AVG Free:

[grisoft.com...]

Yup, AVG is great....

I liked AVG so much I subscribed to the pay version (nightly updates).

Whilst on the subject of virii etc ..
A heads up for those like myself ( alright I'm probably the only one ;)..but anyway ..those using 98II ( it may hit any system using js ..I don't know for the moment as I'm still investigating what it did and how )..

At the precise moment I was sending out an email ..I received this one to Outlook express this morning ...

standard " message from postmaster ..failed " yadda yadda
( I have one friend who is ..inspite of my exhortations to depend on something other than N*rton ..is still using it ..and thus occasionally his box send out crap using one of my email addies in the spoof header ..Normally no problem as I quarrantine his stuff before looking ... ) ..

Anyway this morning ..half awake ..so didn't ..

the "incoming" 2kb ..blank ( but containing a.js ..which I didnt suspect as thats about the size of a mail with just the header and no message ) which on viewing via outlook instantly froze my screen and nothing more apparently ..no reg change attempt etc etc ...so reboot ...

On reboot discovered that outlook express is now disabled ( will not launch )and all previous mail ( on Outlook at least ) can only be accessed by going into "identities" ...
All of the mail from this morning has been moved into temporary internet files ..But there are no date or time changes anywhare on system ...

I'm gradually pulling the system back into line and so no big deal ...however it would appear that it blocks access to MSOE.dll or truncates it ...However it could be catastrophic for anyone who doesnt know how to get around it and as yet I dont know what a reinstall would do if anything ...

Checked out the main AV sites and as yet have not seen anything on it or anything answering this method or decription ..
Then again I may just be missing it as I'm pretty busy with other stuff ..
However if any of you who have an interest in js and or Av security etc care to give me a sticky ..I'll pass you my gmail addy and if you want I can send you a copy of the .js ( in "inactivated form" ..with how to reconstitute it ...I wouldn't want to be responsible for damage to your systems ) ...Maybe some of you can shed some additional light on it ..

Oh and before every one jumps in ..I know who the genuinely interested and serious parties are ( just wanted to give a general heads up at the same time ..so I didn't send out private stickies )..so dont be silly and ask just hoping to get yer hands on a "nasty" to play with...

In the mean time watch out for this one ...it's not the end of the world ..but it is small , fast and a real PITA ..and for the moment requires manual workaround ..less some of you know it and the AV that should "rollit back" ...
As said ..i only know it's effects on 98II ..maybe it hits XP aswell ..maybe it already has name and is old news? ..
But something that just kills the startup of Outlook via a 2kb insert is a real PITA ..specially if it starts showing up on webpages ..

Right off to work ( on something totally different ) ..for a few hours ...

Oh and bernhardmarx ,rambotribble etc ....expect to be hearing from you ...

Cheers!

BTW ..update ..it kills firefox and prevents updates in IE and stops the install of thunderbird 0.9 whlie blocking old t'birds too ..
just got back IE 5.5 ..still no emails ..maybe it will allow install of eudora?
this one is nasty ;)..
gmail works tho ...

Good LORD, leosghost! Just goes to show that even someone normally vigilant can get zapped.

Good luck, keep us posted....

Thanks V ..appreciate the thoughts ...

all except gmail is screwed for now ..

BTW ...switch off your javascript for all zones ..it uses it to force an activex even if you only allow javascript in trusted zones ..and all the main AV's including the one I know you use see the script as harmless ..so they aren't going to tell you ..there are no signs till reboot ..then all kinds of stuff just won't launch or update ...and no apparent changes to the reg either ..

[edited by: Leosghost at 1:38 am (utc) on Nov. 6, 2004]

If you must use Lookout Express on Win98, then you're going to get hit whatever, because it runs Javascript automatically on receipt.

You're welcome to send me the Javascript file if you want, and I can at least try to identify it. As I use Linux, it won't do any damage here.

What was the file name anyway? It wasn't called

something.js.bat

and you had known file extensions hidden, or anything?

Yeah I know I sort of asked for it with 98II ..ah well ..
It came as ano message spoofed postmaster regrets cannot deliver ...total 2kb including header ..heavily encrypted .js file of 1.39kb in the header ..no body etc ..i was sending mail out to client at the time it came in and it was in position to preveaiw without I even clicked the ******* ..So I got zapped ..

Dont know if I can send it as outlook is now gone ( was ok till the next switch on then initaillisation errors ) ..tried to clean out all and reinstall ( after saving correspondence files address book etc ) ...I had t'bird 0.7 ..it got killed ...tried to download IE6 ( yeah I said that... me ..ack ack ack ;) in order to get a clean new copy of outlook with protection incorporated ..Install aborts ..rolled back to IE5.5 ..still no outlook and firefox 0.9 refuses to connect ..likewise t'bird 0.9 refuses to install ( error 1009? )yet no changes were signalled to reg and I can find no file changes ..I suspect that MSOE.dll may be missing a few bytes but cant be sure ..nothing to compare with ..file length wise ...

Check your sticky for a gmail addy ...send me one back and I'll see if I can send a copy of the beast ..?

Hey ..it's not like I miss Outlook ...but I do miss ff and I did kinda get used to t'bird ...

appreciate the offer ;) cheers Mike

BTW ..James ( RamboTribble pointed me at an article which mentioned an exploit dated 5.11.2004 that allows c drive formatting via an embedded in header or webpage via IE6 using all flavours of doze ..so maybe I just got side swiped as I do have some unusual protections in place to slow up stuff that might wish me harm ..for the moment my c drive is the same size it used to be ..touches wood! ) ...

[edited by: Leosghost at 2:03 am (utc) on Nov. 6, 2004]

"Error 1009" probably means that your profile is messed up - so Thunderbird can't write to it (and probably it's the same for all the other programs, which is why OE isn't starting).

It's been a while since I've used Win 98, but it will be something like

c:\Windows\Profiles

.

that 'll be just peachy ...burner refused to safe guard the last time it was used so no back ups ..

ah well ....I'll go look in identities ...( doesn't help that I'm running the French version of doze with an English language pack ..damn thing speaks worse "Franglais" than I do ) ...

Love to know how I'm gonna restore a profile ( this box came with 98II preinstalled ..but only 98 vanilla on the cd ..M$ France just laughed and said goway ) ..and I never did learn penguin ...

Hey - I've got a 98SE upgrade I can burn for you if it would help (not franglais, sorry)? Would be legal too, 'cause I'm not using it on anything right now. I could get it to you in less than a week maybe, considering where you are.

As to the js thing: I don't download mail until it's been through MailWasher, which lets me view the whole thing on-server first. Last js that showed up got deleted bangbangyou'redead.... don't remember what it was, been about a year....

[Edit: um.... considering, you might want to think about whether this was specifically targeted for YOU....]

[edited by: vkaryl at 2:22 am (utc) on Nov. 6, 2004]

I wouldn't bother trying to fix it: Windows 98 has no security anyway, so if you just create a new user on the machine, you'll get a nice brand new profile. Then you can just copy over the files from the old profile to the new one, because Win 98 allows access to everything for everyone.

thanks V ..maybe a good idea ..
probably was just for me ...all things considered ;)..had to happen sooner or later hehe hehe ..
encyclo ..Yeah I know 98II always was wide open thats why I like it ( BTW just got FF back ...yayy! ) cant copy over tho even if I make a newprofile cos the entire outlook folder is gone gone gone ..got everything that was in it but I dont know if it would work ..then again maybe t'bird might install to a new profile? ...

Takes me back to the early days ..must have written 10 or more profiles..every time I got hit ...

only Outlook is now gone and t'bird wont play ..IE I just hacked back v5.5 ( six still wont install ) ..and FF I just forced into action ...

Oh the joy of it all ...shows what "curious" gets ya huh!

ah well here goes ....

OK now who shall I be this time ....( no comments from off stage! )..;)

edited ..usual reasons ..speeling like a tabke

Hey you - try copying the entire inbox db to a folder on a cd or disk, call it "mail" or whatthehellever, then when you get a usable profile, with OE back, see if you can import from that as a "store" directory, then crossover to Outlook when you have THAT back (WHY OH WHY are you using Outlook, btw? Has to be the biggest security-compromised piece of crap out there - and yah, I KNOW I'm preaching to the choir....}

t'bird I can't help you with....

V ...yeah I know ..but I never could get a stable install of t'bird so stayed with OE ..the files .dbx are already backed up ( first thing I did when I saw that the exe didn't initialize but that I could still get at the data via identitities so thats not the problem for now )..

BTW just tried the new identities /profiles route ..

Even with a new profile squeaky clean ..all else works except ...OE and t' bird and update of IE packed with OE ....

No go ..t'bird 0.9 refuses to be installed "inside a folder which is itself inside windows" and install aborts ( error: 1009 ) in any other area including direct into C or D....
It must hook into OE reg settings at some point in it's install so as they are screwed it cant set up ..I presume?

Next step ..clear out all the old OE reg settings and try again ...

all else is functional now except OE and T'bird ..maybe try for Eudora and try to insert the stuff later ....

encyclo ...I'll try to get a copy of "whatever" it is to you tomorrow ..it's now 04.30am and I'm likely to make some stupid error if I keep going to night ...

speeling is getting weirder than usual ..heh heh

Hey congrats on getting at least ff working, that's something, sometimes those small bits of progress help a lot in keeping you going.

You know, if there are any problems in reading your files, you could always burn yourself an iso of knoppix. That'll just boot up linux in memory (won't install anything on your hd), and it will let you see and save all your files to floppy if needs be. Since you're running 98, I'm guessing you don't have boatloads of memory, so it won't be lickety-split fast, but at least you still have access to anything that windows won't get you. If for some reason you can't get your hands on a knoppix cd (one place to look would be the list of linux users in Paris [counter.li.org]), they'd probably be happy to help you, or any windows user with an internet connection and a cd burner could help you as well. I could mail you one, we're neighbors country-wise (Belgium here).