Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SunnySky P.Eng from Winnipeg EE 1975


  • Please log in to reply
No replies to this topic

Poll: What's This Stuff About The V-Attribute Trojan? (0 member(s) have cast votes)

What single bit on a disk could hide c:\Windows folder

  1. The bit destroyed by off your radioactive Smoke Detector (0 votes [0.00%])

    Percentage of vote: 0.00%

  2. The bit longer than the max burst correctable size (0 votes [0.00%])

    Percentage of vote: 0.00%

  3. The bit saved by the Black Hole in the surface defect scanner at factor test (0 votes [0.00%])

    Percentage of vote: 0.00%

  4. The bit next to the Tostito chip crumbs on your desktop (0 votes [0.00%])

    Percentage of vote: 0.00%

  5. The undocumented V attribute bit for folder/file name reserved exclusively for the hidden Volume Label (0 votes [0.00%])

    Percentage of vote: 0.00%

Vote Guests cannot vote

#1 Sunny Sky52m

Sunny Sky52m

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 13 November 2010 - 02:49 AM

My claim to fame was "not" talking to Eugene Kaspersky in St. Petersberg, USSR in 1999, but it was fun. I was working at C-MAC Electronics in 1999 in Winnipeg, as Design Services Mgr after 34 yrs in bleeding edge R&D then Mfg Test Engineering development and Management. Since I was using AVP (a.k.a. KAV) and found my PC unbootable by a mysterious infection that also caused our C-MAC's IT Mgr to lose her entire PC Documents and \Windows folders which contained all the Network passwords and NT server settings for the entire office of 75 people { before she had established a reliable backup procedure}. She and her Boss, a descent PC geek, failed to recover the data even when the disk was moved to a working system. Both the Admin Documents and the \Windows folders were apparently deleted. They failed to cure what ailed her PC. Then I got the same symptom 3 months later. I was familiar with disk architecture from 11 yrs testing disk drives since the early 80's at Burroughs/Memorex/Sperrry/Unisys as Test Engineering Manager. So I used Norton's Disk Editor and a directory tree and folder search failed to find these folders from my unbootable system. Then I did a string search for "windows" and discovered the folder existed but why was it HIDDEN? It was designated as folder and had certain values for the R_A_S_H_V attributes. You know Read, Archive, System, Hidden and what's this Volume bit? So I looked around and found nothing documented on it and then figured out that the Volume Label during formatting was just a file with that special V attribute bit set to uniquely identify that file as the Volume Label so naturally it was hidden from the DIR list. Wait a minute, if it's hidden then what happens if I change the V bit from a 1 to 0 and write back to the disk? Well the Windows folder was no longer hidden and it booted. amazing. Eugene would not admit to being aware of this secret. His advice... 1) Backup 2) use a good AV 3) Verify your backup (thanks but I had only done 2) at the time.

Since then, I have always tried to learn about Windows by trying to find out how it ticked...often intentionally breaking bits in the registry or files to see what the reaction was. Let's say I have broken my system many. many times. Sometimes successfully. Ha.Ha. My 1st workstation was in 1982 with the excellent COnvergent Technology/ Buroughs B22 with CTOS on a wide screen green phosphor display that support 132 columns rather than the conventional 80col. I've infected with computing ever since. We used to attach 1GB 8" SMD or SCSI disk drives on old Apple ][+ computers at Burroughs for testing purposes since we couldn't possible dream of filling them with programs, but we tried. SO PC's are a passion, not my career, but just a tool.

I am a diehard fan of BC and ComboFix, and have been a PC repair administrator on a live chatroom in Paltalk's PCTECH room since 2002. It's a voice,text/video free chat room open 24x7x365 with insomniac PC users around the world. Its a free room with Pro Bono PC repairs for anyone who comes and doesn't admit they use P2P or cracked Windows because we have ethics and won't support that... well more than once... I probably have done a thousand HiJack THis analysis/repairs , a few hundred with RunScanner and analyzed a few hundred more ComboFIx logs over the years and I specialize in fixing what others are afraid to touch or failed to fix.

My Security hero on all topics is Bruce Schneier of Counterpane ( My link ) and famous for TwoFish, BLowFish.
My Windows hero is Mark Russinovich for over 10 years with SysInternals/Winternals suites.
My favourite PC tool is Process Explorer and I like the simplicity, elegant proactive security and process management of WINPATROL and have used both since they 1st came out.

My PC philosophy is whay I like to call Organic, Holistic and non-Big-Pharma approach
That means I don't believe in big Anti-Virus/Anti-Trojan/Firewall Suites and associate them with Big Pharma inoculations or drugs that have as many side-effects as cures they promised to offer.
So I rely on Script blockers, Domain black lists, active X blockers and proactive heuristic security such as Winpatrol or others. If all fails I have backup or Combofix, but then I can make an old PC run fast.
Or as I like to say... LEAN AND MEAN. Best case boot XP to 12 processes (not apps..processes) but typically 20 to desktop.

Well that's me in a Thumbnail Posted Image ;)

Anthony Stewart a.k.a "Sunny Sky50m" in Paltalk.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users