[meteorite-list] Ways to tell who has the VIRUS
From: colin wade <ceweed_at_meteoritecentral.com>
Date: Thu Apr 22 09:41:53 2004
didn't know stuff like that lurks within the box
thanks for sharing the information
happy new millennium
----- Original Message -----
From: "Don Young" <dcyoung1_at_swbell.net>
To: "Meteorite List" <meteorite-list_at_meteoritecentral.com>
Sent: Monday, January 01, 2001 2:54 AM
Subject: [meteorite-list] Ways to tell who has the VIRUS
> Hi Everyone,
> My first post in awhile..
> I assure you I have questions about meteorites for you
> experienced folks out there and will be posting those soon.
> BUT FOR NOW maybe this will help us track this stinking virus.
> The last copy I received was 24 Dec and it was in FRENCH!!!
> From the POST BY Rhett Bourland the following two statements
> say alot.
> > Hybris also infects WSOCK32.DLL, renaming it and redirecting
> > Windows.INI to point to the new, infected file.
> System File Checker will check your system for changed windows files.
> If you do a SFC command (Start, Run and key in sfc) If you are infected
> you will most likely get a message that WININIT has been modified.
> You will then be given the option to relace it from your Windows Disk
> or from your Cab Files.
> > Thereafter, Hybris will send itself via reply mail to whomever
> > sends new e-mails to an infected computer.
> The KEY HERE is that if you SEND an infected CPU an E-Mail it
> automatically sends you a reply from Hahaha. So IF you have
> the virus and I E-Mail you, even if you do not reply to my
> message, your PC will send ME a copy from Hahaha. (I am pretty
> sure it does does this at the time you OPEN the received E-Mail.)
> This being said how do you tell who it came from?
> For E-Mail under Netscape Communicator, click on the E-MAIL from
> Hahaha >>> BUT DO NOT NOT NOT open the attachment.
> click on VIEW, select PAGE SOURCE.
> You will get a whole screen full of stuff.
> You are looking for the last Received: from xxxxxxxxx
> statement where the xxxxxxxx is the name of the persons computer
> or user ID followed by the IP address in the form of nnn.nnn.nnn.nnn
> such as 126.96.36.199 <<-- (My current IP address for SWBELL).
> This can be plugged at the following web page to find the
> domain (SWBELL.Net, AOL.COM, ATT_at_HOME, etc)that it belongs to.
> To see your computer name go to
> MYCOMPUTER, CONTROL PANEL, Double click NETWORK,
> Select IDENTIFICATION, this name or your ID is placed in xxxxxxxxx
> when you send an E-Mail. You could have the person that you suspect
> the virus came from check this...
> Happy NEW YEAR EVERYONE!!!
> Don Young (Faux-Oro) aka (Fools-Gold)
> Have Cesium MagnetometerS
> Will travel if you have a Site we can work together.
> Have my own US METEORITE HUNTERS index by GPS Lat and Lon
> and detailed maps for EACH meteorite..
> Dallas, Texas
> UPDATED PICTURES AS OF: 02 Dec 2000
> My Hobbies: Gold prospecting, Metal detecting and Meteorites
> hobby pics:
> Meteorites found at Odessa Tx. With mag. Lg 1 at 16"+, sm at 6"+
> 1856 army pistol ball and cap cylinder
> Home made dredge:
> (SUCKING UP--a target) Detector and suction hose
> A little gold in the pan
> Meteorite-list mailing list
Received on Mon 01 Jan 2001 03:45:52 AM PST