PLEASE HELP! UNINTENTIONALLY INFECTING OTHERS THROUGH AIM AWAY MESSAGE

[j1281]

Hey guys, I'm not sure what I got, but I know that a (or a few) trojan horses are involved and it's pretty nasty.

I clicked a link on someone's profile that said something like "OMFG LOOK!!!" and it pulled up some website that prompted me to install a few things, which I did, then the first of many trojan horses was detected. In order to remove these using housecall and AVG, I had to disable a few related processes by pressing ctrl alt delete, and disabling them. Now when i press ctrl alt delete, nothing happens, so i'm thinking that function is being blocked somehow. A couple other symptoms i've seen is that it seems to keep regenerating itself after I have removed it using AVG, when I click on "my computer" then "C" drive, I notice a few peculiar looking files keep appearing over and over, such as "crash.txt", etc. If i delete them, they eventually come back as well as the trojan itself. Also, the "My Documents" folder opens twice on start-up every time I start the computer. Using Aol IM has become a nightmare, because my away message is being sporadically changed to the "OMFG LOOK!!!" link and others are contracting it, so i have basically stopped using AIM all the way around for now.
The name of the trojan in my AVG virus vault right now is installer.exe. The first one i encountered was WINAD.exe. Any help would be GREATLY appreciated,
John
Here is the log from Hijackthis:

Logfile of HijackThis v1.98.0
Scan saved at 3:44:23 PM, on 9/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\john\local settings\temp\c4s.exe
C:\documents and settings\john\local settings\temp\ennJ7mNyZ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Save\Save.exe
C:\WINDOWS\System32\ELIMIEXPLORER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\John\Application Data\uote.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\New Folder\HijackThis1980hf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paws003.lsu.edu/pawsloginform...infs?openagent
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Toolbar BHO Object - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL
O2 - BHO: (no name) - {60A0655A-B712-78C7-D256-6D557BAC266A} - C:\WINDOWS\System32\kkercbe.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\John\Local Settings\Temp\xb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [lcn] C:\WINDOWS\lcn.exe
O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
O4 - HKLM\..\Run: [c4s] C:\documents and settings\john\local settings\temp\c4s.exe
O4 - HKLM\..\Run: [ennJ7mNyZ] C:\documents and settings\john\local settings\temp\ennJ7mNyZ.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Rbbe] C:\Documents and Settings\John\Application Data\uote.exe
O4 - HKCU\..\Run: [Eavppm] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\RunOnce: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030...verContent.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...45bc6f8b5fbb1c
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll

[j1281]

The link that started all this mess is:

hyperlink text: "OMFG LOOK!!!", which I have also seen disguised as
"View my BuddyProfile"
hyperlink URL: "http://www.affoundation.org/mybestfriends.scr

I don't recommend visiting this link, I just figured i'd post it to warn others.

[Blackspear]

Can you take the following steps:


Step 1. Install Zone Alarm (free) – Firewall with visual outgoing alerts to see what is trying to access the internet.
http://www.zonelabs.com


Step 2. Download Stinger available here: do NOT run this YET.
http://vil.nai.com/vil/stinger/


Step 3. Turn OFF System Restore, this process depends on your operating system:


Windows XP Instructions

1. Right click on the "My Computer" icon on the Windows desktop
2. Click "Properties"
3. Click on the "System Restore"
4. Place a tick in "Turn off System Restore on all Drives"
5. Click OK
6. Close and restart your system.


OR


Windows ME Instructions

1. Right click on the "My Computer" icon on the Windows desktop
2. Click "Properties"
3. Click on "Performance"
4. Click "File system"
5. Click "Troubleshooting"
6. Check "Disable system restore"
7. Click on OK
8. Close and restart your system.


Step 4. Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content.


Step 5. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up


Step 6. Run a scan with your current Anti-virus program – MAKE SURE IT IS FULLY UP TO DATE with the latest virus signatures.


Step 7. Run a scan with “Stinger” the program you downloaded above.


Step 8. Reboot your system into normal mode.


Step 9. Run a further online scan found here: http://housecall.trendmicro.com/


When everything is clean, it is recommended that you turn System Restore back on.


Step 10. Install update and run the LATEST Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
http://beam.to/spybotsd


Step 11. Install update and run the LATEST Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
http://www.lavasoftusa.com


Step 12. Install and run CWShredder available here:
http://www.wilderssecurity.com/showthread.php?t=14086


Step 13. Make sure your Windows is FULLY up-to-date by doing the following: While on the Internet, Click on Internet Explorer (the Blue “e”), Click on Tools (on the bar at the top of your screen in Internet Explorer), Click on Windows Update. This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “Scan for Updates”. Install ALL “Critical Updates” and “Service Packs”.

WEEKLY – check this is “Up to Date”.



REPEAT ALL THE ABOVE STEPS, this time EVERYTHING should come up clean…



IF the above does NOT fix your problem please download and run Hijack This found here:

http://www.wilderssecurity.com/showthread.php?t=12516


and post your log at one of the forums found here:

http://a-sap.org/


For the most part what I have suggested fixes the greater majority of problems out there...

When your system is clean you may want to take a look here:

http://www.wilderssecurity.com/showt...4&page=1&pp=25

for further discussion on security and how to make your system that much stronger.


and here for more discussions:

http://www.wilderssecurity.com/showthread.php?t=43117


Hope this helps…

Let us know how you go…

Cheers

[j1281]

I followed all of the steps listed in the reply to my previous thread, however I still can't shake this thing.

Here's my Hijackthis log (I know active.exe is a main concern, but before I made any changes on my own I wanted an expert opinion, Thanks again)

Logfile of HijackThis v1.98.0
Scan saved at 2:48:10 AM, on 9/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\john\local settings\temp\c4s.exe
C:\documents and settings\john\local settings\temp\ennJ7mNyZ.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ELIMIEXPLORER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\John\Application Data\uote.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\John\Desktop\New Folder\HijackThis1980hf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paws003.lsu.edu/pawsloginform...infs?openagent
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Toolbar BHO Object - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL
O2 - BHO: (no name) - {60A0655A-B712-78C7-D256-6D557BAC266A} - C:\WINDOWS\System32\kkercbe.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\John\Local Settings\Temp\xb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [lcn] C:\WINDOWS\lcn.exe
O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
O4 - HKLM\..\Run: [c4s] C:\documents and settings\john\local settings\temp\c4s.exe
O4 - HKLM\..\Run: [ennJ7mNyZ] C:\documents and settings\john\local settings\temp\ennJ7mNyZ.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Rbbe] C:\Documents and Settings\John\Application Data\uote.exe
O4 - HKCU\..\Run: [Eavppm] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\RunOnce: [ElimiExplorer Popup Killer] ELIMIEXPLORER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030...verContent.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...45bc6f8b5fbb1c
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll

[Blackspear]

Have you followed ALL the steps I posted?

If you have followed my advice and are stilling having problems then at the end of my post you will see a link to post a Hijack This log, As Wilders no longer allows evaluation of such...

Let us know how you go...

Cheers

[LowWaterMark]

If the proper use of tools like Stinger, Ad-aware and Spybot don't result in a clean system, then you need a detailed HijackThis Log analysis done. As mentioned above, Wilders does not do this any more so you'll need to follow-up at a forum that does provide such services. The forum list at the ASAP page is where you'll find other such forums.

http://a-sap.org

[j1281]

Yeah I followed all of the detailed steps, including going into safe mode and everything, but it seems to still exist even though no trojans are detected by AVG or Housecall because the My Documents folder is still opening up twice on start-up and my away message on AIM is still changing. I didn't realize Hijackthis logs were no longer posted here, i'll check out the other sites.
Are there any you guys would recommend for this particular situation?
Thanks,
John

[LowWaterMark]

Two of the biggest sites (ie. volume of HJT logs worked) are SpywareInfo.Com and CastleCops (formerly ComputerCops), but there are several good ones.

[Blackspear]

Let us know how you go...

Cheers

[j1281]

Well on spywareinfoforum.com it keeps telling me I can't make a post because I "do not have permissions" to. None of these sites seem to have the same functionality as Wilders, just out of curiousity, why don't you guys analyze Hijackthis logs anymore?

John

[LowWaterMark]

SpywareInfo, like many forums that process HijackThis logs, will have its own policies and procedures for how and where logs are posted. Many forums require that you register as a member. Most require that you follow their specific posting guidelines (ie. what pre-scans you need to run, what info you need to supply in your post, etc.).

You should always review the guidelines at any forum you go to prior to starting to post.

As for why we stopped doing these here, well it was a lot of factors, such as staffing levels and posting volumes. But it is explained more here:

http://www.wilderssecurity.com/showthread.php?t=42175

[dread]

Doubt it helps but what I fount is that it is well what mcafee says anyway http://us.mcafee.com/virusInfo/defau...virus_k=127174 . Do a google search for that WINAD.exe you will find alot of hits. If you could, I would submit that link to a av company and and that file that did all of this. I think most av companies do that at least I would hope so. I know mcafee will.
https://www.webimmune.net/default.asp
http://www.virustotal.com/flash/index_en.html
http://www.ravantivirus.com/support/submit-file.php
http://www.pandasecurity.com/submitvirus.htm

[j1281]

I posted my log at CastleCops, and didn't get a reply on the actual log itself, but even more helpful a link to a site with detailed steps on how to remove this specific virus. My system is 100% clean now. Here's the link in case anyone else comes across the ElimiExplorer virus.

http://www.geocities.com/cumquat18/elimiexplorer.html

Thanks again and take care everyone,

John

[Blackspear]

Quote:

Originally Posted by j1281

...My system is 100% clean now...

Thanks for keeping us up to date. May I make a suggestion, now that your system is clean that you take a look here:

http://www.wilderssecurity.com/show...84&page=1&pp=25

for further discussion on security and how to make your system that much stronger.


and here for more discussions:

http://www.wilderssecurity.com/showthread.php?t=43117

Hope this helps...

Cheers