mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
> reset the clock, but with a fresh NTFS format (not Quick), fresh flashed
> BIOS and brand new install, after just installing the OS i open the hidden
> system files and lo and behold the .INI files still opend by default with
> notepad.( a system setting saved by software only).
> I have done this entire process with Vista Business, and XP Pro SP 2. DELL
> has been helpful with hardware, but Kaspersky labs can not find the
> issue in their moscow lab.
> I have used multiple scanning tools since the problem, and nothing finds it!

The default program for opening INI files has been Notepad since at least
NT4 and possibly before that.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Any nitwit can understand computers. Many do. -- Ted Nelson

 

[Ian]

yes when YOU the user opens them, then you have to select notepad etc to open
it. but by default it opens with a system file and will not open, until you
change it. that is why when you do an online search via the selection menu
for opening a file the search comes up empty handed as an unknown file type

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 12:16:05 -0700, Ian wrote:
>
> > There is a hack out there that is coming in through Outlook.exe (MS OFFICE
> > Professional 2007) while in the
> > Send/Receive Process, it leads to more Outlook.exe changes, as well as
> > changes in svchost.exe. it leads to very slow sending of documents, and may
> > be part of the Bot Net. after this has happened, I noticed a .INI file. I
> > opend it with Notepad, but did not uncheck open with this program by default.
> > it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
> > mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
> > reset the clock, but with a fresh NTFS format (not Quick), fresh flashed
> > BIOS and brand new install, after just installing the OS i open the hidden
> > system files and lo and behold the .INI files still opend by default with
> > notepad.( a system setting saved by software only).
> > I have done this entire process with Vista Business, and XP Pro SP 2. DELL
> > has been helpful with hardware, but Kaspersky labs can not find the
> > issue in their moscow lab.
> > I have used multiple scanning tools since the problem, and nothing finds it!
>
> The default program for opening INI files has been Notepad since at least
> NT4 and possibly before that.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Any nitwit can understand computers. Many do. -- Ted Nelson
>

 

[Paul Adare]

On Wed, 31 Oct 2007 14:09:01 -0700, Ian wrote:

> yes when YOU the user opens them, then you have to select notepad etc to open
> it. but by default it opens with a system file and will not open, until you
> change it. that is why when you do an online search via the selection menu
> for opening a file the search comes up empty handed as an unknown file type

No, you've missed the entire point of my post. In Vista, XP, Windows 2000,
etc. the Open action for .INI files is set to Notepad by default. You do
not have to do anything manually to associate the Open action. You're
attempting to use the fact that INI files on your system are associated
with Notepad as evidence of some kind of security breach and I'm telling
you that you're wrong and that simply isn't the case.

>
> "Paul Adare" wrote:
>
>> On Wed, 31 Oct 2007 12:16:05 -0700, Ian wrote:
>>
>>> There is a hack out there that is coming in through Outlook.exe (MS OFFICE
>>> Professional 2007) while in the
>>> Send/Receive Process, it leads to more Outlook.exe changes, as well as
>>> changes in svchost.exe. it leads to very slow sending of documents, and may
>>> be part of the Bot Net. after this has happened, I noticed a .INI file. I
>>> opend it with Notepad, but did not uncheck open with this program by default.
>>> it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
>>> mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
>>> reset the clock, but with a fresh NTFS format (not Quick), fresh flashed
>>> BIOS and brand new install, after just installing the OS i open the hidden
>>> system files and lo and behold the .INI files still opend by default with
>>> notepad.( a system setting saved by software only).
>>> I have done this entire process with Vista Business, and XP Pro SP 2. DELL
>>> has been helpful with hardware, but Kaspersky labs can not find the
>>> issue in their moscow lab.
>>> I have used multiple scanning tools since the problem, and nothing finds it!
>>
>> The default program for opening INI files has been Notepad since at least
>> NT4 and possibly before that.
>>
>> --
>> Paul Adare
>> MVP - Virtual Machines
>> http://www.identit.ca
>> Any nitwit can understand computers. Many do. -- Ted Nelson
>>


--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Variables won't constants aren't. -- Osborn

 

[Ian]

no i use vista and xp as was noted in my first post, and in both of those you
have to change it, the people in dell and kaspersky labs would not be looking
into it and replaceing hardware if that were the case. Even in Steve
Sinchecks book hacking XP he tells you that you have to change the ini file
to open with notepad etc as it does not open otherwise

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 14:09:01 -0700, Ian wrote:
>
> > yes when YOU the user opens them, then you have to select notepad etc to open
> > it. but by default it opens with a system file and will not open, until you
> > change it. that is why when you do an online search via the selection menu
> > for opening a file the search comes up empty handed as an unknown file type
>
> No, you've missed the entire point of my post. In Vista, XP, Windows 2000,
> etc. the Open action for .INI files is set to Notepad by default. You do
> not have to do anything manually to associate the Open action. You're
> attempting to use the fact that INI files on your system are associated
> with Notepad as evidence of some kind of security breach and I'm telling
> you that you're wrong and that simply isn't the case.
>
> >
> > "Paul Adare" wrote:
> >
> >> On Wed, 31 Oct 2007 12:16:05 -0700, Ian wrote:
> >>
> >>> There is a hack out there that is coming in through Outlook.exe (MS OFFICE
> >>> Professional 2007) while in the
> >>> Send/Receive Process, it leads to more Outlook.exe changes, as well as
> >>> changes in svchost.exe. it leads to very slow sending of documents, and may
> >>> be part of the Bot Net. after this has happened, I noticed a .INI file. I
> >>> opend it with Notepad, but did not uncheck open with this program by default.
> >>> it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
> >>> mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
> >>> reset the clock, but with a fresh NTFS format (not Quick), fresh flashed
> >>> BIOS and brand new install, after just installing the OS i open the hidden
> >>> system files and lo and behold the .INI files still opend by default with
> >>> notepad.( a system setting saved by software only).
> >>> I have done this entire process with Vista Business, and XP Pro SP 2. DELL
> >>> has been helpful with hardware, but Kaspersky labs can not find the
> >>> issue in their moscow lab.
> >>> I have used multiple scanning tools since the problem, and nothing finds it!
> >>
> >> The default program for opening INI files has been Notepad since at least
> >> NT4 and possibly before that.
> >>
> >> --
> >> Paul Adare
> >> MVP - Virtual Machines
> >> http://www.identit.ca
> >> Any nitwit can understand computers. Many do. -- Ted Nelson
> >>
>
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Variables won't constants aren't. -- Osborn
>

 

[Ian]

look at a fresh install on a new machine, the ini does not open with notepad,
mine did not untill i changed it.

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 14:09:01 -0700, Ian wrote:
>
> > yes when YOU the user opens them, then you have to select notepad etc to open
> > it. but by default it opens with a system file and will not open, until you
> > change it. that is why when you do an online search via the selection menu
> > for opening a file the search comes up empty handed as an unknown file type
>
> No, you've missed the entire point of my post. In Vista, XP, Windows 2000,
> etc. the Open action for .INI files is set to Notepad by default. You do
> not have to do anything manually to associate the Open action. You're
> attempting to use the fact that INI files on your system are associated
> with Notepad as evidence of some kind of security breach and I'm telling
> you that you're wrong and that simply isn't the case.
>
> >
> > "Paul Adare" wrote:
> >
> >> On Wed, 31 Oct 2007 12:16:05 -0700, Ian wrote:
> >>
> >>> There is a hack out there that is coming in through Outlook.exe (MS OFFICE
> >>> Professional 2007) while in the
> >>> Send/Receive Process, it leads to more Outlook.exe changes, as well as
> >>> changes in svchost.exe. it leads to very slow sending of documents, and may
> >>> be part of the Bot Net. after this has happened, I noticed a .INI file. I
> >>> opend it with Notepad, but did not uncheck open with this program by default.
> >>> it changed all of them.I reinstalled on a Scrubbed (7 times) HD with a new
> >>> mother board a flashed bios, but put the old C- MOSS (spelling?) in. had to
> >>> reset the clock, but with a fresh NTFS format (not Quick), fresh flashed
> >>> BIOS and brand new install, after just installing the OS i open the hidden
> >>> system files and lo and behold the .INI files still opend by default with
> >>> notepad.( a system setting saved by software only).
> >>> I have done this entire process with Vista Business, and XP Pro SP 2. DELL
> >>> has been helpful with hardware, but Kaspersky labs can not find the
> >>> issue in their moscow lab.
> >>> I have used multiple scanning tools since the problem, and nothing finds it!
> >>
> >> The default program for opening INI files has been Notepad since at least
> >> NT4 and possibly before that.
> >>
> >> --
> >> Paul Adare
> >> MVP - Virtual Machines
> >> http://www.identit.ca
> >> Any nitwit can understand computers. Many do. -- Ted Nelson
> >>
>
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Variables won't constants aren't. -- Osborn
>

 

[Ian]

these are the details
My oulook.exe file was changed then outlook imapi.dll, and vviewer.dll were
changed, ieuser was changed, i explorer was changed, there were NO updates.
Gotomeeteing.exe was also changed, but this was after svchost.exe was changed.
the outlook.exe was changed when i ws sending and recieving.
okay i flashed the bios and durring the reboot booted to my scubbing tool
and scrubed the drive to NSA standards ( 7 times) also scrubbed the MBR again
after just in case.
the ini file now does not exist no bootable srctor on the drive, no utility
sector nothing. i reinstall just the OS vista first. the ini was no longer
set to open with the default system file, but retained my setting to open
with note pad. THIS IS SUSPICOUS!!!
this happened several times, so i got the motherboard replaced, but not the
c-moss, nor theraw hard drive. the onsite tech confirmed that it was raw and
had no bootable sectors.
i reinstalled this time with XP but still that setting was retained, which
means a bot or virus, which is hacking my executables, likes to also live in
the c-moss, or that small bit of memory on the hard drive that remembers your
password and cannot be scrubbed as it is not actually on the disc part of the
hard drive but the parts it is attaeched to so it can be hooked up to your
system.
so they were actually replacing my motherboard this time the c-moss, as well
but not the hard drive, which means i will be able to pin point where it is.
so the Virus or Bot contains an INI file which retains my setting to open
with notebook.

 

[Paul Adare]

On Wed, 31 Oct 2007 15:49:02 -0700, Ian wrote:

> the ini was no longer
> set to open with the default system file, but retained my setting to open
> with note pad. THIS IS SUSPICOUS!!!

I'm going to tell you this one last time, the default for INI files is to
open then with Notepad. There is absolutely nothing suspicious about this.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
I must have slipped a disk my pack hurts.

 

[Ian]

no it isnt! and you are hung up on the ini file and missing the rest of the
issue. the ini setting change or lack there of is indicitifive that it is
still in the system.every tech at Dell, Microsoft, Sage, and Kaspersky, the
list can continue, i can keep asking. i know people that write code for
Epicore, MAS 500, etc.
i work in the software industry. and have even told you a book reference.
the ini default for you to change it to is notepad. the hidden system file
does not open with note pad by default, and even if it did, that does not
tend to the major issue which is the problems that come with it, rather you,
just you, not the four techs a Dell, the techs at microsoft, or the techs at
kaspersky, who all know you are wrong.


"Paul Adare" wrote:

> On Wed, 31 Oct 2007 15:49:02 -0700, Ian wrote:
>
> > the ini was no longer
> > set to open with the default system file, but retained my setting to open
> > with note pad. THIS IS SUSPICOUS!!!
>
> I'm going to tell you this one last time, the default for INI files is to
> open then with Notepad. There is absolutely nothing suspicious about this.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> I must have slipped a disk my pack hurts.
>

 

[Ian]

i know how abot this i can change it to open all ini files by default with
wrod, then when i replace the mother board but not the c-moss and flash the
bios scrub the drive, then it will open by default with Word on a fresh
installation which according to YOU should be notepad. got it now???????

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 15:49:02 -0700, Ian wrote:
>
> > the ini was no longer
> > set to open with the default system file, but retained my setting to open
> > with note pad. THIS IS SUSPICOUS!!!
>
> I'm going to tell you this one last time, the default for INI files is to
> open then with Notepad. There is absolutely nothing suspicious about this.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> I must have slipped a disk my pack hurts.
>

 

[Paul Adare]

On Wed, 31 Oct 2007 16:47:00 -0700, Ian wrote:

> no it isnt! and you are hung up on the ini file and missing the rest of the
> issue. the ini setting change or lack there of is indicitifive that it is
> still in the system.every tech at Dell, Microsoft, Sage, and Kaspersky, the
> list can continue, i can keep asking. i know people that write code for
> Epicore, MAS 500, etc.

Great, good for you. I live next door to a commercial airline pilot,
doesn't mean I know anything at all about flying a plane.

> i work in the software industry. and have even told you a book reference.

Again, good for you. I happen to work in the computer security industry.

> the ini default for you to change it to is notepad. the hidden system file
> does not open with note pad by default,

You're wrong here.

> and even if it did, that does not
> tend to the major issue which is the problems that come with it, rather you,
> just you, not the four techs a Dell, the techs at microsoft, or the techs at
> kaspersky, who all know you are wrong.

Your posts on this matter have been vague and lacking in any kind of
meaningful detail. You mentioned files that have changed, you haven't even
begun to describe what you mean by changed. As far as the slow down when
sending email, there could be any number of valid reasons that have nothing
at all to do with any kind of hack.

Posting vague warnings of dire threats really accomplishes nothing at all.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Downtime: Coffee breaks, lunch, or Friday mentality in the office.

 

[Paul Adare]

On Wed, 31 Oct 2007 16:53:00 -0700, Ian wrote:

> i know how abot this i can change it to open all ini files by default with
> wrod, then when i replace the mother board but not the c-moss and flash the
> bios scrub the drive, then it will open by default with Word on a fresh
> installation which according to YOU should be notepad. got it now???????

Right, there's some kind of evil virus or malware out there that does
nothing more than remember your settings for how you want to open INI
files. Not only does it remember them, but since you've used NSA approved
technology (whatever that is) to scrub your drive it must be storing these
preferences on a server in the deep dark bowels of the Internet and then
reapplying them every time you scrub your drive.
After you reinstall the OS you're not restoring your user profile are you?

This is getting really tiring. You're really not helping anyone at all here
and you're simply adding to the high level of FUD around malware, viruses,
and other bad things that may or may not be lurking around.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
There are two ways to write error-free programs only the third one
works.

 

[Ian]

i have worked in the software industry for 3 years

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 16:47:00 -0700, Ian wrote:
>
> > no it isnt! and you are hung up on the ini file and missing the rest of the
> > issue. the ini setting change or lack there of is indicitifive that it is
> > still in the system.every tech at Dell, Microsoft, Sage, and Kaspersky, the
> > list can continue, i can keep asking. i know people that write code for
> > Epicore, MAS 500, etc.
>
> Great, good for you. I live next door to a commercial airline pilot,
> doesn't mean I know anything at all about flying a plane.
>
> > i work in the software industry. and have even told you a book reference.
>
> Again, good for you. I happen to work in the computer security industry.
>
> > the ini default for you to change it to is notepad. the hidden system file
> > does not open with note pad by default,
>
> You're wrong here.
>
> > and even if it did, that does not
> > tend to the major issue which is the problems that come with it, rather you,
> > just you, not the four techs a Dell, the techs at microsoft, or the techs at
> > kaspersky, who all know you are wrong.
>
> Your posts on this matter have been vague and lacking in any kind of
> meaningful detail. You mentioned files that have changed, you haven't even
> begun to describe what you mean by changed. As far as the slow down when
> sending email, there could be any number of valid reasons that have nothing
> at all to do with any kind of hack.
>
> Posting vague warnings of dire threats really accomplishes nothing at all.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Downtime: Coffee breaks, lunch, or Friday mentality in the office.
>

 

[Ian]

did you miss the entire part about the outlook problem?
about the following exe files that are being changed by the hack?
outlook.exe
ieuser.exe
iexplorer.exe
svchost.exe
gotomeeting.exe
or the two dlls being changed
outlookimpi.dll
vviewer.dll
and finally the fact that what took little time to send before the .exe file
changes
and the long long time it takes after, also i start getting bounce backs to
people i email regularly telling me:
System Admin (that is actually me)
undeliverable this recipiuent is not in my list of allowed hosts. to my
boss, my reps, clients, and propects.

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 16:53:00 -0700, Ian wrote:
>
> > i know how abot this i can change it to open all ini files by default with
> > wrod, then when i replace the mother board but not the c-moss and flash the
> > bios scrub the drive, then it will open by default with Word on a fresh
> > installation which according to YOU should be notepad. got it now???????
>
> Right, there's some kind of evil virus or malware out there that does
> nothing more than remember your settings for how you want to open INI
> files. Not only does it remember them, but since you've used NSA approved
> technology (whatever that is) to scrub your drive it must be storing these
> preferences on a server in the deep dark bowels of the Internet and then
> reapplying them every time you scrub your drive.
> After you reinstall the OS you're not restoring your user profile are you?
>
> This is getting really tiring. You're really not helping anyone at all here
> and you're simply adding to the high level of FUD around malware, viruses,
> and other bad things that may or may not be lurking around.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> There are two ways to write error-free programs only the third one
> works.
>

 

[Paul Adare]

On Wed, 31 Oct 2007 17:15:00 -0700, Ian wrote:

> i have worked in the software industry for 3 years

Wow, 3 whole years. Guess that makes you an expert eh?

Seriously, you need to take a step back and think about what and how you're
posting here.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Interface: The opposite of "Getouttamyface."

 

[Ian]

i first started using PC's in 1981. by the way a fresh install only has the
settings as you go through the first launch of windows. so ther is no user
profile settings except your name and a fresh desktop.
then since there are no drivers for wifi, or the ethernet port, there is not
an internet connection
i did not say anything about a virus that changes ini files, i said much more.
and i said i accidently chaged the default program the ini file opens with,
then after using tools you have to actually buy, that get editors highest
ratings from various tech publications and testing labs.you clean away
everything. but the virus contains an ini file so since i changed the default
and this selection is stored in the viruses ini as well which changes the
rest of them when the installation process takes place
the ini file in the virus is probalby for the hackers GUI when they access
the hack.
admittedly i do not know. but it is real enough for Dell and Kaspersky to be
concerned and trying to figure out what is going on.

"Paul Adare" wrote:

> On Wed, 31 Oct 2007 16:53:00 -0700, Ian wrote:
>
> > i know how abot this i can change it to open all ini files by default with
> > wrod, then when i replace the mother board but not the c-moss and flash the
> > bios scrub the drive, then it will open by default with Word on a fresh
> > installation which according to YOU should be notepad. got it now???????
>
> Right, there's some kind of evil virus or malware out there that does
> nothing more than remember your settings for how you want to open INI
> files. Not only does it remember them, but since you've used NSA approved
> technology (whatever that is) to scrub your drive it must be storing these
> preferences on a server in the deep dark bowels of the Internet and then
> reapplying them every time you scrub your drive.
> After you reinstall the OS you're not restoring your user profile are you?
>
> This is getting really tiring. You're really not helping anyone at all here
> and you're simply adding to the high level of FUD around malware, viruses,
> and other bad things that may or may not be lurking around.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> There are two ways to write error-free programs only the third one
> works.
>

 

[Shenan Stanley]

Ian wrote:
> sorry i was unaware of the various interfaces available here. i do
> not post on anything at all usually, so...the post you are
> feferring to was not directed your way. i am tired of arguing with
> people just to try and do a good deed.


The problem is that you made a confusing post with little to no facts to
back it up.

You say that you were infested with some virus or something and how you had
associated *.ini with notepad while troubleshooting - then you proceed to
explain how you scrubbed your computer's hard disk drive, installed anew and
how your *.ini files were still associated with notepad (I can tell you
right now - I just finished three installations from CD of Windows XP
Professional - if you double-click on a *.ini file, it opens in notepad by
default) so you were convinced you were infested again.

Somewhere in there was the mention of 'outlook.exe' and 'svchost.exe' and
the 'slow sending of email'. You even mention (later) 'gotomeeting.exe'
which is not even a default Windows XP file. Somehow, in all this - you
replace your motherboard too. You even flash your BIOS (CMOS) for good
measure. You throw out names like 'Kaspersky labs' and 'Dell' and how they
are 'investigating it further' and they 'know *.ini files are not associated
with notepad by default' as you defend your loose premise that there is
something 'new' out in the virus world.

If you want to be taken seriously - you have to sound serious and describe
things carefully and precisely. Maybe you don't know all the terminology -
but that does not prevent you from 'telling a good story that is easy to
follow and just makes sense'. Your story jumps around, you seemingly start
out frustrated and making things up to fill in gaps. It really feels like a
chicken little scenario when one reads stuff like that.

So - if you really want to do your 'good deed' - go for it. Take a deep
breath and calmly type out, step-by-step, what happened. Start at the
beginning, don't jump to the end, back to the middle, 2/3 of the way through
and back to the beginning of the story - keep it in a logical progressive
timeline. Make sure you give as many details as you can. (If you sent
something to Kaspersky labs to investigate - you will have MUCH more
detail - because they are not going to investigate "my outlook went crazy, I
scrubbed my hard drive and my *ini association keeps reverting to notepad."
They would ask for details, filenames, they might even ask for specific
files (sipped up and sent to them.) Dell - they might just go through the
script and talk you down enough to hang up - could happen. heh)

Right now - all you have done is basically tell everyone... "The sky is
falling and there is nothing you can do because the experts don't know why
either... Have a nice day!"

I'm not saying all that to attack you - I am saying all that so you know
what your posting looks like to those who might read it. I am saying all
this in hopes that you might sit down and take the time to 'do your good
deed' and tell us a more concise and clear story about what happened to
you - in case this is *not* a chicken little scenario.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Ian]

you have been quite pompous in the other security post. and made sure to be
chicken belittleing at every possibility . i was simply trying to be brief.
and explain a problem .
the botnot net is nothing new but its approaches change.


"Shenan Stanley" wrote:

> Ian wrote:
> > sorry i was unaware of the various interfaces available here. i do
> > not post on anything at all usually, so...the post you are
> > feferring to was not directed your way. i am tired of arguing with
> > people just to try and do a good deed.
>
>
> The problem is that you made a confusing post with little to no facts to
> back it up.
>
> You say that you were infested with some virus or something and how you had
> associated *.ini with notepad while troubleshooting - then you proceed to
> explain how you scrubbed your computer's hard disk drive, installed anew and
> how your *.ini files were still associated with notepad (I can tell you
> right now - I just finished three installations from CD of Windows XP
> Professional - if you double-click on a *.ini file, it opens in notepad by
> default) so you were convinced you were infested again.
>
> Somewhere in there was the mention of 'outlook.exe' and 'svchost.exe' and
> the 'slow sending of email'. You even mention (later) 'gotomeeting.exe'
> which is not even a default Windows XP file. Somehow, in all this - you
> replace your motherboard too. You even flash your BIOS (CMOS) for good
> measure. You throw out names like 'Kaspersky labs' and 'Dell' and how they
> are 'investigating it further' and they 'know *.ini files are not associated
> with notepad by default' as you defend your loose premise that there is
> something 'new' out in the virus world.
>
> If you want to be taken seriously - you have to sound serious and describe
> things carefully and precisely. Maybe you don't know all the terminology -
> but that does not prevent you from 'telling a good story that is easy to
> follow and just makes sense'. Your story jumps around, you seemingly start
> out frustrated and making things up to fill in gaps. It really feels like a
> chicken little scenario when one reads stuff like that.
>
> So - if you really want to do your 'good deed' - go for it. Take a deep
> breath and calmly type out, step-by-step, what happened. Start at the
> beginning, don't jump to the end, back to the middle, 2/3 of the way through
> and back to the beginning of the story - keep it in a logical progressive
> timeline. Make sure you give as many details as you can. (If you sent
> something to Kaspersky labs to investigate - you will have MUCH more
> detail - because they are not going to investigate "my outlook went crazy, I
> scrubbed my hard drive and my *ini association keeps reverting to notepad."
> They would ask for details, filenames, they might even ask for specific
> files (sipped up and sent to them.) Dell - they might just go through the
> script and talk you down enough to hang up - could happen. heh)
>
> Right now - all you have done is basically tell everyone... "The sky is
> falling and there is nothing you can do because the experts don't know why
> either... Have a nice day!"
>
> I'm not saying all that to attack you - I am saying all that so you know
> what your posting looks like to those who might read it. I am saying all
> this in hopes that you might sit down and take the time to 'do your good
> deed' and tell us a more concise and clear story about what happened to
> you - in case this is *not* a chicken little scenario.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>