privacy@sharmannetworks.com
 

found this in my mail today - do they get criminal now - threatening people?

Sharman is going after everyone that's doing anything KaZaa related. They're located in a tax haven now and will do anything to anyone to make some $$$.

http://www.vanuatugovernment.gov.vu/

what are those attachments for? is/was that a part of the message?

please forward that message to me if its not too personal i'd like to have a look at it....i know how to examine headers to determine where it really came from :)

harbynger1901@hotmail.com

Hmmm....
 

Could be a hoax, are there any more clues in the full mail headers?

What's in the attachments?

It's a bit strange for them to target you.. Nothing you have on your website is illegal. OK, you have links to KazaaLite, and you still have that iMorpheus page, but they should welcome sig2dat as a great enhancement to the FastTrack experience.

hey, indy, just for "shits and giggles" i'm gonna send you a fake email through the kazaa client

i'll say something that will let you know its me. :)

okay i just now tried the kazaa trick of sending anonymous email

it works differently when you have the email forwarded from

KaZaA to hotmail instead of routing it through your own ISP

If you use you own ISP it will show your loginname (that you

use to logon or into the network if you are on dialup and using a

certain ISP whom i won't name here)

It will also show you isp provider the scary thing is it showing

your loginname to the network (that should be kept private)

and of course your ip address (the real one is revealed)

so i do not recommend anyone use the email feature in KazAa that
is concerned with their online privacy (its not really an anonymous

remailer as "raven" off astalavista claims....because it shows

the info i mentioned above)

Gosh, the was a totally annoying waste of my time post but

I've got a little (time) to waste so why not?

bottom line:
INdy don't worry you ain't dun nothin wrong :)

i've got your mail harby.

okay i don't understand the mechanism - i only saw that home.bat is some windows program and the b_660400 is some other html with vbs script loading from brilliant digital.

maybe the address is really a fake and it should show something, brilliant does to our computers.

i didn execute anything so i don't know more - just deleted the whole bunch

indy

that's too bad indy, i would have saved that for evidence

might be handy and could probably learn some things from it

as well. Usually if you use Norton Antivirus it will protect you

from malicious vbs type scripting there is also another way

i think that involved changing the file associations for .vbs

extensions (in folder options...but i don't remember what

application to use for opening them...my guess is notepad that

way windows scripting host won't automatically execute the

vbs code)

Okay now if your email is like mine (free service similiar to hotmail)

they store the mail sent to you on their server (webpage)

and things you delete might even be saved in the deleted items

folder so if you really want to get rid of it make sure you check

there too and it would not hurt to delete free space on your

drive using either Eraser or VoptXP (great disk defragger mulitpurpose utility)

If you do have a copy in one of those folders....please zip it

the bat file(s) programs and forward it to me for furthur

analysis.

Thanks,

harbynger1901@hotmail.com

sorry but i deleted it also from disk and yahoo trash.

but since your mail address is public now, maybe you get your own "privacy" copy :)

indy

Changing the Default Action for VBS Scripts to Edit
 

Hi guys-gals

This is my first post here. I found the following information in another post and filed it for future reference.

" Changing the Default Action for VBS Scripts to Edit.

You can change the default action for .VBS, .VBE, .JS, .JSE and .WSH files. When installed, these extensions are configured to default to 'Open'. If this default action is changed to 'Edit', scripts will open in a text editor instead of executing, which effectively renders them harmless.

To change the default action for these three extensions:


1) Open up 'Windows Explorer'
2) Under the 'View' menu select 'Options…' or 'Folder Options…'
3) Single click on the 'File Types' tab
4) Scroll down the list until you find 'VBScript Script File'. Single click on it and click the 'Edit…' button
5) Where it says 'Actions' look for 'Edit'. Single click on it and then click the button that says 'Set Default'
6) Click the 'Close' button
7) Repeat steps 4-6 for 'VBScript Encoded Script File' (skip this step if it is not listed)
8) Repeat steps 4-6 for 'JScript Script File'
9) Repeat steps 4-6 for 'JScript Encoded Script File'
10) Repeat steps 4-6 for 'Windows Scripting Host Settings File'

Now VBS scripts, which is how these virii are spreading, will just open harmlessly in notepad. Problem solved.

After neutering the Script Files you can go to your shared folder and delete the little buggers!! "

Credits: This clip was taken from another post, may be even from this forum, I apologize for not remembering from where, exactly. So if someone else recognize her-his post feel free to claim authorship. I'm just passing it around. This is as simple as effective a measure. I've done it, tested it, and worked like a charm.
Hope it helps.

Exactly, either they didn't research your site enough or this was a hoax sent from people trying to stop file sharing and the whole p2p community. It only takes a few minutes of reading your site to know that your sig2dat tool actually helps the FastTrack network. Your tool doesn't take away any ad revenues from Sharman and I can't see how your site is hurting them. Sure you have links to Kazaa lite and maybe some other sites they find questionable but it would be wiser if they target those website specifically themselves.

Never mind. Read that you the files.

The whole thing looks a bit hoaxy. No legal munbojumbo or threats asking you to remove stuff from your site?

As far as I know they have been sending out emails with leagl mumbjumbo, not vbs attachments.

If they are sending little bombs now, my guess would then be that they have $cientology lawyers working for them.

lol

Welcome, spstn
 

:beer:

Welcome to NU, spstn. Hope you enjoy your stay here and

btw what an excellent introduction you made...that information

was EXACTLY what i needed and wanted.

Very much obliged (that's my way of saying "thank-you") for

posting that :)

-Harbynger (of d00m)

Re: Changing the Default Action for VBS Scripts to Edit
 

Welcome spstn :W:

You never know when you post how many people you can help, sometimes months later...

If you ever visited the old Morpheus Board you might have found it there... That was where I first posted it, although I have posted it at the old Zeropaid Forum and I am pretty sure I have posted it somewhere here as well...

I found it somewhere else myself, but don't remember where...

(For some reason I added this on my original Thank You gogostop for pointing me in the right direction) :PO:

hi spstn, welcome to nu!:tu: thanks for dropping by. hope we see you again. :beer:

- js.

Yep!
 

:ND: - WELCOME, WELCOME!!
:beer: :beer:

I'm back...
 

Hi there...

Thank you all for such a heartwarming welcome.
My apology to BuzzB2K because in taking the liberty to edit the original posting to fit the issue at hand here, I left out another interesting piece of advice:

" I added .mp3.vbs to the blocklist of the search filter - seems it does also some job - get 0 results if i search for "mp3 vbs"

indication for .mp3.vbs is, that
· title=xyz.mp3 (because its not rcognised as audio)
· artist=unknown
· size small (11k, 9k)
· downloadtime 0.0


good and simple thing (as mentioned on old morph and elsewhere."

I would advice, also, to include as many implementations of this as fyle types you download. I've seen and even downloaded pictures and video files with double file extension like that.

Coming back to the vbs issue and any other threat to the system, including massive crashes and viri infestation, I've been using a piece of software that ensures total impunity to virtually destroy your system and get away with it. The name is GoBack, a much, and I mean MUCH powerful version of system restore. In the rare occasion of a page fault or whatever causes a BSOD I go back 5 minutes and IT never happened.
Caveat: The software has proven to be infalible to me, however requires a disciplined use of the way you produce work tha's written to your hard disk (read: everything). So if someone want to try it I have several pointers that could be useful to not learn the hard way like I did. In that case let me know and I'll post wherever is appropriate to do so.

For the record: The ignoring of Sharman in my postings was intentional infliction of "cruel and unusual punishment"

So I dixit.

Yes, I would love to hear more about this invaluable software and your tips on using it. Please post more on this.

Thank-you,

harbynger

:W:

Re: I'm back...
 

JS, is it cool? If da boss say yes, I'm all eyes and ears. If da boss say no then perhaps we can quietly "work something out".

I'm interested.

:tu:

NP - I "borrowed" the step by step instructions off of another site myself, and then wrote the specific .mp3 or .jpg versions that I used on the MusicCity Forum... That's what it's all about is users helping users...

Again, welcome to Napsterites spstn and I look forward to more helpfull posts from you in the future. :W: :tu: