-=> ROY J. TELLASON wrote to WAYNE CHIRNSIDE <=-

 RJT> Wayne Chirnside wrote in a message to Roy J. Tellason:

 WC> Finally have my system totally setup properly again after both
 WC> hardware crash and software invasion by the Klez.H worm!!!

 RJT> What platform,  or OS were you running that let that get in?

 DOS 6.20 - Win 3.11, it was on salvaged drive, than DOS 5.0 - Win 3.1 
 after I reinstalled the software I owned.
 Note: neither Semantec nor F-Secure's web sites made mention
 of vulnerability of these O.S.'s but did offer removal tools
 for NT, 9X and 2000.
 The really huge problem is the beginning of the executable
 that installs the monster starts with "wink" but as it's long 
 file name and this is a 8.3 file system the random characters
 inserted are all you see so DOS F-Prot completely misses it
 because all the strings are randomly generated for the 
 executable. This is a *very* stealthy and mean worm!!!

 WC> Well I did in fact reload DOS 5.0 but I forgot to delete 6.20
 WC> first :-(

 RJT> Hm.  How did _that_ act?

Very oddly I noticed no problems at all except  
for the fact diagnostic software and dosshell would not run.
Win 3.1's diagnostic I found out even as a newbie is useless
as it only reports correctly if everything IS correct.

 RJT> Do I remember right that you said something in that email about it
 RJT> coming in as an attachment?

It's coming in here invisable but it's seen on the Verizon
server as an attachment, perhaps I need to look at my 
Netscape preferences again.
The bloody attachment can be any number of file name attachments,
I've seen .pif, .exe and others. This demon of a worm is the very first
to give me real trouble an it was only after 5 - 6 days that 
I figured out protocols to keep it at bay :-(
I cannot publicly expose those methods as if the moron
who wrote this learns of them he may easily find a way to
recode it to circumvent those measures and the damned thing
is evil enough as is :-(

 WC> Hey I've even got the two modems working in concert, the external
 WC> for internet, telnet, FTP and the internal voice modem for my
 WC> software answering machine and they are both connected to the phone
 WC> line at once with the proper software assigned to each!

 RJT> Cool.  I have one modem here that's supposed to have "voice"
 RJT> capabilities, but the software that was mentioned on the box wasn't
 RJT> _in_ the box when it was given to me.  The price being right (basically
 RJT> free),  I couldn't complain too much.

 I'd love to send you a copy but software piracy prevents me
 from doing so. I believe it's quite inexpensive if I recall
 the enclosed upgrade literature correctly.
 My landlady asked me for a copy and I was forced to turn her
 down. I'll do an internet search for it later or see if the
 URL is listed in the manual.
 I got both modem and software in an inexpensive  package
 way back in 95. No-name hardware data, FAX, Voice modem still works
 flawlessly!!!

 RJT> What software are you using for those functions?  I have yet to get any
 RJT> sort of info on this stuff.

 My copy reads SuperVoice 2.2 a product
 of Pacific Image Communications.
 As I say I'll do a search and see what's available from them now.
 Got to try some of the earlier freeware net voice utilities
 I've downloaded off SimTel as I've got the mic and speakers hooked
 directly to the modem now.

 WC> I could be surfing, the device detects an incoming voice call, I
 WC> screen it allowing the 1 minute message to be recorded as a .WAV
 WC> file and than continue my online session or alternatlly answer the
 WC> phone with the option of retaining the net connection or logging
 WC> off!

 RJT> I don't see how it's gonna detect an incoming call when you're using
 RJT> the line, unless call waiting comes into the picture...

that thought occurred to me as well but that's what's claimed for the 
device though as yet I've no details. Rat Shack offers
manuals off their web site and I believe I've seen the device there.
Radio Shack's web site however sucks canal water and this is 
one time I'd like a searchable PDF file to download but it's
not there!

 WC> The power saver features in CMOS do not interfere with the
 WC> answering machine as the drive spins up on ring!!!

 RJT> Hm.  That stuff seems to be more configurable in newer hardware,  from
 RJT> what I can see.  Not that I use too much newer hardware these days.
 RJT> Mostly I don't use any of that power-saving stuff.

Well this stuff is pretty dated so it just low powers and blanks
the monitor and and spins down the drive, tap a key or move the mouse
and the monitor wakes up, key in a command or have an incoming
ring, presuming modem software set to answer loaded, and the 
drive spins up. No low power mode for the CPU however.
Got to get some thermal grease for that as it's running pretty hot.
Also as the heat sink clamps are kinda loose I think I'll get
some gel superglue and glue the sink on after adding thermal grease
than reattach the loose clamps.

 WC> All this on a lowly 486 running Windows 3.1, just wait until I
 WC> move back into Linux with more dedication.

 RJT> A 486?  Cool.

 Hey when you're dirt poor you use what you've got.
 I've seen some really cutting edge systems used by end users
 that are not nearly as well configured, multimedia apps in
 most cases being far superior however in later equipment.

 WC> I've heard the last stable Mandrake release was 7 as there are
 WC> claims the package installation and removal software was munged in
 WC> a later release, don't know about the last stable Debian, Redhat
 WC> and Slackware releases are but I'm getting really close to
 WC> ordering CD's of them all merely waiting until I purchase a new
 WC> large drive and get the Pentium up and running.

 RJT> I haven't followed too many other distros,  but have pretty much stuck
 RJT> to Slackware here.  There seems to be some instability in either X or
 RJT> KDE in the stuff that came with 8.0,  but I'm told that upgrading that
 RJT> is an easy enough fix.  No major bother here,  it shows up as odd
 RJT> behavior after the system has been up _and in KDE_ for at least a
 RJT> couple of weeks.  At one point a while back I wanted to try out some
 RJT> other distros,  but the 486 test fixture I have hasn't been turned on
 RJT> for some months now.  Got Debian 2.1 (?) and a version of SuSe on
 RJT> there,  never got the later Debian (3.0?) installed,  and the RH 7.1 I
 RJT> have here won't install because it says there's not enough ram in the
 RJT> box.  There's 16M in there,  I would have figured that would be enough
 RJT> to try things out, but apparently not.  
 
Doesn't it offer the option of setting up a swap file?
My Slackware 1.1.59 would install on the original Packard Bell
with 4 Meg. SMT RAM but only if you created a swap file first
off the boot and root disks. currently the 486 here has 20 Meg.

 RJT> I guess I'm going to have to
 RJT> get a hold of a copy of 6.2, which should be somewhat less demanding...

 Might try the swap file approach first.
 I've not used the DOS version to create the boot and root disks
 but I'll bet it's not much more complicated than the Windows
 creation option which the brain dead could easily use.
 Should be located in a "utilities", possibly DOS/utilities
 directory if memory serves.
 
 RJT> How big a drive are you planning to get?  It should be easy enough to
 RJT> chunk up a largish new drive to install several distros on it and then
 RJT> have your choice as to what to boot into.  Some directories and a swap
 RJT> partition can be shared among all of them.

 Thinking 40 - 80 Gig just now as they can be had at local 
 retailers for 99 bucks right now with one retailer offering
 a 30 dollar rebate on a 40 Gig. I'll call around some shops too
 to see what deal I might get on a bare drive in a unopened
 static bag. Also call around shops for a spare used drive for 
 the 486.
 Since I'm backed up in depth now I'm considering trying
 Win 95 on this old 486 as I can easily restore as needed.
 Wish I had a 133 overdrive with interposer however as I've 
 documentation files here on jumper setup... or even a DX4 -100.
 All my original software on disks and four tapes I feel 
 reasonably secure now :-)
 The A drive on the Pentium died as well so there goes another nine bucks, 
 plus 4 dollars for a CMOS battery available at Radio Shack.
 
 WC> Probably start with Mandrake as I hear it runs out of the box so
 WC> to speak, familiarize myself than move on to Slackware which to my
 WC> understanding is more open to tinkering for individual personal
 WC> preferences.

 RJT> Mandrake is Pentium-only from what I understand,  which tells me that
 RJT> the package isn't necessarily as frugal with resources as some of the
 RJT> others. 
 
No problem, the new hard drive is going into a salvaged Pentium box 
along with a new A: drive, CMOS battery and it's good to go.
I was booting off floppy and retrieving files from my old damaged
drive kludged into that box until the A: drive packed it in.

 RJT There's even a GUI install from what I hear.  That may be what
 RJT> my brother is running,  I'm not sure.

 Well with 40 - 80 Gig to play with...
 
 WC> Finally got round to sending you the jumper setting e-mail for the
 WC> Adaptec 1540

 RJT> Got that earlier today,  and replied to it.

 Yeah, you replied too later that you had the AHA 1540B instead
 of the 1540, no problem since I've retrieved and sent that file along 
 as well.

 WC> and I bookmarked a Linux tutorial page regarding the use of that
 WC> card in the Linux O.S. however there is FAR too much information
 WC> in many many links for me to practically retreive and send them to
 WC> you.

 RJT> That's okay,  basic jumper info on the card is the sort of thing I was
 RJT> looking for...

Well the 1540B jumper file should be in your mail today, if
not just let me know and I'll resend as I've reformatted 
the page and saved it.

 WC> Sorry I haven't yet found a .jpg image to go with the jumper
 WC> listing. Oh yeah that new motherboard I was so hot on after
 WC> further examination is lacking in some regards for my application,
 WC> it only supports one EIDE drive in RAID 0

 RJT> If I'm gonna mess with RAID,  I'm probably gonna do RAID 5,  which
 RJT> means that I need to get a hold of at least three largish drives.  Been
 RJT> thinking about these 9G SCSI drives I saW at this one place...

 Trudging through all this SCSI stuff has gotten me intrigued
 and the quirks and perks are beginning to gnaw at me darn you ;-)
 Still the matter of price...
 
 WC> though it might be more interesting to you as the Promise Tech.
 WC> I/O card _does_ support SCSI.

 RJT> Eh?  You lost me here.

 Well it was in a previous thread where I was talking about
 a recently released Asus motherboard using a Prmise Tech. I/O card
 
 WC> Currently there are about three motherboards that look promising,
 WC> Asus, Epox and Gigabyte with the Gigabyte supporting the AMD
 WC> processor. Not sure that I'm ready to go SCSI yet as it's still a
 WC> high ticket item due to the lack of market share and economic
 WC> advantages inherent in mass volume sales :-(

 RJT> Yeah,  that part of it really stinks,  doesn't it?  :-)

 RJT> Been thinking about a new MB,  but I figure that can wait a while.  Too
 RJT> many variables to think about.  But in the meantime,  I'm thinking
 RJT> about a cd burner,  a scanner (especially if I can find one that's
 RJT> SCSI),  and more HD space.  Always more HD space...

I've still got the salvaged Pentium scheduled to go online in January.
Got the software modem drivers already saved on this box,
don't know about the PCI Sound card drivers yet or the Acer 40X
CD-ROM driver but that can wait until January and anyway
isn't that _supposed_ to be taken care of with plug and pray?
I might try booting the fried drive with 98 on it to DOS,
this I've already done, than using long file name xcopy xcopy everything 
on the drive to the new drive and using the 98 image boot disk that was 
sent to me see if I can't get 98 up and running, snag the drivers there
and then delete and load my legal copy of 95.
 
--- MultiMail/PBellDOS v0.42