[LUAU] Does this shock you?

Thu Jul 8 00:33:56 PDT 2004

While there are viruses and spyware listed, a number of these are 
legitimate programs. I recognized many of these background tasks and 
checked my favorite task list at http://answersthatwork.com/ .
E.g., ctfmon.exe is an ordinary part of Microsoft Office XP and Windows 
XP – it activates the Alternative User Input Text Input Processor (TIP) 
and the Microsoft Office XP Language Bar.
LSASS is usually the Local Security Authentication Server, unless a 
virus has replaced it.

Windoze OSes are frustratingly difficult to keep free of viri, 
especially if you run Outlook or Internet Exploder. However, when 
educating others about its problems, we have to be careful to remain 
objective.

Thank You.

R. Scott Belford wrote:

> I have been meaning to email LUAU and our announce list for some time 
> to make sure that we all knew the recent news about HOSEF. We have a 
> permanent home at UH thanks to many unthanked people, and luau and 
> monmotha have a permanent home with HOSEF. We have set up a lab this 
> year at Kuhio Elementary, we had a booth at the eSchool conference, 
> and we have donated a lab to the Boys and Girls Club of Hawaii in Ewa 
> Beach where we refurbish the computers that are later donated to other 
> organizations. We just put a Mandrake Box at the Makiki Community 
> Library.
>
> There is so much news, and I will share it soon. For now, I want to 
> shock you, if I can.
>
> There are two computer labs at the BGCH. The downstairs one, a windows 
> lab, was donated by the Case Foundation and was supported for the 
> first few years. Upstairs is our 15 station Linux thin client lab. We 
> have also donated two stand-alone Mandrake boxes now in heavy use by 
> MGMT.
>
> The downstairs windows lab has fallen in disrepair. No windows updates 
> and no IE patches have made this lab an unsurfable nightmare on some 
> computers. It is no longer even possible to run Windows Update on the 
> ones that I have tried. It is not the staff's fault, support is now 
> handled by the company of one the members of the BOD. A quick look at 
> the Task Manager and some time googling has revealed the following on 
> just *one* computer.
>
>
> CTFMON.exe
> http://securityresponse.symantec.com/avcenter/venc/data/spyware.familykeylog.html 
>
>
> FF.EXE
> http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.rirc.html 
>
>
> WSup.exe
> http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html 
>
>
> WToolsA.exe
> http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html 
>
>
> msbb.exe
> http://securityresponse.symantec.com/avcenter/venc/data/adware.ncase.html
>
> wupdater.exe
> http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html 
>
>
> CMESys.exe
> http://securityresponse.symantec.com/avcenter/venc/data/dialer.iedisco.html 
>
>
> WKufind.exe
> http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html 
>
>
> VPTray.exe
> proof that norton is uninstalled
>
> mspmspsv.exe
> http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html 
>
>
> WToolsS.exe
> http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html 
>
>
> regsvc.exe
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html 
>
>
> lsass.exe
> http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html 
>
>
> csrss.exe
> http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html 
>
>
> smss.exe
> http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html 
>
>
>
> If you are still wondering if Linux can replace Windows on the 
> Desktop, I can assure that it can, it has, it does, and in cases like 
> this, it must. I'll be documenting this in a case study, but for now I 
> had to share this horror with someone else.
>
> --scott
>
> _______________________________________________
> LUAU at lists.hosef.org mailing list
> http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
>
>