That's frightening  you goy going on! :(

If it were me, I'd haul out the HDD, unplug the BIOS battery(for 48
hours, to totally drain the BIOS in case the malware stashed a copy of
itself in the boot run proggies) then start fresh and just avoid
everything you'd been doing the week before getting infucted! :(

Sucks.

Good luck in recovery!

Because I care,
|<+]::-)  (Cyberpope(the Bishop of ROM!))


On (01 Aug 06) WAYNE CHIRNSIDE wrote to CINDY HAGLUND...

 WC> ->  WC> Now that's a good one.
 WC> ->  WC> thanks.
 WC>
 WC> ->  WC> I needed a laugh just now.
 WC>
 WC> ->  Don't we all and you are very welcome, Wayne.
 WC>
 WC> ->  WC> Got the darndest malware going on here.
 WC>
 WC> ->  Viri? Bugs? Worms? Spam?
 WC>
 WC> Two possible infection vectors.
 WC> One, the application upgrade utility for this O.S. apt-get has lousy
 WC> insecure configuration defaults.
 WC> Two, a trojan horse possibly attached to the Mozilla browser.
 WC>
 WC> -> WC> Two absolutely perfect hard drives but I dare not use or
 WC> connect
 WC> ->  WC> either.
 WC>
 WC> ->  Why?
 WC>
 WC> Well because...
 WC> Whoever aimed this crud at me was extremely good at programming.
 WC> I *cannot* remove or even fdisk the hard drive.
 WC> I cannot even *destroy* the hard drive.
 WC> All too easy to do ordinarily with Linux however this
 WC> malware has a *real* healthy survival instinct.
 WC> It *will not* die.
 WC>
 WC> This particular malware runs a super user account ( owns the machine)
 WC> and has the Linux equivelent of a TSR program running in the
 WC> backgraound
 WC> ( a daemon).
 WC> This is a malicious program resident in RAM.
 WC> It's running 5 times the processes I am as user and logs my
 WC> keystrokes,
 WC> steals my addresses from my address book and phones home if I happenm
 WC> to
 WC> be logged on at 12:14 A.M. in the morning.
 WC> As I use online banking this s a *very bad* thing.
 WC> All my passwords are at risk, well more than that, it's a sure thing
 WC> they'll be stolen including that to the online banking.
 WC>
 WC> Because I'm very weird I noticed _something_ was up with the computer
 WC> and looked very very hard to dig out the information I've got.
 WC> This particular malware has set up it's own peculiar unknown
 WC> invulnerble
 WC> ( to me at least) hidden partition on the hard drive.
 WC>
 WC> Even using Linux in eXpert mode it refuses to allow alter the hard
 WC> drive geometry parameters.
 WC> It _appears_ to allow it but reboot, it's still there and nothing's
 WC> changed.
 WC> Physically a perfectly good hard drive it's worse than useless.
 WC> Someone HAS tried phishing my online banking account.
 WC> I got an email ( with malicious file attachment)
 WC> Right logos for my bank, even the right information on where to look
 WC> for
 WC> the information about suspicious account activity.
 WC> Only the account activity indicates the bank *never sent the alerting
 WC> email*
 WC> By this time I'd disconnected the hard drive power and data cables
 WC> and rebooted plain vanilla Linux live CD in RAM to get online.
 WC> By powering down and disconnecting the drives the optical CD
 WC> isn't writtable so thus uncorruptable I could *then* safely check the
 WC> account.
 WC>
 WC> ->  WC> Nor buy a new one unless I figure out the infection vector.
 WC>
 WC> ->  ah. yeah. :( I wish there was something to do to stop those
 WC> -> assholes.. they never quit!!!!
 WC>
 WC> If I were healthy it wouldn't be the big deal it is.
 WC> As is it's a huge hassle.
 WC> Likely change my password a few more times this week just in case he
 WC> or
 WC> she is still at it.
 WC> Not that I've got any money to speak of, it's just that every dollar
 WC> is
 WC> survival.
 WC> --- Platinum Xpress/Win/WINServer v3.0pr5
 WC> 14


--- PPoint 1.76