Re: HELP! Terminal Service Trojan??

Oh anyone who replies to this hydraoc.cpp "terminal service trojan?" with a
lecture on llo's and what level of paranoia one is at determines the ammount
of preinstallation, needs to hear from me!

That's right. I have two years and over ten thousand dollars in this problem.
Five mboards, countless hdd's, fdd's, you name ir, wasted, no good, beyond
repair! Hdd's so full of script, usually an slang version of Cryllic, that
there is no possible way fdisk can even begin the attempt. That's right,
can't do it! The worms left behing TSR are so large that I have had an LLO
go down at 20% to go on a 60G drive. And not just once, alot.

And if you really want to know the truth, do you? The problems that have
occured in my personal life alone over this are far from repairable. As a
matter of fact it almost cost me my own life from the hackers feeding false
data to me on a self-diagnosis of my own health.

Now anybody want to give me a lecture on how to format? Sit down. My turn.

Microsoft: Wake-up. This is far more serious than you will ever realize.

Transparencies at HTTP 80. Default page for your server out on a make shift
bullentin board on the host somwhere. Six to nine pipes pulling more than
50% of the juice, practically the entire paging file system that is grossly
over the nominal limit, and encryption and compresion techniques brought to
you by whom? You guessed it PKZIPFAST! Hey take an memobj, encrypt it,
compress it, and do that ten more times and what do you have without the
password? Well I'll tell you, a machine that no longer belongs to you, and
as far as I can tell will never belong to you again.

Terminal Service Trojan, get it? Your machine is terminally ill.

The program really started out as what I knick named Windows Black. After a
serious self-taught lesson in use of the debugger, "THE BEST DAMN PROGRAM
EVER WRITTEN FOR A COMPUTER!!!", i realized that iy was originally a W2000
cursor exploitation based on cursor movement and the cursor program used was
Windows Black. Hence my knick name for it.

The program was "injected" into my pc throught the use of a linear burst
program for a completely different pc and to top it off, yeah, and so was
the flash. Then came another trojan , this time with a payload. Another
flash for the flat screen.

Doesn't matter what you do or how you think you can beat it. Once you have
it, it becomes part of you in a totally unsuspecting way. Somewhere out
there, there is a bullentin board. You are logged in and pretty much a lifer.
Hard lessons learned bouncing from one publi library to another and within
minutes IT is asking you to log off and not to come back for a while. One
now has to really start to think about an identity change. Go ahead, buy
another pc, I triple dog dare you! They will be back.

Well, that's when I said to myself NO WAY! It's now about life, liberty and
the pursuit of justice. Seriously I mean every word just wrote. Freedom
comes at a price today much like that in the way our FOREFATHERS came to
realize it for it truly is, priceless. And it was from war it was learned.
And that is what we have here everyone, war.

The original attack came off of the western coast od South Korea, off a
United States Army base according to Symantec Visual Tracking. I even had it
down to the exact address. I would do anything to have that back!

The MIME is in Japanese and Chinese. But the entire effort is in fact global.
Most of the attacks really originate from France with its leadership coming
out of Lithuania. It the goes from there to Central and Africa and then goes
completely widespread from there.

It doesn't matter what language it is written in, dictionaries are abundant.
Ecryption devices are so fast and powerful that even before a counter
program has been fully loaded, the program has either been totally erased,
deleted and/or corrupted beyond repair.

Here is what I do> Just do a quick format. GO back and fdisk ie format c:
only. Use a small primary parition and format NTFS, releasing the rest as
logical in FAT32, Be aware of one important fact. If you check your listsvc
and there is an entry HPFS, you must disable that and start all over. They
use HPFS when they get mad and the everything runs negatvely with respect to
NTFS or MTFS.

Load the OS. Just load it. As soon as it is done, become the author of the
root console for the mmc. Add every freaking snap in and active x contol and
object available to you. Now load the ceritificates and check them for
validity. Certify yourself, the machine and a service. Install a firewall
that allows zero fragmentation. Now assign yourself as the administrator of
the machine with a 50 charqacter password. Install an A/V that has good
script blocking. The script that runs, at least for right now is only
reckognized by DCS Wormguard. Norton gets during an uninstall Yahoo
Messenger. But I use a third, as well Dr. Web.

Once you are updated everywhere, assign yourself as a user, big password and
all and you are done. Any manipulating of the exploitation causes to much
friction.

Update and move on. You are terminal though. I have never made it more than
three weeks. Good luck.

Remember, hidden is the key word always, from partitions to files.