Unknown folder - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: GMER reports meaning (Was: Re: Unknown folder)

On Sat, 01 Aug 2009 20:01:04 -0400, David H. Lipman wrote:

Quoted text here. Click to load it

Please set your newsreader's (ha-ha) configuration to use a caret (>) to
mark the beginning of lines of quoted text. Because you are using the pipe
symbol (|) to do this, it makes it difficult to decipher who said what for
those of us who use proper newsreaders which colour code different depths
of quotes. In my newsreader what the most recent poster wrote is coded
black, what he has quoted of the previous post has lines beginning with a
caret and colour coded green, what he has quoted of the post before that
has lines beginning with two carets and coded orange and so on.

When I read a reply that you posted to someone, what you wrote is the same
is in black text. Because you used the pipe symbol to quote lines a proper
newsreader doesn't recognise that as quoted text and therefore it shows up
black, just like yours.

Half the time when I'm reading a posted reply from you, I'll read most of
what you are quoting before I realise there's a pipe symbol somewhere in a
line of text and that I'm reading the previous post again.

You'll notice that above, where I've quoted your post, my newsreader has
placed a caret symbol in front of every quoted line of text. The only way
for anyone to tell that some is what you wrote and that some possibly
isn't is the fact that some of the lines of text contain pipe symbols in
random places. At the beginning of lines of text I've quoted, if you wrote
it, they should begin with one caret, anything written by a previous
poster with two carets, three for quoted text from the poster before that
and so on.

Thanks in advance for your consideration.

Re: GMER reports meaning (Was: Re: Unknown folder)


| On Sat, 01 Aug 2009 20:01:04 -0400, David H. Lipman wrote:


Quoted text here. Click to load it





| Please set your newsreader's (ha-ha) configuration to use a caret (>) to
| mark the beginning of lines of quoted text. Because you are using the pipe
| symbol (|) to do this, it makes it difficult to decipher who said what for
| those of us who use proper newsreaders which colour code different depths
| of quotes. In my newsreader what the most recent poster wrote is coded
| black, what he has quoted of the previous post has lines beginning with a
| caret and colour coded green, what he has quoted of the post before that
| has lines beginning with two carets and coded orange and so on.

| When I read a reply that you posted to someone, what you wrote is the same
| is in black text. Because you used the pipe symbol to quote lines a proper
| newsreader doesn't recognise that as quoted text and therefore it shows up
| black, just like yours.

| Half the time when I'm reading a posted reply from you, I'll read most of
| what you are quoting before I realise there's a pipe symbol somewhere in a
| line of text and that I'm reading the previous post again.

| You'll notice that above, where I've quoted your post, my newsreader has
| placed a caret symbol in front of every quoted line of text. The only way
| for anyone to tell that some is what you wrote and that some possibly
| isn't is the fact that some of the lines of text contain pipe symbols in
| random places. At the beginning of lines of text I've quoted, if you wrote
| it, they should begin with one caret, anything written by a previous
| poster with two carets, three for quoted text from the poster before that
| and so on.

| Thanks in advance for your consideration.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: GMER reports meaning (Was: Re: Unknown folder)


| On Sat, 01 Aug 2009 20:01:04 -0400, David H. Lipman wrote:


Quoted text here. Click to load it





| Please set your newsreader's (ha-ha) configuration to use a caret (>) to
| mark the beginning of lines of quoted text. Because you are using the pipe
| symbol (|) to do this, it makes it difficult to decipher who said what for
| those of us who use proper newsreaders which colour code different depths
| of quotes. In my newsreader what the most recent poster wrote is coded
| black, what he has quoted of the previous post has lines beginning with a
| caret and colour coded green, what he has quoted of the post before that
| has lines beginning with two carets and coded orange and so on.

| When I read a reply that you posted to someone, what you wrote is the same
| is in black text. Because you used the pipe symbol to quote lines a proper
| newsreader doesn't recognise that as quoted text and therefore it shows up
| black, just like yours.

| Half the time when I'm reading a posted reply from you, I'll read most of
| what you are quoting before I realise there's a pipe symbol somewhere in a
| line of text and that I'm reading the previous post again.

| You'll notice that above, where I've quoted your post, my newsreader has
| placed a caret symbol in front of every quoted line of text. The only way
| for anyone to tell that some is what you wrote and that some possibly
| isn't is the fact that some of the lines of text contain pipe symbols in
| random places. At the beginning of lines of text I've quoted, if you wrote
| it, they should begin with one caret, anything written by a previous
| poster with two carets, three for quoted text from the poster before that
| and so on.

| Thanks in advance for your consideration.

I will give it due consideration.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: GMER reports meaning (Was: Re: Unknown folder)

On Sat, 01 Aug 2009 20:48:48 -0400, David H. Lipman wrote:

Quoted text here. Click to load it

It would seem that you didn't.


Re: GMER reports meaning (Was: Re: Unknown folder)


| On Sat, 01 Aug 2009 20:48:48 -0400, David H. Lipman wrote:

Quoted text here. Click to load it


| It would seem that you didn't.


I wrote I would consider it.  I ddi NOT write nor in any way indicate that I
would make
the change ASAP.

Your reply has has thus lowered the consideration of the request in my queue.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: GMER reports meaning (Was: Re: Unknown folder)


Quoted text here. Click to load it

It was already circling the drain wasn't it? :)


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Re: GMER reports meaning (Was: Re: Unknown folder)




Quoted text here. Click to load it








| It was already circling the drain wasn't it? :)


Right down the drain "Pan".  :-)


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: GMER reports meaning (Was: Re: Unknown folder)

Quoted text here. Click to load it

That "due consideration" took nanoseconds I'll bet. :oD



Re: GMER reports meaning (Was: Re: Unknown folder)

Aardvark wrote:
Quoted text here. Click to load it

I haven't used PAN in quite awhile, but in forte agent there is a
setting [Options] [Display Preferences] [Messages] in which you can list
any and all quoted text markers you chose. I have carets, pipes, and
colons as the standard included ones and sometimes when someone only
places a solitary smiley it shows as previously quoted text. Obvious and
easily corrected however.

Re: GMER reports meaning (Was: Re: Unknown folder)

Aardvark wrote:
[...]
Quoted text here. Click to load it
[...]

Only in the Compose window (this one). In the Message window, I see
vertical lines.

IOW, how a quotes are displayed depends on _your_ newsreader's settings.

Change them, if it matters that much to you.

wolf k.

Re: GMER reports meaning (Was: Re: Unknown folder)

On Sun, 02 Aug 2009 11:55:32 -0400, Wolf K wrote:

Quoted text here. Click to load it

Why would I change my quote marks to a non-conforming, non-standard
character?

< http://www.netmeister.org/news/learn2quote3.html

"3. Quotationmarks
3.1 Which character should I use to mark the quoted text?

Use the "Greater-Than" character (">"). This character is recognized as a
quotation mark by almost every newsreader and is mentioned in the
netiquette as such for technical reasons (Son-Of-RFC 1036 and successors)."

It's up to users of applications which don't conform with accepted
standards to reconfigure them to conform to standards, not for those who
have conforming software to make it non-conforming.



Re: GMER reports meaning (Was: Re: Unknown folder)

David H. Lipman wrote:
Quoted text here. Click to load it

Hello Dave:

Yes.  During my above test, I booted into XP Pro where the latest GMER
ran unvirtualized.  I did /not/ run GMER under Red Hat Linux with
Wine.  I apologize if I hadn't made all as clear as I should.

Hence, my GMER (running totally under XP) was able to /see/ my
probable Red Hat Enterprise Linux modified boot block, but reported
nothing suspicious.

Warm regards to all,

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Unknown folder


Quoted text here. Click to load it


Do you read? http://en.wikipedia.org/wiki/Rootkit

Or would you rather a PayPal account be set up for you.

Of course you didn't run this Gmer program from your OS, use a USB
boot drive or BOOT CD, the HP program SP27213.exe can create a
bootable USB pen drive, freebies.
--

Wilt Chamberlain and Andre the Giant -- holding up Arnold Schwarzenegger (on the
set of Conan).
http://theselvedgeyard.files.wordpress.com/2009/07/andreconanwilt.jpg

Re: Unknown folder

Pennywise@DerryMaine.Gov wrote in

Quoted text here. Click to load it

Gmer should be run from the affected host. I don't know where your
getting your information from.



--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Re: Unknown folder


Quoted text here. Click to load it




Run a few

IceSword122en
catchme.exe
mbr.exe
szfstxxx.exe
RootkitRevealer.zip
rku
Rootkit_RKU_Results.txt
ossec-agent-win32-2.0_RootKitFinder.exe
gmer.exe
DarkSpy105.exe
DarkSpy105Help.chm
RootkitRevealer.exe
RootkitRevealer.chm
Eula.txt
New Text Document_second_Try.txt
RootkitReveal_Reviels.txt
sanitySetup.exe

And done my reading

"The best, and most reliable, method for operating system-level
rootkit detection is to shut down the computer suspected of infection,
and then to check its storage by booting from an alternative trusted
medium (e.g. a rescue CD-ROM or USB flash drive)[citation needed]. A
non-running rootkit cannot actively hide its presence, and most
established antivirus programs will identify rootkits armed via
standard OS calls (which are often tampered with by the rootkit) and
lower level queries, which ought to remain reliable. If there is a
difference, the presence of a rootkit infection should be assumed.
Running rootkits attempt to protect themselves by monitoring running
processes and suspending their activity until the scanning has
finished; this is more difficult if the rootkit is not allowed to
run.[citation needed]"
http://en.wikipedia.org/wiki/Rootkit

Citations needed, if you have a problem with the answer, edit it.
--

Horse Ride
http://www.onahorse.com /

Re: Unknown folder

Pennywise@DerryMaine.Gov wrote in

Quoted text here. Click to load it

Nice.. :)
 
Quoted text here. Click to load it

Cool. However, I can one up you. I've spoken with the author of Gmer, it
does best when run under the affected machine under it's affected
conditions. As most utilities of it's nature do, Otherwise, it would be
pointless to scan for something you know (if you run from outside the
host OS) won't be there; IE: memory resident rootkit modules.
 
Quoted text here. Click to load it

Pointless endeavor. I had/have a problem with your answer. Obviously if
yours is a canned response, you haven't done all that much reading.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Re: Unknown folder


Quoted text here. Click to load it

[...]

Wikipedia is good, but this describes everyday malware detection, not
rootkit activity.



Re: Unknown folder


Quoted text here. Click to load it



Dark Spy:

"4.run get script with boot CD -> Offline Analyze-> run set script
with boot CD:use this solution, you should have a boot CD. First
generate the boot scripts (e.g. if you select XX for the new file
name, and the script will be XX_get.cmd and XX_set.cmd). Then
successfully restart your computer, and run get script ( XX_get.cmd )
with the boot CD, at this time you will have two more files (XX,
XX.log), the non-log file ( XX )is the hive you want to deal with.
Edit and save, then restart the computer again and run set script (
XX_set.cmd )."

5.Offline Analyze:Analyze the saved hive file. usage: Click"Offline
Analyze",then select the hive to analyze (view and edit).


These are out of order, 5) is a part of the programs Functionalities
(sic), 4) is how to do it.
--

Horse Ride
http://www.onahorse.com /

Re: Unknown folder

Iapetus wrote:
Quoted text here. Click to load it

Hello Iapetus:

In the event that hwf is correct, try running GMER:

             <http://www.gmer.net/#files

HTH

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Unknown folder

On Wed, 29 Jul 2009 15:45:08 +0100, Iapetus wrote:

Quoted text here. Click to load it

I went to the grave of the unknown folder once. At least, I think that's
what it was. Y'see I was young at the time and hadn't yet learnt to read.

Site Timeline