need to report cheating on RC5....how do I do that?

[blurredvision]

I just started cracking for RC5 last night, and dennilfloss helped me out with everything, which was very simple. I downloaded the files needed, and after getting it running, I remembered that I had seen the dnetc file somewhere else before. I then remembered I had seen it in the program msconfig, where you can modify the starting values of your computer, and that had been one of the things in the list, and it stated the following:

distributed.net client "C:\WINDOWS\SYSTEM\dnetc.exe" -hide

I then remembered that when I had gone in and removed things from startup, it was when I was having problems with my CPU usage, and couldn't figure out what was going on and what was eating up the cycles. I had saw the distibuted.net client, and remembered seeing you guys talk about it in here, but didn't piece it together, just unchecked it and went on. This had to have been atleast a month or so ago.

So then I went to the windows\system folder and opened the config file associated with the program, and found that it was being ran under and id of bymer@ukrpost.net. So I spoke with dennilfloss in a PM, and he informed that someone from Ukraine had made a trojan, without me telling him anything first, so this has to be it.

How would I go about telling the right people so they'll know? I still have the files that were put on my computer from this Ukraine guy. Thanks guys.

 

[Russ]

Dnet knows about that one.

Russ, NCNE

 

[Viztech]

Welcome Charlie!

Here is more info on that bymer trojan problem. He got to a lot of people. By chance do you have file and printer sharing enabled to the Internet? That seems to have been a common issue with the people that got this one installed on their machines.

viz

 

[blurredvision]

I did have all my drives with full access. Me and a couple of friends had networked our computers together, and when networking, I allowed full access to my drives so they could get whatever wavs or mp3s I had on there. I must've gotten it from them.

Also, you say it's a bymer trojan problem. On startup, I have something starting called bymer.scanner, and starts from a file of wininit.exe in the windows/system folder. Could this be part of it too??

 

[Russ]

WoodchuckCharlie,

YES. Those two files are part of the worm. I believe there is a dewormer available at the link that Viz provided.

Russ, NCNE

 

[networkman]

I'm sure I'm not the first to point out that sharing your drives with full access to the Internet is not exactly the safest or sanest thing to do with your computer!

 

[subhuman]

an *ix firewall is probably the ideal way to do it, but i really like BlackICE Defender myself. and definitely turn off file and printer sharing, or at the bare minimum set a decent password on it.

 

[blurredvision]

I went ahead and turned off all file and printer sharing, because it's not needed anyways. I also downloaded the dewormer from distributed.net, and it took care of everything. It took a couple of times of rebooting and running that program, but finally got the job done. Also installed my virus scanner that I had neglicted since I reformatted my hard drive a couple of months ago. Thanks guys, my computer is running better than ever

 

[MWalkden]

WoodchuckCharlie; In the future if you want to set up sharing like that again load another protocol in your network settings and bind file and print sharing to that protocol. I use NetBUIE myself. NetBUIE is not an Internet suported protocol and is a natural firewall. Make sure your TCP/IP does not have file and printer sharing bound to it. Even if you are not sharing any folders on your drive, file and print sharing binding on TCP/IP calls out to the Internet saying "I'm here"! On 9x boxes you don't have to share a file to get hacked, just need that binding on TCP/IP.