Warning for windows users

[Ian]

Let me explain this problem again, while I am not juggling work, multiple
support techs, and trying to get a quick blurb out there for the user base,
and maybe some insight.
There is a hack coming in through the Outlook.exe this occurs during the
send/receive process, at which time while the outlook.exe file is being
changed, it will hang for some time. Eventually the email goes out, but the
time it takes is more than it would have taken to have emailed over 10x the
information being sent, moreover, I get a System Admin return mail ( I am
System Admin) telling me this recipient is not in their list of allowed hosts
error #5.7.1. Also after the Outlook.exe gets changed, the Outlookimap.dll,
and the vviewer.dll get changed as well.
After the Outlook.exe change (it may be changed up to three more times)
during the send and receive process. The scvhost.exe ends up getting changed
after there are no more changes to the Outlook.exe being made.
Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
gotomeeting.exe. Gotomeeting is OBVIOUSLY not part of either the XP or Vista
OS, but it is another .exe that has access to the internet!
This keeps happening and is not just happening to me, my boss has had
similar issues, and several reports have come in to our security solution
provider regarding the Outlook.exe change. However they have done system
captures and cannot find anything. Which, according to the security solution
provider, means that the virus/Bot is on the same “levelâ€, not that it does
not exist.
This aspect may be unrelated, but just in case it is not. In the Vista
environment, I made a change to the open with selection for a hidden system
file, and accidentally left the box checked to apply my selection to all
files of this type, and the system did so with a slight pause. I believed
this to be an “INI†file as this changed the metrics for the smaller pop-up
windows in Vista were now full screen windows. These windows include the Copy
To and Move To,etc… windows which are normally smaller and not sizeable when
you are selecting which folder to send , copy, or move the file to. The
windows do not get bigger unless you mess with the metrics, which is why I
assumed that it is an “INI†file I am talking about.
This setting to open my Mysterious “INI†file, which may not have been an
ini file (as was so helpfully pointed out yesterday by some of the people
here) was retained by my system after flashing the BIOS, scrubbing my hard
drive, reformatting with NTFS, and reinstalling the OS only with NO internet
connection, these windows were still opening up full screen, but this only
happens in Vista, these windows stay the same size in XP, even after
installing other software, and importing my files. But the change, or lack
thereof, remains obvious in Vista.
I have repeated these steps multiple times, and included in the last effort
was a replacement of the motherboard, but the old CMOS and the Old raw hard
drive were still used, and the windows metrics setting that had been
accidentally changed, was still there and the windows that should be smaller
are still opening up full screen in Vista.
As I said I do not know if there is a relationship between the two, but
there is usually something left behind in a system for the hacker to use
later, so… Thanks for all the friendly advice!

 

[Alun Jones]

Thank you for posting a slightly clearer explanation of your concerns.

"Ian" <Ian@discussions.microsoft.com> wrote in message
news:AA232113-F244-47D7-902D-273723F3CE6C@microsoft.com...
> Let me explain this problem again, while I am not juggling work, multiple
> support techs, and trying to get a quick blurb out there for the user
> base,
> and maybe some insight.
> There is a hack coming in through the Outlook.exe this occurs during the
> send/receive process, at which time while the outlook.exe file is being
> changed, it will hang for some time.

During the send/receive process, Outlook will frequently hang.

> Eventually the email goes out, but the
> time it takes is more than it would have taken to have emailed over 10x
> the
> information being sent,

This is not uncommon.

> moreover, I get a System Admin return mail ( I am
> System Admin) telling me this recipient is not in their list of allowed
> hosts
> error #5.7.1.

You are System Admin on _your_ host / network. Email is about exchanging
messages with other hosts at remote networks, which have their own System
Admins. Mail servers are constantly being tweaked, in code and by
administrative configurations, to try and reduce the quantity of spam. This
results in the kind of error you are seeing.

> Also after the Outlook.exe gets changed, the Outlookimap.dll,
> and the vviewer.dll get changed as well.

Show evidence that these files have been changed - dates and file sizes.

> After the Outlook.exe change (it may be changed up to three more times)
> during the send and receive process. The scvhost.exe ends up getting
> changed
> after there are no more changes to the Outlook.exe being made.

Again, if svchost.exe is being changed, give dates and file sizes to show
this change.

> Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
> gotomeeting.exe.

Again, please show some demonstration that these files are changed.

> Gotomeeting is OBVIOUSLY not part of either the XP or Vista
> OS, but it is another .exe that has access to the internet!
> This keeps happening and is not just happening to me, my boss has had
> similar issues, and several reports have come in to our security solution
> provider regarding the Outlook.exe change. However they have done system
> captures and cannot find anything. Which, according to the security
> solution
> provider, means that the virus/Bot is on the same "level", not that it
> does
> not exist.

Who is the "security solution provider" that is telling you this, and what
do they believe your issue to be?

> This aspect may be unrelated, but just in case it is not. In the Vista
> environment, I made a change to the open with selection for a hidden
> system
> file, and accidentally left the box checked to apply my selection to all
> files of this type, and the system did so with a slight pause. I believed
> this to be an "INI" file as this changed the metrics for the smaller
> pop-up
> windows in Vista were now full screen windows. These windows include the
> Copy
> To and Move To,etc. windows which are normally smaller and not sizeable
> when
> you are selecting which folder to send , copy, or move the file to. The
> windows do not get bigger unless you mess with the metrics, which is why I
> assumed that it is an "INI" file I am talking about.

I can't make any sense of this. Not the behaviour - your description. I
can't understand what you are saying.

> This setting to open my Mysterious "INI" file, which may not have been an
> ini file (as was so helpfully pointed out yesterday by some of the people
> here) was retained by my system after flashing the BIOS, scrubbing my hard
> drive, reformatting with NTFS, and reinstalling the OS only with NO
> internet
> connection, these windows were still opening up full screen, but this only
> happens in Vista, these windows stay the same size in XP, even after
> installing other software, and importing my files. But the change, or lack
> thereof, remains obvious in Vista.
> I have repeated these steps multiple times, and included in the last
> effort
> was a replacement of the motherboard, but the old CMOS and the Old raw
> hard
> drive were still used, and the windows metrics setting that had been
> accidentally changed, was still there and the windows that should be
> smaller
> are still opening up full screen in Vista.
> As I said I do not know if there is a relationship between the two, but
> there is usually something left behind in a system for the hacker to use
> later, so. Thanks for all the friendly advice!

Again, you're really not making sense.

Alun.
~~~~

 

[Ian]

After you nake the menu bar available in Vista and opne your documents lets
say, and you want to move something to a backup lets say. so you go to the
edit button on the menu bar choose lets say Move To, and a window pops up,
with a menutree of your files which you scroll through to choose which file
you want to move the file to. this window is small. its does not have the
button to maximize the window available. this is the window that changed to
full screen, and this setting will not go away!

"Alun Jones" wrote:

> Thank you for posting a slightly clearer explanation of your concerns.
>
> "Ian" <Ian@discussions.microsoft.com> wrote in message
> news:AA232113-F244-47D7-902D-273723F3CE6C@microsoft.com...
> > Let me explain this problem again, while I am not juggling work, multiple
> > support techs, and trying to get a quick blurb out there for the user
> > base,
> > and maybe some insight.
> > There is a hack coming in through the Outlook.exe this occurs during the
> > send/receive process, at which time while the outlook.exe file is being
> > changed, it will hang for some time.
>
> During the send/receive process, Outlook will frequently hang.
>
> > Eventually the email goes out, but the
> > time it takes is more than it would have taken to have emailed over 10x
> > the
> > information being sent,
>
> This is not uncommon.
>
> > moreover, I get a System Admin return mail ( I am
> > System Admin) telling me this recipient is not in their list of allowed
> > hosts
> > error #5.7.1.
>
> You are System Admin on _your_ host / network. Email is about exchanging
> messages with other hosts at remote networks, which have their own System
> Admins. Mail servers are constantly being tweaked, in code and by
> administrative configurations, to try and reduce the quantity of spam. This
> results in the kind of error you are seeing.
>
> > Also after the Outlook.exe gets changed, the Outlookimap.dll,
> > and the vviewer.dll get changed as well.
>
> Show evidence that these files have been changed - dates and file sizes.
>
> > After the Outlook.exe change (it may be changed up to three more times)
> > during the send and receive process. The scvhost.exe ends up getting
> > changed
> > after there are no more changes to the Outlook.exe being made.
>
> Again, if svchost.exe is being changed, give dates and file sizes to show
> this change.
>
> > Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
> > gotomeeting.exe.
>
> Again, please show some demonstration that these files are changed.
>
> > Gotomeeting is OBVIOUSLY not part of either the XP or Vista
> > OS, but it is another .exe that has access to the internet!
> > This keeps happening and is not just happening to me, my boss has had
> > similar issues, and several reports have come in to our security solution
> > provider regarding the Outlook.exe change. However they have done system
> > captures and cannot find anything. Which, according to the security
> > solution
> > provider, means that the virus/Bot is on the same "level", not that it
> > does
> > not exist.
>
> Who is the "security solution provider" that is telling you this, and what
> do they believe your issue to be?
>
> > This aspect may be unrelated, but just in case it is not. In the Vista
> > environment, I made a change to the open with selection for a hidden
> > system
> > file, and accidentally left the box checked to apply my selection to all
> > files of this type, and the system did so with a slight pause. I believed
> > this to be an "INI" file as this changed the metrics for the smaller
> > pop-up
> > windows in Vista were now full screen windows. These windows include the
> > Copy
> > To and Move To,etc. windows which are normally smaller and not sizeable
> > when
> > you are selecting which folder to send , copy, or move the file to. The
> > windows do not get bigger unless you mess with the metrics, which is why I
> > assumed that it is an "INI" file I am talking about.
>
> I can't make any sense of this. Not the behaviour - your description. I
> can't understand what you are saying.
>
> > This setting to open my Mysterious "INI" file, which may not have been an
> > ini file (as was so helpfully pointed out yesterday by some of the people
> > here) was retained by my system after flashing the BIOS, scrubbing my hard
> > drive, reformatting with NTFS, and reinstalling the OS only with NO
> > internet
> > connection, these windows were still opening up full screen, but this only
> > happens in Vista, these windows stay the same size in XP, even after
> > installing other software, and importing my files. But the change, or lack
> > thereof, remains obvious in Vista.
> > I have repeated these steps multiple times, and included in the last
> > effort
> > was a replacement of the motherboard, but the old CMOS and the Old raw
> > hard
> > drive were still used, and the windows metrics setting that had been
> > accidentally changed, was still there and the windows that should be
> > smaller
> > are still opening up full screen in Vista.
> > As I said I do not know if there is a relationship between the two, but
> > there is usually something left behind in a system for the hacker to use
> > later, so. Thanks for all the friendly advice!
>
> Again, you're really not making sense.
>
> Alun.
> ~~~~
>
>
>

 

[Ian]

these problems and the EXTENSIVENESS of the hang, are recent issues!!!! i
have been working from the same location for a little over three years.

"Alun Jones" wrote:

> Thank you for posting a slightly clearer explanation of your concerns.
>
> "Ian" <Ian@discussions.microsoft.com> wrote in message
> news:AA232113-F244-47D7-902D-273723F3CE6C@microsoft.com...
> > Let me explain this problem again, while I am not juggling work, multiple
> > support techs, and trying to get a quick blurb out there for the user
> > base,
> > and maybe some insight.
> > There is a hack coming in through the Outlook.exe this occurs during the
> > send/receive process, at which time while the outlook.exe file is being
> > changed, it will hang for some time.
>
> During the send/receive process, Outlook will frequently hang.
>
> > Eventually the email goes out, but the
> > time it takes is more than it would have taken to have emailed over 10x
> > the
> > information being sent,
>
> This is not uncommon.
>
> > moreover, I get a System Admin return mail ( I am
> > System Admin) telling me this recipient is not in their list of allowed
> > hosts
> > error #5.7.1.
>
> You are System Admin on _your_ host / network. Email is about exchanging
> messages with other hosts at remote networks, which have their own System
> Admins. Mail servers are constantly being tweaked, in code and by
> administrative configurations, to try and reduce the quantity of spam. This
> results in the kind of error you are seeing.
>
> > Also after the Outlook.exe gets changed, the Outlookimap.dll,
> > and the vviewer.dll get changed as well.
>
> Show evidence that these files have been changed - dates and file sizes.
>
> > After the Outlook.exe change (it may be changed up to three more times)
> > during the send and receive process. The scvhost.exe ends up getting
> > changed
> > after there are no more changes to the Outlook.exe being made.
>
> Again, if svchost.exe is being changed, give dates and file sizes to show
> this change.
>
> > Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
> > gotomeeting.exe.
>
> Again, please show some demonstration that these files are changed.
>
> > Gotomeeting is OBVIOUSLY not part of either the XP or Vista
> > OS, but it is another .exe that has access to the internet!
> > This keeps happening and is not just happening to me, my boss has had
> > similar issues, and several reports have come in to our security solution
> > provider regarding the Outlook.exe change. However they have done system
> > captures and cannot find anything. Which, according to the security
> > solution
> > provider, means that the virus/Bot is on the same "level", not that it
> > does
> > not exist.
>
> Who is the "security solution provider" that is telling you this, and what
> do they believe your issue to be?
>
> > This aspect may be unrelated, but just in case it is not. In the Vista
> > environment, I made a change to the open with selection for a hidden
> > system
> > file, and accidentally left the box checked to apply my selection to all
> > files of this type, and the system did so with a slight pause. I believed
> > this to be an "INI" file as this changed the metrics for the smaller
> > pop-up
> > windows in Vista were now full screen windows. These windows include the
> > Copy
> > To and Move To,etc. windows which are normally smaller and not sizeable
> > when
> > you are selecting which folder to send , copy, or move the file to. The
> > windows do not get bigger unless you mess with the metrics, which is why I
> > assumed that it is an "INI" file I am talking about.
>
> I can't make any sense of this. Not the behaviour - your description. I
> can't understand what you are saying.
>
> > This setting to open my Mysterious "INI" file, which may not have been an
> > ini file (as was so helpfully pointed out yesterday by some of the people
> > here) was retained by my system after flashing the BIOS, scrubbing my hard
> > drive, reformatting with NTFS, and reinstalling the OS only with NO
> > internet
> > connection, these windows were still opening up full screen, but this only
> > happens in Vista, these windows stay the same size in XP, even after
> > installing other software, and importing my files. But the change, or lack
> > thereof, remains obvious in Vista.
> > I have repeated these steps multiple times, and included in the last
> > effort
> > was a replacement of the motherboard, but the old CMOS and the Old raw
> > hard
> > drive were still used, and the windows metrics setting that had been
> > accidentally changed, was still there and the windows that should be
> > smaller
> > are still opening up full screen in Vista.
> > As I said I do not know if there is a relationship between the two, but
> > there is usually something left behind in a system for the hacker to use
> > later, so. Thanks for all the friendly advice!
>
> Again, you're really not making sense.
>
> Alun.
> ~~~~
>
>
>

 

[Ian]

it is a mass mailer hack, i spoke with some one i work with from a fincancing
company, as i had sent him informataion for someone who needed financing, he
never got the email, as his email had been hijacked, and was sending out mass
mailers, after i heard this, i checked the bounce back mail, i had gotten,
and while the firstname was the same, the domain was not eveb close to the
person i had emailed to. in fact the email address the email address which
bounced back was sent to wasn not and had never been in my database!
Thanks to all who were so concerned with proving me to be a fake, that they
could not realize i was explaining something that was not normal, and
including everything that was going on rather or not it was related to the
actual problem, since i do not know which of the symptoms were actually
symptoms, and which were actually unrelated. My email would not come in from
time to time, from my boss and others, so the end result of my warning a
outlook hijack, that does not get stopped by security software, which uses
your email account, to send mass mailers.

"Alun Jones" wrote:

> Thank you for posting a slightly clearer explanation of your concerns.
>
> "Ian" <Ian@discussions.microsoft.com> wrote in message
> news:AA232113-F244-47D7-902D-273723F3CE6C@microsoft.com...
> > Let me explain this problem again, while I am not juggling work, multiple
> > support techs, and trying to get a quick blurb out there for the user
> > base,
> > and maybe some insight.
> > There is a hack coming in through the Outlook.exe this occurs during the
> > send/receive process, at which time while the outlook.exe file is being
> > changed, it will hang for some time.
>
> During the send/receive process, Outlook will frequently hang.
>
> > Eventually the email goes out, but the
> > time it takes is more than it would have taken to have emailed over 10x
> > the
> > information being sent,
>
> This is not uncommon.
>
> > moreover, I get a System Admin return mail ( I am
> > System Admin) telling me this recipient is not in their list of allowed
> > hosts
> > error #5.7.1.
>
> You are System Admin on _your_ host / network. Email is about exchanging
> messages with other hosts at remote networks, which have their own System
> Admins. Mail servers are constantly being tweaked, in code and by
> administrative configurations, to try and reduce the quantity of spam. This
> results in the kind of error you are seeing.
>
> > Also after the Outlook.exe gets changed, the Outlookimap.dll,
> > and the vviewer.dll get changed as well.
>
> Show evidence that these files have been changed - dates and file sizes.
>
> > After the Outlook.exe change (it may be changed up to three more times)
> > during the send and receive process. The scvhost.exe ends up getting
> > changed
> > after there are no more changes to the Outlook.exe being made.
>
> Again, if svchost.exe is being changed, give dates and file sizes to show
> this change.
>
> > Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
> > gotomeeting.exe.
>
> Again, please show some demonstration that these files are changed.
>
> > Gotomeeting is OBVIOUSLY not part of either the XP or Vista
> > OS, but it is another .exe that has access to the internet!
> > This keeps happening and is not just happening to me, my boss has had
> > similar issues, and several reports have come in to our security solution
> > provider regarding the Outlook.exe change. However they have done system
> > captures and cannot find anything. Which, according to the security
> > solution
> > provider, means that the virus/Bot is on the same "level", not that it
> > does
> > not exist.
>
> Who is the "security solution provider" that is telling you this, and what
> do they believe your issue to be?
>
> > This aspect may be unrelated, but just in case it is not. In the Vista
> > environment, I made a change to the open with selection for a hidden
> > system
> > file, and accidentally left the box checked to apply my selection to all
> > files of this type, and the system did so with a slight pause. I believed
> > this to be an "INI" file as this changed the metrics for the smaller
> > pop-up
> > windows in Vista were now full screen windows. These windows include the
> > Copy
> > To and Move To,etc. windows which are normally smaller and not sizeable
> > when
> > you are selecting which folder to send , copy, or move the file to. The
> > windows do not get bigger unless you mess with the metrics, which is why I
> > assumed that it is an "INI" file I am talking about.
>
> I can't make any sense of this. Not the behaviour - your description. I
> can't understand what you are saying.
>
> > This setting to open my Mysterious "INI" file, which may not have been an
> > ini file (as was so helpfully pointed out yesterday by some of the people
> > here) was retained by my system after flashing the BIOS, scrubbing my hard
> > drive, reformatting with NTFS, and reinstalling the OS only with NO
> > internet
> > connection, these windows were still opening up full screen, but this only
> > happens in Vista, these windows stay the same size in XP, even after
> > installing other software, and importing my files. But the change, or lack
> > thereof, remains obvious in Vista.
> > I have repeated these steps multiple times, and included in the last
> > effort
> > was a replacement of the motherboard, but the old CMOS and the Old raw
> > hard
> > drive were still used, and the windows metrics setting that had been
> > accidentally changed, was still there and the windows that should be
> > smaller
> > are still opening up full screen in Vista.
> > As I said I do not know if there is a relationship between the two, but
> > there is usually something left behind in a system for the hacker to use
> > later, so. Thanks for all the friendly advice!
>
> Again, you're really not making sense.
>
> Alun.
> ~~~~
>
>
>