MESSAGE
| DATE | 2020-09-12 |
| FROM | From: "Christopher William Snowhill"
|
| SUBJECT | Re: [Hangout - NYLXS] uninstalling
|
From hangout-bounces-at-nylxs.com Mon Sep 14 02:02:40 2020
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id 0BEFF163F98;
Mon, 14 Sep 2020 02:02:40 -0400 (EDT)
X-Original-To: hangout-at-www2.mrbrklyn.com
Delivered-To: hangout-at-www2.mrbrklyn.com
Received: by mrbrklyn.com (Postfix, from userid 1000)
id C8FF3163F5E; Mon, 14 Sep 2020 02:02:18 -0400 (EDT)
Resent-From: Ruben Safir
Resent-Date: Mon, 14 Sep 2020 02:02:18 -0400
Resent-Message-ID: <20200914060218.GD2055-at-www2.mrbrklyn.com>
Resent-To: hangout-at-mrbrklyn.com
X-Original-To: ruben-at-mrbrklyn.com
Delivered-To: ruben-at-mrbrklyn.com
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
by mrbrklyn.com (Postfix) with ESMTP id 5F667161151
for ; Sat, 12 Sep 2020 00:11:01 -0400 (EDT)
Received: from localhost ([::1]:60512 helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from )
id 1kGwsP-0005QC-4p
for ruben-at-mrbrklyn.com; Sat, 12 Sep 2020 00:11:01 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:38180)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from ) id 1kGws1-0005Q1-MC
for qemu-discuss-at-nongnu.org; Sat, 12 Sep 2020 00:10:37 -0400
Received: from mail-ed1-x52b.google.com ([2a00:1450:4864:20::52b]:36461)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from ) id 1kGwrz-0006y3-Sb
for qemu-discuss-at-nongnu.org; Sat, 12 Sep 2020 00:10:37 -0400
Received: by mail-ed1-x52b.google.com with SMTP id w1so12283200edr.3
for ; Fri, 11 Sep 2020 21:10:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=user-agent:mime-version:message-id:in-reply-to:references:date:from
:to:subject; bh=fz6pi2ahMiPeKfPMxULfXpVYm+a0X1ScatzhGEkn8x8=;
b=XloteMrgvcWK+7Pt6oBpPbxiRAkqI6aU1E2/U2WU2m1Cu8pkRQGMn4E7aubABrdgT8
OYsJ9DpZQ/uehHVrkmY2L7HDfTaHvDoxKXhuJK+6wWRMnY8t2AkK+Ju8gMzkjfLPMEpQ
QuJYz6Xt5HaBgVHH/XxY3yuX2MGqqnVH1J+2iQjMsWyMQxwikhrf/U944pFGK8tUvshm
Oa2cGOOzRNgwV1W9Q+mA3TTDBqQF2qKcrmVwh6uod7VerpN0jZK8o9JPPnUO6Bxm/ptF
gRWvvrQsroH5TAu9Gobh78XPgC8sqBZXFjDyRTS5504cVAmJninzpdwddjDHBzvy9enu
4kPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:user-agent:mime-version:message-id:in-reply-to
:references:date:from:to:subject;
bh=fz6pi2ahMiPeKfPMxULfXpVYm+a0X1ScatzhGEkn8x8=;
b=EIvAG6ejGIDEq87eFN3iI+WWpoa4S5h9ss2yE5tIBTYa3PEjHzllssmEvhvnlX2YIn
NQyNQo5fkzEJSGYQVfNrBUxULjO+Q7TOxPDIl3ml7gUwF9HCf3RZTvty5xWicCIv1q79
6umQGdQdVFPQCyOuGLrsrImQsA+CKfTE4C8aeC6SVvuONsfV8ZJ7mi0EMqtEI1BC+177
FInaWagaStKrKiKmHcyVI6c2V4lmEaQMvTS4LZmskvOLTY63xGl9zZZMwDvRxJweSIHf
2RATo29ce0ezhDPbmJncDbymTh0mrDETVYn4kTLKGzJvSZALQxuTegG8BBI//4gARU3b
YXlg==
X-Gm-Message-State: AOAM530AwYupM2ofVLvYLYlmHzfAu4xLP5oiRFicq6B6f2I/g69lK5+2
OubLwrNJcimr+/KF6FRkNSUXq8J3BaI=
X-Google-Smtp-Source: ABdhPJwZxTpQfjtUhbiXpgKMxAkYTWksY3uiTG+D5USeEZwJYOKNE81XvipTWltsIPfaf9JSADYCQg==
X-Received: by 2002:aa7:dd8d:: with SMTP id g13mr6360171edv.324.1599883833794;
Fri, 11 Sep 2020 21:10:33 -0700 (PDT)
Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com.
[66.111.4.228])
by smtp.gmail.com with ESMTPSA id k25sm2609156ejk.3.2020.09.11.21.10.32
for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 11 Sep 2020 21:10:33 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
by mailauth.nyi.internal (Postfix) with ESMTP id B795227C0054
for ; Sat, 12 Sep 2020 00:10:31 -0400 (EDT)
Received: from imap6 ([10.202.2.56])
by compute2.internal (MEProxy); Sat, 12 Sep 2020 00:10:31 -0400
X-ME-Sender:
oxdHdKD5Yu9-9sZqkw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudeitddgjeejucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsegrtd
erreerreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghilhhlihgrmhcuufhn
ohifhhhilhhlfdcuoehkohguvgehgeesghhmrghilhdrtghomheqnecuggftrfgrthhtvg
hrnhepudfgfeekteffveelueegvddtvdefjeehiedvveejjeevleeiveduieeutdffkeel
necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptghhrh
hishdomhgvshhmthhprghuthhhphgvrhhsohhnrghlihhthidquddtjeduheelkeduiedq
vdegvdeileejjeeiqdhkohguvgehgeeppehgmhgrihhlrdgtohhmsehkohguvgehgedrnh
gvth
X-ME-Proxy:
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id 5E8BC14087D; Sat, 12 Sep 2020 00:10:31 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-259-g88fbbfa-fm-20200903.003-g88fbbfa3
Mime-Version: 1.0
Message-Id: <24e556b6-fa95-4a24-a91a-5fc324230b08-at-www.fastmail.com>
In-Reply-To:
References:
Date: Fri, 11 Sep 2020 21:09:44 -0700
From: "Christopher William Snowhill"
To: qemu-discuss-at-nongnu.org
Received-SPF: pass client-ip=2a00:1450:4864:20::52b;
envelope-from=kode54-at-gmail.com; helo=mail-ed1-x52b.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
That's all we know.
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-discuss-at-nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
Subject: Re: [Hangout - NYLXS] uninstalling
X-BeenThere: hangout-at-nylxs.com
List-Id: NYLXS Tech Talk and Politics
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Content-Type: multipart/mixed; boundary="===============2062696603=="
Errors-To: hangout-bounces-at-nylxs.com
Sender: "Hangout"
--===============2062696603==
Content-Type: multipart/alternative; boundary=07d7997355c74335b64997b537d5138b
--07d7997355c74335b64997b537d5138b
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
It sounds as if the user has installed a trojan monero miner, either thr=
ough not updating their machine like is recommended, or from installing =
pirated audio production software from bittorrent trackers or shady web =
sites, which have been bundling such miner virtual machines for at least=
two years now. They boot a Linux virtual machine that gobbles up at lea=
st an entire cpu core mining for an anonymous pool, and therefore probab=
ly isn't traceable. It used to be that the variant, LoudMiner, used qemu=
with hvf on macOS, and VirtualBox on Windows, but now it seems variants=
are branching out to using qemu with intel haxm on Windows machines.
On Fri, Sep 11, 2020, at 2:09 AM, Narcis Garcia via wrote:
> How is "Host services 64.exe" related to Qemu?
>=20
>=20
>=20
> Narcis Garcia
> El 10/9/20 a les 20:51, Liz C ha escrit:
> > Hi.
> > I=E2=80=99ve never installed your app but I have it in my computer =
(I don=E2=80=99t
> > know why). My antivirus says that Host services 64.exe is a troyan
> > virus. I uninstalled it many times and deleted everything but it kee=
ps
> > showing after a few days. How can I deleted forever? I don=E2=80=99t=
have
> > nothing against you but I don=E2=80=99t want this app.=20
> > Hope you can help me!
> > Liz
>=20
>=20
--07d7997355c74335b64997b537d5138b
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: quoted-printable
It sounds as if=
the user has installed a trojan monero miner, either through not updati=
ng their machine like is recommended, or from installing pirated audio p=
roduction software from bittorrent trackers or shady web sites, which ha=
ve been bundling such miner virtual machines for at least two years now.=
They boot a Linux virtual machine that gobbles up at least an entire cp=
u core mining for an anonymous pool, and therefore probably isn't tracea=
ble. It used to be that the variant, LoudMiner, used qemu with hvf on ma=
cOS, and VirtualBox on Windows, but now it seems variants are branching =
out to using qemu with intel haxm on Windows machines.
> On Fri, Sep 11, 2020, at 2:09 AM, Narcis Garcia via wrote:r> How is "Host=
services 64.exe" related to Qemu?
v>
Narcis Garcia
El 10/9/20 a les 20:51=
, Liz C ha escrit:
> Hi.
> I=E2=80=
=99ve never installed your app but I have it in my computer (I don=E2=80=
=99t
> know why). My antivirus says that Host services =
64.exe is a troyan
> virus. I uninstalled it many times=
and deleted everything but it keeps
> showing after a =
few days. How can I deleted forever? I don=E2=80=99t have
= > nothing against you but I don=E2=80=99t want this app. iv> > Hope you can help me!
> Liz
=
--07d7997355c74335b64997b537d5138b--
--===============2062696603==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
--===============2062696603==--
--===============2062696603==
Content-Type: multipart/alternative; boundary=07d7997355c74335b64997b537d5138b
--07d7997355c74335b64997b537d5138b
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
It sounds as if the user has installed a trojan monero miner, either thr=
ough not updating their machine like is recommended, or from installing =
pirated audio production software from bittorrent trackers or shady web =
sites, which have been bundling such miner virtual machines for at least=
two years now. They boot a Linux virtual machine that gobbles up at lea=
st an entire cpu core mining for an anonymous pool, and therefore probab=
ly isn't traceable. It used to be that the variant, LoudMiner, used qemu=
with hvf on macOS, and VirtualBox on Windows, but now it seems variants=
are branching out to using qemu with intel haxm on Windows machines.
On Fri, Sep 11, 2020, at 2:09 AM, Narcis Garcia via wrote:
> How is "Host services 64.exe" related to Qemu?
>=20
>=20
>=20
> Narcis Garcia
> El 10/9/20 a les 20:51, Liz C ha escrit:
> > Hi.
> > I=E2=80=99ve never installed your app but I have it in my computer =
(I don=E2=80=99t
> > know why). My antivirus says that Host services 64.exe is a troyan
> > virus. I uninstalled it many times and deleted everything but it kee=
ps
> > showing after a few days. How can I deleted forever? I don=E2=80=99t=
have
> > nothing against you but I don=E2=80=99t want this app.=20
> > Hope you can help me!
> > Liz
>=20
>=20
--07d7997355c74335b64997b537d5138b
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: quoted-printable
It sounds as if=
the user has installed a trojan monero miner, either through not updati=
ng their machine like is recommended, or from installing pirated audio p=
roduction software from bittorrent trackers or shady web sites, which ha=
ve been bundling such miner virtual machines for at least two years now.=
They boot a Linux virtual machine that gobbles up at least an entire cp=
u core mining for an anonymous pool, and therefore probably isn't tracea=
ble. It used to be that the variant, LoudMiner, used qemu with hvf on ma=
cOS, and VirtualBox on Windows, but now it seems variants are branching =
out to using qemu with intel haxm on Windows machines.
> On Fri, Sep 11, 2020, at 2:09 AM, Narcis Garcia via wrote:r> How is "Host=
services 64.exe" related to Qemu?
v>
Narcis Garcia
El 10/9/20 a les 20:51=
, Liz C ha escrit:
> Hi.
> I=E2=80=
=99ve never installed your app but I have it in my computer (I don=E2=80=
=99t
> know why). My antivirus says that Host services =
64.exe is a troyan
> virus. I uninstalled it many times=
and deleted everything but it keeps
> showing after a =
few days. How can I deleted forever? I don=E2=80=99t have
= > nothing against you but I don=E2=80=99t want this app. iv> > Hope you can help me!
> Liz
=
--07d7997355c74335b64997b537d5138b--
--===============2062696603==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
--===============2062696603==--
|
|
