rec.autos.simulators

>This will especially interest those with cable connections (who can be
>online all the time) and probably all internet users in general. I
>don't know... it might be old news but it wasn't to me.

>You see, yesterday something very interesting happened with my system.
>I was racing a couple of buddies via the net when I experienced
>several major and then one total screen pause. Normally my races are
>silky smooth so this was unusual. So I CTRL ALT DELed to bring up the
>Task List. There were more programs in it than I expected to see; one
>of which said "FTP," I thought this a bit strange but since I'd done a
>PowWow File Transfer not twenty minutes earlier I just figured that it
>had not shut down.

>Upon closing the Task List a message was revealed on my Desktop. It
>said "Are you ***ing with me?" Really was unusual that is. Since I'd
>heard somewhere about the possibility of another viewing my Win95
>system I wondered whether I had a visitor. The selected default answer
>to the query was Yes. I wondered whether selecting the wrong one would
>result in something bad happening to my precious system. Like a global
>formatting perhaps? I pondered which answer the hacker might really
>want - recalling the poisoning scene in The Princess Bride and feeling
>very much like the loser of that dilema. In the end I clicked Yes.
>Nothing seemed to happen. A little relief there.

>At about the same time - maybe after I clicked Yes - my IE4 browser
>opened and timed out going to www.manhole.com . Hmmm. Yeah this is
>looking bad I thought. Still, whoever was having fun at my expense was
>not going to spoil the movie I'd started to watch (Grand Prix) so I
>shut everything down and sat down to enjoy it. I even shut down ICQ to
>see whether my intruder could return without it running. At this point
>I was still holding out the hope that what seemed to be happening was
>not really. Shit I didn't want to have to start backing up multi megs
>of files.

>Fast forward through some spectacular racing scenes and I'm sitting
>still watching the movie when my CD tray opens and shuts two times.
>You can bet that got my attention. So I look at the Desktop and can
>just make out a new message. It says "ur ***ed," At which point my
>system shuts down - freezing at the Win95 shutdown screen. Oh yeah, I
>thought, someone has been calling on me.

>I reset and held my breath. Thankfully it rebooted. Now I am really
>getting concerned. I call my friend in Vancouver and he says he read
>something about Back Orifice. It is a program that installs itself
>(somehow) on your system so that others with not much of a life can
>get their jollies annoying people like myself. Well it's long distance
>and, besides, my friend is watching the movie too. So I sit down again
>to do the same whilst comtemplating just how I am going to figure this
>one out.

>Another fif*** or thirty minutes passes and another message appears
>on my Desktop. This one criticizes my choice of wallpaper... the fact
>that I've cropped it and it isn't full screen like it should be. He
>called me at lamer!?  Amusing. Critics are everywhere.

>The movie finishes and I decide to check my drives. Since I have five
>one gig partitions I don't really expect to find anything but, low and
>behold, right in the root of C (where I never save anything) are two
>BMPs and three other new files. The two BMPs are before and after
>screenshots of my desktop. How he took them without me noticing him
>opening Paint Shop Pro is beyond me. The other three files are named
>333; NULL and "um u know u really should be doing stuff on the net
>istead of sitting idle" - or words to that effect. His spelling was
>worse than I can remember. He's cool isn't he?

>The movie finishes and it's time to call my Videotron Tech guy. I've
>always gotten courteous, professional help from them but didn't really
>expect much with this problem. Dave really sounded informed and had
>read about Back Orifice too. He said that it doesn't infiltrate files
>but is a program itself and could be anywhere on my system; under any
>name. Since it is a new problem he couldn't really help much but he
>did put me onto the site: http://www.racesimcentral.net/,
>a Search for "Back Orifice," produced the following:
>http://www.racesimcentral.net/

>Read that. It was bang on. In the Windows\System dir I did indeed find
>a file exactly of 124,928 bytes. The really weird thing is that, while
>Explorer's Size column showed the approximate size, the name was
>invisible. The only reason I noticed it so quickly was because a blank
>line appeared in the long list of filenames. But checking its
>properties revealed that it did have a name. EXE~1. That was all.
>Anyway I've deleted it and the Registry entry. Take THAT you scumbag.
>Oh and to delete the EXE~1 I had to drop to DOS. I couldn't overcome
>its protection in Win95.

>Hopefully my visitor has been shut out. Still, he may have left a
>calling card. I just ran  AntiVirus Toolkit Pro in Deep Scan mode and
>found three files infected with two variations of the Trojan virus.

>The infected files are:

> C:\Windows\patch.exe
> C:\Windows\System\windll.dll
> A zip called mp3compressor.zip

> Anyone know if I just just delete the above .exe and .dll ?
> AVP could not disinfect them. What can? Anyone?

>The virus names are:

> Trojan.Win32.Netbus.160
> Trojan.Win32.BO

>Two corrupted files are also listed:

> C:\Windows\Temporary Internet Files\...\ww980912.zip
> E:\Download\TinyWeb.zip

>Summary:

>It seems the net has become even more dangerous. From what I think I
>know, not only could this... uh... person (let's give him the benefit
>of the doubt) have deleted files; but he could also have done
>things... illegal things... on the net whilst passing himself off as
>me. Hopefully he's just a kid getting his jollies. Nothing seems to be
>missing.

>Oh and I forgot to mention what I thought might have been his way into
>my system... A cute little animated greeting card.exe (supposedly from
>Hallmark) that a friend had passed along to me. Now I don't think it
>was that because after taking the above measures I ran the card again
>and the EXE~1 didn't re-install. Besides I got that weeks ago. Still,
>I deleted it.

>Well? What do you all make of it? Wish you hadn't read this? I
>certainly intend to bone up on this subject and find out what measures
>I can take to prevent it happening again. WinNT is supposed to be a
>lot more secure then Win95/98. Would it protect against this?

>You can bet every now and then I'll check for the reappearance of that
>EXE~1 file.

>To paraphrase Dorothy in The Wizard of Oz:

>"I don't think we're in Kansas anymore Toto,"

>JB

>Shaken a bit in Edmonton, AB,

>This will especially interest those with cable connections (who can be
>online all the time) and probably all internet users in general. I
>don't know... it might be old news but it wasn't to me.

>You see, yesterday something very interesting happened with my system.
>I was racing a couple of buddies via the net when I experienced
>several major and then one total screen pause. Normally my races are
>silky smooth so this was unusual. So I CTRL ALT DELed to bring up the
>Task List. There were more programs in it than I expected to see; one
>of which said "FTP," I thought this a bit strange but since I'd done a
>PowWow File Transfer not twenty minutes earlier I just figured that it
>had not shut down.

>Upon closing the Task List a message was revealed on my Desktop. It
>said "Are you ***ing with me?" Really was unusual that is. Since I'd
>heard somewhere about the possibility of another viewing my Win95
>system I wondered whether I had a visitor. The selected default answer
>to the query was Yes. I wondered whether selecting the wrong one would
>result in something bad happening to my precious system. Like a global
>formatting perhaps? I pondered which answer the hacker might really
>want - recalling the poisoning scene in The Princess Bride and feeling
>very much like the loser of that dilema. In the end I clicked Yes.
>Nothing seemed to happen. A little relief there.

>At about the same time - maybe after I clicked Yes - my IE4 browser
>opened and timed out going to www.manhole.com . Hmmm. Yeah this is
>looking bad I thought. Still, whoever was having fun at my expense was
>not going to spoil the movie I'd started to watch (Grand Prix) so I
>shut everything down and sat down to enjoy it. I even shut down ICQ to
>see whether my intruder could return without it running. At this point
>I was still holding out the hope that what seemed to be happening was
>not really. Shit I didn't want to have to start backing up multi megs
>of files.

>Fast forward through some spectacular racing scenes and I'm sitting
>still watching the movie when my CD tray opens and shuts two times.
>You can bet that got my attention. So I look at the Desktop and can
>just make out a new message. It says "ur ***ed," At which point my
>system shuts down - freezing at the Win95 shutdown screen. Oh yeah, I
>thought, someone has been calling on me.

>I reset and held my breath. Thankfully it rebooted. Now I am really
>getting concerned. I call my friend in Vancouver and he says he read
>something about Back Orifice. It is a program that installs itself
>(somehow) on your system so that others with not much of a life can
>get their jollies annoying people like myself. Well it's long distance
>and, besides, my friend is watching the movie too. So I sit down again
>to do the same whilst comtemplating just how I am going to figure this
>one out.

>Another fif*** or thirty minutes passes and another message appears
>on my Desktop. This one criticizes my choice of wallpaper... the fact
>that I've cropped it and it isn't full screen like it should be. He
>called me at lamer!?  Amusing. Critics are everywhere.

>The movie finishes and I decide to check my drives. Since I have five
>one gig partitions I don't really expect to find anything but, low and
>behold, right in the root of C (where I never save anything) are two
>BMPs and three other new files. The two BMPs are before and after
>screenshots of my desktop. How he took them without me noticing him
>opening Paint Shop Pro is beyond me. The other three files are named
>333; NULL and "um u know u really should be doing stuff on the net
>istead of sitting idle" - or words to that effect. His spelling was
>worse than I can remember. He's cool isn't he?

>The movie finishes and it's time to call my Videotron Tech guy. I've
>always gotten courteous, professional help from them but didn't really
>expect much with this problem. Dave really sounded informed and had
>read about Back Orifice too. He said that it doesn't infiltrate files
>but is a program itself and could be anywhere on my system; under any
>name. Since it is a new problem he couldn't really help much but he
>did put me onto the site: http://www.racesimcentral.net/,
>a Search for "Back Orifice," produced the following:
>http://www.racesimcentral.net/

>Read that. It was bang on. In the Windows\System dir I did indeed find
>a file exactly of 124,928 bytes. The really weird thing is that, while
>Explorer's Size column showed the approximate size, the name was
>invisible. The only reason I noticed it so quickly was because a blank
>line appeared in the long list of filenames. But checking its
>properties revealed that it did have a name. EXE~1. That was all.
>Anyway I've deleted it and the Registry entry. Take THAT you scumbag.
>Oh and to delete the EXE~1 I had to drop to DOS. I couldn't overcome
>its protection in Win95.

>Hopefully my visitor has been shut out. Still, he may have left a
>calling card. I just ran  AntiVirus Toolkit Pro in Deep Scan mode and
>found three files infected with two variations of the Trojan virus.

>The infected files are:

> C:\Windows\patch.exe
> C:\Windows\System\windll.dll
> A zip called mp3compressor.zip

> Anyone know if I just just delete the above .exe and .dll ?
> AVP could not disinfect them. What can? Anyone?

>The virus names are:

> Trojan.Win32.Netbus.160
> Trojan.Win32.BO

>Two corrupted files are also listed:

> C:\Windows\Temporary Internet Files\...\ww980912.zip
> E:\Download\TinyWeb.zip

>Summary:

>It seems the net has become even more dangerous. From what I think I
>know, not only could this... uh... person (let's give him the benefit
>of the doubt) have deleted files; but he could also have done
>things... illegal things... on the net whilst passing himself off as
>me. Hopefully he's just a kid getting his jollies. Nothing seems to be
>missing.

>Oh and I forgot to mention what I thought might have been his way into
>my system... A cute little animated greeting card.exe (supposedly from
>Hallmark) that a friend had passed along to me. Now I don't think it
>was that because after taking the above measures I ran the card again
>and the EXE~1 didn't re-install. Besides I got that weeks ago. Still,
>I deleted it.

>Well? What do you all make of it? Wish you hadn't read this? I
>certainly intend to bone up on this subject and find out what measures
>I can take to prevent it happening again. WinNT is supposed to be a
>lot more secure then Win95/98. Would it protect against this?

>You can bet every now and then I'll check for the reappearance of that
>EXE~1 file.

>To paraphrase Dorothy in The Wizard of Oz:

>"I don't think we're in Kansas anymore Toto,"

>JB

>Shaken a bit in Edmonton, AB,