Re: Great pics of Busty Lola EuroBabe

Gary Heston wrote:
>
> In article <qn%hc.1874$Wc4.7297@bcandid.telisphere.com>,
> GreyCloud <mist@Cumulus.com> wrote:
> >David J. Dachtera wrote:
> >>GreyCloud <mist@Cumulus.com> wrote:
> [ ... ]
>
> >>> Figured that as much too. Took the old HP and hooked it up to the
> >>> net to see how bad it screws things up.
> >>> Rebooted and the dial-up dialog box comes up. It wants to 'phone
> >>> home'. I see that a system2.exe is temporarily created in
> >>> c:\windows\system but you can't delete it. It is a hidden file, but
> >>> using attrib -h system2.exe gives you a Abort, Retry, Fail? message.
> >>> Msconfig only stays up for a split second and regedit won't start.
> >>> The vulcan nerve pinch to show running processes doesn't show all
> >>> the processes that normally show up. So... as an exercise, and
> >>> adaware 6.0 doesn't see it, how does one go about removing this one?
> >>> :-))
>
> >> Did you try booting up to MS-DOS mode and see if attrib and del will
> >> work?
>
> >I booted up into Dos mode and System2.exe does not exist at that level. It
> >seems to be created from another image upon booting into windows as a
> >process masquerading as a file in C:\WINDOWS\SYSTEM.
>
> What happens in Safe Mode? Can you determine the size of System2.exe and
> find any files of the same size? How about modification dates?

Yeah - really: there's gotta be SOME clues that can even be detected in
DOS mode.

Remember that dir/a will display all files (but not the "long" names in
DOS mode boot), even hidden ones. Lacking a scroll-back buffer, /p is
your friend, also.

--
David J. Dachtera
dba DJE Systems
http://www.djesys.com/

Unofficial Affordable OpenVMS Home Page:
http://www.djesys.com/vms/soho/

David J. Dachtera wrote:
> Gary Heston wrote:
>>
>> In article <qn%hc.1874$Wc4.7297@bcandid.telisphere.com>,
>> GreyCloud <mist@Cumulus.com> wrote:
>>> David J. Dachtera wrote:
>>>> GreyCloud <mist@Cumulus.com> wrote:
>> [ ... ]
>>
>>>>> Figured that as much too. Took the old HP and hooked it up to the
>>>>> net to see how bad it screws things up.
>>>>> Rebooted and the dial-up dialog box comes up. It wants to 'phone
>>>>> home'. I see that a system2.exe is temporarily created in
>>>>> c:\windows\system but you can't delete it. It is a hidden file,
>>>>> but using attrib -h system2.exe gives you a Abort, Retry, Fail?
>>>>> message. Msconfig only stays up for a split second and regedit
>>>>> won't start. The vulcan nerve pinch to show running processes
>>>>> doesn't show all the processes that normally show up. So... as
>>>>> an exercise, and adaware 6.0 doesn't see it, how does one go
>>>>> about removing this one? :-))
>>
>>>> Did you try booting up to MS-DOS mode and see if attrib and del
>>>> will work?
>>
>>> I booted up into Dos mode and System2.exe does not exist at that
>>> level. It seems to be created from another image upon booting into
>>> windows as a process masquerading as a file in C:\WINDOWS\SYSTEM.
>>
>> What happens in Safe Mode? Can you determine the size of System2.exe
>> and find any files of the same size? How about modification dates?
>
> Yeah - really: there's gotta be SOME clues that can even be detected
> in DOS mode.
>
> Remember that dir/a will display all files (but not the "long" names
> in DOS mode boot), even hidden ones. Lacking a scroll-back buffer, /p
> is your friend, also.

I booted up into safe-mode and started up msconfig. Msconfig worked and
stayed up in safe-mode and found the offending clue... System Terminal in
the startup script. So I clicked it off to see what would happen in regular
mode. Nope... still comes up with a dial up box. So back to safe-mode.
Msconfig showed that System Terminal was checked again. So I started up
regedit and did a find on system2.exe and deleted three instances in the
registry. I booted back up into regular mode and the problems went away.
Msconfig worked correctly again. However, I now need to find out what the
programs name is and delete it. I don't know if 'DIR' has any date
functions to help reduce this down to a specific date.

The Ghost In The Machine schrieb:

> >> ... a .SCR virus.

> > I
> > see that a system2.exe is temporarily created in c:\windows\system but you
> > can't delete it. It is a hidden file, but using attrib -h system2.exe gives
> > you a Abort, Retry, Fail? message. Msconfig only stays up for a split
> > second and regedit won't start. The vulcan nerve pinch to show running
> > processes doesn't show all the processes that normally show up. So... as an
> > exercise, and adaware 6.0 doesn't see it, how does one go about removing
> > this one? :-))
> >
>
> I assume you had a full physical backup of Win2k. :-) But yuck.
>
> Congratulations again Microsoft. You've made the Net dangerous.

I'm not a M$ friend at all, but it wasn't Microsoft making the Net
dangerous - it is the vast number of DAUs (DAU = 'duemmster
anzunehmender User' = 'dumbest imaginable user') in the Net that makes
the Net dangerous. Like people driving trucks without a driving license.

If someone get a screen saver attachment declared as a picture of Lola,
and opens it, only a brain transplant can help him. Or _very_ basic
lessons about the computer he plays with like an ape.

Even linux does not prevent a user running it as root from putting the
whole system into /dev/null if he somehow enters this command.

Those who are unable to learn such basics should better get a
playstation to play with.

As for the 'system2.exe', perhaps the 'expert' who reported his
experience remembers something called 'DOS': with a simple floppy disk
with DOS (or a bootable Win95/98 CD) there is no problem at all
remmoving this file before it has a chance of being executed and
preventing itself from being deleted.

Grossibaer

(I removed 'my' newsgroups from the massive crossposting list, as those
discussions are totally misplaced there. Now it is less massive
crossposting and I won't see your answers ;) )

Your discussion of booting an old HP machine is appearing in the
following
newsgroups:

Newsgroups: comp.os.cpm, comp.os.cpm.amethyst, comp.os.geos.misc,
comp.os.geos.programmer, comp.os.inferno, comp.os.lantastic,
comp.os.linux, comp.os.linux.admin

Those who support this thread might reconsider this list and remove
some
of these newgroups as a courtesy in your replies.

Jens-Michael Gross <grossibaer@grossibaer.de> writes:

> The Ghost In The Machine schrieb:
>
>> >> ... a .SCR virus.
>
>> > I see that a system2.exe is temporarily created in
>> > c:\windows\system but you can't delete it. It is a hidden file,
>> > but using attrib -h system2.exe gives you a Abort, Retry, Fail?
>> > message. Msconfig only stays up for a split second and regedit
>> > won't start. The vulcan nerve pinch to show running processes
>> > doesn't show all the processes that normally show up. So... as
>> > an exercise, and adaware 6.0 doesn't see it, how does one go
>> > about removing this one? :-))
>> >
>>
>> I assume you had a full physical backup of Win2k. :-) But yuck.
>>
>> Congratulations again Microsoft. You've made the Net dangerous.
>
> I'm not a M$ friend at all, but it wasn't Microsoft making the Net
> dangerous - it is the vast number of DAUs (DAU = 'duemmster
> anzunehmender User' = 'dumbest imaginable user') in the Net that makes
> the Net dangerous. Like people driving trucks without a driving license.
>
> If someone get a screen saver attachment declared as a picture of Lola,
> and opens it, only a brain transplant can help him. Or _very_ basic
> lessons about the computer he plays with like an ape.
>
> Even linux does not prevent a user running it as root from putting the
> whole system into /dev/null if he somehow enters this command.

True. I heard a story about some guy who came into a Mac shop with a
laptop, and wanted some help. He had run a command he'd been told
about on the Net, and now nothing worked any more. The command was
"rm -rf /".

--
Måns Rullgård
mru@kth.se

In comp.os.linux.advocacy, Jens-Michael Gross
<grossibaer@grossibaer.de>
wrote
on Sat, 24 Apr 2004 22:53:52 +0200
<408AD3E0.F3BC8C98@grossibaer.de>:
> The Ghost In The Machine schrieb:
>
>> >> ... a .SCR virus.
>
>> > I
>> > see that a system2.exe is temporarily created in c:\windows\system but you
>> > can't delete it. It is a hidden file, but using attrib -h system2.exe gives
>> > you a Abort, Retry, Fail? message. Msconfig only stays up for a split
>> > second and regedit won't start. The vulcan nerve pinch to show running
>> > processes doesn't show all the processes that normally show up. So... as an
>> > exercise, and adaware 6.0 doesn't see it, how does one go about removing
>> > this one? :-))
>> >
>>
>> I assume you had a full physical backup of Win2k. :-) But yuck.
>>
>> Congratulations again Microsoft. You've made the Net dangerous.
>
> I'm not a M$ friend at all, but it wasn't Microsoft making the Net
> dangerous - it is the vast number of DAUs (DAU = 'duemmster
> anzunehmender User' = 'dumbest imaginable user') in the Net that makes
> the Net dangerous. Like people driving trucks without a driving license.
>
> If someone get a screen saver attachment declared as a picture of Lola,
> and opens it, only a brain transplant can help him. Or _very_ basic
> lessons about the computer he plays with like an ape.
>
> Even linux does not prevent a user running it as root from putting the
> whole system into /dev/null if he somehow enters this command.
>
> Those who are unable to learn such basics should better get a
> playstation to play with.
>
> As for the 'system2.exe', perhaps the 'expert' who reported his
> experience remembers something called 'DOS': with a simple floppy disk
> with DOS (or a bootable Win95/98 CD) there is no problem at all
> remmoving this file before it has a chance of being executed and
> preventing itself from being deleted.

An interesting point. Windows is a *very* open system --
if one knows the openings. (No, I'm not talking about
the occasional virus buffer overflow issues. Anyone
can replace a .DLL if they know the calling sequences
therein, and have Administrator access. Linux also has
that capability, although in Linux it's probably better
documented -- though I'm wondering if Windows has now shied
away from "hidden API's" in light of some DoJ and user complaints.
I'd have to look.)

Of course the most open system I can think of is
DomainOS, in its heyday (late 80's); it was a simple
matter to copy an executable, make a trivial patch (e.g.,
name_$resolve_stop_short became name__resolve_stop_short),
guess at the number of parameters, bind (their version of
'/bin/ld') a little Pascal trace stub that calls the real
routine and prints out the parameters, and see what that
command is doing when calling an unknown system routine.

Fun to play with, especially since name_$resolve_stop_short,
like many other routines, wasn't in the include file or
documented.

(DomainOS was interesting in that one could run objects, as
opposed to requiring an executable. It's a bit like running
../program.o -- although Linux is rather close to allowing
running such; an executable is full of undefined references and
a little stubloader (/lib/ld-linux.so.* in many installations)
to find them.)

>
> Grossibaer
>
> (I removed 'my' newsgroups from the massive crossposting list, as those
> discussions are totally misplaced there. Now it is less massive
> crossposting and I won't see your answers ;) )


--
#191, ewill3@earthlink.net
It's still legal to go .sigless.

Jens-Michael Gross wrote:

<snip>

>As for the 'system2.exe', perhaps the 'expert' who reported his
>experience remembers something called 'DOS': with a simple floppy disk
>with DOS (or a bootable Win95/98 CD) there is no problem at all
>remmoving this file before it has a chance of being executed and
>preventing itself from being deleted.
>
>Grossibaer
>
>
>
Good old 'DOS' will not see the file if the drive is formatted in NTFS
for sure and possibly not if formatted in FAT32. So that leaves that
option out.

Jens-Michael Gross wrote:

> [...]
> If someone get a screen saver attachment declared as a picture of Lola,
> and opens it, only a brain transplant can help him. Or _very_ basic
> lessons about the computer he plays with like an ape.
> [...]

Windows still takes a fair share of the blame since its default setup is
awfully insecure. In fact, does MS make anything that's conceivably
vulnerable, *not* insecure in its default setup?

[follow-up header had to be set, since my ISP's news server wouldn't
allow me to post a message to so many groups without it]

Herb Johnson wrote:

> Your discussion of booting an old HP machine is appearing in the
> following
> newsgroups:
[...]

Whom and what are you replying to?

Charlie wrote:
>
> Jens-Michael Gross wrote:
>
> <snip>
>
> >As for the 'system2.exe', perhaps the 'expert' who reported his
> >experience remembers something called 'DOS': with a simple floppy disk
> >with DOS (or a bootable Win95/98 CD) there is no problem at all
> >remmoving this file before it has a chance of being executed and
> >preventing itself from being deleted.
> >
> >Grossibaer
> >
> >
> >
> Good old 'DOS' will not see the file if the drive is formatted in NTFS
> for sure and possibly not if formatted in FAT32. So that leaves that
> option out.

AFAIK, W/9x does not support NTFS, and neither W/XP nor W2K provide for
a "boot to DOS" mode.

When booted in DOS mode from the boot menu (F8, I think), "long" file
names do not display, just the "ABCDEF~1.IJK" name. When booted in DOS
mode from the Windows shutdown menu, LFN display s/b available.

FAT16 or FAT32 is not relevant here as both provide for Windows support
of LFNs under W/9x.

--
David J. Dachtera
dba DJE Systems
http://www.djesys.com/

Unofficial Affordable OpenVMS Home Page:
http://www.djesys.com/vms/soho/