If you do a search for dlldemon 1.0 you will have many
hits..
Grant..
Gage Tarrant wrote:
>
> BTW, I ran a scan on my computer and I did not download Brooks' attachment
> virus. I take that to mean that the PC-Cillin I installed after the 1st
> scare effectively blocked it, or, that it's hiding, but I see no evidence of
> that yet. I looked for the Dll demon on Tucows but couldn't find it, then
> ran a search for Dll demon and was shown so many different dll products that
> I didn't know which one you were referring to. Do you have any direct
> links, or perhaps a more specific program title? Thanks for all of your
> info- it has been VERY helpful.
> ----- Original Message -----
> From: "A.V.R.A" <[email protected]>
> To: <[email protected]>
> Sent: Tuesday, April 24, 2001 7:01 AM
> Subject: Re: CS>VIRUS
>
> > By the way, I thought I would mention, for Outlook Explorer users, there
> is
> > a way to crash these email viruses so that in the event one gets one and
> is
> > unaware of it, the virus will not be able to send outbound mail.
> >
> > What one does, is in the preferences for outlook express, one adds a
> > signature file that doesn't exist. Every time one sends a new email
> > message, a dialog box will appear warning you that it could not find the
> > signature file. These email viruses aren't programmed for that
> eventuality.
> > When it tries to send outbound mail with the attachment, the virus crashes
> > due to that extra step, and the email is never sent.
> >
> >
> >
> > ----- Original Message -----
> > From: A.V.R.A <[email protected]>
> > To: <[email protected]>
> > Sent: Tuesday, April 24, 2001 7:47 AM
> > Subject: Re: CS>VIRUS
> >
> >
> > > Looks like we all will have to start spraying our computers with
> colloidal
> > > silver...
> > >
> > > As some of you might have noticed through watching the news, last week
> > and
> > > perhaps still? ), a huge cloud from Mongolia ( of all places! ) reached
> > the
> > > Western United States, spanning all the way to ( you guessed it ) right
> > here
> > > in Albuquerque.
> > >
> > > Heavy winds and ongoing construction has really effected the air
> quality,
> > > and we've been particularly faithful in using colloidal silver in the
> > lungs.
> > > I am certainly not sure what is capable of travelling in such a dust
> > cloud,
> > > but I'm certain if nothing else, at least spores survived the long trip.
> > >
> > > In fact, between the dust cloud, the construction, the high winds, and
> the
> > > spring pollen in the air, my allergies kicked in for the first time in
> > about
> > > 7 years. To further complicate things, our home has zero insulation.
> > >
> > > I find it amazing the colloidal silver soothes the mucus membranes so
> > well!
> > > Twenty minutes with the humidifier, and the relief is astounding. For
> > those
> > > with various lung conditions, it is certainly worth looking into. I've
> > > found that one must be diligent in application, using the
> > > nebulizer/humidifer sometimes as much as every five to ten minutes for
> an
> > > hour.
> > >
> > > Is there anyone on the list familiar with coning? Has anyone tried
> > > delivering colloidal silver into the body through coning? I know this
> > > method is supposed to be excellent for use with ozone. In fact, the
> next
> > > thing on our purchase list is an ozone sauna.
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: <[email protected]>
> > > To: <[email protected]>
> > > Sent: Monday, April 23, 2001 1:09 PM
> > > Subject: Re: CS>VIRUS
> > >
> > >
> > > > This was just posted on the beck rife list...same problem there.
> > > Directions
> > > > how to fix.
> > > > ~Hanan
> > > >
> > > > <FWD>
> > > >
> > > >
> > > > I was targeted by a worm sent via an attachment from someone on a
> > > >
> > > > yahoo list I am on. The thing was very sneaky in that it quoted bits
> > > >
> > > > from one of my posts to the list, as thought this gal were replying
> > > >
> > > > to me privately.
> > > >
> > > >
> > > > After that I couldn't access the list homepage, but luckily I had
> > > >
> > > > some digests to read -- and lo and behold, there were several posts
> > > >
> > > > about this very thing. And even more luckily, one of the members of
> > > >
> > > > the list is an expert in computer security, who posted a description
> > > >
> > > > and fix. I don't think I sent the worm to any of you because I
> > > >
> > > > didn't re-boot between the time I downloaded the file and the time I
> > > >
> > > > did the fix, but I post it in case any of you were hit elsewhere.
> > > >
> > > >
> > > >
> > > >
> > > > <<Subject: The attachment is a worm.
> > > >
> > > >
> > > > Win32.Badtrans.13312
> > > >
> > > > Badtrans is a worm spreading via e-mail. The worm replies to all
> > > >
> > > > unread messages and attaches itself using one of the following 16
> > > >
> > > > names:
> > > >
> > > >
> > > > fun.pif
> > > >
> > > > Humor.TXT.pif
> > > >
> > > > docs.scr
> > > >
> > > > s3msong.MP3.pif
> > > >
> > > > Sorry_about_yesterday.DOC.pif
> > > >
> > > > Me_nude.AVI.pif
> > > >
> > > > Card.pif
> > > >
> > > > SETUP.pif
> > > >
> > > > searchURL.scr
> > > >
> > > > YOU_are_FAT!.TXT.pif
> > > >
> > > > hamster.ZIP.scr
> > > >
> > > > news_doc.scr
> > > >
> > > > New_Napster_Site.DOC.scr
> > > >
> > > > README.TXT.pif
> > > >
> > > > images.pif
> > > >
> > > > Pics.ZIP.scr
> > > >
> > > >
> > > > When a user opens the attachment, the worm copies itself to the
> > > >
> > > > Windows directory as:
> > > >
> > > >
> > > > inetd.exe
> > > >
> > > >
> > > > and modifies the file win.ini by including the line executing that
> > > >
> > > > program.
> > > >
> > > >
> > > > Additionally, the Badtrans worm, drops a backdoor trojan
> > > >
> > > > (Win32.Badtrans.21882 Trojan). The worm creates and executes a 21882-
> > > >
> > > > byte file in the Windows System directory:
> > > >
> > > >
> > > > kern32.exe
> > > >
> > > >
> > > > and modifies the registry in order to run it on the next reboot:
> > > >
> > > >
> > > > HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32
> > > >
> > > > .exe
> > > >
> > > >
> > > > The Trojan, which is in fact a backdoor server also uses its own
> > > >
> > > > library:
> > > >
> > > > hksdll.dll (a 5632-byte file created in the same directory).
> > > >
> > > >
> > > > To fix:
> > > >
> > > >
> > > > First:
> > > >
> > > >
> > > > search your hard drive for the files named INETD.EXE, KERN32.EXE and
> > > >
> > > > CP_23421.NLS. Delete them.
> > > >
> > > >
> > > > Then:
> > > >
> > > >
> > > > Run SYSEDIT by clicking START-RUN. On RUN Window type SYSEDIT then
> > > >
> > > > click OK.
> > > >
> > > > In SYSTEM CONFIGURATION EDITOR select the window C:\WINDOWS\WIN.INI
> > > >
> > > > then delete the entry "C:\WINDOWS\INETD.EXE" under RUN key.
> > > >
> > > >
> > > > All done.>>
> > > >
> > > >
> > > > --
> > > > The silver-list is a moderated forum for discussion of colloidal
> silver.
> > > >
> > > > To join or quit silver-list or silver-digest send an e-mail message
> to:
> > > > [email protected] -or- [email protected]
> > > > with the word subscribe or unsubscribe in the SUBJECT line.
> > > >
> > > > To post, address your message to: [email protected]
> > > > Silver-list archive:
> http://escribe.com/health/thesilverlist/index.html
> > > > List maintainer: Mike Devour <[email protected]>
> > > >
> > > >
> > >
> > >
> >
