ever heard of this as a rootkit anyone?

Hack your OS, customize your GUI, announce great software, and configure, configure, configure...
Milliemac
Senior<BR>Member
Posts: 161
Joined: 03/06/05, 12:00 am

Post by Milliemac » 01/05/06, 6:55 am

Hi Gerry. Did you see the text file I tried to post? Sorry about the image. Is there a place to attach the entire text log file?

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 01/05/06, 7:15 am

It's available. Get the MS patch early...

http://tga.dynu.com/showthread.php?s=&p ... #post85152

Uninstall any unofficial patch first, just in case it's a conflict.
Does anybody really know what time it is?
The Grey Area - Tweaking Obsession

Milliemac
Senior<BR>Member
Posts: 161
Joined: 03/06/05, 12:00 am

Post by Milliemac » 01/05/06, 7:23 am

oh good golly mikey!! where did you get this official patch, anyway? You sure this isn't the one they just pulled?

Why do I feel more inclined to trust the unofficial patch more than Microsofts' patch?

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 01/05/06, 7:26 am

What? This is the official MS patch. It's just been released early. You can get it from WUpdates too.

WindowsXP-KB912919-x86-ENU.exe

I just posted the link to TGA because one of our regulars just informed us. He was on top of it, obviously. :wink:
_________________
Does anybody really know what time it is?
<!-- BBCode u2 Start --><A class="postbody" HREF="http://tga.dynu.com" TARGET="_blank">The Grey Area - Tweaking Obsession</A><!-- BBCode u2 End -->

<font class=editedby>[ This Message was edited by: SloppyGoat on 2006-01-05 15:28 ]</font>

Milliemac
Senior<BR>Member
Posts: 161
Joined: 03/06/05, 12:00 am

Post by Milliemac » 01/05/06, 7:41 am

Okay, according to my ZDnet newsletter:

"An early version of a security fix for a Windows flaw that is being used as a conduit for cyberattacks was prematurely posted online by a Microsoft employee." http://news.zdnet.com/2100-1009_22-6018 ... ag=nl.e589

This was at 1:36 today. You telling me that you just got an OFFICIAL patch that is not the leaked one from up above? So I have been all over and this is the first I am hearing of it...?

Make me feel safe about this Mikey. Those pesky MS patches, they are so fickle and unsure of themselves!! I like a patch that stands on solid ground, and is confident to know it can plug a hole, solidly, without being compromised or infiltrated.

Ya know what I mean Mikey?

_________________
"Microsoft will create the Mark of the Beast, monopolize it, make sure it can only run on Windows, convince everyone to take it, and it will be the only thing they have that can't be pirated and used anonymously."

<font class=editedby>[ This Message was edited by: Milliemac on 2006-01-05 15:48 ]</font>

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 01/05/06, 7:48 am

Safe enough? :wink:

http://www.microsoft.com/downloads/deta ... layLang=en

Apparently, there were two unofficial patches. The first one came from a software developer, who wrote his own patch. Then some MS employee leaked the unreleased MS version that wasn't supposed to be released until the 10th. Now the REAL official patch is available as I type this. Honest.

_________________
Does anybody really know what time it is?
<!-- BBCode u2 Start --><A class="postbody" HREF="http://tga.dynu.com" TARGET="_blank">The Grey Area - Tweaking Obsession</A><!-- BBCode u2 End -->

<font class=editedby>[ This Message was edited by: SloppyGoat on 2006-01-05 15:54 ]</font>

Milliemac
Senior<BR>Member
Posts: 161
Joined: 03/06/05, 12:00 am

Post by Milliemac » 01/05/06, 8:11 am

So they released one at 1:36 then pulled it, then they re-released one at 3:38, just 2 hours later, and it is okay? I don't trust em'. I think they are annoyed that this russian dude got the jump on them. I know this sounds silly, but there are egos involved here.

When you go and look at who MS starts to thank for their invaluable help, they refer to just one person, dan something or other.

The guys at the ics.sans.org thank about 40 and the russian dude (if he isn't Russian, please accept my apologies)

I just find it hard to believe that they pulled it then 2 hours later put it back up all perfect and everything.

aren't I just a little doubting Thomas?

does anyone else think this is THE patch? Are you all uninstalling your unofficial patch and installing the Official one like Mikey?

give it to Mikey, he'll install anything!! winkwink mikey. I am just giving you are hard time. But I am still not sure about this official release of the patch.

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 01/05/06, 9:00 am

I think <!-- BBCode u2 Start --><A class="postbody" HREF="http://www.hexblog.com/about.html" TARGET="_blank">Ilfak Guilfanov</A><!-- BBCode u2 End --> figured it out first. He's like some famous reverse engineer. That's probably the guy who you think is Russian. His name sure looks Russian. Reading about the flaw, it really wasn't anything that complicated. I wouldn't worry about it. It was not only an easy patch, but also an easy fix. See this is how it works...

A little dragon looking thing goes to an application, and the application doesn't like the dragon, so it goes and bothers these other two dll files. :lol:

Image

See? It's simple. So, all you have to do it stop the little dragons!

Image

One red X is all that's really required. :wink:
_________________
Does anybody really know what time it is?
<!-- BBCode u2 Start --><A class="postbody" HREF="http://tga.dynu.com" TARGET="_blank">The Grey Area - Tweaking Obsession</A><!-- BBCode u2 End -->

<font class=editedby>[ This Message was edited by: SloppyGoat on 2006-01-05 17:08 ]</font>

Milliemac
Senior<BR>Member
Posts: 161
Joined: 03/06/05, 12:00 am

Post by Milliemac » 01/05/06, 9:08 am

oh man am I laughing my guts out!! Stop it Mikey, yur killing me!!

If it was that simple, then why all the hype and why did it take the russian dude to figure out the fix and the guys at ics.sans.org to jump on it and get support and backing from AV companies and MS to FINALLY decide to release a patch for it today instead of waiting until the 10th like they originally had planned?

if you uninstalled the unofficial patch and installed the one MS put out, then post that to here. I just have huge trust issues with MS. And I don't feel like making my system anymore vulnerable then it is.

so there.

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 01/05/06, 9:11 am

Because, Russians are long known for their dragon slaying abilities. Why do you think there are no more dragons in Russia?

Yes, I uninstalled the unofficial patch and installed the official MS patch. No more dragons! Everything is fine. If you don't trust MS, you can dnld the dragon slayer dude's <!-- BBCode u2 Start --><A class="postbody" HREF="http://www.grc.com/miscfiles/wmf_checker_hexblog.exe" TARGET="_blank">exploit checker</A><!-- BBCode u2 End -->. It will verify MS's patch is working.

_________________
Does anybody really know what time it is?
<!-- BBCode u2 Start --><A class="postbody" HREF="http://tga.dynu.com" TARGET="_blank">The Grey Area - Tweaking Obsession</A><!-- BBCode u2 End -->

<font class=editedby>[ This Message was edited by: SloppyGoat on 2006-01-05 17:19 ]</font>

bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis
Contact:

Post by bob » 01/05/06, 2:44 pm

WYSIWTF

Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia
Contact:

Post by Gerry » 01/05/06, 7:21 pm

> Did you see the text file I tried to post?

Yup.... and I have no clue what any of that means.

>Is there a place to attach the entire text log file?

Yup.... <a href="http://pastebin.com/">Pastebin</a>.

....Might even be worth a link on SC. I sure love it.

Now where is that "pity" smiley for all you IE users?

<font class=editedby>[ This Message was edited by: Gerry on 2006-01-06 03:23 ]</font>

SloppyGoat
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
Posts: 1778
Joined: 12/30/02, 12:00 am
Contact:

Post by SloppyGoat » 01/06/06, 1:31 am

What are you talking about?
Does anybody really know what time it is?
The Grey Area - Tweaking Obsession

Thizda
Member
Posts: 4
Joined: 11/23/08, 11:14 am

OMG!ROOTKIT?!

Post by Thizda » 11/23/08, 12:07 pm

DELETE IT QUICK!
IF YOU DON'T IT WILL LEAVE YOUR COMPUTER VURNABLE TO HACKERS THAT WILL STEAL ALL UR FILES,




PS: if you rly wanna know moar about a rootkit view my profile and goto my topic.
The Big

_____________
|
|
|
|hizda

Post Reply