[Dshield] He wasn't bulletproof after all

Kenneth Coney superc at visuallink.com
Mon Feb 9 15:24:26 GMT 2004


Good catch.  I missed the Win95 reference, I was too busy ROLTFLMAO at his 
"bulletproof" set up encountering something so retro it creaked.  Like it 
was waiting years for him.  Yup.  He boots up then goes to DOS on that 
machine.  Then loads and runs the browser from within the DOS.  16 megs of 
RAM on a machine designed for Win 3.1.  I can't help him too much on the 
registry files as Areust suggested, without seeing what he did (have sent 
him some links and urged reinstalling the Win then seeking upgrades) to it 
when he simply deleted the IE 4 folder years ago.  (This prevented him from 
ever patching at the MS update site.)  I appreciate the text file of the 
malware.  It explains why my Netscape wouldn't go there.  And why, by 
selecting a third browser type to use he could.  I wear a lot of different 
hats.  Under (only) one of them he is a supervisor.  I was trying to 
convince him his way wasn't bulletproof and got the reply I posted a few 
months ago.  This incident pretty much clarifies the issue to me.  He is 
probably vulnerable to 90% of the Win 95 exploits.  Hopefully he will begin 
to realize that and get a more modern machine with updated patches.



Subject: Re: [Dshield] He wasn't bulletproof after all
From: Jim Race <vimages at well.com>
Date: Sun, 08 Feb 2004 12:14:15 -0800
To: General DShield Discussion List <list at dshield.org>

Kenneth Coney wrote:

 > Some of you may recall my posting about someone who only ran DOS on his 
machine and who thought that because of his lack of Windows and his 
selection of browsers that he was immune to all malware and AV software or 
firewalls which required Windows would be a waste of his time and money. 
Today I got this from him.
 > ________________
 > "Somehow when I was online I received a pop-up box which calls itself
 > a "sticky-stay" in my Opera version 6.05 which I was running on my
 > Windows 95 machine.  I can't get rid of the darned thing, even when I


<snip>

Well. He may have written that with Pine, but he said it happened on a 
Win95 box. So? That ain't DOS, is it?

If you want to look at such a file, just save the page locally and load it 
in a trusted text editor.

The 'random.php' it calls is just a way to randomize various ads.

The rest you can interpret for itself.

http://jimrace.com/dshield_mail/stay.txt

-jim





More information about the list mailing list