Discussion:
I received a warning from Google ......
(too old to reply)
~BD~
2010-08-07 11:04:18 UTC
Permalink
Raw Message
I was using Safari and got a warning when I visited a URL.

I tried with Chrome and got a similar warning, viz:-

Loading Image...

Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?

Here is some extra info provided by Google:

http://google.com/safebrowsing/diagnostic?tpl=safari&site=www.uncoached.com&hl=en-us
--
Dave
Virus Guy
2010-08-07 13:43:23 UTC
Permalink
Raw Message
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
If you're not going to give us the exact url that spawned the warning,
then why bother posting?

It's a waste of time if we don't have the exact URL so we can grab a
sample of the malware.
Buffalo
2010-08-07 13:48:09 UTC
Permalink
Raw Message
Post by Virus Guy
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
If you're not going to give us the exact url that spawned the warning,
then why bother posting?
It's a waste of time if we don't have the exact URL so we can grab a
sample of the malware.
Isn't it xxx.uncoached.com as stated in the warning jpg and also stated by
BD in his post?
Buffalo
FromTheRafters
2010-08-07 14:48:16 UTC
Permalink
Raw Message
Post by Buffalo
Post by Virus Guy
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
If you're not going to give us the exact url that spawned the
warning,
then why bother posting?
It's a waste of time if we don't have the exact URL so we can grab a
sample of the malware.
Isn't it xxx.uncoached.com as stated in the warning jpg and also stated by
BD in his post?
Not necessarily, the "uncoached" site may have been vulnerable at one
time to an exploit to redirect visitors to another site that indeed
hosts malware. If Virus Guy wants a malware sample he would have to
visit the malware server site not a redirection exploit site that might
not be continuing to redirect users. Sometimes it is an advertisement on
an otherwise legit site that gets a site marked as suspicious.
David H. Lipman
2010-08-07 15:29:57 UTC
Permalink
Raw Message
Post by Buffalo
Post by Virus Guy
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
If you're not going to give us the exact url that spawned the warning,
then why bother posting?
It's a waste of time if we don't have the exact URL so we can grab a
sample of the malware.
Isn't it xxx.uncoached.com as stated in the warning jpg and also stated by
BD in his post?
| Not necessarily, the "uncoached" site may have been vulnerable at one
| time to an exploit to redirect visitors to another site that indeed
| hosts malware. If Virus Guy wants a malware sample he would have to
| visit the malware server site not a redirection exploit site that might
| not be continuing to redirect users. Sometimes it is an advertisement on
| an otherwise legit site that gets a site marked as suspicious.

Aka; Malvertisement.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Buffalo
2010-08-07 23:35:53 UTC
Permalink
Raw Message
Post by FromTheRafters
Post by Buffalo
Post by Virus Guy
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
If you're not going to give us the exact url that spawned the warning,
then why bother posting?
It's a waste of time if we don't have the exact URL so we can grab a
sample of the malware.
Isn't it xxx.uncoached.com as stated in the warning jpg and also stated by
BD in his post?
Not necessarily, the "uncoached" site may have been vulnerable at one
time to an exploit to redirect visitors to another site that indeed
hosts malware. If Virus Guy wants a malware sample he would have to
visit the malware server site not a redirection exploit site that
might not be continuing to redirect users. Sometimes it is an
advertisement on an otherwise legit site that gets a site marked as
suspicious.
Thanks,
Buffalo
Ron
2010-08-09 19:01:26 UTC
Permalink
Raw Message
Post by Virus Guy
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
If you're not going to give us the exact url that spawned the warning,
then why bother posting?
It's a waste of time if we don't have the exact URL so we can grab a
sample of the malware.
The URL was given.
FromTheRafters
2010-08-07 13:44:47 UTC
Permalink
Raw Message
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
I tried with Chrome and got a similar warning, viz:-
http://i36.tinypic.com/347wjld.jpg
This part is interesting:

"Just visiting a site that hosts malware can infect your computer". I
suspect that ASCII will find that it *cannot* infect *his* computer -
thus making that statement blatantly false.

Perhaps they meant "may" instead of "can" - what do you think?
Post by ~BD~
Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?
I have never experienced an exploit at a site, but in lieu of finding
some exploitable software these malware servers that you get routed to
can also serve human nature exploits. The human nature exploits are
obvious and would IMO constitute an *experience*. However, I'm not too
sure a user would even notice when such a site is able to exploit
software. A user may not *experience* any untoward behavior at a
compromised site or at the actual malware server site.
Post by ~BD~
http://google.com/safebrowsing/diagnostic?tpl=safari&site=www.uncoached.com&hl=en-us
Hmmm - here they say *may* infect... I suppose that that means that the
two words mean exactly the same thing now. :o\
~BD~
2010-08-07 17:28:33 UTC
Permalink
Raw Message
Post by FromTheRafters
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
I tried with Chrome and got a similar warning, viz:-
http://i36.tinypic.com/347wjld.jpg
"Just visiting a site that hosts malware can infect your computer". I
suspect that ASCII will find that it *cannot* infect *his* computer -
thus making that statement blatantly false.
Perhaps they meant "may" instead of "can" - what do you think?
Maybe they did!
Post by FromTheRafters
Post by ~BD~
Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?
I have never experienced an exploit at a site, but in lieu of finding
some exploitable software these malware servers that you get routed to
can also serve human nature exploits. The human nature exploits are
obvious and would IMO constitute an *experience*. However, I'm not too
sure a user would even notice when such a site is able to exploit
software. A user may not *experience* any untoward behavior at a
compromised site or at the actual malware server site.
Exactly so! Here's a copy of email correspondence for digestion!

**

On 7 Aug 2010, at 17:30, CoyoteV responded with:

Not interested.


----- Original Message -----
From: David Bxxxxxx
To: CoyoteV (Mark)
Sent: Saturday, August 07, 2010 8:00 AM
Subject: Your phpBB

I have never had an axe to grind with you, Mark, so am slightly
uncertain exactly why you have taken your current stance - but accept
that it is your prerogative to say 'no'.

Notwithstanding that, I feel that I should point out a discovery I have
made.

Using the *Google Chrome Browser* I visited your BB and, at this
particular URL received this warning

Loading Image...
hxxp://www.mindzon.com/lounge/viewtopic.php?f=3&t=133

You know far more about computing than I ever will. If you experiment
with Google Chrome you will note that if you change *133* to 132 or 134
there is *no* similar warning. It relates simply to the thread started
by Roy C.

Perhaps this matter is of little significance but I'd be interested in
your view.

David B.
Peter Foldes
2010-08-08 00:07:48 UTC
Permalink
Raw Message
BD

Mark will never let you post there on his site so do not even keep on trying.

You know the story Burn me once ,Shame on me. Burn me twice ,you are gone. And you
keep showing the same continuously to this day with the exception of scorched -
earth. It will not be long there either..

Banned by Ahuma,Annex,Doganet, 6 other servers. And you do not know why? LOL. You
are a Troll and a complete idiot
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect
~BD~
2010-08-08 10:49:18 UTC
Permalink
Raw Message
Post by Peter Foldes
BD
Mark will never let you post there on his site so do not even keep on trying.
You know this - *how*?
Post by Peter Foldes
You know the story Burn me once ,Shame on me. Burn me twice ,you are
gone. And you keep showing the same continuously to this day with the
exception of scorched - earth. It will not be long there either..
You English is terrible. I have no idea what you mean. You are making a
fool of yourself, Peter Foldes.

Btw, why do you say everyone lies to me ..... here:-

http://al.howardknight.net/msgid.cgi?STYPE=msgid&MSGI=%3Ci3ih5h%24kaq%241%40speranza.aioe.org%3E+
Post by Peter Foldes
Banned by Ahuma,Annex,Doganet, 6 other servers. And you do not know why?
LOL. You are a Troll and a complete idiot
I was particularly interested in the server statistics of
www.dogagent.com - principally because the administrator of same was
(is?) the same 'Li' (Troll Lady) who administers the groups at Annexcafe
(and who monitors what goes on at SE!). Oh yes! - also because most of
time the prime user of the Dogagent server has been ....... CoyoteV!
(Mark B. Hoover).

I find that ..... odd!

Doubly interesting that Mark cares not one jot about his group member,
Roy C, posting a link which invoked the Google 'warning' - something
just doesn't quite ring true!
~BD~
2010-08-08 10:54:11 UTC
Permalink
Raw Message
~BD~ Edits!

Ooops!

*Your* English is terrible!
Peter Foldes
2010-08-08 17:13:41 UTC
Permalink
Raw Message
LOL. Your's is also
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect
Post by ~BD~
~BD~ Edits!
Ooops!
*Your* English is terrible!
~BD~
2010-08-09 12:10:56 UTC
Permalink
Raw Message
Post by Peter Foldes
LOL. Your's is also
There should be *no* apostrophe!

You didn't anwer the questions - try harder, please!
Post by Peter Foldes
BD
Mark will never let you post there on his site so do not even keep on trying.
You know this - *how*?
Post by Peter Foldes
You know the story Burn me once ,Shame on me. Burn me twice ,you are
gone. And you keep showing the same continuously to this day with the
exception of scorched - earth. It will not be long there either..
Your English is terrible. I have no idea what you mean. You are making a
fool of yourself, Peter Foldes.

Btw, why do you say everyone lies to me ..... here:-

http://al.howardknight.net/msgid.cgi?STYPE=msgid&MSGI=%3Ci3ih5h%24kaq%241%40speranza.aioe.org%3E+

I was particularly interested in the server statistics of
www.dogagent.com - principally because the administrator of same was
(is?) the same 'Li' (Troll Lady) who administers the groups at Annexcafe
(and who monitors what goes on at SE!). Oh yes! - also because most of
time the prime user of the Dogagent server has been ....... CoyoteV!
(Mark B. Hoover).

I find that ..... odd!

Doubly interesting that Mark cares not one jot about his group member,
Roy C, posting a link which invoked the Google 'warning' - something
just doesn't quite ring true!
FromTheRafters
2010-08-08 00:35:49 UTC
Permalink
Raw Message
"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message news:***@bt.com...

[...]
Post by ~BD~
You know far more about computing than I ever will. If you experiment
with Google Chrome you will note that if you change *133* to 132 or
134 there is *no* similar warning. It relates simply to the thread
started by Roy C.
Perhaps this matter is of little significance but I'd be interested in
your view.
Perhaps not the post, but something *in* the post warrants an alert.
Some anti-badstuff programs not only scan for malware, but follow found
links to *other* locations and search them too. A posted URL to a photo
hosting site that is "infected" with an iframe to a known malware server
site might get investigated by antimalware/safe surf type programs.

Do you recall the "price of rice in china" post I made a while back? It
turned out that I posted a URL that was currently (or at one time)
leading to malware, a safe surfing browser feature finding that post on
a web based NNTP gateway could make one believe the gateway itself was
infected because the safe browsing feature followed links posted there
to exploits with no teeth.
Ant
2010-08-07 14:01:44 UTC
Permalink
Raw Message
Post by ~BD~
I was using Safari and got a warning when I visited a URL
- - -
$> wget -s h**p://uncoached.com/

HTTP/1.1 200 OK
Date: Sat, 07 Aug 2010 13:58:03 GMT
Server: Apache/2.2.16 (CentOS)
Last-Modified: Thu, 05 Aug 2010 15:29:02 GMT
ETag: "f70c8-63-48d1535b92b80"
Accept-Ranges: bytes
Content-Length: 99
Connection: close
Content-Type: text/html; charset=UTF-8

The site is currently down for maitenance. It will be back up shortly. Thank you for your patience
- - -

Nothing to warn about there. Perhaps they were compromised and are
cleaning up.
~BD~
2010-08-10 14:10:03 UTC
Permalink
Raw Message
Post by ~BD~
I was using Safari and got a warning when I visited a URL
- - -
$> wget -s h**p://uncoached.com/
HTTP/1.1 200 OK
Date: Sat, 07 Aug 2010 13:58:03 GMT
Server: Apache/2.2.16 (CentOS)
Last-Modified: Thu, 05 Aug 2010 15:29:02 GMT
ETag: "f70c8-63-48d1535b92b80"
Accept-Ranges: bytes
Content-Length: 99
Connection: close
Content-Type: text/html; charset=UTF-8
The site is currently down for maitenance. It will be back up shortly. Thank you for your patience
- - -
Nothing to warn about there. Perhaps they were compromised and are
cleaning up.
*Now* you may enjoy the photographs of the luxury yacht!

http://www.uncoached.com/2010/04/06/luxury-yacht/

Fancy a cruise? ;-)
~BD~
2010-08-10 14:58:37 UTC
Permalink
Raw Message
Post by ~BD~
*Now* you may enjoy the photographs of the luxury yacht!
http://www.uncoached.com/2010/04/06/luxury-yacht/
Fancy a cruise? ;-)
Moving on ..........

At that link, there is an advertisement for working at home which I
followed. I then elected to proceed to
http://myincomeconnection.com/landing-bcv195/ and completed false detail
so that I could watch the video presentation.

I was then asked to complete detailed information on this 'secure' site:-

https://myincomeconnection.com/promobcv195/?lid=745598&ref_id=2002157&fname=Bd&lname=&addr1=&city=&statelookup=&zip=&phone=07974195520&email=***@hotmail.com&country=UK&sub_id=&publisher=&ref_id=2002157&hid=&click_info=&c=&contractor_id=1&

OR

http://preview.tinyurl.com/2us8mbl

I've always been led to believe that 'https' (padlocked) sites are safe
to use, but on this occasion I received yet another warning (from the
Browser, I think - Sea Monkey) which said ........

Loading Image...

I'm simply wondering if there's something not quite bonio fido about
what's going on here.

Thoughts welcomed from the gurus (and others!)
--
Dave - *I* have elected to share this with my pals on scorched-earth!
Toxic
2010-08-10 17:53:11 UTC
Permalink
Raw Message
Post by ~BD~
I've always been led to believe that 'https' (padlocked) sites are safe
to use, but on this occasion I received yet another warning (from the
Browser, I think - Sea Monkey) which said ........
http://i37.tinypic.com/1z2zof5.jpg
I'm simply wondering if there's something not quite bonio fido about
what's going on here.
Thoughts welcomed from the gurus (and others!)
I get this in Opera;
Loading Image...
which suggests a vulnerability to this;
http://bit.ly/3UY6fS
Ant
2010-08-10 23:55:42 UTC
Permalink
Raw Message
Post by ~BD~
At that link, there is an advertisement for working at home which I
followed. I then elected to proceed to
http://myincomeconnection.com/landing-bcv195/ and completed false detail
so that I could watch the video presentation.
Why? Don't you know that "work at home" schemes are ripoffs/scams?
Post by ~BD~
I was then asked to complete detailed information on this 'secure' site:-
https://myincomeconnection.com/promobcv195/?[...]
OR
http://preview.tinyurl.com/2us8mbl
I've always been led to believe that 'https' (padlocked) sites are safe
to use,
It just means that traffic between you and the site is encrypted but
says nothing about the goodness or badness of the site.
Post by ~BD~
but on this occasion I received yet another warning (from the
Browser, I think - Sea Monkey) which said ........
"You have requested an encrypted page that contains some unencrypted
info...".

That's true because the video link there is hosted on screencast.com
which is fetched by http rather than https.
~BD~
2010-08-11 06:56:28 UTC
Permalink
Raw Message
Post by Ant
Post by ~BD~
At that link, there is an advertisement for working at home which I
followed. I then elected to proceed to
http://myincomeconnection.com/landing-bcv195/ and completed false detail
so that I could watch the video presentation.
Why? Don't you know that "work at home" schemes are ripoffs/scams?
It was just for general interest because I *had* heard that such schemes
are ripoffs/scams! I wanted to see for myself.
Post by Ant
Post by ~BD~
I was then asked to complete detailed information on this 'secure' site:-
https://myincomeconnection.com/promobcv195/?[...]
OR
http://preview.tinyurl.com/2us8mbl
I've always been led to believe that 'https' (padlocked) sites are safe
to use,
It just means that traffic between you and the site is encrypted but
says nothing about the goodness or badness of the site.
That I /do/ understand! I'm also aware that a key-logger can detect and
store what is being typed on a keyboard *before* such encryption takes
place. That little voice inside my head suggests that if there is a
padlock, the actual site will have been checked more thoroughly - social
engineering, eh?!!!
Post by Ant
Post by ~BD~
but on this occasion I received yet another warning (from the
Browser, I think - Sea Monkey) which said ........
"You have requested an encrypted page that contains some unencrypted
info...".
That's true because the video link there is hosted on screencast.com
which is fetched by http rather than https.
Thank you for explaining that. My real concern was that, perhaps,
personal details, including credit card number, might be accessible by
third parties.

Btw, if you had physical access to a Windows machine, is there a simple
check you could carry out to quickly determine if the machine had,
indeed, been compromised? (other than scanning with anti-malware
programmes).
--
Dave - I've learned so much, yet know so little! ;-)
Wolf K
2010-08-11 13:36:52 UTC
Permalink
Raw Message
Post by ~BD~
I've always been led to believe that 'https' (padlocked) sites are safe
to use,
Not so. It just means that messages exchanged between it and your
computer are encrypted. This makes the mutual messaging "safe" in the
sense that an outsider who intercepts the messages will be unable to
read them without some effort (usually more than the likely payoff is
worth.)

But the website itself may still be or contain evil.

cheers,
wolf k.
~BD~
2010-08-11 20:56:02 UTC
Permalink
Raw Message
Post by Wolf K
Post by ~BD~
I've always been led to believe that 'https' (padlocked) sites are safe
to use,
Not so. It just means that messages exchanged between it and your
computer are encrypted. This makes the mutual messaging "safe" in the
sense that an outsider who intercepts the messages will be unable to
read them without some effort (usually more than the likely payoff is
worth.)
But the website itself may still be or contain evil.
cheers,
wolf k.
Thank you 'Wolf K' - your comment appreciated.
Ant
2010-08-12 00:45:03 UTC
Permalink
Raw Message
Post by ~BD~
Post by Ant
"You have requested an encrypted page that contains some unencrypted
info...".
That's true because the video link there is hosted on screencast.com
which is fetched by http rather than https.
Thank you for explaining that. My real concern was that, perhaps,
personal details, including credit card number, might be accessible by
third parties.
Never mind 3rd parties, I wouldn't trust the site itself with details
like that.
Post by ~BD~
Btw, if you had physical access to a Windows machine, is there a simple
check you could carry out to quickly determine if the machine had,
indeed, been compromised? (other than scanning with anti-malware
programmes).
No.
FromTheRafters
2010-08-12 01:27:20 UTC
Permalink
Raw Message
"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message news:***@bt.com...

[...]
Post by ~BD~
Btw, if you had physical access to a Windows machine, is there a
simple check you could carry out to quickly determine if the machine
had, indeed, been compromised? (other than scanning with anti-malware
programmes).
Yes, but not very simple really. The problem is that you could *not*
determine that it had *not* been compromised. Most malware is going to
want to "do stuff" with the computing power it is stealing from you, if
it does that stuff - you know the machine has been compromised.

IOW, if it spews out malicious packets when you sufficiently emulate a
networking environment for it (or use a "test network"), that's a pretty
good indicator. However, If it doesn't do any obvious stuff, it doesn't
mean anything at all.
~BD~
2010-08-12 17:30:39 UTC
Permalink
Raw Message
Post by FromTheRafters
[...]
Post by ~BD~
Btw, if you had physical access to a Windows machine, is there a
simple check you could carry out to quickly determine if the machine
had, indeed, been compromised? (other than scanning with anti-malware
programmes).
Yes, but not very simple really. The problem is that you could *not*
determine that it had *not* been compromised. Most malware is going to
want to "do stuff" with the computing power it is stealing from you, if
it does that stuff - you know the machine has been compromised.
IOW, if it spews out malicious packets when you sufficiently emulate a
networking environment for it (or use a "test network"), that's a pretty
good indicator. However, If it doesn't do any obvious stuff, it doesn't
mean anything at all.
Hmmmmm! :) Thanks for that. 'Ant' said quite simply, "no"!

I said - on another group:-
Post by FromTheRafters
I wonder how many realise that installing an anti-virus programme
Post by ~BD~
*after* a machine has already been compromised might well give
comfort to the user ...... but provide absolutely NO protection from
malware!
Dustin Cook said in reply:-

"*That's not true, BD*. In fact, if the malware is known to the
antivirus app, there's a very good chance it can be removed without harm
to the system."

**

I'd also said:-
Post by FromTheRafters
Post by ~BD~
In other words, today's 'nasties' can (and do) protect themselves
when subjected to what they consider an attack! Bad news!
Dustin Cook responded:-

"They don't do anything "new" today that they couldn't do back in the
80s and 90s. "rootkit" on windows is another word for stealth, it just
sounds better in newsprint."

**

/I/ think *Dustin* is wrong. I believe that installing an anti-virus
programme on an already compromised machine is, in all probability, a
futile exercise.

I'd be interested to learn the views of others on this particular matter.
--
Dave
FromTheRafters
2010-08-12 19:39:29 UTC
Permalink
Raw Message
Post by ~BD~
Post by FromTheRafters
[...]
Post by ~BD~
Btw, if you had physical access to a Windows machine, is there a
simple check you could carry out to quickly determine if the machine
had, indeed, been compromised? (other than scanning with
anti-malware
programmes).
Yes, but not very simple really. The problem is that you could *not*
determine that it had *not* been compromised. Most malware is going to
want to "do stuff" with the computing power it is stealing from you, if
it does that stuff - you know the machine has been compromised.
IOW, if it spews out malicious packets when you sufficiently emulate a
networking environment for it (or use a "test network"), that's a pretty
good indicator. However, If it doesn't do any obvious stuff, it doesn't
mean anything at all.
Hmmmmm! :) Thanks for that. 'Ant' said quite simply, "no"!
He answered the question I think that you *meant* to ask.

"Is there a simple way to show a system is *not* compromised once you
have physical access to the machine aside from using antimalware
antivirus tools?" - and since absence of evidence is not evidence of
absence the answer is indeed no - even with AM/AV.
Post by ~BD~
I said - on another group:-
Post by FromTheRafters
I wonder how many realise that installing an anti-virus programme
Post by ~BD~
*after* a machine has already been compromised might well give
comfort to the user ...... but provide absolutely NO protection from
malware!
True, it could be installed and be kept from accessing certain areas by
a rootkit.
Post by ~BD~
Dustin Cook said in reply:-
"*That's not true, BD*. In fact, if the malware is known to the
antivirus app, there's a very good chance it can be removed without
harm to the system."
True, and the reason is that most of those apps will attempt to remove
known installed malware before it actually installs itself on the
machine. Many of them check for rootkits before allowing installation to
proceed. So, what Dustin said was true, but your eyes might have glazed
over when he wrote the word "known".

The Virus Description Language used to create the definitions to detect
and identify a malware item also includes clues as to how to go about
removing the identified malware.
Post by ~BD~
I'd also said:-
Post by FromTheRafters
Post by ~BD~
In other words, today's 'nasties' can (and do) protect themselves
when subjected to what they consider an attack! Bad news!
Dustin Cook responded:-
"They don't do anything "new" today that they couldn't do back in the
80s and 90s. "rootkit" on windows is another word for stealth, it just
sounds better in newsprint."
True again, some actual viruses have in the past used some of the same
tricks that are essential to rootkit technology. The term "rootkit" is
just a renaming of these stealth methods that are used similarly to the
unix style tool replacement kits. That is to say that in addition to
stealing your computer power, they steal more in order to take measures
to hide that fact from the user (or admin, or even the system itself).
Post by ~BD~
/I/ think *Dustin* is wrong. I believe that installing an anti-virus
programme on an already compromised machine is, in all probability, a
futile exercise.
They used to say that you shouldn't install an AV on a compromised
machine.

Dustin didn't actually say otherwise, but he *did* say that known
malware would probably be removed without a problem when an attempt is
made to install the AV. My guess is that he considers the scan to be
part of the install process, and I believe it is these days.
Post by ~BD~
I'd be interested to learn the views of others on this particular matter.
Are you asking if flatten and rebuild is actually the *only* way to be
absolutely sure? Keep in mind that most people are content to be
'reasonably sure' after scanning their system and installing their AV
program. If reasonably sure isn't good enough for someone, I recommend a
robust back-up/restore method so that 'flatten and rebuild' does not
seem so daunting as it *does* provide better confidence.

Another thing, it would be important to know what you mean by
"compromised". Some malware is pretty lame, would it constitute a
compromise to you if it sent spam but had no command and control network
activity? Hell, sometimes all you need to do is hit the delete button to
send a malware to the bit bucket.
Dustin
2010-08-12 21:52:49 UTC
Permalink
Raw Message
Post by ~BD~
/I/ think *Dustin* is wrong. I believe that installing an anti-virus
programme on an already compromised machine is, in all probability,
a futile exercise.
LOL, you would certainly be in the minority if you think I was wrong in
the advice I provided concerning malware. Remember one important aspect,
fuckstick; I know malware from two sides: coding it AND removing it. You
don't even know it well from the removal side.
Post by ~BD~
I'd be interested to learn the views of others on this particular matter.
And atleast one knowledgable fellow posted, further clarifying what I
said and agreeing with me.

Any more shit you'd like to try and stir, moron?
--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
~BD~
2010-08-12 23:04:31 UTC
Permalink
Raw Message
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an anti-virus
programme on an already compromised machine is, in all probability,
a futile exercise*.
LOL, you would certainly be in the minority if you think I was wrong in
the advice I provided concerning malware. Remember one important aspect,
fuckstick; I know malware from two sides: coding it AND removing it. You
don't even know it well from the removal side.
I regret to advise you that you are well behind the times, young man! :)

*Much* has changed since you were a 'script kiddie', Dustin.
Post by Dustin
I'd be interested to learn the views of others on this particular matter.
And atleast one knowledgable fellow posted, further clarifying what I
said and agreeing with me.
FTR made an excellent reply, for which I thank him. Cheers, FTR! ;)

However, if you read what he said again, carefully, you might understand
that he was not in /full/ agreement with what you had said.
Post by Dustin
Any more shit you'd like to try and stir, moron?
I simply want you to understand that you are *not* God's Gift to
fighting Cybercrime, Dustin. Much has happened in recent years and the
*really* bad guys are *much* more clever that /you/ have ever been - or
will ever be. Believe me! ;-)
--
Dave
Dustin
2010-08-13 17:09:20 UTC
Permalink
Raw Message
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in all
probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware. Remember one
important aspect, fuckstick; I know malware from two sides: coding
it AND removing it. You don't even know it well from the removal
side.
I regret to advise you that you are well behind the times, young man! :)
Let's say for a moment I was behind the times; I'm *still* lightyears
ahead of you if that was the case.
Post by ~BD~
*Much* has changed since you were a 'script kiddie', Dustin.
I didn't do any script kiddie style work, BD. Mine we're actual exe
infectors.
Post by ~BD~
Post by Dustin
I'd be interested to learn the views of others on this particular matter.
And atleast one knowledgable fellow posted, further clarifying what
I said and agreeing with me.
FTR made an excellent reply, for which I thank him. Cheers, FTR! ;)
However, if you read what he said again, carefully, you might
understand that he was not in /full/ agreement with what you had
said.
Difference of opinion, not only was he in agreement; he actually
explained why.
Post by ~BD~
Post by Dustin
Any more shit you'd like to try and stir, moron?
I simply want you to understand that you are *not* God's Gift to
fighting Cybercrime, Dustin. Much has happened in recent years and
the *really* bad guys are *much* more clever that /you/ have ever
been - or will ever be. Believe me! ;-)
BD, your a complete and utter fucking fool. Nothing has changed, the
technology and the methods for doing the nasties is still VERY MUCH the
same. The underlying principles are what causes this, fuckstick.
--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
~BD~
2010-08-13 19:46:09 UTC
Permalink
Raw Message
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in all
probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]


What FTR actually said .....

"True, it could be installed and be kept from accessing certain areas by
a rootkit".

Do you *really* disagree with that?
Dustin
2010-08-13 21:58:09 UTC
Permalink
Raw Message
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in
all probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]
What FTR actually said .....
"True, it could be installed and be kept from accessing certain
areas by a rootkit".
A rootkit still has to play by certain hardrules; nothing can be hidden
completely. Some in house developed tools for prior work with
malwarebytes are likely useful in such a scenario.

I didn't say I couldn't do it without any tools. I just said I wouldn't
provide details. And what would be the point in doing so anyway? You
wouldn't understand what I was writing about... and I'd just be
providing information to anyone interested in circumventing technology
rootkit style. While I don't feel it's information that they couldn't
acquire on their own, I see no real point in.. well, advancing the
technology ahead of schedule.
Post by ~BD~
Do you *really* disagree with that?
Of course not, a rootkit is nothing more than stealth; BD. However,
it's not foolproof. The old addage is this: "Whatever software can do,
software can undo."; That does *not* include crypto, however. Another
beast entirely.

To further on my post previous to you BD, Technology and the underlying
principles hasn't really changed that much. Computers are faster now,
sure; but they still follow the same laws if you will that the older
ones did. In the DOS days, TSR software could be what you would say is
a rootkit in the windows world; providing it was instructed to hide
folders from dir or windows explorer *g*.
--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
FromTheRafters
2010-08-13 22:43:32 UTC
Permalink
Raw Message
"Dustin" <***@gmail.com> wrote in message news:***@no...

[...]
Post by Dustin
The old addage is this: "Whatever software can do,
software can undo."; That does *not* include crypto,
however. Another beast entirely.
It can be sucessfully argued that it still holds even for crypto. The
thing is, the length of time required to do the undoing outlasts the
value of the retrieved information, so it wouldn't be worth it. In fact
the time scales involved in software reversing of long keylength crypto
may be greater than the age of the universe or perhaps even of its
future expected lifespan (whatever that might be) but I don't see how
that could ever be provable.
Wolf K
2010-08-13 23:02:00 UTC
Permalink
Raw Message
Post by FromTheRafters
[...]
Post by Dustin
The old addage is this: "Whatever software can do,
software can undo."; That does *not* include crypto,
however. Another beast entirely.
It can be sucessfully argued that it still holds even for crypto. The
thing is, the length of time required to do the undoing outlasts the
value of the retrieved information, so it wouldn't be worth it. In fact
the time scales involved in software reversing of long keylength crypto
may be greater than the age of the universe or perhaps even of its
future expected lifespan (whatever that might be) but I don't see how
that could ever be provable.
Read up on the relevant math. You won't be able to imagine the orders of
magnitude involved, but you will be able to understand the notation. ;-)

cheers,
wolf k.
~BD~
2010-08-14 08:19:50 UTC
Permalink
Raw Message
Post by Dustin
Post by ~BD~
What FTR actually said .....
"True, it could be installed and be kept from accessing certain
areas by a rootkit".
A rootkit still has to play by certain hardrules; nothing can be hidden
completely. Some in house developed tools for prior work with
malwarebytes are likely useful in such a scenario.
Just to be clear, Dustin - it is *you* who is accepted as being the
guru! I am simply an interested 'user' who is frustrated by the fact
that bad guys use this marvelous technology with criminal intent.
Post by Dustin
I didn't say I couldn't do it without any tools. I just said I wouldn't
provide details. And what would be the point in doing so anyway? You
wouldn't understand what I was writing about... and I'd just be
providing information to anyone interested in circumventing technology
rootkit style. While I don't feel it's information that they couldn't
acquire on their own, I see no real point in.. well, advancing the
technology ahead of schedule.
That all seems a most reasonable stance to take.
Post by Dustin
Post by ~BD~
Do you *really* disagree with that?
Of course not, a rootkit is nothing more than stealth; BD. However,
it's not foolproof. The old addage is this: "Whatever software can do,
software can undo."; That does *not* include crypto, however. Another
beast entirely.
To further on my post previous to you BD, Technology and the underlying
principles hasn't really changed that much. Computers are faster now,
sure; but they still follow the same laws if you will that the older
ones did. In the DOS days, TSR software could be what you would say is
a rootkit in the windows world; providing it was instructed to hide
folders from dir or windows explorer *g*.
Let me now quote from another 'guru'

"Performing a standard Disk Format and Reinstall of the Operating System
will render common infections incompatible, but not all Rootkits and its
accompanying payload of malware ..... Rootkits work from outside the
Operating System and can hide in Bad Sectors of the Hard Disk - thus
have places to hide on the Hard Disk that are essentially outside the
Operating Systems environment, untouchable by it, yet still at hand.....

Most wiping, erasing, formatting, and partitioning tools will not
overwrite logical bad sectors on the Disk, leaving the Rootkits and
their accompanying payload of malware behind and still active.....
Rootkits in themselves are not a threat ..... the danger is that
Rootkits have the invincible power of Stealth ..... Malicious
Programmers can hide their malware safely inside the protection of the
Rootkit....."

**

That doesn't sound too dissimilar to what *you* have said, does it?

You may like to see the original, which is post Number 46 here:-

http://forum.kaspersky.com/index.php?showtopic=50275&st=40&p=485236&#entry485236

That was a thread which I started back in Oct 2007! Maybe if others read
all the posts there they'll have a better understanding of the /real/ BD! ;)

HTH
--
Dave - I had bought and was using Kaspersky AV Version7
Dustin
2010-08-14 18:04:22 UTC
Permalink
Raw Message
Post by ~BD~
Post by Dustin
Post by ~BD~
What FTR actually said .....
"True, it could be installed and be kept from accessing certain
areas by a rootkit".
A rootkit still has to play by certain hardrules; nothing can be
hidden completely. Some in house developed tools for prior work
with malwarebytes are likely useful in such a scenario.
Just to be clear, Dustin - it is *you* who is accepted as being the
guru! I am simply an interested 'user' who is frustrated by the fact
that bad guys use this marvelous technology with criminal intent.
Do you think I got the brownie points and respect from my peers
overnight? I've been doing this for a very long time, BD.
Post by ~BD~
Post by Dustin
I didn't say I couldn't do it without any tools. I just said I
wouldn't provide details. And what would be the point in doing so
anyway? You wouldn't understand what I was writing about... and I'd
just be providing information to anyone interested in circumventing
technology rootkit style. While I don't feel it's information that
they couldn't acquire on their own, I see no real point in.. well,
advancing the technology ahead of schedule.
That all seems a most reasonable stance to take.
Finally, you're starting to understand.
Post by ~BD~
Let me now quote from another 'guru'
"Performing a standard Disk Format and Reinstall of the Operating
System will render common infections incompatible, but not all
Rootkits and its accompanying payload of malware ..... Rootkits work
from outside the Operating System and can hide in Bad Sectors of the
Hard Disk - thus have places to hide on the Hard Disk that are
essentially outside the Operating Systems environment, untouchable
by it, yet still at hand.....
While they can hide in bad sectors, without code pointing the machine
to run the code found in the bad sectors; it's like having the
components on your shelf to make a bomb, but short of you mixing the
stuff and wiring the circuits up; it's not going to explode.

Sectors don't have much room, and you have to account for low level
disk utilities such as spinrite that will test bad sectors and reissue
them as good if they aren't actually bad; trashing the rootkit code
storage site.
Post by ~BD~
Most wiping, erasing, formatting, and partitioning tools will not
overwrite logical bad sectors on the Disk, leaving the Rootkits and
their accompanying payload of malware behind and still active.....
You should ask the guru who wrote this doomsday scenario for a viable
sample; or reference to one being shown wild. I won't hold my breathe
while I wait for those results, tho.
Post by ~BD~
Rootkits in themselves are not a threat ..... the danger is that
Rootkits have the invincible power of Stealth ..... Malicious
Programmers can hide their malware safely inside the protection of
the Rootkit....."
I disagree with invincible; they are still software; running at a lower
level than say notepad, but still, software non the less.
Post by ~BD~
That doesn't sound too dissimilar to what *you* have said, does it?
Except I didn't try to scare anybody with the age old "it can hide in
the bad sectors!"; Did you know some late 80s copy protection used a
similar technique? In 1986, a game I bought for the coco3 had copy
protection via bad sectors; the built in diskcopy program couldn't deal
with bad sector disks, it would abort.
Post by ~BD~
That was a thread which I started back in Oct 2007! Maybe if others
read all the posts there they'll have a better understanding of the
/real/ BD! ;)
The real BD? Seems, your a paranoid person, to me.
--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
David B.
2016-12-28 14:33:38 UTC
Permalink
Raw Message
Post by ~BD~
Post by Dustin
Post by ~BD~
What FTR actually said .....
"True, it could be installed and be kept from accessing certain
areas by a rootkit".
A rootkit still has to play by certain hardrules; nothing can be hidden
completely. Some in house developed tools for prior work with
malwarebytes are likely useful in such a scenario.
Just to be clear, Dustin - it is *you* who is accepted as being the
guru! I am simply an interested 'user' who is frustrated by the fact
that bad guys use this marvelous technology with criminal intent.
Post by Dustin
I didn't say I couldn't do it without any tools. I just said I wouldn't
provide details. And what would be the point in doing so anyway? You
wouldn't understand what I was writing about... and I'd just be
providing information to anyone interested in circumventing technology
rootkit style. While I don't feel it's information that they couldn't
acquire on their own, I see no real point in.. well, advancing the
technology ahead of schedule.
That all seems a most reasonable stance to take.
Post by Dustin
Post by ~BD~
Do you *really* disagree with that?
Of course not, a rootkit is nothing more than stealth; BD. However,
it's not foolproof. The old addage is this: "Whatever software can do,
software can undo."; That does *not* include crypto, however. Another
beast entirely.
To further on my post previous to you BD, Technology and the underlying
principles hasn't really changed that much. Computers are faster now,
sure; but they still follow the same laws if you will that the older
ones did. In the DOS days, TSR software could be what you would say is
a rootkit in the windows world; providing it was instructed to hide
folders from dir or windows explorer *g*.
Let me now quote from another 'guru'
"Performing a standard Disk Format and Reinstall of the Operating System
will render common infections incompatible, but not all Rootkits and its
accompanying payload of malware ..... Rootkits work from outside the
Operating System and can hide in Bad Sectors of the Hard Disk - thus
have places to hide on the Hard Disk that are essentially outside the
Operating Systems environment, untouchable by it, yet still at hand.....
Most wiping, erasing, formatting, and partitioning tools will not
overwrite logical bad sectors on the Disk, leaving the Rootkits and
their accompanying payload of malware behind and still active.....
Rootkits in themselves are not a threat ..... the danger is that
Rootkits have the invincible power of Stealth ..... Malicious
Programmers can hide their malware safely inside the protection of the
Rootkit....."
**
That doesn't sound too dissimilar to what *you* have said, does it?
You may like to see the original, which is post Number 46 here:-
http://forum.kaspersky.com/index.php?showtopic=50275&st=40&p=485236&#entry485236
That was a thread which I started back in Oct 2007! Maybe if others read
all the posts there they'll have a better understanding of the /real/ BD! ;)
HTH
Just re-reading old threads! ;-)
--
"Do something wonderful, people may imitate it."
burfordTjustice
2016-12-28 16:24:04 UTC
Permalink
Raw Message
On Wed, 28 Dec 2016 14:33:38 +0000
Post by David B.
Just re-reading old threads!
Awww the butt hurt/butt love is still alive...
Send the fucking scud a plane ticket.
Shadow
2016-12-28 16:28:09 UTC
Permalink
Raw Message
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
<***@nomail.afraid.invalid> wrote:

You've received "warnings" and then BANS from lots of sites,
because you didn't heed the warnings.
You do realize that STALKING is illegal ?
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
David B.
2016-12-28 17:04:40 UTC
Permalink
Raw Message
Post by Shadow
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
You've received "warnings" and then BANS from lots of sites,
because you didn't heed the warnings.
I really don't mind you twisting the truth, Shadow. So be it!
Post by Shadow
You do realize that STALKING is illegal ?
[]'s
I've studied this item carefully: https://en.wikipedia.org/wiki/Stalking

Do, please, pick out the specific action(s) of which you consider I am
guilty and post them for all to see.

Did you actually LOOK here?

Loading Image...
--
"Do something wonderful, people may imitate it."
burfordTjustice
2016-12-28 19:22:02 UTC
Permalink
Raw Message
On Wed, 28 Dec 2016 17:04:40 +0000
Subject: Re: [OT]I received a warning - about Identit.ca
Date: Wed, 28 Dec 2016 17:04:40 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
Gecko/20100101 Thunderbird/45.5.1
alt.privacy.spyware,alt.comp.virus,alt.comp.anti-virus,alt.politics.scorched-earth,alt.computer.workshop,alt.uk.law
Organization: blocknews - www.blocknews.net
Take notes old goat...your methods leave much to be desired...LOL
Shadow
2016-12-28 21:59:18 UTC
Permalink
Raw Message
On Wed, 28 Dec 2016 17:04:40 +0000, "David B."
Post by David B.
Post by Shadow
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
You've received "warnings" and then BANS from lots of sites,
because you didn't heed the warnings.
I really don't mind you twisting the truth, Shadow. So be it!
Post by Shadow
You do realize that STALKING is illegal ?
[]'s
I've studied this item carefully: https://en.wikipedia.org/wiki/Stalking
Do, please, pick out the specific action(s) of which you consider I am
guilty and post them for all to see.
All except "Stalking by groups". You need friends to be able
to do that.
Post by David B.
Did you actually LOOK here?
<CUT STALKING AND DATAMINING LINK>
No.
[]'s

PS Subject changed back to original in thread.
--
Don't be evil - Google 2004
We have a new policy - Google 2012
burfordTjustice
2016-12-29 11:56:37 UTC
Permalink
Raw Message
On Wed, 28 Dec 2016 19:59:18 -0200
Post by Shadow
On Wed, 28 Dec 2016 17:04:40 +0000, "David B."
Post by David B.
Post by Shadow
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
You've received "warnings" and then BANS from lots of
sites, because you didn't heed the warnings.
I really don't mind you twisting the truth, Shadow. So be it!
Post by Shadow
You do realize that STALKING is illegal ?
[]'s
https://en.wikipedia.org/wiki/Stalking
Do, please, pick out the specific action(s) of which you consider I
am guilty and post them for all to see.
All except "Stalking by groups". You need friends to be able
to do that.
Post by David B.
Did you actually LOOK here?
<CUT STALKING AND DATAMINING LINK>
No.
[]'s
PS Subject changed back to original in thread.
So what are you going to do about it besides run mouth?
Diesel
2016-12-28 23:02:08 UTC
Permalink
Raw Message
Post by David B.
Post by Shadow
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
You've received "warnings" and then BANS from lots of sites,
because you didn't heed the warnings.
I really don't mind you twisting the truth, Shadow. So be it!
He isn't twisting the truth.
Post by David B.
Post by Shadow
You do realize that STALKING is illegal ?
[]'s
https://en.wikipedia.org/wiki/Stalking
You demonstrated stalking on numerous occasions. Hell, you even
provided a wilders link.
Post by David B.
Do, please, pick out the specific action(s) of which you consider
I am guilty and post them for all to see.
I recently posted actions of you taking my things without my permission
and posting them to dropbox.
--
Make yourself sheep and the wolves will eat you.
Benjamin Franklin
burfordTjustice
2016-12-29 11:56:03 UTC
Permalink
Raw Message
On Wed, 28 Dec 2016 23:02:08 -0000 (UTC)
Post by Diesel
Post by David B.
Post by Shadow
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
You've received "warnings" and then BANS from lots of sites,
because you didn't heed the warnings.
I really don't mind you twisting the truth, Shadow. So be it!
He isn't twisting the truth.
Post by David B.
Post by Shadow
You do realize that STALKING is illegal ?
[]'s
https://en.wikipedia.org/wiki/Stalking
You demonstrated stalking on numerous occasions. Hell, you even
provided a wilders link.
Post by David B.
Do, please, pick out the specific action(s) of which you consider
I am guilty and post them for all to see.
I recently posted actions of you taking my things without my
permission and posting them to dropbox.
So what are you going to do about it??
Shadow
2016-12-29 12:35:41 UTC
Permalink
Raw Message
Post by Diesel
Post by David B.
Post by Shadow
On Wed, 28 Dec 2016 14:33:38 +0000, "David B."
You've received "warnings" and then BANS from lots of sites,
because you didn't heed the warnings.
I really don't mind you twisting the truth, Shadow. So be it!
He isn't twisting the truth.
Post by David B.
Post by Shadow
You do realize that STALKING is illegal ?
[]'s
https://en.wikipedia.org/wiki/Stalking
You demonstrated stalking on numerous occasions. Hell, you even
provided a wilders link.
Post by David B.
Do, please, pick out the specific action(s) of which you consider
I am guilty and post them for all to see.
I recently posted actions of you taking my things without my permission
and posting them to dropbox.
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
David B.
2016-12-29 18:11:27 UTC
Permalink
Raw Message
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow. :-)
--
"Do something wonderful, people may imitate it."
Shadow
2016-12-29 20:17:36 UTC
Permalink
Raw Message
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s

alt.comp.freeware crosspost removed. (added by BD).
--
Don't be evil - Google 2004
We have a new policy - Google 2012
burfordTjustice
2016-12-29 20:25:32 UTC
Permalink
Raw Message
On Thu, 29 Dec 2016 18:17:36 -0200
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former
owner has been one of his STALKING targets for almost a decade.
The victim, a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a
third party, and is now a "look-alike" site hosting malware. Even
the email address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
alt.comp.freeware crosspost removed. (added by BD).
You two are a fine pair...ask david and he will send
you and airplane ticket to go visit...oh wait....
David B.
2016-12-29 23:33:53 UTC
Permalink
Raw Message
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)

I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!

Did you ever see the site as it was?

https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0

More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-

https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
--
"Do something wonderful, people may imitate it."
madadmin
2016-12-29 23:52:22 UTC
Permalink
Raw Message
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!

You're STILL at it????
Sycho
2016-12-30 00:14:10 UTC
Permalink
Raw Message
Post by madadmin
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!
You're STILL at it????
Yep. Hopin' to round up them baddies a'fer they do some
diab-wahaha-bolical evil deeds or some such. :)
--
Bad command or filename. Go stand in the corner.
David B.
2016-12-30 10:54:06 UTC
Permalink
Raw Message
Post by madadmin
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!
Hey! It's no laughing matter! ;-)
Post by madadmin
You're STILL at it????
Yes, I am. :-) Persistent, aren't I?!!!

Have a fun read here .....

https://social.microsoft.com/Forums/en-US/fa686bfb-8b02-4efc-9feb-362e93a519ac/on-tomis-activity-page-it-says-hes-responded-to-my-posts-but-i-cannot-see-his-replies-why?forum=reportabug

Your further guidance will be welcomed.
--
"Do something wonderful, people may imitate it."
madadmin
2016-12-30 22:42:09 UTC
Permalink
Raw Message
Post by David B.
Post by madadmin
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!
Hey! It's no laughing matter! ;-)
Post by madadmin
You're STILL at it????
Yes, I am. :-) Persistent, aren't I?!!!
Have a fun read here .....
https://social.microsoft.com/Forums/en-US/fa686bfb-8b02-4efc-9feb-362e93a519ac/on-tomis-activity-page-it-says-hes-responded-to-my-posts-but-i-cannot-see-his-replies-why?forum=reportabug
Your further guidance will be welcomed.
I'd recommend staying off the microsoft forums. You don't play well
there. But you don't listen to anybody so whatever...
David B.
2016-12-30 22:57:00 UTC
Permalink
Raw Message
Post by madadmin
Post by David B.
Post by madadmin
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!
Hey! It's no laughing matter! ;-)
Post by madadmin
You're STILL at it????
Yes, I am. :-) Persistent, aren't I?!!!
Have a fun read here .....
https://social.microsoft.com/Forums/en-US/fa686bfb-8b02-4efc-9feb-362e93a519ac/on-tomis-activity-page-it-says-hes-responded-to-my-posts-but-i-cannot-see-his-replies-why?forum=reportabug
Your further guidance will be welcomed.
I'd recommend staying off the microsoft forums. You don't play well
there. But you don't listen to anybody so whatever...
What an interesting comment for you to make, 'madadmin'.

I do, actually, listen to *ALL* advice!

Tarry a while on my newly adopted group - alt.computer.workshop
--
"Do something wonderful, people may imitate it."
madadmin
2016-12-30 23:18:22 UTC
Permalink
Raw Message
Post by David B.
Post by madadmin
Post by David B.
Post by madadmin
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!
Hey! It's no laughing matter! ;-)
Post by madadmin
You're STILL at it????
Yes, I am. :-) Persistent, aren't I?!!!
Have a fun read here .....
https://social.microsoft.com/Forums/en-US/fa686bfb-8b02-4efc-9feb-362e93a519ac/on-tomis-activity-page-it-says-hes-responded-to-my-posts-but-i-cannot-see-his-replies-why?forum=reportabug
Your further guidance will be welcomed.
I'd recommend staying off the microsoft forums. You don't play well
there. But you don't listen to anybody so whatever...
What an interesting comment for you to make, 'madadmin'.
I do, actually, listen to *ALL* advice!
Perhaps you do but it simply goes in one ear and out the other. So far
this is basically reruns of the activity of last time I wandered in here.
Post by David B.
Tarry a while on my newly adopted group - alt.computer.workshop
So how do they feel about you adopting them????
I don't have the time to hit too many groups anymore. Actually I don't
have time to hit the groups I do like to visit which is why I keep
having extended absences from here...
David B.
2016-12-30 23:32:52 UTC
Permalink
Raw Message
Post by madadmin
Post by David B.
Post by madadmin
Post by David B.
Post by madadmin
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
I believe that the site has ALWAYS hosted malware. I think Mr Adare has
been less than truthful but now wonder where YOU read his remarks!
Did you ever see the site as it was?
https://www.dropbox.com/s/o6ichpsqa8oc16k/IdentIT.tiff?dl=0
More importantly, though, I have been trying to convince the guys at
Microsoft of the danger posed by the site. For proof, read here:-
https://www.dropbox.com/s/rka080b6rwq4o7l/Reply%20to%20Rob%20in%20Microsoft%20Answers.tiff?dl=0
BWAAAAHAAHAHAHAHAHAHAHAH!!!!!
Hey! It's no laughing matter! ;-)
Post by madadmin
You're STILL at it????
Yes, I am. :-) Persistent, aren't I?!!!
Have a fun read here .....
https://social.microsoft.com/Forums/en-US/fa686bfb-8b02-4efc-9feb-362e93a519ac/on-tomis-activity-page-it-says-hes-responded-to-my-posts-but-i-cannot-see-his-replies-why?forum=reportabug
Your further guidance will be welcomed.
I'd recommend staying off the microsoft forums. You don't play well
there. But you don't listen to anybody so whatever...
What an interesting comment for you to make, 'madadmin'.
I do, actually, listen to *ALL* advice!
Perhaps you do but it simply goes in one ear and out the other. So far
this is basically reruns of the activity of last time I wandered in here.
You are wrong about that. I've learned a great deal.
Post by madadmin
Post by David B.
Tarry a while on my newly adopted group - alt.computer.workshop
So how do they feel about you adopting them????
No problem so far.
Post by madadmin
I don't have the time to hit too many groups anymore. Actually I don't
have time to hit the groups I do like to visit which is why I keep
having extended absences from here...
Follow-up set to alt.computer.workshop
--
"Do something wonderful, people may imitate it."
Shadow
2016-12-29 23:56:02 UTC
Permalink
Raw Message
On Thu, 29 Dec 2016 23:33:53 +0000, "David B."
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
Why ? What freeware do you recommend downloading from the site
?
Please include a changelog and a brief description of the
freeware.
And of course, your personal experience using the freeware.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
David B.
2016-12-30 11:11:53 UTC
Permalink
Raw Message
Post by Shadow
On Thu, 29 Dec 2016 23:33:53 +0000, "David B."
Post by David B.
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000, "David B."
Post by David B.
Post by Shadow
Dustin, please note that the Bl^%dy Dev*&^^iL changed the
subject of the thread to include the name of a site who's former owner
has been one of his STALKING targets for almost a decade. The victim,
a Canadian, IS NO LONGER THE OWNER OF THE SITE.
The registration expired in 2015, and it was bought by a third
party, and is now a "look-alike" site hosting malware. Even the email
address on the site is bogus.
Check the whois records.
[]'s
Thanks for explaining, Shadow.
I don't think it warrants explaining. You KNOW the site was
bought, you KNOW it hosts malware, yet you continue to spam it in the
hope people will download ransomware.
(Site name removed AGAIN - DO NOT VISIT - it's malicious)
[]'s
(alt.comp.freeware once again included)
Why?
It's the only way Pooh gets to read my posts - isn't it?
Post by Shadow
What freeware do you recommend downloading from the site
I really like BearWare http://bearware.info/
Post by Shadow
Please include a changelog and a brief description of the
freeware.
Please enroll here if you feel it sufficiently important:
https://changelog.com/weekly
Post by Shadow
And of course, your personal experience using the freeware.
[]'s
I endeavour to use THIS freeware, but 'they' keep locking the threads!

https://social.microsoft.com/Forums/en-US/b68a095e-6d02-47bb-bf29-899f44c82e04/surely-somebody-at-microsoft-will-listen-to-my-concerns-wont-they?forum=reportabug#d8577210-38ae-4c8d-af5b-4b308051ca89

I'm *SURE* someone is hiding something! I really do.
--
"Do something wonderful, people may imitate it."
David B.
2016-12-31 11:19:35 UTC
Permalink
Raw Message
Post by Shadow
On Thu, 29 Dec 2016 23:33:53 +0000, "David B."
[....]
Post by Shadow
And of course, your personal experience using the freeware.
[]'s
Addendum:

I found THIS site very helpful when learning how best to use my Chromebook:-

http://bearware.info/Chrome.html
--
"Do something wonderful, people may imitate it."
burfordTjustice
2016-12-29 20:20:54 UTC
Permalink
Raw Message
On Thu, 29 Dec 2016 18:11:27 +0000
Post by David B.
Thanks for explaining, Shadow.
Too bad you could not explain...
David B.
2016-12-31 10:19:38 UTC
Permalink
Raw Message
Post by Shadow
On Thu, 29 Dec 2016 18:11:27 +0000
Post by David B.
Thanks for explaining, Shadow.
Too bad you could not explain...
Keep up, dear boy! :-P

Try the URL again now www.IdentIt.ca
--
"Do something wonderful, people may imitate it."
FromTheRafters
2010-08-13 23:09:05 UTC
Permalink
Raw Message
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in all
probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]
What FTR actually said .....
"True, it could be installed and be kept from accessing certain areas
by a rootkit".
Do you *really* disagree with that?
One thing you are apparently not getting the significance of is that the
"installation software" for the proposed AV that you want to install on
the "compromised" machine likely has its own detection software for
known malware (including some rootkits) *and* rootkit detection software
that alerts to inconsistancies in what is presented through APIs to the
other tools due to filter drivers and the like.

It may be impossible to install such AV programs on a "compromised"
machine, if the preinstallation detection software is aware of, yet not
capable of removing detected malicious activity - it may tell you that
you need to address the other issue before attempting to install that
software (I'm not aware of this actually happening though).

The most likely scenario is that the installation goes off smoothly
without a hitch on *most* compromised machines (removing the compromise
in the process) - which, I believe, is Dustin's point.
David H. Lipman
2010-08-13 23:29:36 UTC
Permalink
Raw Message
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in all
probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]
What FTR actually said .....
"True, it could be installed and be kept from accessing certain areas
by a rootkit".
Do you *really* disagree with that?
| One thing you are apparently not getting the significance of is that the
| "installation software" for the proposed AV that you want to install on
| the "compromised" machine likely has its own detection software for
| known malware (including some rootkits) *and* rootkit detection software
| that alerts to inconsistancies in what is presented through APIs to the
| other tools due to filter drivers and the like.

| It may be impossible to install such AV programs on a "compromised"
| machine, if the preinstallation detection software is aware of, yet not
| capable of removing detected malicious activity - it may tell you that
| you need to address the other issue before attempting to install that
| software (I'm not aware of this actually happening though).

| The most likely scenario is that the installation goes off smoothly
| without a hitch on *most* compromised machines (removing the compromise
| in the process) - which, I believe, is Dustin's point.


That a case of an in situ installation of a fully installed AV soloution.

That's not the case of of the hard disk being removed and placed within a surrogate.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Dustin
2010-08-13 23:31:58 UTC
Permalink
Raw Message
Post by David H. Lipman
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in
all probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]
What FTR actually said .....
"True, it could be installed and be kept from accessing certain
areas by a rootkit".
Do you *really* disagree with that?
| One thing you are apparently not getting the significance of is
| that the "installation software" for the proposed AV that you want
| to install on the "compromised" machine likely has its own
| detection software for known malware (including some rootkits)
| *and* rootkit detection software that alerts to inconsistancies in
| what is presented through APIs to the other tools due to filter
| drivers and the like.
| It may be impossible to install such AV programs on a "compromised"
| machine, if the preinstallation detection software is aware of, yet
| not capable of removing detected malicious activity - it may tell
| you that you need to address the other issue before attempting to
| install that software (I'm not aware of this actually happening
| though).
| The most likely scenario is that the installation goes off smoothly
| without a hitch on *most* compromised machines (removing the
| compromise in the process) - which, I believe, is Dustin's point.
That a case of an in situ installation of a fully installed AV
soloution.
That's not the case of of the hard disk being removed and placed within a surrogate.
Well, once you remove the host drive and take the suspect bad host out
of the equisation, it does make life easier for hunting malware. :P
--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
Dustin
2010-08-13 23:30:24 UTC
Permalink
Raw Message
Post by FromTheRafters
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in
all probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]
What FTR actually said .....
"True, it could be installed and be kept from accessing certain
areas by a rootkit".
Do you *really* disagree with that?
One thing you are apparently not getting the significance of is that
the "installation software" for the proposed AV that you want to
install on the "compromised" machine likely has its own detection
software for known malware (including some rootkits) *and* rootkit
detection software that alerts to inconsistancies in what is
presented through APIs to the other tools due to filter drivers and
the like.
It may be impossible to install such AV programs on a "compromised"
machine, if the preinstallation detection software is aware of, yet
not capable of removing detected malicious activity - it may tell
you that you need to address the other issue before attempting to
install that software (I'm not aware of this actually happening
though).
The most likely scenario is that the installation goes off smoothly
without a hitch on *most* compromised machines (removing the
compromise in the process) - which, I believe, is Dustin's point.
Nicely put, FTR..
--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
~BD~
2010-08-14 08:25:12 UTC
Permalink
Raw Message
Post by FromTheRafters
Post by ~BD~
Post by Dustin
/I/ think *Dustin* is wrong. *I believe that installing an
anti-virus programme on an already compromised machine is, in all
probability, a futile exercise*.
LOL, you would certainly be in the minority if you think I was
wrong in the advice I provided concerning malware.
[....]
What FTR actually said .....
"True, it could be installed and be kept from accessing certain areas
by a rootkit".
Do you *really* disagree with that?
One thing you are apparently not getting the significance of is that the
"installation software" for the proposed AV that you want to install on
the "compromised" machine likely has its own detection software for
known malware (including some rootkits) *and* rootkit detection software
that alerts to inconsistencies in what is presented through APIs to the
other tools due to filter drivers and the like.
It may be impossible to install such AV programs on a "compromised"
machine, if the preinstallation detection software is aware of, yet not
capable of removing detected malicious activity - it may tell you that
you need to address the other issue before attempting to install that
software (I'm not aware of this actually happening though).
The most likely scenario is that the installation goes off smoothly
without a hitch on *most* compromised machines (removing the compromise
in the process) - which, I believe, is Dustin's point.
I accept what you say, FTR - especially the *most* part! ;-)

No doubt you will review my post to Dustin Re: Kaspersky thread.

As I've said to you many times before, I value your help and guidance.
Peter Foldes
2010-08-11 15:44:42 UTC
Permalink
Raw Message
Don't feed the Trolls especially this Troll
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect
~BD~
2010-08-14 08:31:58 UTC
Permalink
Raw Message
Post by Peter Foldes
Don't feed the Trolls especially this Troll
What is your problem, Peter Foldes?

Are you paying for 'the bandwidth' or is it another reason?

*Everyone* is entitled to post on Usenet groups! ;-)
Caravaggio
2010-08-08 04:38:24 UTC
Permalink
Raw Message
On Sat, 07 Aug 2010 12:04:18 +0100, ~BD~
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
I tried with Chrome and got a similar warning, viz:-
http://i36.tinypic.com/347wjld.jpg
Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?
http://google.com/safebrowsing/diagnostic?tpl=safari&site=www.uncoached.com&hl=en-us
FYI:

www.facebook.com/uncoached
" Uncoached: We just want to let you guys know the site is down and
being transferred to a new server. Sorry for the inconvenience. We
should be up Mon or Tues of next week. "
" Friday [06 August] at 5:18pm "

The "temporary" page is the only page presently at two uncoached
sites. A "cleanup" by choopa apparently involves replacing its
customer's servers.

http://uncoached.com/

http://unrealitymag.com/
[Identical "site down" page as appears at uncoached.com]

http://unathleticmag.com/
[apparently already installed on new server and back in service]

http://unathleticmag.com/
<div id="lijit_region_56827"></div>
<script type="text/javascript"
src="http://www.lijit.com/delivery/fp?u=uncoached&z=56827&n=1"></script>
"This web site does not supply ownership information." but the web
page supplies "research" information to "uncoached".

lijit advises:
[ http://www.lijit.com/ Lijit does site search, only better. ]
[Lijit is 11,877 publishers in 25 topical networks generating
7,858,644,427 page views since Jan 1, 2008 and we're not stopping
there.]

<script src="http://network.yardbarker.com/network/ybn_pixel/7831"
type="text/javascript"></script> <noscript></noscript>
[yardbarker.com advises they are affiliated with foxsports.com on msn]


Reported Attack Paqe!
This web page at uncoached.com has been reported as an attack page and
has been blocked based on your security preferences.
Attack pages try to install programs that steal private information,
use your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many
are compromised without the knowledge or permission of their owners.

"This site may harm your computer.4 Jan 2010", and it took them seven
months to discover they had a problem?
Note: "maintenance" mispelling, lacking period at end.
The site is currently down for maitenance. It will be back up shortly.
Thank you for your patience


66.55.128.34 tge2-4-cr2. ewr 2. choopa.net
66.55.138.35 66 55 138 35 choopa.net

Domain Name: UNCOACHED.COM
Name Server: NS1.CHOOPA.COM
Name Server: NS2.CHOOPA.COM

213.248.94.162 choopa-ic-137616-nyk-b6 c telia.net
Name Server: DNS1.TELIA.COM
Name Server: DNS2.TELIA.COM
Name Server: NS04.SAVVIS.NET

Telia is the world's largest IP, i.e., Internet Provider.
IP's sell to the ISP's who re-sell to the consumers.

http://www.alexa.com/siteinfo/uncoached.com
Alexa's web page contains a clear click to
"http: //yads.zedo.com/ads3/a ?"

Alexa, OMG, advises:
Uncoached.com is ranked #11,962 in the world according to the
three-month Alexa traffic rankings. The fraction of visits to it
referred by search engines is roughly 17%, and visitors to the site
view an average of 2.5 unique pages per day. Uncoached.com has a
bounce rate of approximately 61% (i.e., 61% of visits consist of only
one pageview). It has attained a traffic rank of 4,220 among users in
the US, where approximately 49% of its audience is located.


HTH

Caravaggio




www.uncoached.com is powered by nginx and has 2 DNS entries.

Whois for www.uncoached.com available at
https://dns.l4x.org/www.uncoached.com
Ron
2010-08-09 19:02:34 UTC
Permalink
Raw Message
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
I tried with Chrome and got a similar warning, viz:-
http://i36.tinypic.com/347wjld.jpg
Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?
I've gotten warnings from sites before.....don't bypass them unless
you know they are safe.
~BD~
2010-08-09 20:36:02 UTC
Permalink
Raw Message
Post by Ron
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
I tried with Chrome and got a similar warning, viz:-
http://i36.tinypic.com/347wjld.jpg
Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?
I've gotten warnings from sites before.....don't bypass them unless
you know they are safe.
That's good advice, Ron!

Thanks for posting.
Oliver
2010-08-13 18:40:14 UTC
Permalink
Raw Message
On Sat, 07 Aug 2010 12:04:18 +0100, ~BD~
Post by ~BD~
I was using Safari and got a warning when I visited a URL.
I tried with Chrome and got a similar warning, viz:-
http://i36.tinypic.com/347wjld.jpg
Just wondering if anyone else has experienced anything untoward at
xxx.uncoached.com ?
http://google.com/safebrowsing/diagnostic?tpl=safari&site=www.uncoached.com&hl=en-us
A Minibus load of drunk heavies armed with baseball bats dispatched to
their HQ. That should do the job.

.
--------------------------
The Internet will become the
Sacred Sanctuary for Nutters,Idiots
And Trolls

(Michel Nostradamus, December 14, 1503 - July 2, 1566).
--------------------------
Loading...