Hacked? Me? Say It Ain't So!

< >

Dan Daily

and

The "Dan Daily" Sites

presents

Living With Your Computer

To go to the Main Tips Site; Click Here

For A Printer Friendly Version of this Page; Click Here

To stop the music, click the stop button below.

Don't Forget To Check Out The Store! Click--Here

Hey Gang, the Members sites are over 30 times the size as these free sites. I have much, much more then just computer tips! Membership includes the free "Danny's Gold" CD! Check it out: Click Here

Me Hacked? Say It Ain't So!

Written by: Dan Daily

Hi Gang!

Many many of you have asked, over the years, for an article on virus's and Trojans. Believe it or not, in all these years, I've never gotten one so I didn't really know what to say about it. I do now! Let us walk the "Bridge Over Troubled Water" together and

Let's Go!!!

I never really worried about virus's and such even though I don't personally run anti-virus software. I've always been sensible with what I download so I never worried about it.

Today we'll cover tips on how to avoid them and remove them once you're infected.

Me Hacked? Say It Ain't So!

My case, though not email based, infected me with an email virus. Actually the pisspot that did this is pretty ingenious. I was having problems with my broadband router (it allows both my computers to share my cable modem setup) and had it disabled to troubleshoot my speed issues. Additionally, I had Ad Subtract, Popup Stopper, and Zone Alarm disabled for the testing. (you old hands know what's coming) As you may or may not know, Zone Alarm is my firewall (available free for download, or on my "Danny's Junk" CD.) and it had to be disabled to clear the pipeline, so to speak.

I ran into some tcp/ip settings I didn't know the answer to so I went upstairs to get them off the other computer. While I was gone, someone hacked my system, had it go to a web site and download the web version of the Bad Trans Trojan virus. This all in the course of about 10 minutes.

When I came back down, nothing was amiss, everything was acting normal. I reset my settings and rebooted so all my security software would run. That's when the sh*t hit the fan. Zone Alarm had a canary! My PC was trying to access the Internet for no apparent reason and it didn't want to take no for an answer. I couldn't figure out what was wrong for the life of me. Unless Zone Alarm was crazy, my computer was in the process of going insane. I checked everything I could think of and many things I couldn't think of.

Finally, virus was the only thing left. So I went to "Housecall" and had them run my system. Sure enough! Me! Unbelievable!!!

Unlike most people that pick up a virus of this nature, it was foiled from the start. A: I use AOL email so it couldn't use my address books, and B: I use Zone Alarm and unlike the piece of junk firewall that comes with Windows XP, Zone Alarm checks both traffic coming and going to and from your PC. Bad Trans was still "Bad," but it wasn't "Transing" nothing!

Avoiding Virus's

Virus's are very easy to avoid gang, I'm living proof of that. In the 20 years I've been on the computer I've never gotten an email based virus. Why? Simple, I'm very careful about opening attachments from people I don't know. When in doubt, delete it. If there's something I think I want but am still in doubt? I run it through "Housecall" and see what they say. I've caught many of YOU with virus's this way, but never caught one myself.

Also, the Bad Trans and others like it, are Trojan Horse programs. If you look at the downloads you'll always see a double extension. Such as "love.gif.nru." No file can have a double extension. They put in the gif to fool you into thinking it's a picture file. Anytime you get an email with an attachment that has a double extension, it's the last extension that's real, not the first. DELETE THEM ALL!!!

The Difference Between a Trojan and Virus

A Trojan Horse program is aptly named because it is just that. It is disguised as one thing and is actually another. These programs almost always are directed to Microsoft Outlook and Outlook Express. Generally they propagate by running your address book and emailing everyone on it an infected email. Once there, they do the same thing to their computers and pretty soon email servers are crashing from all the traffic. They generally don't harm your computer because to do so would end their life.

Virus's, on the other hand, usually ruin your computer. They target only your computer and generally reek havoc on them. The last big one, replaced the first letter in the binary code of your files rendering them invisible to Windows. In short, erased your hard drive. Actually, when you delete a file, you do the same thing. Only when you write over it with something new is it truly deleted.

And I Still Don't Use Virus Software?

No I don't. I find virus software to seriously hamper how I do things and pretty much make themselves a complete pain in the ass. To some virus software, almost everything you do is flagged as a virus. Also, running them all the time seriously affects my systems performance. Don't believe me? Try running without it. I'm not telling you to run without virus software! I'm only telling you I don't. Like I said earlier; I'm very careful about what attachments I open. Even with the many tens of thousands of emails I've received, (about 150 per day) I've never gotten an email virus. I only download files from maybe 10 people. That's it.

I Did Learn A Lesson From Zone Alarm

though: You're supposed to have it on! LOL Even though this has happened, it's still not my fault. I have a very complex system because I ask it to do very complex things. (Many of you constantly ask what my system is: So here goes: It's a Compaq Athlon 1.1 Thunderbird with 640megs of memory. A 60gig main drive, a 40gig secondary drive. She has a CDR/W a DVD player, a dual monitor array with a 19inch Mag Innovision being fed by an NVidea AGP TNT Pro with 16 megs of ram, and an Aspire 15inch being fed by a Radeon PCI 32meg board. The small monitor helps format these pages so you with 15's won't get lower scroll bars. (I do it for you gang.) The 19 is running 32bit true color at 1024x768, the 15 is running 32bit true color at 800x600 resolution. This is connected with a cable modem running a 3000k Internet connection through a Linksys Etherfast Cable/DSL router. Throw in a couple of Monsoon planer speakers, a huge subwoofer and you basically have a dream machine that runs faster then a lot of Internet servers. And no, I don't rely on virus software to protect it, I protect it myself.)

When troubleshooting the Internet feed, you must shut down anything in the pipeline so you know they're not what's causing the problem. But I will be more careful next time. LOL

Getting Rid of the Trojan

That was the easy part, (well, not so easy) I went to HouseCall and they cleaned the Windows Registry and Windows System.ini file automatically but the actual virus program files had to be removed manually by me on the DOS level.

To find easy instructions on this DOS level removal, join the "Inner Circle."

Inner Circle!

DOS Level Instructions

Just for you gang. This holds true for any file on your computer. But for today's purpose, lets say you have a virus, you've gone to Housecall and it says two files couldn't be removed: Windows\kern32.exe and Windows\System\goback.dll.

The reason these files can't be removed is because just like any Windows files, if they're in use, you can't change them. You can only do so when Windows isn't running. So let's do it eh? This is really easy but you must type these exactly! Don't get cocky and start screwing around in DOS! Just do what's printed here in the event!

Quick DOS Primer:

cd means change directory

del means delete

_ means a blank space, I use these so you won't confuse it. When you see _ it means to leave a blank space. OK? OK!

Let's Go!

The first thing you need is to boot to DOS. Going to a DOS window WON'T WORK! Windows is still running. You must boot to DOS. For Windows 95/98 systems you'll see the option when you shut down. That's one of your check boxes. Check it, the computer will shut down and boot to DOS. Remember to uncheck it next time around. Or just follow the same directions for Windows Me users, it's a little easier.

Windows Me folks: You need a Windows Emergency Disk. To get one, go to My Computer/Control Panel/ Add Remove Programs/Startup Disk. You'll need a blank floppy. When you're done, shut down the computer, put in the floppy, turn your system back on and it'll boot to the floppy disk in DOS. This is the only way in Me. When it boots it'll give you a menu of how to start. Using your up and down keys highlight the "don't use CD support" and hit enter. When it's done the cursor will look like this: A:\> Type C: (hit enter)

OK, now in DOS you'll see a cursor that looks like this: C:\> This is telling you you're on the C: Drive.

Type cd_Windows (hit enter) remember, the_is a blank space)) Now the cursor looks like this: C:\Windows> This means you are now in the Windows directory of the C: drive.

Now type: del_kern.exe (hit enter) the cursor will skip a line still saying C:\Windows> This means it's deleted. If you try this you'll get an error as you don't really have that file unless you have the Bad Trans Virus. LOL

Type: cd_System (hit enter) Now the cursor says C:\Windows\System>

Now you would type: del_goback.dll (hit enter) the cursor will drop a line still saying C:\Windows\System> If you actually try it you'll get an error message because the file doesn't really exist.

If running Windows 95/98 now type cd.. (hit enter) the cursor will read C:\Windows> (the two periods are telling DOS to back up one entry) Now Type win and hit enter. Your machine will now boot normally into Windows. (remember to uncheck the DOS box when you shut down or it will boot back into DOS the next time around)

For Me, just shut down the computer and remove the floppy. The machine will boot normally.

So There You Have It!

You just learned how to delete a file in DOS! Bet you now know more then most anyone you know!

That wasn't so bad was it? Don't screw around in DOS! Knowing the delete command for DOS can be a disaster! There was an old saying back in the old days before Windows: "When you learn the delete command, you are now dangerous!" Learn it, Know it, Live it...

Oh, almost forgot:

For Housecall: (it's free) Click Here

For Zone Alarm: (it's on the CD or) Click Here

I hope this helps you on your road. Your Road?

Yes, Your Road To Computer Sanity

Danny

YOU KNOW YOU HAVE A BAD COMPUTER WHEN:

The lower corner of screen has the words "etch a sketch" on it.

When you insert a disk, it spits out a pack of butts.

You have to pedal it.

The manual contains one sentence: "good luck!"

The only chip inside is a dorito.

Whenever you turn it on, all the dogs in the neighborhood start howling.

You catch a virus from it.

The screen frequently freezes and a message comes up: "Ain't it break time, Chester?"