[meteorite-list] Ways to tell who has the VIRUS

From: colin wade <ceweed_at_meteoritecentral.com>
Date: Thu Apr 22 09:41:53 2004
Message-ID: <003d01c073d5$ee32aa60$02000003_at_colinwad>

absolutely amazing
didn't know stuff like that lurks within the box
thanks for sharing the information

happy new millennium

col

----- Original Message -----
From: "Don Young" <dcyoung1_at_swbell.net>
To: "Meteorite List" <meteorite-list_at_meteoritecentral.com>
Sent: Monday, January 01, 2001 2:54 AM
Subject: [meteorite-list] Ways to tell who has the VIRUS


> Hi Everyone,
> My first post in awhile..
> I assure you I have questions about meteorites for you
> experienced folks out there and will be posting those soon.
>
> BUT FOR NOW maybe this will help us track this stinking virus.
> The last copy I received was 24 Dec and it was in FRENCH!!!
>
> From the POST BY Rhett Bourland the following two statements
> say alot.
> > Hybris also infects WSOCK32.DLL, renaming it and redirecting
> > Windows.INI to point to the new, infected file.
>
> System File Checker will check your system for changed windows files.
> If you do a SFC command (Start, Run and key in sfc) If you are infected
> you will most likely get a message that WININIT has been modified.
> You will then be given the option to relace it from your Windows Disk
> or from your Cab Files.
>
> > Thereafter, Hybris will send itself via reply mail to whomever
> > sends new e-mails to an infected computer.
>
> The KEY HERE is that if you SEND an infected CPU an E-Mail it
> automatically sends you a reply from Hahaha. So IF you have
> the virus and I E-Mail you, even if you do not reply to my
> message, your PC will send ME a copy from Hahaha. (I am pretty
> sure it does does this at the time you OPEN the received E-Mail.)
>
> This being said how do you tell who it came from?
> For E-Mail under Netscape Communicator, click on the E-MAIL from
> Hahaha >>> BUT DO NOT NOT NOT open the attachment.
> click on VIEW, select PAGE SOURCE.
> You will get a whole screen full of stuff.
>
> You are looking for the last Received: from xxxxxxxxx
> statement where the xxxxxxxx is the name of the persons computer
> or user ID followed by the IP address in the form of nnn.nnn.nnn.nnn
> such as 208.190.39.106 <<-- (My current IP address for SWBELL).
> This can be plugged at the following web page to find the
> domain (SWBELL.Net, AOL.COM, ATT_at_HOME, etc)that it belongs to.
> http://www.osilab.ch/services/dns_e.htm
>
> To see your computer name go to
> MYCOMPUTER, CONTROL PANEL, Double click NETWORK,
> Select IDENTIFICATION, this name or your ID is placed in xxxxxxxxx
> when you send an E-Mail. You could have the person that you suspect
> the virus came from check this...
>
> Happy NEW YEAR EVERYONE!!!
> Don
>
> --
> Don Young (Faux-Oro) aka (Fools-Gold)
> Have Cesium MagnetometerS
> Will travel if you have a Site we can work together.
> Have my own US METEORITE HUNTERS index by GPS Lat and Lon
> and detailed maps for EACH meteorite..
> Dallas, Texas
>
> UPDATED PICTURES AS OF: 02 Dec 2000
>
> My Hobbies: Gold prospecting, Metal detecting and Meteorites
> hobby pics:
> Meteorites found at Odessa Tx. With mag. Lg 1 at 16"+, sm at 6"+
> http://images.honesty.com/imagedata/h/182/08/21820805.jpg
>
> 1856 army pistol ball and cap cylinder
> http://images.honesty.com/cgi-bin/honesty-image/12391569/cyl12.jpg
> http://images.honesty.com/cgi-bin/honesty-image/12391570/cyl3.jpg
>
> Home made dredge:
> http://images.honesty.com/cgi-bin/honesty-image/9448307/Dredge2.jpg
> (SUCKING UP--a target) Detector and suction hose
> http://images.honesty.com/cgi-bin/honesty-image/9448310/Dredgedt.jpg
>
> A little gold in the pan
> http://images.honesty.com/cgi-bin/honesty-image/3957183/Cabgold.jpg
>
> _______________________________________________
> Meteorite-list mailing list
> Meteorite-list_at_meteoritecentral.com
> http://www.pairlist.net/mailman/listinfo/meteorite-list
Received on Mon 01 Jan 2001 03:45:52 AM PST