Through the wonderful act of hex editing, I have found
evidence that some group had been using my machine to set
up a "pub" on. (For those who are unaware, a "pub" is a
public FTP used to distribute pirated software. It's not
just a good watering hole)
Not only that, but this individual has gone so far as to
do all he can to get my box to cough up my credit card
information as well as my various "Geek Supply" credit
lines that I've accumulated over the years. I want to
know why the hell they've been so successful with this
even though I run a good firewall as well as using my
linux box as a hardware firewall/router. (getting through
the linux isn't what's got me bugged though cause I only
run that box once in a blue moon, but my other firewalls
are up at all times. He was able to change the variables
enough to make it so that I "page" him every time I start
to surf the net. (still after the platinum visa from the
looks of it)
I need to knoow just how I can either catch this guy so I
can hire him on or bust his ass and give him what he
deserves..

Matthew Weatherman wrote:
> Through the wonderful act of hex editing, I have found
> evidence that some group had been using my machine to set
> up a "pub" on. (For those who are unaware, a "pub" is a
> public FTP used to distribute pirated software. It's not
> just a good watering hole)
> Not only that, but this individual has gone so far as to
> do all he can to get my box to cough up my credit card
> information as well as my various "Geek Supply" credit
> lines that I've accumulated over the years. I want to
> know why the hell they've been so successful with this
> even though I run a good firewall as well as using my
> linux box as a hardware firewall/router. (getting through
> the linux isn't what's got me bugged though cause I only
> run that box once in a blue moon, but my other firewalls
> are up at all times. He was able to change the variables
> enough to make it so that I "page" him every time I start
> to surf the net. (still after the platinum visa from the
> looks of it)
> I need to knoow just how I can either catch this guy so I
> can hire him on or bust his ass and give him what he
> deserves..

I'm not sure what to say here as you've given us precisely zero information
we can use to give you a useful reply about the technical specifics of your
situation.

"Matthew Weatherman" > wrote in message
...
> Through the wonderful act of hex editing, I have found
> evidence that some group had been using my machine to set
> up a "pub" on. (For those who are unaware, a "pub" is a
> public FTP used to distribute pirated software. It's not
> just a good watering hole)
> Not only that, but this individual has gone so far as to
> do all he can to get my box to cough up my credit card
> information as well as my various "Geek Supply" credit
> lines that I've accumulated over the years. I want to
> know why the hell they've been so successful with this
> even though I run a good firewall as well as using my
> linux box as a hardware firewall/router. (getting through
> the linux isn't what's got me bugged though cause I only
> run that box once in a blue moon, but my other firewalls
> are up at all times. He was able to change the variables
> enough to make it so that I "page" him every time I start
> to surf the net. (still after the platinum visa from the
> looks of it)
> I need to knoow just how I can either catch this guy so I
> can hire him on or bust his ass and give him what he
> deserves..

This most likely was done by someone who had direct access to your
computer. Firewalls do not stop someone at the keyboard.

--
Earl F. Parrish

>-----Original Message-----
>I'm not sure what to say here as you've given us
precisely zero information
>we can use to give you a useful reply about the
technical specifics of your
>situation.
_________________________________________________
Okay. Sorry about the tirade with no applicable
information. One of the things this guy has done due to
frustration or whatever, is somehow configured my OS to
keep reinstalling my GeForce 4 Ti with just the most
rudimentary of drivers each time I reboot. I have to re-
update my video drivers each time I boot just so I can
have a resolution that is above an 8 bit color scheme.
But wait... There's MORE!!!!
There have also been 4 new accounts added to my system,
but they aren't visible from the login window, nor from
just about anywhere. I only found this out when I was
looking at the permissions of a few registry entries.
Here's the kicker though; Try as I might, I cannot
delete these accounts. They don't seem to exist anywhere
that I can do something about them. Hell, I can't even
set their permissions to deny all because it just adds a
new copyu of that user to the reg... with the same damn
permissions set!!!
My machine notifies him each time I change a password,
edit permissions, or attempt to disable a couple of his
personal services.
This guy is an artist or something cause he edits .dll
files that he knows I am going to read. I don't think
that there is any .dll file made by MS that specifically
tells "Matthew Weatherman you fartknocker... Just suck it
up and face the fact that there is no security that you
can impliment that will keep me from making your life a
hellish nightmare that even Dante' was incapable of
imagining".
Here's my question.... How do I get my system back under
my control only without formatting my 420gb primary hard
drive? Also, how can I shut down the stream that is
constantly being sent out from my machine, in the
background where it is hardly noticed by my ethernet?
My OS is winXP Home, Pro and Media edition (yes, I have
too many machines to be this stupid about my little
problem.
Sorry for the whining, but this is starting to cut into
my business hours and my company is bleeding itself
slowly of its financial viability....

Thx...

forget firewalls etc - what web browser, mail client, media
player, anti virus do you use? and how up-to-date is it?


>-----Original Message-----
>
>"Matthew Weatherman" > wrote in message
...
>> Through the wonderful act of hex editing, I have found
>> evidence that some group had been using my machine to set
>> up a "pub" on. (For those who are unaware, a "pub" is a
>> public FTP used to distribute pirated software. It's not
>> just a good watering hole)
>> Not only that, but this individual has gone so far as to
>> do all he can to get my box to cough up my credit card
>> information as well as my various "Geek Supply" credit
>> lines that I've accumulated over the years. I want to
>> know why the hell they've been so successful with this
>> even though I run a good firewall as well as using my
>> linux box as a hardware firewall/router. (getting through
>> the linux isn't what's got me bugged though cause I only
>> run that box once in a blue moon, but my other firewalls
>> are up at all times. He was able to change the variables
>> enough to make it so that I "page" him every time I start
>> to surf the net. (still after the platinum visa from the
>> looks of it)
>> I need to knoow just how I can either catch this guy so I
>> can hire him on or bust his ass and give him what he
>> deserves..
>
>This most likely was done by someone who had direct access
to your
>computer. Firewalls do not stop someone at the keyboard.
>
>--
>Earl F. Parrish
>
>.
>

pull all communicating device connections from the machine
and any others on the network. do it NOW. i would strongly
recommend reinstalling all machine, but backup and check
the backup on a different machine before formatting as
there are some nasty programs out there. on reinstall
configure your machine properly or get somebody else to do so.

you may want to called the police and show them the access
log from your firewall as what this person has done is serious.


>-----Original Message-----
>
>>-----Original Message-----
>>I'm not sure what to say here as you've given us
>precisely zero information
>>we can use to give you a useful reply about the
>technical specifics of your
>>situation.
>_________________________________________________
>Okay. Sorry about the tirade with no applicable
>information. One of the things this guy has done due to
>frustration or whatever, is somehow configured my OS to
>keep reinstalling my GeForce 4 Ti with just the most
>rudimentary of drivers each time I reboot. I have to re-
>update my video drivers each time I boot just so I can
>have a resolution that is above an 8 bit color scheme.
>But wait... There's MORE!!!!
> There have also been 4 new accounts added to my system,
>but they aren't visible from the login window, nor from
>just about anywhere. I only found this out when I was
>looking at the permissions of a few registry entries.
> Here's the kicker though; Try as I might, I cannot
>delete these accounts. They don't seem to exist anywhere
>that I can do something about them. Hell, I can't even
>set their permissions to deny all because it just adds a
>new copyu of that user to the reg... with the same damn
>permissions set!!!
>My machine notifies him each time I change a password,
>edit permissions, or attempt to disable a couple of his
>personal services.
>This guy is an artist or something cause he edits .dll
>files that he knows I am going to read. I don't think
>that there is any .dll file made by MS that specifically
>tells "Matthew Weatherman you fartknocker... Just suck it
>up and face the fact that there is no security that you
>can impliment that will keep me from making your life a
>hellish nightmare that even Dante' was incapable of
>imagining".
>Here's my question.... How do I get my system back under
>my control only without formatting my 420gb primary hard
>drive? Also, how can I shut down the stream that is
>constantly being sent out from my machine, in the
>background where it is hardly noticed by my ethernet?
>My OS is winXP Home, Pro and Media edition (yes, I have
>too many machines to be this stupid about my little
>problem.
>Sorry for the whining, but this is starting to cut into
>my business hours and my company is bleeding itself
>slowly of its financial viability....
>
>Thx...
>.
>

Matthew Weatherman wrote:


> Here's my question.... How do I get my system back under
> my control only without formatting my 420gb primary hard
> drive? Also, how can I shut down the stream that is
> constantly being sent out from my machine, in the
> background where it is hardly noticed by my ethernet?
> My OS is winXP Home, Pro and Media edition (yes, I have
> too many machines to be this stupid about my little
> problem.
> Sorry for the whining, but this is starting to cut into
> my business hours and my company is bleeding itself
> slowly of its financial viability....
>

I understand your frustration. It can't be very nice to be on the end of
this. I would agree with Peter Clark's comment - pull out all network
communication now. Don't let this machine, or indeed any others you own if
you have more than one, on the internet until this problem is resolved.

I would give serious thought to contacting your local police too as he
suggests. If you use this computer for business then this horrible thing is
having a financial impact on you, and demonstrating a financial impact is
enough to get even the most jaded of police to take this kind of thing
seriously.

That aside (and if you decide to consult the police don't do anything else
and certainly don't be tempted to connnect the affected computers to the
internet again, until they've spoke to you and said its ok for you to move
on), I know you don't want to hear this, but in your position I would blank
off all my programs, re-install windows and re-install all my applications
from scratch from a trusted source - which means don't re-use any software
downloads you've made recently for any trial applications or shareware or
even recent updates - get fresh copies or use original CDs only. I know that
is a painful course of action but under the circumstances I don't see any
other way for you to be able to "trust" the affected computer(s?) again.

I would certainly suspect anyone that has had physical access to your
machine recently. Or (I don't want to sound like I'm accusing you of
unsavoury practices but...) have you been using "trial" software downloaded
from peer to peer networks or suchlike?


--
--
Rob Moir
Microsoft MVP for Windows / Security
www.robertmoir.co.uk

Where do I get some of those=20
"420gb hard drive"s ??

--=20
Roger

yeah - i was thinking that too... - raid??


>-----Original Message-----
>Where do I get some of those
>"420gb hard drive"s ??
>
>--
>Roger
>.
>

Peter Clark wrote:
> yeah - i was thinking that too... - raid??
>

That or a typo!