[K12OSN] Boys and Girls Club Horror
R. Scott Belford
scott at hosef.org
Thu Jul 8 02:12:37 UTC 2004
Wonder where all that spam is coming from? We, like the rest of you,
set up and maintain thin-client labs. We have recently donated and are
maintaining a thin-client lab for the teen center at the Ewa Beach Boys
and Girls Club of Hawaii. Furthermore, we have given the custodian and
a manager, previously without computers, each a Mandrake box.
It is astounding, as you can all imagine, to see people effortlessly
navigate a "strange" gui to get so much done. One lady using a Mandrake
box has never asked for help and makes spreadsheets, schedules,
documents, etc. She never saw Linux before. We all know these success
stories, and the BGCH project is no exception.
Here is the Horror. There is a previously donated Windows lab
downstairs. I have already replaced one hosed box with Mandrake. These
computers are so infected with virii, worms, and trojans that they may
be attacking *you* Windows update no longer runs, and it is almost
impossible to browse with IE without redirect and pop-up Hades.
The lab is under contract to the company of one of members of the BOD,
so I can't take it over. Ironically, it was initially a gift from the
Case Foundation. I will, however, be putting Mandrake on a computer
that had the following goodies in its taskbar:
CTFMON.exe
http://securityresponse.symantec.com/avcenter/venc/data/spyware.familykeylog.html
FF.EXE
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.rirc.html
WSup.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html
WToolsA.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html
msbb.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.ncase.html
wupdater.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html
CMESys.exe
http://securityresponse.symantec.com/avcenter/venc/data/dialer.iedisco.html
WKufind.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html
VPTray.exe
proof that norton is uninstalled
mspmspsv.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html
WToolsS.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html
regsvc.exe
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html
lsass.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
csrss.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html
smss.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html
I will further document this in a case study, but if any of you need
testimony to the damage just one infected Windows computer can cause,
look at this one.
--scott
--
R. Scott Belford
Founder/PR Director
The Hawaii Open Source Education Foundation
PO Box 392
Kailua, HI 96734
scott at hosef.org
808.689.6518
More information about the K12OSN
mailing list