| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: A worrying thought using OS/2-eCS |
Mike O'Connor wrote:
>Hi All,
>
>About 12 hours ago, I had a disturbing experience - the exact origins of
>which I don't know. At the time I had been online continuously for
>about 9 hours or so - when I luckily just *happened* to check my Trash
>Can contents.
>
>I had been having a progressive slowing of this eCS 1.0 system, things
>weren't refreshing at the normal [constant] speed. This occurred after
>I received a bunch of messages with attached virii - the *wait" pointer
>was *active* whenever it was anywhere over the inbox message pane in IBM
>WB 2.01. None of the messages was large - about double usual list
>message size - probably the only large one was about 42KB, which sounds
>like a Bagle-variant.
>
>When I opened the Trash Can, you can imagine my surprise when I found
>~1.5GB of directories in there, including the \WINNT tree from W2KP. I
>normally have the TC set to be emptied on shutdown - well I've changed
>*that* option, along with some others to prevent disaster striking via
>that route.
>
>So I'm wondering whether someone has come up with some malware that's
>either Java or REXX based?
>
>I shutdown [powered-off] and booted into another partition, eCS 1.13 and
>ran Norman AV against all drives - took 144 minutes to check 259,000
>files, a heck of a lot of those inside the .jar files and a multitude of
>zips., including the Goldencode ones twice!
>
>A lot of [non-compressed!] plain-text files were mis-identified as being
>archives and some DOD DLLs were supposedly "damaged" and W4 FDISK.COM
>[>64KB size] was NOT checked! No infection was found.
>
>Now I know that *I* didn't delete those directory trees, that would have
>been the last thing I'd ever do, and I don't have any junk in my
>os2*.ini files either, and I don't have any sticky-keys activated which
>could have left some previous selection active - so what happened ?
>
>
>
I had a message on my screen the other day saying it could not delete
{at}rootdir I could only say ok to and then I got another that said it
could not delete autoexec.bat, at this point I started looking for
anything that might be deleting something but couldn't find anything.
Nothing further came up and no files went missing but it was a bit
disturbing. Don't know if there is any type of corolation with what you
had happen or not but it does strike a chord. I may have to get Norman
AV though.
Andy
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/E8folB/TM
---------------------------------------------------------------------~->
Yahoo! Groups Links
To visit your group on the web, go to:
http://groups.yahoo.com/group/os2user/
To unsubscribe from this group, send an email to:
os2user-unsubscribe{at}yahoogroups.com
Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
---
* Origin: Waldo's Place USA Internet Gateway (1:3634/1000)SEEN-BY: 633/267 270 @PATH: 3634/1000 12 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.