Test BD
Peter Foldes
I did not see Ubuntu or Windows7 when I visited you last time. You had Windows XP.
So I do not know what you are talking about. Anyway BT was nice enough to let me in
overnight (my time) (your time 1100 AM) and was surprised that you were already
sitting on your computer . I am amazed on how much you have in there and I realize
that you know more about computers then you let on. Anyway I saw a file in your
System 32 folder named CRSWWPP.dll which is a bad malware remnant. I guess you are
not clean or malware free yet. Look into it would you. Why tell me you have Ubuntu
and Windows 7 when you have XP on your system. Do you have another computer by any
chance. I hope it is not a laptop. Those things(laptops) are a pain in the butt as
far as I am concerned. You know Dave. you should really try a Server like W2K3 or
W2K8 to really feel what a computer can do. You can ,if set up correctly, get in and
out of just about any site or computer on this earth.
Anyway I got to go now since I am about to receive a large file for storage.
Andrew Taylor
--
Andrew Taylor
Mississauga - Ontario
Canada
~
"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:uOZ7Aetk...@TK2MSFTNGP04.phx.gbl...
>
>
> I wonder if you were looking inside Andrew's computer by misteak (!)
>
> Has Andrew checked to see if that DLL is on *his* machine I wonder. I most
> certainly have not deliberately deleted any DLL from this PC.
>
Peter Foldes
not care for your screen shot Dave because it was XP that I saw and that file was
resident in your System32 folder. If you have Ubuntu then why are you posting with
OE from XP. C'mon Dave, I was not born yesterday. Why not admit the truth. Is it
that hard for you. O'yeah that file for storage was from ING Insurance Corporation.
I do not think they are bad guy's Do you ???
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:uOZ7Aetk...@TK2MSFTNGP04.phx.gbl...
>
> "Peter Foldes" <okf...@hotmail.com> wrote in message
> news:uKKTj%23rkJH...@TK2MSFTNGP05.phx.gbl...
> Hello Peter Foldes - a large file for storage, eh?!! I hope it's for one of the
> good guys and not for any of the bad guys!
>
> Now then! Maybe you have visited the wrong computer? I've attached a screenshot
> for you. Ubunto is currently installed 'within' windows as you can see. The
> Windows folder you see on the D: drive is Windows 7 beta.
>
> I do have other computers, both PC's and laptops. For your interest, I used
> Hijackthis last night to delete all entries it found on this box - and my PC still
> works. Very strange, eh?!!
>
> There is no folder or file on this PC named CRSWWPP.dll as confirmed by Andrew
> when he paid a visit - here's his message:-
>
> Peter sent me a copy of the e-mail he sent you. I looked up that dll file. It can
> be used to hide Malaware.
>
> What is CRSWPP.DLL? List of selected values from the DLL file:
> Copyright: Copyright ? 1995-1997 Microsoft Corporation
> Original file name: webpost.rc
> Internal filename and version: webpost.dll, 6.1.33.0
> Created by (e.g. author, manufacturer, producer etc..): Microsoft Corporation
> Text description: WebPost API DLL
> What to do with this: First display this info on the DLL located in your computer
> and than compare those values with listed above.
> Howto display DLL info: Find DLL, press Ctrl+Enter on the DLL name (or Right-Click
> and select 'Properties' from menu), then select 'Version' tab. WARNING: Malicious
> software (spyware,trojans, hack tools etc...) can easily save here fake
> identification, author name, copyright, version etc, so be VERY careful (please
> see disclaimer below).
>
>
> It is a web posting dll.
>
> The file isn't on your computer. Did you delete it?
>
> Well, I'll be off now.
>
> Cheers
>
> Andrew
>
> *******************************
>
> I wonder if you were looking inside Andrew's computer by misteak (!)
>
> Has Andrew checked to see if that DLL is on *his* machine I wonder. I most
> certainly have not deliberately deleted any DLL from this PC.
>
> HTH
> --
> Dave
>
>
>
~BD~
Conversely, he may explain further.
Did you remember how to stitch those two posts together so you can see
the screenshot - I learnt how to do that on UK U2U. :)
--
Dave
"Andrew Taylor" <andrewcr...@spamcopSUBVERSIVE.net> wrote in
message news:ugyAQDuk...@TK2MSFTNGP05.phx.gbl...
~BD~
> The file is there on the computer that has the XP that I connected to.
So - to whose computer *did* you connect?
>I really do not care for your screen shot Dave because it was XP that I
>saw and that file was resident in your System32 folder.
Neither Andrew nor I could find that file. I *am* using Windows XP
(Home) btw
The screenshot is genuine.
>If you have Ubuntu then why are you posting with
> OE from XP.
Because I'm used to it and am not familiar (very) with Thunderbird!
> C'mon Dave, I was not born yesterday. Why not admit the truth. Is it
> that hard for you.
I always tell the truth (maybe not the whole truth, I admit!)
> O'yeah that file for storage was from ING Insurance Corporation. I do
> not think they are bad guy's Do you ???
ING is a bonio fido organisation. I hope they pay you in advance though.
Lehman Brothers ring any bells, Peter? <wink>
I'll leave my PC on-line tonight so you may have another looksee if you
wish.
--
Dave
Andrew Taylor
--
Andrew Taylor
Mississauga - Ontario
Canada
~
"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:usCMzzuk...@TK2MSFTNGP04.phx.gbl...
~BD~
been left open!
It's now 212 421 860
Try P/W 4299
--
Dave
"Andrew Taylor" <andrewcr...@spamcopSUBVERSIVE.net> wrote in message
news:O8D4Kbxk...@TK2MSFTNGP02.phx.gbl...
~BD~
--
Dave
"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:epCQNK3k...@TK2MSFTNGP03.phx.gbl...
> My fault, Andrew - I should have realised that The programme should have
> been left open!
>
> It's now 212 421 860
>
> Try P/W ******
~BD~
--
Dave
"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:e8Q1BA7k...@TK2MSFTNGP04.phx.gbl...
~BD~
--
Dave
Andrew Taylor
--
Andrew Taylor
Mississauga - Ontario
Canada
~
"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:e944cGDl...@TK2MSFTNGP05.phx.gbl...
~BD~
Oddly, I found no trace of the supposed visit by Peter Foldes. He didn't
reply to my email message either.
Cheers! :)
--
Dave
"Andrew Taylor" <andrewcr...@spamcopSUBVERSIVE.net> wrote in message
news:eLOKL3Kl...@TK2MSFTNGP05.phx.gbl...
BoaterDave
>You know Dave. you should really try a Server like W2K3 or
> out of just about any site or computer on this earth.
Out of interest, Mr Foldes, do *you* visit (get in and out) lots of
computers/sites belonging to other people?
Why do you think that *I* might like to do that?
Btw. I never did find that System 32 folder - are you sure you weren't
mistaken?
--
Dave
Peter Foldes
Yes because you are nosey and paranoid
It is there. Maybe hidden for you
~BD~
>>Out of interest, Mr Foldes, do *you* visit (get in and out) lots of
>>computers/sites belonging to other people?
> Yes
*Why* do you do that?
>>Why do you think that *I* might like to do that?
>Because you are nosey and paranoid
But I have no wish to spy on others, Peter!
>>Btw. I never did find that System 32 folder - are you sure you weren't
>>mistaken?
>It is there. Maybe hidden for you
So even a flatten and re-install didn't get rid of the malware? Must I
consign *this* machine to the garbage now, too?
Time for my iMac perhaps? ;)
--
Dave
Peter Foldes
Because I do pick ups which is a part of my service. All the large Companies and
Corporations trust me and I keep the trust. I sign in with my IP and sign out when
done. Security checks are done randomly at these clients of mine.
BTW Dave. I am Bonded and have high level Security clearances from
Canada,USA,England,France and Belgium
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"~BD~" <Boate...@hotmail.remove.co.uk> wrote in message
news:Oup1DpRm...@TK2MSFTNGP02.phx.gbl...
~BD~
"Peter Foldes" <okf...@hotmail.com> wrote in message
news:u3n98uRm...@TK2MSFTNGP05.phx.gbl...
> *Why* do you do that?
>
> Because I do pick ups which is a part of my service. All the large
> Companies and Corporations trust me and I keep the trust. I sign in with
> my IP and sign out when done. Security checks are done randomly at these
> clients of mine.
That is not something with which I am familiar, I'm afraid.
> BTW Dave. I am Bonded and have high level Security clearances from
> Canada,USA,England,France and Belgium
Something else about which I am unsure. I found this .......
"Bonding usually refers to a type of surety guarantee that a specific
project, service or act will be financially covered if performance is not
complete or satisfactory." Ref: http://www.nfib.com/object/4034479.html
Maybe this is what you are refering to.
So tell me, again, why the Security Services paid you a three hour visit to
'check you out' recently, Peter. Remember telling me (and Andrew!) ?
--
Dave
Peter Foldes
their check on me came back. Remember Dave (not recently) but 2 yrs ago
You are paranoid and that is that. If not then something is wrong upstairs with you
Bye Dave
~BD~
>2 yrs ago Dave and that is why they did not stay and left after a
>couple of hrs when their check on me came back. Remember Dave (not
>recently) but 2 yrs ago
Time sure does fly! ;)
What do you make of this, Peter (copied/pasted)
"Charlie42" <Char...@spam.me.not> wrote in message
news:%23TuXDJZ...@TK2MSFTNGP05.phx.gbl...
> Firewall testing:
> http://www.matousec.com/
Hi Charlie42
I went to this site (matousec) and then onwards to
http://nmap-online.com/
where I ran a scan which produced the following result:-
Nmap Options: -p-PN-5000PN-5000 -T4 -sS 92.18.88.27
Starting Nmap 4.75 ( http://nmap.org ) at 2009-02-28 14:13 Central
Europe
Standard Time
Error #486: Your port specifications are illegal. Example of proper
form:
"-100,200-1024,T:3000-4000,U:60000-"
QUITTING!
I then Google "Error #486: Your port specifications are illegal"
The first entry was http://cypriothackers.wordpress.com/ which says
..........
Trace-back risk
Posted in Security on ??????? 19, 2008 by cypriothackers
We have recently come upon a major trace-back high-risk bug in the event
of
one intruding in a system while having a dual-boot (that is linux and
windows on the same hard disk).
It appears that many intruders that have Windows installed prior to
installing linux on the same hard disk, are leaving trails behind them
which
come from the windows part of the hdd. We are assuming this is because
if
you install linux on a hard drive with an already installed windows, the
boot sector of linux is sharing the same path as the windows sector. If
this
is the case then maybe many black-hats could be cought due to this.
These are just assumptions though which are simply based on some
observations we have made. We will investigate the matter deeper and
come
back on this with more information.
The CHC.
******************
Seems relevant as, right now, I have Linux (Ubuntu) installed on my hard
disk alongside Windows XP Home (I've also Windows7 Beta on another
partition
too).
Just playing really, but thought it might be of interest to others!
--
Dave