LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Editing/clearing Rom (UMB?)?
From:	Ellen <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Fri, 21 Dec 2001 16:38:57 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (118 lines)

--- Mike Whalen <[log in to unmask]> wrote:
> > I believe "GoBack" is a commercial product which
> allows a machine
> >to return to a saved state in case of a crash or
> power interruption.
> >If you haven't bought and installed that product,
> it's possible that
> >your intruder is using a hacked version of it to,
> again, make it hard
> >for you to get rid of him.
>
> But if you fdisk and format the disk, how could
> "GoBack" get back?
> This makes me wonder if the "reinstall" was a System
> Restore disk
> provided by the PC manufacturer.
>
> But maybe I underestimate the cleverness of virus
> writers?
>
> Cheers,
>
> Mike...

Yes Mike, I did use a Dell Recovery CD to reinstall.
Although I never requested it (which is another story
in itself), I was sent OEM
software - and you don't get a "clean" Windows version
along with the OEM version. At the time I ordered my
pc, I didn't know BEANS, which I'm sure is the story
with many people who are running OEM software. Anyway,
that's all I had to use, so I had no choice.

Interestingly, the way I discovered that "it" wasn't
gone from my system after all my fdisks & formats from
August thru October, was because I purchased WinME (at
CompUSA) and installed it. The install never asked for
proof of a prior Windows version, which I thought was
odd, but then when I ran Partition Magic and Norton
Utilities, they BOTH "read" my WinME OS as Win98. I
called Dell and they gave me a REAL hassle about not
supporting anything that wasn't purchased through
them. I finally convinced them that all I wanted them
to do was
help me get Win98SE totally off my pc, but to this
day, they'll only give me info about how to switch
from Win95 to Win98, and then only with their OEM
Recovery CDs or with a "Dell Authorized" (also OEM)
version of the OS.

So yeah, it's occurred to me too that it might be a
big Dell conspiracy to track their customers for
"research" purposes or something. But first of all,
whoever was in my pc was keeping personal files in
there: I found, amongst many other things, game
"prototypes" he must've been working on, coded email
in Outlook Express (which I'd never even used), and
files including "excerpts" from my chat sessions - in
a file titled "She Likes To Chat". Eeeeek! So unless
some Dell "watcher" got a little carried away or it
was a "disgruntled" employee or something, it was just
wayyy too personal to be Dell. Also, if "it" was on
the Dell OEM software, I can't believe that no one's
picked up on something being "wrong" with it yet -
Win98 has been around for at least 4 years.

If anything, I think it's more likely to be at the
"build/tech" level - some corrupted piece of hardware
put in the pc prior to shipping. Then there's no
DIRECT tie-back to Dell or anyone else.

I don't think this was ever a virus, although my
Dell-installed Norton AV Live Update feature never
worked from day 1, and I never bothered to fix or
research that (sigh - I've learned my lesson well...).
Anyway, I do think it was some sort of "program" put
together with hacked, legit software (GoBack.io, and
Bootlk.* (~!BOOTLK*) being excellent examples). But I
think that whoever did this would need to be IN your
computer to implant it to just the right spot.

Lastly, the reason "GoBack.io" has survived fdisks,
several types of debugs and formatting on drive C:, is
because it's not ON drive C:. It's on the mysterious &
elusive drive A: - the drive A: which I can only see
while in DOS, is a separate drive in DOS than is drive
B: which is the foppy drive, is corrupt (beginning
with IO.SYS, Disk Doctor informs me, and I assume that
GoBack.io is in the IO.SYS folder) and I can't edit.
Presumably, this drive A: also "controls" what my C:
drive uses in Windows, as most of the programs running
are doing so through corrupted "rules". Which leads me
to SCSI controllers, which Dell has just deemed to
inform me they installed in my pc (only after acting
like I KNEW I had them, however). But I'm researching
that all now....

I've considered friends, past employers, Dell and even
Microsoft as the possible culprits -- you'd be
surprised at the scenarios that have occurred to me
since August....

Ellen Williamson

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

              The NOSPIN Group is now offering Free PC Tech
                     support at our newest website:
                          http://freepctech.com

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG