Gnutella Forums  

Go Back   Gnutella Forums > Off Topic Discussion > Tips & Tricks
Register FAQ The Twelve Commandments Members List Calendar Arcade Search Today's Posts Mark Forums Read

Tips & Tricks For help with file formats, viruses, security, etc. This section is not for questions about problems with Gnutella program clients, downloading, connecting, etc.


Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here)

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.



Deutsch? . . . . Español? . . . . Français? . . . . Nederlands? . .
Hilfe in Deutsch, . Ayuda en español, . Aide en français . et . LimeWire en français, . Hulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


Moderators

There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.


The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.


Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old March 30th, 2005
RaaF's Avatar
Modding Member
 
Join Date: April 20th, 2001
Location: Netherlands
Posts: 1,002
RaaF is a great assister to others; your light through the dark tunnel
Default Rootkit


Rootkit?


Ever heard of that ?

Until recently I didn't.
The story begins at my girlfriends computer where one of her kids recieved a mail from a friend with a attachment.
Avast antivirus immediate sounded the alarmbell and removed it, but the virus is present again at every startup.
Its called msdirectx.sys and is beeing placed in the username folder.

It spreads trough mail, sending itself to every adress in the adressbook.

Aparently it is a keylogger that phones home.

So far I found it prevents you from opening :
- Regedit
- Taskmanager
- Hijackthis

It had shutdown ZoneAlarm and prevents it from a manual start, it prevents a Antivirus update.

There seem to be a few variations.
Some manual cleaning was described
here but the variation I found had none of the described register entries.

Further Googeling brought me
here (there are some interesting links on that page).

Perhaps for the paranoids ( peers) it is good to run:
RootkitRevealer
and
F-Secure BlackLight
I certainly have these programs in my PC good health list from now on

So far I haven't been able to kill the virus, but I have another go at it coming weekend, I keep you updated
__________________
Het algemeen gnutella forum in Nederlands


Last edited by RaaF; March 30th, 2005 at 10:59 AM.
Reply With Quote
  #2 (permalink)  
Old April 5th, 2005
RaaF's Avatar
Modding Member
 
Join Date: April 20th, 2001
Location: Netherlands
Posts: 1,002
RaaF is a great assister to others; your light through the dark tunnel
Default

**Update**

As it is such a well designed virus, and the rootkit element beeing stealthy.
All my known methods of deleting it failed.
It does not load when booting in safe mode, so there was nothing to go at that way
There was only 1 option left:
I formatted and reinstalled WinXP.
__________________
Het algemeen gnutella forum in Nederlands


Last edited by RaaF; April 5th, 2005 at 11:35 PM.
Reply With Quote
  #3 (permalink)  
Old April 20th, 2005
ursula's Avatar
Cleaning Lady
 
Join Date: May 17th, 2002
Location: koyaanisqatsi
Posts: 2,334
ursula is a great assister to others; your light through the dark tunnel
Default

http://search.symantec.com/custom/us/query.html

A Norton page for more info...



and

RaaF...

Two questions...

Why does there seem to be a .nl link here with this problem

and

what more have you learned ?

(Or, what more does anyone reading this thread have to share ?
This thread is NOT locked !!!

Please contribute !)
Reply With Quote
  #4 (permalink)  
Old June 6th, 2005
Novicius
 
Join Date: June 6th, 2005
Location: Nor Cal, USA
Posts: 1
giddyup is flying high
Default Have you...

Quote:
Originally posted by RaaF
**Update**

As it is such a well designed virus, and the rootkit element beeing stealthy.
All my known methods of deleting it failed.
It does not load when booting in safe mode, so there was nothing to go at that way
There was only 1 option left:
I formatted and reinstalled WinXP.

I have you tried getting ca Antivirus program? THis program really works for me. I had a simillar problem, were keylogger wants to dial out from pc, well, I downloaded the trial version of CA with all the extras, I couldn't believe my eyes. This program kicked butt. It also allows you to monitor all programs being started, what program wants to dial out to the internet and you have the option to click "yes" allow program to connect or "No" do not allow program to connect.

A window appears to the lower right corner of your pc, and btw this small window is not anoy you at all, because it allows you to have CONTROL of your pc. It is pretty cool. Try it. It also has alot of features, even for a trial verson it REALLY ROCKS!

It is always picking up virus left and right, also I would password protect your ca anitvirus program so no virus can turn it off. if you know what I mean. Also get the trial ver of Firewall, it didn't screw up my other firewall I have in my pc. Hope this helps. Sorry for the easay.

Reply With Quote
  #5 (permalink)  
Old July 2nd, 2005
Novicius
 
Join Date: June 25th, 2005
Posts: 3
Furrion is flying high
Default

NOthing cant do anything to my computer even if its some new virus my great secret
Reply With Quote
  #6 (permalink)  
Old August 19th, 2005
notarootkit
Guest
 
Posts: n/a
Default

she got hit with a virus. don't confused the kids on here. they don't know the difference between an anti-virus scanner and a spyware scanner. they think the spyware scanner gets viruses and the anti-virus scanner gets spyware. some av applications catch spyware, however in my experience, i left that to giant antispyware, now MS antispyware.


read this. it explains everything.

Quoted from Wikipedia

The key distinction between a computer virus and a root kit relates to propagation. Like a root kit a computer virus modifies core software components of the system, inserting code which attempts to hide the "infection" and provides some additional feature or service to the attacker (the "payload" of a virus).

In the case of the root kit the payload may attempt to maintain the integrity of the root kit (the compromise to the system) --- for example every time one runs the root kit's ps command it may check the copies of init and inetd on the system to ensure that they are still compromised, and "re-infecting" them as necessary. The rest of the payload is there to ensure that the cracker (attacker) can continue to control the system. This generally involves having backdoors in the form of hard-coded username/password pairs, hidden command-line switches or magic environment variable settings which subvert the normal access control policies of the uncompromised versions of the programs. Some root kits may add port knocking checks to existing network daemons (services) such as inetd or the sshd

A computer virus can have any sort of payload. However, the computer virus also attempts to spread to other systems. In general a root kit limits itself to maintaining control of one system.

A program or suite of programs that attempts to automatically scan a network for vulnerable systems and to automatically exploit those vulnerabilities and compromise those systems is referred to as a computer worm. Other forms of computer worms work more passively, sniffing for usernames and passwords and using those to compromise accounts, installing copies of themselves into each such account (and usually relaying the compromise account information back to the cracker/attacker through some sort of covert channel.

Of course there are hybrids. A worm can install a root kit, and a root kit might include copies of one or more worms, packet sniffers or port scanners. Also many of the e-mail worms to which MS Windows platforms are uniquely vulnerable are commonly referred to as "viruses." So all of these terms have somewhat overlapping usage and can be easily conflated
Reply With Quote
  #7 (permalink)  
Old October 10th, 2005
cathodraytube's Avatar
CRT
 
Join Date: March 6th, 2005
Location: earth
Posts: 342
cathodraytube is flying high
Default

did you try turning off system restore? sometimes they will stay in the restore file and keep coming back.
Reply With Quote
  #8 (permalink)  
Old November 4th, 2005
Valued Member
 
Join Date: May 30th, 2004
Location: United Kingdom
Posts: 2,866
ukbobboy01 will become famous soon enough
Default

Guys

Rootkits are the nastiest of online dangers that are around today, if caught they are difficult to get rid of and, as RAAF found out, will necessitate a full HD reformat and reinstallation.

RAAF if you are reading this you should, if possible, reformat your GF's drive at least seven times, that way you will be sure that it is gone. In the past, I have come across viruses that survive a normal (one-time) reformat and, as rootkits are more dangerous, it is possible that they can survive several reformattings but it is highly unlikely to survive (the MOD recommended) seven.

As I am paranoid about PC security, I intend to install F-Secure Blacklight (beta) over the weekend and see if I have any stealthed malware on my system.



UK Bob
Reply With Quote
  #9 (permalink)  
Old November 4th, 2005
cathodraytube's Avatar
CRT
 
Join Date: March 6th, 2005
Location: earth
Posts: 342
cathodraytube is flying high
Default

UK , iv never run into any virus that has survived a reformat.
yes its tru that whan you reformat that all the files are still there , but there "dead" and the OS just sees them as blank space and they can onley be recovered with special file recovery programs.

and that is onley if they havent been overwriten...if somthing new (eg windows)has been written over the deleted files than the files that were there befor are history.

i dont know how much you know about computers UK but please correct me if im wrong...but if you ran into a virus that "survives" a "reformat" you may not have actualy reformated the drive...you may have just done a re install of windows or a "repair install". in wich case the virus would still be there because you dident compleatley erase the drive.

but if im wrong on this and you do know what your talking about and you did run into a virus that survives a compleat reformat, even then , 7 times?? if the virus dose somehow resurect itself, than a zero-fill and 1 reformat should complatley destroy any data/virus on the drive.
Reply With Quote
  #10 (permalink)  
Old November 4th, 2005
Valued Member
 
Join Date: May 30th, 2004
Location: United Kingdom
Posts: 2,866
ukbobboy01 will become famous soon enough
Default

CRT

I would agree with that one reformat destroys most things, programs, data and everything else.

However, I have, in my time working on PCs, come across a virus that survived a reformat. Now whether that virus was still active or not I do not know but it was there on the hard drive waiting for my colleagues and I to re-install windows.

So, rather than take the chance of the virus being active I got NAV and deleted it.

Now, I will admit that I know very little about rootkits, other that they are worse than viruses or worms and are very difficult to eradicate and, from what I read this afternoon, even harder to spot.

The Ministry of Defense (MOD) recommends that a PC's HD should be reformatted seven times before being disposed of. Therefore, reformatting seven times will get rid of everything and make anything that was every on the HD unrecoverable and totally useless, i.e. nothing can survive.

I would also agree that zero filling a drive then reformatting it could be the same as reformatting it seven times but either way we are still talking about getting rid of something that is notoriously difficult to eliminate, namely being infected by a rootkit.

However, I will confess that I have never personally reformatted a HD seven times but I would if I had to.



UK Bob
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Warning Unregistered Open Discussion topics 4 November 16th, 2007 01:59 AM
Warning! Busted Rants 2 December 4th, 2001 10:05 PM
Warning Unregistered Open Discussion topics 2 November 20th, 2001 01:47 PM


All times are GMT -7. The time now is 04:03 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2015 Gnutella Forums.
All Rights Reserved.