If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#46
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in
news --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus I thought I removed the errant VPN server but I realized that there was a duplicate because there it TCP and UDP based configuration files. So I disabled both the TCP and UDP VPN config file for the VPN server that adds that Avast sig and header. I can't promise the *next* VPN service won't do it but 99 out of 100 don't add that line so most of the time this will work. Each day there are another hundred servers that get added while another hundred are deprecated so the list fluctuates daily. This is a new free VPN server (just added today) so we'll see what it does. |
Ads |
#47
|
|||
|
|||
8.3 filenames (Was Hackers hid malware in CCleaner software)
On Wed, 20 Sep 2017 17:11:34 -0000 (UTC), Blake Snyder
wrote: On Wed, 20 Sep 2017 12:59:44 -0400, in , Wolf K wrote: So to eliminate the 8.3 format from Windows would require rewriting the kernel at a rather low level. This is completely wrong. You have been able to disable 8.3 file name creation since the days of NT using the registry and since 2000 using group policy. https://support.microsoft.com/en-gb/...tfs-partitions Sent from my iFurryUnderbelly. Thanks for corrected info. Does this "prove" that 8+3 is completely gone from Windows 10? That wasn't the statement I corrected. It doesn't require a rewrite of the kernel to turn this functionality off. This is a legacy function to support applications which use 8.3 format. So it's the application that needs it not Windows 10. I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't create. I don't know how they got created but the creation probably has something to do with the fact that I re-defined the %TMP% & %TEMP% and all the other Windows temp directories to things like c:\tmp\junk\windows_temp\ I suspect you are running older applications and redefining the path to the temp folders has just exposed stuff that Windows usually hides from the end user if you don't mess with the MS default folder paths that is. BTW. What you see through windows explorer is *folders* and not directories. Directories are a file system concept and folders are a GUI/end user concept. Folders don't necessarily show the directory as it is. After that, Windows 10 did its thing to create those 8+3 directories. It's not essential to the functionality of the file system as you have been suggesting or some magical old code lurking from before the dinosaurs that cannot be altered without raising the dead. Neither are these special directories. From recollection and I cannot be arsed to research it but every directory has two names unless this functionality is disabled. Sent from my iFurryUnderbelly. -- p-0.0-h the cat Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat, Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy, Certifiable criminal, Spineless cowardly scum, textbook Psychopath, the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infme, the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll, shyster [pending approval by STATE_TERROR], cripple, sociopath, kook, smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag, liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav, lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball. NewsGroups Numbrer One Terrorist Honorary SHYSTER and FRAUD awarded for services to Haberdashery. By Appointment to God Frank-Lin. Signature integrity check md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896 I mark any message from Q the troll as stinky |
#48
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 14:01:02 -0000 (UTC), Blake Snyder
wrote: What amazes me but I haven't delved into why, is that when I tell people that even with Windows 10, you have to keep to 8+3 syntax, they say "prove it", where I don't keep a log of the times that the tilde shows up. If that's how you pitch the idea to people, I'd say they're right to push back. As a user, you haven't *needed* to use 8.3 syntax since nearly forever, but by default Windows can use it behind the scenes. And of course, you can use it yourself, whether you intentionally name something with 8.3 or you simply let Windows create the 8.3 name and you simply start using what Windows assigned. The dir command can show you the 8.3 names when you use the /x argument. The two things I can say, without actually being able to point to an actual example at the moment, is that when I don't use 8+3, then I need doublequotes when I shouldn't need them and the tilde shows up in the oddest places where you can rest assured I never created a directory named "C:\tmp\WINDOWS~". Double quotes are typically needed when the path or the filename contains one or more spaces, and the tilde should really only show up in the 7th character position of the 8.3 filename. I'm guessing you could make it 'walk left' by intentionally creating files where the 8.3 name would collide with an existing 8.3 name, assuming the 8.3 names have been generated by Windows, of course. The other use case for tildes is as a leading character for temp files, but you won't be confusing that use case with 8.3 names. For one, I never use capital letters, and for the other, I never use tilde in a name. But Microsoft seems to love both. I have no problem with leading capitals and in fact I generally use 'title case', where every word is capitalized. Plus, I like the fact that Windows uses a unique character, meaning something I'd never use on my own, to designate generated 8.3 names. That makes them easy to identify. |
#49
|
|||
|
|||
Hackers hid malware in CCleaner software
On 21/9/2017 1:11 AM, Blake Snyder wrote:
Do you do these half dozen tasks with freeware? If so, what freeware do you use for those tasks that you do? 1. Registry cleaning = what is the best freeware for this? .... 7. Drive wiper = https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html I don't do that in my home PC. Not sure about technical support people in workplaces. -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#50
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 17:11:35 -0000 (UTC), Blake Snyder
wrote: Do you do these half dozen tasks with freeware? If so, what freeware do you use for those tasks that you do? 1. Registry cleaning = what is the best freeware for this? 2. File cleaning = what is the best freeware for this? 3. Autorun disabling = Mark Russinovich's autoruns freeware 4. Browser plugin disabling = what is the best freeware for this? 5. Program uninstaller = Revo uninstaller freeware 6. Duplicate finder = http://www.top5freeware.com/duplicate-file-finder 7. Drive wiper = https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html Of those 6 items, I only (occasionally) do #6. I use a tool called Duplicate Cleaner Free (https://www.digitalvolcano.co.uk/). No idea if it's the best, but I apparently like it well enough that I've been using it for quite a few years without wanting to find a replacement. I have no use for the other 6 tasks. Yes, I know what each task is about, so no need to assume something else. |
#51
|
|||
|
|||
8.3 filenames (Was Hackers hid malware in CCleaner software)
On 09/20/2017 12:11 PM, Blake Snyder wrote:
[snip] I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't create. WINDOWS~1 has 9 characters, so can't fit into 8.3. [snip] |
#52
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 14:13:43 -0000 (UTC), Blake Snyder
wrote: On Wed, 20 Sep 2017 14:01:02 -0000 (UTC), in news I don't know what VPN service I'm using at the moment, so I can't say whether it will add the Avast non-standard-on-purpose sig, but I will add my own sig below using the dash-dash-space syntax, just in case it does. -- This is a manual sig following the dash-dash-space syntax. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus I remove that sig by changing a setting in Avast Free Antivirus on my PC. The setting "Enable Avast email signature" can be accessed via Settings / General and then removing the tick in the adjacent box. One annoying habit of this Antivirus program is that the tick is restored when you update the Avast software. Whether this method is altered by using a VPN is something I have no experience with. |
#53
|
|||
|
|||
8.3 filenames (Was Hackers hid malware in CCleaner software)
On Wed, 20 Sep 2017 15:09:59 -0500, in
, Sam E wrote: On 09/20/2017 12:11 PM, Blake Snyder wrote: [snip] I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't create. WINDOWS~1 has 9 characters, so can't fit into 8.3. [snip] Typo. http://i.cubeupload.com/GFf3Bx.jpg That is a screenshot of my junk folder which contains the Windows & VIM temps... Never do I use capital letters or tildes in file or folder names. |
#54
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 13:36:09 -0500, in
, Char Jackson wrote: If that's how you pitch the idea to people, I'd say they're right to push back. As a user, you haven't *needed* to use 8.3 syntax since nearly forever, but by default Windows can use it behind the scenes. And of course, you can use it yourself, whether you intentionally name something with 8.3 or you simply let Windows create the 8.3 name and you simply start using what Windows assigned. The dir command can show you the 8.3 names when you use the /x argument. All I can tell you in response is that the 8+3 shows up on its own. For example, I am super duper positive I never created any folder using capital letters and a tilde - but there it is - in my Windows 10 junk folder for the temp variables for both Windows and VIM. http://i.cubeupload.com/GFf3Bx.jpg Who created it and put it there if not Windows herself? |
#55
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 21:31:43 -0000 (UTC), Blake Snyder
wrote: On Wed, 20 Sep 2017 13:36:09 -0500, in , Char Jackson wrote: If that's how you pitch the idea to people, I'd say they're right to push back. As a user, you haven't *needed* to use 8.3 syntax since nearly forever, but by default Windows can use it behind the scenes. And of course, you can use it yourself, whether you intentionally name something with 8.3 or you simply let Windows create the 8.3 name and you simply start using what Windows assigned. The dir command can show you the 8.3 names when you use the /x argument. All I can tell you in response is that the 8+3 shows up on its own. Yes, of course it does. I thought I said that. For example, I am super duper positive I never created any folder using capital letters and a tilde - but there it is - in my Windows 10 junk folder for the temp variables for both Windows and VIM. http://i.cubeupload.com/GFf3Bx.jpg Who created it and put it there if not Windows herself? Windows! I thought I said that. You can very easily test it for yourself. Create a file name or a folder name that's longer than 8 characters or that has one or more spaces in it. Now use dir /x to view it. There's the 8.3 name, created automatically by Windows. From that point on, you can access that object by either its long name or its short name. They are equivalent to each other in that they both reference the exact same object. That example holds for scenarios where the user created an object, but if Windows needs to create an object for its own purposes, it's perfectly free to skip the long name entirely and simply create the object using the short name. This behavior has existed since, what, Win 95? |
#56
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 17:18:13 -0000 (UTC), Blake Snyder
wrote: On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in news --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus I thought I removed the errant VPN server but I realized that there was a duplicate because there it TCP and UDP based configuration files. So I disabled both the TCP and UDP VPN config file for the VPN server that adds that Avast sig and header. I can't promise the *next* VPN service won't do it but 99 out of 100 don't add that line so most of the time this will work. Each day there are another hundred servers that get added while another hundred are deprecated so the list fluctuates daily. This is a new free VPN server (just added today) so we'll see what it does. Pretty hard to believe that a VPN server, which typically operates at OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload. There's more to the story here. If this so-called VPN server is able to muck around at Layer 7 for Usenet posts, what else is it doing to your other traffic? I'd steer far, very far, from that kind of service. VPN server, they ain't. -- Char Jackson |
#57
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 17:26:56 -0500, Char Jackson
wrote: On Wed, 20 Sep 2017 17:18:13 -0000 (UTC), Blake Snyder wrote: On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in news --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus I thought I removed the errant VPN server but I realized that there was a duplicate because there it TCP and UDP based configuration files. So I disabled both the TCP and UDP VPN config file for the VPN server that adds that Avast sig and header. I can't promise the *next* VPN service won't do it but 99 out of 100 don't add that line so most of the time this will work. Each day there are another hundred servers that get added while another hundred are deprecated so the list fluctuates daily. This is a new free VPN server (just added today) so we'll see what it does. Pretty hard to believe that a VPN server, which typically operates at OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload. There's more to the story here. If this so-called VPN server is able to muck around at Layer 7 for Usenet posts, what else is it doing to your other traffic? I'd steer far, very far, from that kind of service. VPN server, they ain't. Meethinks it's a proxy server list. Sent from my iFurryUnderbelly. -- p-0.0-h the cat Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat, Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy, Certifiable criminal, Spineless cowardly scum, textbook Psychopath, the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infme, the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll, shyster [pending approval by STATE_TERROR], cripple, sociopath, kook, smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag, liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav, lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball. NewsGroups Numbrer One Terrorist Honorary SHYSTER and FRAUD awarded for services to Haberdashery. By Appointment to God Frank-Lin. Signature integrity check md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896 I mark any message from Q the troll as stinky |
#58
|
|||
|
|||
Hackers hid malware in CCleaner software
In message , Blake Snyder
writes: [] I think that the Ccleaner "leatherman" approach of doing lots of things is OK but the approach of having a single tool do a single job (like uninstalling apps) is a better approach. I used to use another "Leatherman" tool - EasyCleaner, by Toni Helenius, a young Finn. (Well, he was young when I used it!) I can't remember if it did all the things Cc does, but it had a nice (IMO) user interface to select them from. I've no idea whether it still exists; I do know he was URL-squatted at one point, by a company that charged for his freeware. The work is in finding the best freeware to do the main jobs that CCleaner does: [] I do like the Revo uninstaller, so here's my list of "best" freeware to the half dozen things that CCleaner does: 1. Registry cleaning = what is the best freeware for this? 2. File cleaning = what is the best freeware for this? 3. Autorun disabling = Mark Russinovich's autoruns freeware 4. Browser plugin disabling = what is the best freeware for this? 5. Program uninstaller = Revo uninstaller freeware 6. Duplicate finder = http://www.top5freeware.com/duplicate-file-finder 7. Drive wiper = https://www.pcworld.com/article/2545..._your_drives_s ecurely.html For duplicate finding in the special case of images, I like a utility whose name I've forgotten that is very good at that task: it can compare images of different formats (JPEG, GIF etc.), sizes, and IIRR even orientations - and you can set a percentage match too. (It shows you the putative matches side-by-side, which is good: normally its matching algorithm is good, but occasionally it thinks two images are the same or similar which a human can see are not.) Duplicate Image File Finder, or something like that. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf She's showing her age a little bit. I always say she doesn't have teething troubles, she has denture troubles! - Timothy West (on their narrowboat!), RT 2014-March |
#59
|
|||
|
|||
Hackers hid malware in CCleaner software
In message , Blake Snyder
writes: On Wed, 20 Sep 2017 11:34:06 +0100, in , J. P. Gilliver (John) wrote: Since there is no way now to NOT reboot (ask me how I know), I will have to OK I'm asking (-: [If this was the result of it running HP's own uninstaller as _part_ of a revo uninstall, I'd probably do my best _not_ to have it reboot at that point.] All (all) of the uninstallers I've tried so far did was run the HP uninstaller, which obviously doesn't work and always requires a reboot. Did Revo - at its most aggressive setting - not find _some_ files/folders/registry entries that the HP uninstaller did not? (Even if not significant.) It's not a big deal other than to say that uninstallers aren't all they're cracked up to be if all they do is run the HP uninstaller which fails to uninstall every time. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf She's showing her age a little bit. I always say she doesn't have teething troubles, she has denture troubles! - Timothy West (on their narrowboat!), RT 2014-March |
#60
|
|||
|
|||
Hackers hid malware in CCleaner software
On Wed, 20 Sep 2017 17:26:56 -0500, in
news Pretty hard to believe that a VPN server, which typically operates at OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload. I'm with you in that I don't understand how or why the VPN service would add both header lines and a signature to the posts. There's more to the story here. If this so-called VPN server is able to muck around at Layer 7 for Usenet posts, what else is it doing to your other traffic? I'd steer far, very far, from that kind of service. VPN server, they ain't. That particular server is from http://vpngate.net Come to think of it, *all* the VPN servers which had that problem were likely from vpngate.net. Take a look at their web site. Do they look like proxy servers? They have typical openvpn configuration files just like all the other vpn services out there do. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|