-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Raid/Dustin Cook Gloats Over The Damage Caused By His Irok Virus
(Here we see Raid/Dustin Cook's extravagant ego running
amuck as he heaps scorn on Norton and other AV outfits as
the battle his Irok virus. He is so above them. So much
more intelligent. Not! He is a failure at trying to
commercialize every program he has written. He hates the AV
companies because they make money, while he scrapes by, his
genius ignored. Raid/Dustin Cook is a loser in every facet
of life. A script kiddie with a monstrous ego totally out
of proportion to his accomplishments.)
http://groups.google.com/group/alt.c...ead/thread/416
ba76bf701036f/28d522e79fb7d0fd?hl=en&q=group:alt.comp.virus+auth or:Rai
d#28d522e79fb7d0fd
or
http://preview.************/26crov2
Raid Slam
View profile
More options Mar 29 2000, 3:00 am
Newsgroups: alt.comp.virus
From: Raid Slam <soho20NOsoS...@hotmail.com.invalid>
Date: 2000/03/29
Subject: Re: Irok v1.1
In article <01a78a66.47415...@usw-ex0101-006.remarq.com>,
chrishowells <chlistNOchS...@linuxfan.com.invalid> wrote:
>Presumably the virus has been submitted to Norton via
>their service for new viruses?
Yep. Norton is aware of it. Norton cannot disinfect it, And
norton doesn't even know really what it is. You should see
the url describing it. Norton blows. CAI isn't too hot
either. I wonder how many incompetent avers irok will turn
up. lol
Regards,
Raid [SLAM]
* Sent from RemarQ http://www.remarq.com The Internet's
Discussion Network * The fastest and easiest way to search
and participate in Usenet - Free!
- ---------
Raid Slam
View profile
More options Mar 30 2000, 3:00 am
Newsgroups: alt.comp.virus
From: Raid Slam <soho20NOsoS...@hotmail.com.invalid>
Date: 2000/03/30
Subject: Re: Irok v1.1
In article <38e28398.156895...@news.skypoint.com>,
rl...@nospam.com (Richard Lupu) wrote:
>I have the Irok.exe file that was sent to me from an
>infected site that needed help with the infection.
Could you provide more information?
>Neither NAV 5.0 or NAV2000 detected this even with the 03/25/00
>updates.
>Oddly enough NAV 5.0 with 7/98 def files detects this as
>HLLP.Krile.5831 which I can only guess is because
>maybe raid reused some of the code in Irok.
Nope. It's false alarming due to the encryption layer. It's
another wonderful "feature" of norton. ;p
>Irok.trojan.worm is also not in the list of protected.
It's not a trojan.
>I am sure Norton will come up with something but it will
>probably be next week.
I wouldn't get my hopes up. Norton has no idea what they are
dealing with by the description on their website.
Regards,
Raid [SLAM]
* Sent from RemarQ http://www.remarq.com The Internet's
Discussion Network * The fastest and easiest way to search
and participate in Usenet - Free!
- ----------
Raid Slam
View profile
More options Mar 30 2000, 3:00 am
Newsgroups: alt.comp.virus
Followup-To: alt.comp.virus
From: Raid Slam <soho20NOsoS...@hotmail.com.invalid>
Date: 2000/03/30
Subject: Re: Irok v1.1
In article <954444728.1720869...@news.skypoint.com>, Richard M.
Lupu <rl...@deadboard.com> wrote:
>That does not really matter. Suffice to say it was a small
>network and your comment about it only sending once so
>that it does not arouse suspision does not hold true on a
>network.
Yes it does. The virus itself will send one time per
computer, once the marker is in place, no more vbs files
are created. However, if the user (on bad advice from
avers) deletes the marker file, the virus will send the
emails more then once.
It may have been bouncing around your network, but each
machine was only responsible for sending it one time.
>Make no mistake, I think you are a criminal and dont feel
>you deserve any indepth information on where your inane
>creation is or has been.
I suppose it's a good thing that your opinion doesn't count
then, Isn't it?Perhaps the next virus will send the
information too me. It stands a better chance of getting
the information correct anyway.
>ethics are concerned. But, I know from experience it is a
>waste of time and bandwidth to argue the point with you so
>I will save my breath.
Did your small lan infect anyone outside of it? :-)
>Their 3/29 update detects Irok.exe as Irok.trojan.worm and
>Irokrun.vbs as Irok.vbs and infeceted .exe and .com files.
>does not detect winrde.dll and script.ini but script.ini
>is not
I know what norton knows about it.
Regards,
Raid [SLAM]
* Sent from RemarQ http://www.remarq.com The Internet's
Discussion Network * The fastest and easiest way to search
and participate in Usenet - Free!
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Raid Ver. 0.4.6 (Raid's I.Q.)
Comment: Raid Is A Dangerous Sociopathic Monster
mQGiBEv5rOcRBADxvuuWmXxws8jvtc4o1P6eD7yi0bROD2koLk O+3fdtGpSi54tT
UMqWJ0iOvs3oDUZsgQ+n4pkwrLCvgrC0rQzq85T3oS/6tzIdqboTj/hsIkwJrvsT
RfdrIORMRMrRUQXOcae4A+XVjHR7nYLlVhzfatZcZw0XaLGvdO qdwfYj3QCg/4+j
lnraPsboXfnmcpEFabBbxhkEAMUrYAjMzl3cWeFng+TdiAomsQ zmiXPnOG8dcB1v
OlXCIgNRaKfXM2deNSho11o5I/kYCVBBrpSl/4Ou3yt9HHx5tyMBadVD0lLaOWn4
bxjVPuIVTmJPOUd3X1IEBjmP2qBBdRU04lBIFuRokpIb2zZhnr kNX5LyrJB1k42I
qHT1BACXc/Dy2SFGX2NB29msCPczKGo4FvOS4G1kAacDnBKoIErwP6/MXHpcF4Gb
Mx1Eb4s9IR5Af4pGLdpsfl2MC3OSgeby56BxvTo1YLjnxxoeJn 55aRVRpzgrEFyN
kZqAnGAZjWbWHU3i1ag2vtDFkZnVp5fWKYH+29C7hsapeuMbAr QEUmFpZIkAUwQQ
EQIAEwUCS/ms5wkLCQoIAgcDAQQCGQEACgkQvmBTcC1T9/WQrwCfZFGckHXx4/J2
KbefJqHD0+NH7OsAmwQnmaYlPP/rZ1Gah0EyBz/zW0OnuQINBEv5rO4QCADjDEBs
uorjWyUdnKenrVyM9ovZhSGpfCsMW9+ydRYCTYCAzsH/p39H0aiGgfdDngtucK9V
xnmz5DmItw0WQBTCLEZQZ0iPBMu8eN0Kot/PQ9ckIYBeE1AFQyQUm1kB7WywstUc
p26cs5Mp0QcY7dVB0AbmnO6Bs46Ss/ClATMzISEESDd73A7Shgp009HMPOJFx6YP
RxHKLJrpRYGQrJZqb/35DuqIegP1WZYfV3kG6DhPApt7SXc9JgAxbyXoWruWEd+M
bo5d6E80w2trqTsXM2qrbahfPuJG4bzEWvO1Mx4IQCPIXqhIDk 9sPnwyTZrVYfEs
P6cGyk/x43ns9zqvAAICB/46rb6F+hK3UrQcXyVgw6pJYgta3Eb57lM87rcnwrbj
XWxupSy5efwYznG22kIjhe9ct6AbA699d56NFWU5gwbVowO8Ee S/LGeB2OOc9PaW
gfSae9/vVI0PakkMXSm+J1KjgWCK4j7PzAg/Si72QduQr4jwnA5B75/OS172jcBu
ZBnAbQ/hSFetBsk+037CKpvsPyGX5MQv5ZBSZV3qzFFmo+bgX1QbQxFrg qAV8jyw
2UlQ0zU7G5oX7H859T9MWaqtkjPZHP+v6vqDH5YIuAIo6NA2d7 UZwzB766zpJeSI
OxkjbvbaNUV+w7oiIR8f4iQnOiIGsqUXwybAAtSaFhyriQBGBB gRAgAGBQJL+azu
AAoJEL5gU3AtU/f1X1wAoOfSc12FoPilEN0W1LGFCt6IpOLLAJ9yvzq7gaqipUL+
szxmvxA3SS3HRg==
=CTpL
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: Raid Ver. 0.4.6 (Raid's I.Q.)
Comment: Raid Is A Dangerous Sociopathic Monster
iQA/AwUBS/qH075gU3AtU/f1EQLozACfb1PE23kWM5ee0QSRMxISmVjQs/4An2VM
AwGYQm+vk9eC4vvXnr8w3o9V
=10Q1
-----END PGP SIGNATURE-----
Reply With Quote