[sebhc] what's this emulator?

ab31 at juno.com ab31 at juno.com
Tue Jun 15 13:14:56 CDT 2004


Thanks to those who replied to my message on 05/23/04.

To Dave Dunfield: The Altair emulator I ran was the SIMH version which
needs Windows 95 and newer. I'm impressed with the support for hard
disks, banked memory for use with MP/M, and the choice of 8080 or Z80
processor. The main problem it has involves the terminal emulation. It
works better with Telnet than with a DOS window but Telnet doesn't have a
very complete set of terminal functions. I'm glad that you have MS-DOS
Altair and H8 emulators. That helps to make it compatible with a lot of
computers. I haven't tried them yet.

Thanks to Lee Hart for tips on fixing my Heath H89. I plan to keep your
message handy until I take the H89 out of storage. I think that "Super89"
might be something I saw printed on the motherboard.

Thanks to Roger Svoboda for help in fighting spyware and viruses. I tried
running Norton Antivirus 2001 by booting from a CD-ROM and it didn't find
anything. Maybe it would be better to try it with an updated virus
signature file but I think my computer refused to install NAV on my hard
disk. I ran Spybot Search & Destroy and it didn't find much, just
DSSAgent, Alexa Related, and some tracking cookies. I deactivated
DSSAgent a long time ago by adjusting the Registry so it wouldn't
automatically run when Windows started. Just yesterday I found something
that might be important. I used the FC command to check if the files in
C:\WINDOWS\SYSBCKUP\ were the same as the files in C:\WINDOWS\SYSTEM\ and
discovered that the file URL.DLL is not the same in the two directories.
I used these commands in MS-DOS without starting Windows (I pressed F8
when the computer was starting up and chose the option to run the command
prompt only).

CD \WINDOWS\SYSBCKUP
FC *.* \WINDOWS\SYSTEM\*.*

This alerted me to differences in the two copies of "URL.DLL". Then I
used FC with just the two copies of URL.DLL and redirected it to I file
that I could examine. Here is a shortened version of it.

Comparing files URL.DLL and \windows\system\url.dll

00000118: D2 0E
00000119: 0A C6	
0000011A: 02 01

00002000: EA AF
00002001: 03 16
...
00002302: 01 F6
00002303: 00 BF

0000F8B4: 00 BC
0000F8B5: 00 83
...
0000F932: 00 FF
0000F933: 00 FF

It appears that something has changed the file URL.DLL in three areas.
The file size and date is the same in the two copies of URL.DLL. I think
that altered system files might be common now. Recently I checked a
friend's Windows 98 system using the System File Checker and it found
that the files MMMIXER.DLL and USER.EXE were altered. After I replaced
MMMIXER.DLL with the original version, the computer automatically put
back the altered version. When I replaced USER.EXE with the original
file, Windows would not run so I had to let it use the altered version (I
saved a copy in another directory). Later the owner formatted the hard
disk and reinstalled Windows and lost the modified files that I tried to
save. I would have liked to keep copies for research. I should have
copied them to a floppy disk. 

My Compaq system has Windows 95 and there is no System File Checker. I
would like to find a program that will find the CRC of each system file
and check if it is correct for that version of the file. I don't know if
such a program exists but it would seem like a good feature in an
antivirus program. I have Quarterdeck Virusweep installed and it checks
CRC values for changes but if an EXE file is deleted and then replaced
with a different version, it just updates the CRC and doesn't give me any
warning. It does give me a warning when a program is modifying an
existing EXE file or renaming a data file to an EXE file. I need
something that is more reliable about notifying me when unwanted changes
happen.

I don't know if it is safe to replace just that file (URL.DLL) on my
system. I'm afraid that if there are several parts of this program and I
eliminate just one part, the other parts might do something harmful.

Yesterday I found an interesting new book about this subject in the
library. It's called "MALWARE Fighting Malicious Code" and was written by
Ed Skoudis. It has some tips on protecting computers from these things.
It seems like the common ways to get spyware are running executable
e-mail attachments and allowing ActiveX to run in Internet Explorer.
There are probably also risks in using Java, Javascript and Visual BASIC
Script which are normally available to web pages in Internet Explorer.
Even HTML e-mail can cause ActiveX controls to run and it may have more
ability to do damage because according to what I read, e-mail uses using
IE security settings in the local network zone instead of the internet
zone. I plan to keep doing research and running other tests to figure out
what nasty program I have. If it's something unknown, I want to spread
the word to organizations that try to stop spyware. For now, I avoid the
web on this computer and run my old version of Juno e-mail so HTML
doesn't do anything except make my screen messy.

Thanks also to Jack Rubin for telling me about the SEBHC archives. I
downloaded a manual for HDOS 3 and the update for the Macintosh H8
emulator so far. I used the library computer for that.

Andy


________________________________________________________________
The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!
--
Delivered by the SEBHC Mailing List



More information about the Sebhc mailing list