Home ]

KOL IS BAAACK...!!!

10 Ogos,K.Kinabalu- Ehh balik balik KOL is back.., tapi lapas tu senyaap . Batah bahao tia update lagi.

"Ngapaaa........" "hangat hangat tahi hayam?" "apa jadi dengan KOL".... begitu pertanyaan para pengunjung dengan pihak kami apabila KOL tidak dikemaskini selama sebulan.

Kalau diteliti, nyatalah KOL memang mempunyai pembaca yang setia, inda dapat dinafikan lagi.

Caitanya macam biasaa tah tu, masalah pc. KOL telah menghantar pengumuman mengenainya kepada anggota KOL group, tetapi di dalam masa yang sama kita memahami bahawa bukan semua pembaca KOL menjadiaanggota forum berkenaan. Sekali lagi KOL memohon maaf kepada pembaca kerana masalah ini. Insya Allah kita akan memperbaiki lagi perkhidmatan kita di masa yang akan datang. Di dalam masa yang sama pihak kami ingin sangat untuk mempunyai alamat dotcom sendiri...

sebenarnya kita telah menyimpaan www.kedayan.com, tapi untuk menggunakannya kita mesti membayar USD19 setahun. Ini belum termasuk simpanan laman web di server yang lengkap dengan kemudahan cgi untuk emel kedayan yang lebih canggih dan dapat kamu buka dari outlook express, kosnya kalau di tmnet, antara RM300-RM500.00

Inda jua banyak laa kan, tapi KOL memang memerlukan dermawan untuk tujuan itu. Ada yang sanggup ndarma?

KOL

END

[HOME]

 

Juragan Landak dan Baca Kedayan

Assalamualaikum.....



Bertemu lagi kita pada hari ini. Masihkah KOL mengenali saya? Saya ialah Aaron Bonafides atau Schaffronny Effendy. Tetapi untuk kali ini saya akan menggunakan nama pena THE PACIFIST-PSYCHE'S PSUEDONYM. Kali ini saya akan menyambung cerita saya dulu mengenai Juragan Landak dan sedikit Ilmu jampi Kedayan. Selamat membaca....!



A. Juragan Landak-Kapten kepada Raja Brooke.



Beliau ialah Kapten Kapal 'His Highness the Rajah's Launch'. Beliau ini seorang Kedayan. Beliau juga adalah pengasas dan bapa kepada Kampung Sungai Lumut di Kuching. Kampung Sungai Lumut didiami oleh 19 buah keluarga yang terdiri dari tiga kaum iaitu Kedayan, Melayu dan Indonesia. Berikut adalah senarai individu Kedayan terpenting di Kampung tersebut.



I. Puan Yot binti Dollah



Beliau ialah isteri kedua kepada Juragan Landak. Beliau mempunyai tiga orang anak iaitu dua orang perempuan dan seorang lelaki. Memiliki lebih daripada 30 ekar tanah. Tanah tersebut diwarisi daripada Juragan Landak(meninggal pada 1940). Sebenarnya Juragan Landak memiliki lebih daripada 40 ekar tanah tetapi 7 ekar telah ditukarmilik kepada Said, Tuah dan Nama. Said adalah seorang muallaf berketurunan Iban. Beliau adalah Wakil Peribadi kepada Juragan Landak. Manakala Tuah dan Nama ialah ipar kepada Juragan Landak. Sebenarnya Juragan Landak tidak dibenarkan menukarkan hak milik tanah tanpa persetujuan Raja Brooke. Dokumen bertarikh 16 Oktober 1908 membenarkan tukar milik tanah tersebut.



II. Encik Zain bin Haji Taib



Beliau ialah suami kepada anak Juragan Landak yang sulong. Beliau mempunyai 6 orang anak perempuan. Mengusahakan 7 ekar tanah milik Puan Yot binti Dollah termasuk juga 5 ekar tanah milik Encik Pangis bin Radat yang telah meninggal dunia(Segala peristiwa dan individu yang diceritakan di sini adalah berdasarkan sebuah artikel yang ditulis sebelum Sarawak merdeka).



III. Encik Esek



Berpindah dari kampung Rambungan 4 tahun lalu. Kampung Ranbungan terletak di Delta Barat Sarawak. Isterinya adalah bersaudara dengan Encik Sembali bin Radat yang telah meninggal dunia iaitu pemilik asal tanah yang didudukinya. Sebenarnya beliau mengambil tanah tersebut 'rather swiftly' memandangkan Encik Sembali masih mempunyai seorang saudara di Sibuti-Miri iaitu Encik Dagong bin Radat.



IV. Haji Taib bin Haji Keria



Beliau telah berpindah dari Kampung Apong, Samarahan kira-kira 40 tahun lalu. Beliau amat dihormati di dalam kampung. Memiliki kebun kelapa yang luas. Pada asalnya beliau ada menternak kerbau tetapi telah menjualnya untuk pergi ke Mekah. Beliau memiliki rumah yang baik iaitu beratapkan kayu berlian.



V. Sahari bin Khamis bin Dollah



Encik Dollah adalah berasal dari Brunei. Manakala Encik Khamis pula telah berkahwin dengan salah seorang anak Juragan Landak. Oleh kerana Encik Sahari adalah cucu lelaki tertua di kampung tersebut beliau telah dilantik sebagai Wakil Tua Kampung. Perlantikkan tersebut juga disokokng oleh bukti-bukti yang berupa dokumen-dokumen Brooke.



Selain daripada nama-nama di atas ada beberapa lagi individu Kedayan di kampung tersebut.





B. Ilmu jampi Kedayan.



Saya tidak begitu pasti sama ada artikel yang akan saya muatkan ini adalah jampi atau doa. Terpulanglah kepada KOL untuk mentafsirkannya. Ilmu jampi ini sya perolehi dari sebuah nota yang bertarikh 1975. Saya sendi belum lahir. Selamat membaca...!



1. Aing Panawar Buatan Urang



Bismillahir rahmanir rahim

Alhamdulillahi rabbil alamin

Masuk tawar kaluar bisa

Masuk tawar kaluar bisa

Masuk tawar kaluar bisa

Warasulullah wa alaihi wassalam.



2. Pakai Balumba



Turun kata Allah

Bajalan ujar Muhammad

Barakat Laillahaillalah

Barakat aku di kandung Allah.



*Ada unsur-unsur Syirik.



3. Supaya Urang Inda Marah



Bismillah pinangku

Si Raja Buntar Kapur

Intan salasih

Tunduk hatimu kasar

Duduk hatimu kasih.



*Ada unsur-unsur Syirik.



4. Tawar Racun



Racun bisa-bisa

Upas bisa-bisa

Anak kaculum bisa-bisa

Aku tahu asalmu jadi racun

Dari tik mani Saigalapa

Asalmu jadi racun Barakat Lailahaillallah

Barakat Muhammad Rasul Allah

Barakat aku makai tawar bisa.



*Ada unsur-unsur Syirik.



5. Tawar Katulangan



Bismillahir rahmnanir rahim

Takuyung bintang

Palu-palu balah

Mahamuju mahalintang

Luput akan kasabalah

Ngarasa akan nganya aku

Suruhan Tuhan



*No comment...KOL?



6. Tawar Paning



Bismillahir rahmanir rahim

Si Julak Si Julak Kuning

Lahia mati buaja

Tulak-tulak kau paning

Aku nawari kau macam anak raja.



*Ada unsur-unsur Syirik.



7. Manukar Parsalinan



Aku makan pinang

Basirih Si Ambang Kuning

Batumpah padang baluka

Muda pasalinanku

Dari Si Ambang Kuning

Urangkan malihat aku

Macanm anak Raja Achih.



*Ada unsur-unsur Syirik.



Agaknya cukup dahulu untuk kali ini. Semoga apa yang saya ketengahkan ini mampu memberi sedikit pengetahuan kepada KOL. Walaupun saya agak kecewa kerana permintaan saya untuk mengetahui mengenai Labai lebih lanjut tidak mendapat respons tetapi saya tetap menghormati KOL. Sekian Terima Kasih.



THE PACIFIST-PSYCHE'S PSUEDONYM @ AARON BONAFIDES @ SCHAFFRONNY EFFENDY.

Bekenu.

Sarawak.

Terima kasih Sdr Aaron- KOL

END

[HOME]

 

W32.Sircam.Worm@mm

11 Ogos- K.Kinabalu, KOL merasakan terpanggil untuk membincangkan isu ini setelah pihak kami banyak menerima email yang dikirim oleh worm ani dari para pembaca. Bayangkan, attachment yang kana kiim tu ada yang biasa biasa nganya, tapi ada yang kana attach tu boleh dikatakan dokumen penting, kana kiim oleh worm ani aah kami (oang lain pun dapat tu) pasal working paper, suat yang kan dikiim akan pasal mohon pindah, ada lagi suat yang kana kiim agreemen pasal njual tanah, di kiim oleh pc anda tanpa disedari. Malang....!

Jadi dua haii lapas ada kami mgiimakan antidot fixsirC.exe untuk samuha ahli KOL Group...

Ada yang batanya labih lanjut pasal worm ani. Jadi anitah kami paparkan tulisan oleh owang yang pandai pandai pasal virus.... baca tia


Due to an increased rate of virus submissions, The Symantec AntiVirus Research Center (SARC) has upgraded W32.Sircam.Worm@mm from a level 3 to a level 4 virus threat.

W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm.
Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000.

SARC has created a tool to remove this worm.

CAUTION: In some cases, if you have had NAV quarantine or delete infected files, you will not be able to run .exe files, however you will still be able to run the removal tool.

Also Known As: W32/SirCam@mm, Backdoor.SirCam

Type: Worm 

Damage:

Payload Trigger: 1) October 16th, or some attached file contents, triggers file deletion payload. 2) If the file deletion occured, or after 8000 executions, triggers the space filler payload.

Large scale e-mailing: The worm appends a random document from the infected PC to itself and sends this new file via email 

Deletes files: 1 in 20 chance of deleting all files and directories on C:. Only occurs on systems where the date is October 16 and which are using D/M/Y as the date format. Always occurs if attached file contains "FS2" not followed by "sc".  

Degrades performance: 1 in 50 chance of filling all remaining space on the C: drive by adding text to the file c:\recycled\sircam.sys  

Releases confidential info: It will export a random document from the hard drive by appending it to the body of the worm

Distribution:
Subject of email: Random subject - the filename of the attachment
Name of attachment: A file from the sender's computer with the extension .bat, .com, .lnk, or .pif added to it.
Size of attachment: at least 134kb long
Shared drives: searchs for shared drives and copies itself to those it finds

 

Technical description:

This worm arrives as an email message with the following content:

Subject: The subject of the email will be random, and will be the same as the file name of the email attachment.
Attachment: The attachment is a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.
Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks

Between these two sentences, some of the following text may appear:

Spanish Version:
Te mando este archivo para que me des tu punto de vista
Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es el archivo con la informaci=n que me pediste

English Version:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for

When run, the worm performs the following actions:

1. It creates copies of itself as %TEMP%\sircam.exe and C:\Recycled\sircam.exe name>, which contain the attached document. This document is then run using the program registered to handle the specific file type. For example, if it is saved as a file with the .doc extension, it will run using Microsoft Word or Wordpad. A file with the .xls extension will open in Excel, and one with the .zip extension will open in your default zip program, such as WinZip.

2. It copies itself to C:\Recycled\Sirc32.exe and %System%\Scam32.exe.


3. It adds the value

Driver32=%System%\scam32.exe

to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\RunServices

4. It creates the following registry key:

HKEY_LOCAL_MACHINE\Software\SirCam

with the following values:
FB1B - Stores the file name of the worm as stored in the Recycled directory.
FB1BA - Stores the SMTP IP address.
FB1BB - Stores the email address of the sender.
FC0 - Stores the number of times the worm has executed.
FC1 - Stores what appears to be the version number of the worm.
FD1 - Stores the file name of worm that has been executed, without the suffix.

5. The (Default) value of the registry key

HKEY_CLASSES_ROOT\exefile\shell\open\command

is set to

C:\recycled\sirc32.exe "%1" %*"

This enables the worm to execute itself any time that an .exe file is run.

6. The worm is network aware, and it will enumerate the network resources to infect shared systems. If any are found, it will do the following:
Attempt to copy itself to <Computer>\Recycled\Sirc32.exe
Add the line "@win \recycled\sirc32.exe" to the file <Computer>\Autoexec.bat
Copy <Computer>\Windows\Rundll32.exe to <Computer>\Windows\Run32.exe
Replace <Computer>\Windows\rundll32.exe with C:\Recycled\Sirc32.exe
7. There is a 1 in 33 chance that the following actions will occur:
The worm copies itself from C:\Recycled\Sirc32.exe to %Windows%\Scmx32.exe
The worm copies itself as "Microsoft Internet Office.exe" to the folder referred to by the registry key:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Shell Folders\Startup
8. There is a 1 in 20 chance that on October 16th of any year, the worm will recursively delete all files and folders on the C drive.
This payload functions only on computers which use the date format D/M/Y (as opposed to M/D/Y or similar formats).

Additionally, the payload will always activate immediately, regardless of date and date format, if the file attached to the worm contains the sequence "FA2" without the letters "sc" following immediately.

9. If this payload activates, the file C:\Recycled\Sircam.sys is created and filled with text until there is no remaining disk space. The text is one of two strings:
[SirCam_2rp_Ein_NoC_Rma_CuiTzeO_MicH_MeX]
or
[SirCam Version 1.0 Copyright ¬ 2000 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico]
10. The worm contains its own SMTP engine which is used for the email routine. It obtains email addresses through two different methods:
It searches the folders that are referred to by the registry keys

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Shell Folders\Cache

and

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Shell Folders\Personal

for sho*., get*., hot*., *.htm files, and copies email addresses from there into the file %system%\sc?1.dll

where ? is a different letter for each location, as follows:
scy1.dll: addresses from %cache%\sho*., hot*., get*.
sch1.dll: addresses from %personal%\sho*., hot*., get*.
sci1.dll: addresses from %cache%\*.htm
sct1.dll: addresses from %personal%\*.htm
It searches %system% and all subfolders for *.wab (all Windows Address Books) and copies addresses from there into %system%\scw1.dll.
11. It searches the folders referred to by the registry keys:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Shell Folders\Personal

and

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Shell Folders\Desktop

for files of type .doc, .xls, and .zip, and stores the filenames in %system%\scd.dll. One of these files will be appended to the worm's original executable and this new file will be sent as the email attachment.

The From: email address and mail server are taken from the registry. If no email account exists, then the current user name will be prepended to "prodigy.net.mx", eg if the current user logged on as JSmith, then the address will be "jsmith@prodigy.net.mx". Then the worm will attempt to connect to a mail server. This will be either the mail server taken from the registry, or one of
prodigy.net.mx
goeke.net
enlace.net
dobleclick.com.mx

The language used for the mail depends on the language used by the sender. If the sender uses Spanish, then the mail will be in Spanish, otherwise it will be in English. The attachment is chosen randomly from the list of files in the scd.dll.

CAUTION:

1. In some cases, if you have had NAV quarantine or delete infected files, you will not be able to run .exe files, however you will still be able to run the removal tool.

2.If you are using Windows Me, and a copy of the worm is detected in the _Restore folder when running the tool, the tool cannot remove it from that folder, as it is protected by Windows. 

If you are on a network, or have a full time connection to the Internet, disconnect the computer from the network and the Internet. Disable or password protect file sharing before reconnecting computers to the network or to the internet. 


IMPORTANT: Do not skip this step. You must disconnect from the network before attempting to remove this worm.

If a computer was infected more the once, as can happen when using shared folders across a network, the Run32.exe file will have been be overwritten with an infected copy of the Run32dll.exe. If you see more than one entry of "@win \recycled\sirc32.exe" when performing the steps in the section "To edit the Autoexec.bat file", do not attempt to rename the file. Instead, you must delete the Run32.exe and the Run32dll.exe files and then extract an new copy of Run32dll.exe from a clean back up or from the Windows installation CD. See your Windows documentation for information on how to do this.



Write-up by: Peter Ferrie and Peter Szor

 Ehsan Symantec, 2001

Jadi KOL berharap para pembaca tidak mengambil ringan masalah yang ditimbulkan oleh worm ini

KOL 

END

[HOME]

 

 
Copyright © 2000 PAADIANinc. Send mail to PAADIANinc with questions or comments about this web site.