<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_02_12_1455203</id>
	<title>Rootkit May Be Behind Windows Blue Screen</title>
	<author>kdawson</author>
	<datestamp>1265995860000</datestamp>
	<htmltext>L3sPau1 writes <i>"A <a href="http://patrickwbarnes.com/blog/2010/02/microsoft-update-kb977165-triggering-widespread-bsod/">rootkit infection may be the cause</a> of a Windows <a href="//tech.slashdot.org/story/10/02/11/2217239/Windows-Patch-Leaves-Many-XP-Users-With-Blue-Screens">Blue Screen of Death issue</a> experienced by Windows XP users who applied the latest round of Microsoft patches. It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches. Researcher Patrick W. Barnes, investigating the issue, has isolated the infection to the Windows atapi.sys file, a driver used by Windows to connect hard drives and other components. Barnes identified the infection as the Tdss-rootkit, which surfaced last November and has been spreading quickly, creating zombie machines for botnet activity."</i></htmltext>
<tokenext>L3sPau1 writes " A rootkit infection may be the cause of a Windows Blue Screen of Death issue experienced by Windows XP users who applied the latest round of Microsoft patches .
It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches .
Researcher Patrick W. Barnes , investigating the issue , has isolated the infection to the Windows atapi.sys file , a driver used by Windows to connect hard drives and other components .
Barnes identified the infection as the Tdss-rootkit , which surfaced last November and has been spreading quickly , creating zombie machines for botnet activity .
"</tokentext>
<sentencetext>L3sPau1 writes "A rootkit infection may be the cause of a Windows Blue Screen of Death issue experienced by Windows XP users who applied the latest round of Microsoft patches.
It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches.
Researcher Patrick W. Barnes, investigating the issue, has isolated the infection to the Windows atapi.sys file, a driver used by Windows to connect hard drives and other components.
Barnes identified the infection as the Tdss-rootkit, which surfaced last November and has been spreading quickly, creating zombie machines for botnet activity.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116630</id>
	<title>How could one check for rootkits?</title>
	<author>trytoguess</author>
	<datestamp>1266004560000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>The comments here suggest ideally using a bootable CD to scan the drive, but what exactly should one use?</p></htmltext>
<tokenext>The comments here suggest ideally using a bootable CD to scan the drive , but what exactly should one use ?</tokentext>
<sentencetext>The comments here suggest ideally using a bootable CD to scan the drive, but what exactly should one use?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116658</id>
	<title>Tell You What (Re:Ah, well, that lets Microsoft...</title>
	<author>EXTomar</author>
	<datestamp>1266004740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem isn't that Microsoft needs to insure compatibility with third party software.  It is the fact that they allowed someone to modify their core OS system in this way to begin with.  The world has the development and technology to make the OS at that level "tamper proof" but why hasn't been done yet?</p><p>I'll tell you what: If Microsoft wants to enforce WGA and other validation schemes then they should at least make sure there isn't something else running around the kernel.  At this point too many users can't tell the difference between WGA and some kit where if they aren't going to provide some validation of the running software then what is the real difference between their "service" and malware?</p></htmltext>
<tokenext>The problem is n't that Microsoft needs to insure compatibility with third party software .
It is the fact that they allowed someone to modify their core OS system in this way to begin with .
The world has the development and technology to make the OS at that level " tamper proof " but why has n't been done yet ? I 'll tell you what : If Microsoft wants to enforce WGA and other validation schemes then they should at least make sure there is n't something else running around the kernel .
At this point too many users ca n't tell the difference between WGA and some kit where if they are n't going to provide some validation of the running software then what is the real difference between their " service " and malware ?</tokentext>
<sentencetext>The problem isn't that Microsoft needs to insure compatibility with third party software.
It is the fact that they allowed someone to modify their core OS system in this way to begin with.
The world has the development and technology to make the OS at that level "tamper proof" but why hasn't been done yet?I'll tell you what: If Microsoft wants to enforce WGA and other validation schemes then they should at least make sure there isn't something else running around the kernel.
At this point too many users can't tell the difference between WGA and some kit where if they aren't going to provide some validation of the running software then what is the real difference between their "service" and malware?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116202</id>
	<title>Re:Sounds like a good thing</title>
	<author>Anonymous</author>
	<datestamp>1266002640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>That's one way of forcing users to take care of an infection.</p></div><p>A lot of rootkits are now exposed, time to clean up folks!</p></div>
	</htmltext>
<tokenext>That 's one way of forcing users to take care of an infection.A lot of rootkits are now exposed , time to clean up folks !</tokentext>
<sentencetext>That's one way of forcing users to take care of an infection.A lot of rootkits are now exposed, time to clean up folks!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116492</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Z34107</author>
	<datestamp>1266003960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You're assuming your tool can detect the rootkit in <i>any</i> case.</p><p>If it can detect it during an offline scan, it can probably detect it during an online scan too.  (Of course, the rootkit will have the opportunity to hide itself or destroy your tool.)  ComboFix and MalwareBytes are especially good at removing TDSS.</p></htmltext>
<tokenext>You 're assuming your tool can detect the rootkit in any case.If it can detect it during an offline scan , it can probably detect it during an online scan too .
( Of course , the rootkit will have the opportunity to hide itself or destroy your tool .
) ComboFix and MalwareBytes are especially good at removing TDSS .</tokentext>
<sentencetext>You're assuming your tool can detect the rootkit in any case.If it can detect it during an offline scan, it can probably detect it during an online scan too.
(Of course, the rootkit will have the opportunity to hide itself or destroy your tool.
)  ComboFix and MalwareBytes are especially good at removing TDSS.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116520</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>jedidiah</author>
	<datestamp>1266004140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt; Saying Microsoft is responsible for ensuring compatability with 3rd party software is ludicrious.</p><p>Not at all. This is their main selling point.</p></htmltext>
<tokenext>&gt; Saying Microsoft is responsible for ensuring compatability with 3rd party software is ludicrious.Not at all .
This is their main selling point .</tokentext>
<sentencetext>&gt; Saying Microsoft is responsible for ensuring compatability with 3rd party software is ludicrious.Not at all.
This is their main selling point.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31117032</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Anonymous</author>
	<datestamp>1266006780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><blockquote><div><p>After all, there's no way that their malware tool could have spotted it</p></div></blockquote><p>If a system has been rooted, nothing short of booting to another OS from a known clean media, mounting the disk read only, and scanning, is guaranteed to detect a root kit.</p><p>That'd make updates a <i>real</i> pain in the arse to install...</p></div><p>Not so sure of that statement. Linux systems, yes, rootkits are invisible. However, on a Windows system, to the best of my knowledge, a rootkit has to have a driver running to be enabled. Given that this tdss rootkit is a known current threat, surely the malware remover should be looking for low level unknown drivers?</p></div>
	</htmltext>
<tokenext>After all , there 's no way that their malware tool could have spotted itIf a system has been rooted , nothing short of booting to another OS from a known clean media , mounting the disk read only , and scanning , is guaranteed to detect a root kit.That 'd make updates a real pain in the arse to install...Not so sure of that statement .
Linux systems , yes , rootkits are invisible .
However , on a Windows system , to the best of my knowledge , a rootkit has to have a driver running to be enabled .
Given that this tdss rootkit is a known current threat , surely the malware remover should be looking for low level unknown drivers ?</tokentext>
<sentencetext>After all, there's no way that their malware tool could have spotted itIf a system has been rooted, nothing short of booting to another OS from a known clean media, mounting the disk read only, and scanning, is guaranteed to detect a root kit.That'd make updates a real pain in the arse to install...Not so sure of that statement.
Linux systems, yes, rootkits are invisible.
However, on a Windows system, to the best of my knowledge, a rootkit has to have a driver running to be enabled.
Given that this tdss rootkit is a known current threat, surely the malware remover should be looking for low level unknown drivers?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116312</id>
	<title>mommy</title>
	<author>pydev</author>
	<datestamp>1266003120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Mommy, the root kit did it!</p></htmltext>
<tokenext>Mommy , the root kit did it !</tokentext>
<sentencetext>Mommy, the root kit did it!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370</id>
	<title>Ah, well, that lets Microsoft off the hook then</title>
	<author>Anonymous</author>
	<datestamp>1265999640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>After all, there's no way that their malware tool could have spotted it, or the update could have checksummed the files before patching them.

</p><p>If they put half as much effort into their anti-malware activities as they do into their DRM regime, the world would be a better place.  We'd all have unicorns, and a pot of gold.</p></htmltext>
<tokenext>After all , there 's no way that their malware tool could have spotted it , or the update could have checksummed the files before patching them .
If they put half as much effort into their anti-malware activities as they do into their DRM regime , the world would be a better place .
We 'd all have unicorns , and a pot of gold .</tokentext>
<sentencetext>After all, there's no way that their malware tool could have spotted it, or the update could have checksummed the files before patching them.
If they put half as much effort into their anti-malware activities as they do into their DRM regime, the world would be a better place.
We'd all have unicorns, and a pot of gold.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122646</id>
	<title>Tuesday patch ruined my XP</title>
	<author>Anonymous</author>
	<datestamp>1265982300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Fix BSOD or buy W7 seems to be my choice.  A service call for $XX or pay Wally World $118.72 for Win7, either is a lot less scary than a free Linux CD.</p><p>This rootkit may be way more cost effective than another stupid M$ TV commercial</p></htmltext>
<tokenext>Fix BSOD or buy W7 seems to be my choice .
A service call for $ XX or pay Wally World $ 118.72 for Win7 , either is a lot less scary than a free Linux CD.This rootkit may be way more cost effective than another stupid M $ TV commercial</tokentext>
<sentencetext>Fix BSOD or buy W7 seems to be my choice.
A service call for $XX or pay Wally World $118.72 for Win7, either is a lot less scary than a free Linux CD.This rootkit may be way more cost effective than another stupid M$ TV commercial</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Com2Kid</author>
	<datestamp>1266000000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><blockquote><div><p>After all, there's no way that their malware tool could have spotted it</p></div></blockquote><p>If a system has been rooted, nothing short of booting to another OS from a known clean media, mounting the disk read only, and scanning, is guaranteed to detect a root kit.</p><p>That'd make updates a <i>real</i> pain in the arse to install...</p></div>
	</htmltext>
<tokenext>After all , there 's no way that their malware tool could have spotted itIf a system has been rooted , nothing short of booting to another OS from a known clean media , mounting the disk read only , and scanning , is guaranteed to detect a root kit.That 'd make updates a real pain in the arse to install.. .</tokentext>
<sentencetext>After all, there's no way that their malware tool could have spotted itIf a system has been rooted, nothing short of booting to another OS from a known clean media, mounting the disk read only, and scanning, is guaranteed to detect a root kit.That'd make updates a real pain in the arse to install...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31159690</id>
	<title>bsod</title>
	<author>Anonymous</author>
	<datestamp>1266312540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I had similiar problem few months ago (october 2009) with the same error causing windows to BSOD with atapi.sys...I didn't even think that this could be because of rootkit infection..Firstly i've removed the CD-ROM/IDE because of atapi.sys, but BSOD was still present, then i  changed motherboard with new one, but there was still BSOD arround, finaly i change hard disk with clean installation and BSOD has gone..</p></htmltext>
<tokenext>I had similiar problem few months ago ( october 2009 ) with the same error causing windows to BSOD with atapi.sys...I did n't even think that this could be because of rootkit infection..Firstly i 've removed the CD-ROM/IDE because of atapi.sys , but BSOD was still present , then i changed motherboard with new one , but there was still BSOD arround , finaly i change hard disk with clean installation and BSOD has gone. .</tokentext>
<sentencetext>I had similiar problem few months ago (october 2009) with the same error causing windows to BSOD with atapi.sys...I didn't even think that this could be because of rootkit infection..Firstly i've removed the CD-ROM/IDE because of atapi.sys, but BSOD was still present, then i  changed motherboard with new one, but there was still BSOD arround, finaly i change hard disk with clean installation and BSOD has gone..</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116650</id>
	<title>Good way to lose users</title>
	<author>Anonymous</author>
	<datestamp>1266004680000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>Several weeks ago, I worked on a PC that was probably infected after doing a few Google Image Searches or browsing DeviantArt or something of that nature.  I tried multiple virus/malware programs (AVG, Avast, Adaware, MalwareBytes, Spybot).  I thought I got rid of the infection...then a Windows Update caused her computer to blue screen on boot.</p><p>My solution?</p><p><a href="http://www.ubuntu.com/GetUbuntu/download" title="ubuntu.com">http://www.ubuntu.com/GetUbuntu/download</a> [ubuntu.com]</p></htmltext>
<tokenext>Several weeks ago , I worked on a PC that was probably infected after doing a few Google Image Searches or browsing DeviantArt or something of that nature .
I tried multiple virus/malware programs ( AVG , Avast , Adaware , MalwareBytes , Spybot ) .
I thought I got rid of the infection...then a Windows Update caused her computer to blue screen on boot.My solution ? http : //www.ubuntu.com/GetUbuntu/download [ ubuntu.com ]</tokentext>
<sentencetext>Several weeks ago, I worked on a PC that was probably infected after doing a few Google Image Searches or browsing DeviantArt or something of that nature.
I tried multiple virus/malware programs (AVG, Avast, Adaware, MalwareBytes, Spybot).
I thought I got rid of the infection...then a Windows Update caused her computer to blue screen on boot.My solution?http://www.ubuntu.com/GetUbuntu/download [ubuntu.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31121218</id>
	<title>Re:Tell You What (Re:Ah, well, that lets Microsoft</title>
	<author>jeff4747</author>
	<datestamp>1265975760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>The world has the development and technology to make the OS at that level "tamper proof" but why hasn't been done yet?</p></div></blockquote><p>No, actually it doesn't.  That's because it's impossible to make it "tamper proof".</p><p>Come up with any protection mechanism you'd like.  As long as the computer still turns on, malware can infect it.</p></div>
	</htmltext>
<tokenext>The world has the development and technology to make the OS at that level " tamper proof " but why has n't been done yet ? No , actually it does n't .
That 's because it 's impossible to make it " tamper proof " .Come up with any protection mechanism you 'd like .
As long as the computer still turns on , malware can infect it .</tokentext>
<sentencetext>The world has the development and technology to make the OS at that level "tamper proof" but why hasn't been done yet?No, actually it doesn't.
That's because it's impossible to make it "tamper proof".Come up with any protection mechanism you'd like.
As long as the computer still turns on, malware can infect it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116658</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116904</id>
	<title>It's not a bug, it's a feature.</title>
	<author>gimmebeer</author>
	<datestamp>1266006060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Your computer is more secure now.   You're welcome.  -Microsoft</htmltext>
<tokenext>Your computer is more secure now .
You 're welcome .
-Microsoft</tokentext>
<sentencetext>Your computer is more secure now.
You're welcome.
-Microsoft</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31118236</id>
	<title>cache of related info</title>
	<author>bl8n8r</author>
	<datestamp>1265967180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>(since TFA appears down at this time)..</p><p><a href="http://isc.sans.org.nyud.net/diary.html?storyid=8209" title="nyud.net">http://isc.sans.org.nyud.net/diary.html?storyid=8209</a> [nyud.net]<br><a href="http://forums.malwarebytes.org.nyud.net/index.php?showtopic=39655" title="nyud.net">http://forums.malwarebytes.org.nyud.net/index.php?showtopic=39655</a> [nyud.net]<br><a href="http://www.wilderssecurity.com.nyud.net/showthread.php?p=1622432" title="nyud.net">http://www.wilderssecurity.com.nyud.net/showthread.php?p=1622432</a> [nyud.net]<br><a href="http://www.prevx.com.nyud.net/blog/139/Tdss-rootkit-silently-owns-the-net.html" title="nyud.net">http://www.prevx.com.nyud.net/blog/139/Tdss-rootkit-silently-owns-the-net.html</a> [nyud.net]</p></htmltext>
<tokenext>( since TFA appears down at this time ) ..http : //isc.sans.org.nyud.net/diary.html ? storyid = 8209 [ nyud.net ] http : //forums.malwarebytes.org.nyud.net/index.php ? showtopic = 39655 [ nyud.net ] http : //www.wilderssecurity.com.nyud.net/showthread.php ? p = 1622432 [ nyud.net ] http : //www.prevx.com.nyud.net/blog/139/Tdss-rootkit-silently-owns-the-net.html [ nyud.net ]</tokentext>
<sentencetext>(since TFA appears down at this time)..http://isc.sans.org.nyud.net/diary.html?storyid=8209 [nyud.net]http://forums.malwarebytes.org.nyud.net/index.php?showtopic=39655 [nyud.net]http://www.wilderssecurity.com.nyud.net/showthread.php?p=1622432 [nyud.net]http://www.prevx.com.nyud.net/blog/139/Tdss-rootkit-silently-owns-the-net.html [nyud.net]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115832</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Anonymous</author>
	<datestamp>1266001320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If a rootkit is that good at hiding itself, it wouldn't trigger a BSOD, let alone get featured on Slashdot twice. This is what I call a failed rootkit.</p></htmltext>
<tokenext>If a rootkit is that good at hiding itself , it would n't trigger a BSOD , let alone get featured on Slashdot twice .
This is what I call a failed rootkit .</tokentext>
<sentencetext>If a rootkit is that good at hiding itself, it wouldn't trigger a BSOD, let alone get featured on Slashdot twice.
This is what I call a failed rootkit.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31118262</id>
	<title>MS10-015 bulletin notification issue with Windows</title>
	<author>Anonymous</author>
	<datestamp>1265967300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Today, here in France we have received this email from our Microsoft account manager:</p><p><i><br>I would like to inform you that Microsoft Support has received several calls about issues (STOP 0x7E) after applying MS10-015.</i></p><p><i>Affected PCs appear to be DELL systems with Windows XP.</i></p><p><i>We are researching the root cause of these issues. The solution to recover from this issue is to remove the update from the recovery console of Windows XP.</i></p><p><i>Microsoft recommendation is still to deploy MS10-015 bulletin.<br>-    If you have to deploy this update on DELL system with Windows XP, I suggest checking its installation in testing environment.<br>-    If you decide to postpone its deployment, I encourage you to use the workaround from the MS10-015 bulletin: disable the NTVDM subsystem for preventing 16-bit applications to run.<br></i></p><p>Cut the crap.</p></htmltext>
<tokenext>Today , here in France we have received this email from our Microsoft account manager : I would like to inform you that Microsoft Support has received several calls about issues ( STOP 0x7E ) after applying MS10-015.Affected PCs appear to be DELL systems with Windows XP.We are researching the root cause of these issues .
The solution to recover from this issue is to remove the update from the recovery console of Windows XP.Microsoft recommendation is still to deploy MS10-015 bulletin.- If you have to deploy this update on DELL system with Windows XP , I suggest checking its installation in testing environment.- If you decide to postpone its deployment , I encourage you to use the workaround from the MS10-015 bulletin : disable the NTVDM subsystem for preventing 16-bit applications to run.Cut the crap .</tokentext>
<sentencetext>Today, here in France we have received this email from our Microsoft account manager:I would like to inform you that Microsoft Support has received several calls about issues (STOP 0x7E) after applying MS10-015.Affected PCs appear to be DELL systems with Windows XP.We are researching the root cause of these issues.
The solution to recover from this issue is to remove the update from the recovery console of Windows XP.Microsoft recommendation is still to deploy MS10-015 bulletin.-    If you have to deploy this update on DELL system with Windows XP, I suggest checking its installation in testing environment.-    If you decide to postpone its deployment, I encourage you to use the workaround from the MS10-015 bulletin: disable the NTVDM subsystem for preventing 16-bit applications to run.Cut the crap.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31117998</id>
	<title>Societal / National Security problem...</title>
	<author>lotho brandybuck</author>
	<datestamp>1265966700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>At what point will it be decided that common rooting of a box that people are using for banking, health, etc in their house is Not Okay?
<p>
How much damage will have to occur before that point?  I feel like we've been at Sept 10th for awhile in terms of information security.
</p><p>
What is going to happen after that damage occurs??</p></htmltext>
<tokenext>At what point will it be decided that common rooting of a box that people are using for banking , health , etc in their house is Not Okay ?
How much damage will have to occur before that point ?
I feel like we 've been at Sept 10th for awhile in terms of information security .
What is going to happen after that damage occurs ?
?</tokentext>
<sentencetext>At what point will it be decided that common rooting of a box that people are using for banking, health, etc in their house is Not Okay?
How much damage will have to occur before that point?
I feel like we've been at Sept 10th for awhile in terms of information security.
What is going to happen after that damage occurs?
?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</id>
	<title>Sounds like a good thing</title>
	<author>Anonymous</author>
	<datestamp>1265999580000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>That's one way of forcing users to take care of an infection.</htmltext>
<tokenext>That 's one way of forcing users to take care of an infection .</tokentext>
<sentencetext>That's one way of forcing users to take care of an infection.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>girlintraining</author>
	<datestamp>1266000180000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>After all, there's no way that their malware tool could have spotted it, or the update could have checksummed the files before patching them.</p> </div><p>Well, actually no. Most rootkits either modify the permissions or patch critical system files that cannot be easily replaced, as this one does. It's designed to be stealthy -- so if you scan it, it will return a byte-for-byte copy of the original, which is kept elsewhere, while the operating system loads the infected one at boot.</p><p>Saying Microsoft is responsible for ensuring compatability with 3rd party software is ludicrious. This is like potholes -- while the government has a responsibility to patch the roads up so they remain drivable, cars are nonetheless designed with shocks and drivers are expected to watch for road hazards and avoid them as much as possible as well. It is a joint responsibility. Microsoft is not the sole responsible party here: The user shares the responsibility of ensuring the system has not been compromised.</p></div>
	</htmltext>
<tokenext>After all , there 's no way that their malware tool could have spotted it , or the update could have checksummed the files before patching them .
Well , actually no .
Most rootkits either modify the permissions or patch critical system files that can not be easily replaced , as this one does .
It 's designed to be stealthy -- so if you scan it , it will return a byte-for-byte copy of the original , which is kept elsewhere , while the operating system loads the infected one at boot.Saying Microsoft is responsible for ensuring compatability with 3rd party software is ludicrious .
This is like potholes -- while the government has a responsibility to patch the roads up so they remain drivable , cars are nonetheless designed with shocks and drivers are expected to watch for road hazards and avoid them as much as possible as well .
It is a joint responsibility .
Microsoft is not the sole responsible party here : The user shares the responsibility of ensuring the system has not been compromised .</tokentext>
<sentencetext>After all, there's no way that their malware tool could have spotted it, or the update could have checksummed the files before patching them.
Well, actually no.
Most rootkits either modify the permissions or patch critical system files that cannot be easily replaced, as this one does.
It's designed to be stealthy -- so if you scan it, it will return a byte-for-byte copy of the original, which is kept elsewhere, while the operating system loads the infected one at boot.Saying Microsoft is responsible for ensuring compatability with 3rd party software is ludicrious.
This is like potholes -- while the government has a responsibility to patch the roads up so they remain drivable, cars are nonetheless designed with shocks and drivers are expected to watch for road hazards and avoid them as much as possible as well.
It is a joint responsibility.
Microsoft is not the sole responsible party here: The user shares the responsibility of ensuring the system has not been compromised.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116726</id>
	<title>Product idea for Microsoft support?</title>
	<author>Anonymous</author>
	<datestamp>1266005160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why doesn't Microsoft Support make available a downloadable ISO (or a program that creates one) of a bootable CD.  After burning, that CD would contain a minimal operating system, something like System File Checker, and the name, path, and hash of every current system file for the OS to be tested.</p><p>Users would boot from that Microsoft-provided CD and let it diagnose their system.  Files failing the hash would be noted and reported to the user who might then be offered the opportunity to download known good copies directly from Microsoft.  A simple installer would place the good files where they belong and then allow the user to re-boot from his now clean hard drive.</p><p>Does this already exist and I've just missed knowing about it?  I know that I'd use it if I had one.  And not just for infestations, as it would also be very useful for repairing file corruption from degrading disk drives.</p></htmltext>
<tokenext>Why does n't Microsoft Support make available a downloadable ISO ( or a program that creates one ) of a bootable CD .
After burning , that CD would contain a minimal operating system , something like System File Checker , and the name , path , and hash of every current system file for the OS to be tested.Users would boot from that Microsoft-provided CD and let it diagnose their system .
Files failing the hash would be noted and reported to the user who might then be offered the opportunity to download known good copies directly from Microsoft .
A simple installer would place the good files where they belong and then allow the user to re-boot from his now clean hard drive.Does this already exist and I 've just missed knowing about it ?
I know that I 'd use it if I had one .
And not just for infestations , as it would also be very useful for repairing file corruption from degrading disk drives .</tokentext>
<sentencetext>Why doesn't Microsoft Support make available a downloadable ISO (or a program that creates one) of a bootable CD.
After burning, that CD would contain a minimal operating system, something like System File Checker, and the name, path, and hash of every current system file for the OS to be tested.Users would boot from that Microsoft-provided CD and let it diagnose their system.
Files failing the hash would be noted and reported to the user who might then be offered the opportunity to download known good copies directly from Microsoft.
A simple installer would place the good files where they belong and then allow the user to re-boot from his now clean hard drive.Does this already exist and I've just missed knowing about it?
I know that I'd use it if I had one.
And not just for infestations, as it would also be very useful for repairing file corruption from degrading disk drives.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116138</id>
	<title>If this was a one-time-thing, then yes.</title>
	<author>khasim</author>
	<datestamp>1266002400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>But when taken with Microsoft's entire approach, no.</p><p>Microsoft has always chosen "ease of use" over security. And then their licenses are constructed so that a large segment of the machines out there don't even have clean-bootable media to resolve issues like this.</p><p>In your pot hole analogy, Microsoft didn't build the road<nobr> <wbr></nobr>... and then then pot holes appeared. Microsoft built the road with the holes<nobr> <wbr></nobr>... and then even more appeared and they're doing nothing to mitigate the situation and they're still building the roads the same way.</p></htmltext>
<tokenext>But when taken with Microsoft 's entire approach , no.Microsoft has always chosen " ease of use " over security .
And then their licenses are constructed so that a large segment of the machines out there do n't even have clean-bootable media to resolve issues like this.In your pot hole analogy , Microsoft did n't build the road ... and then then pot holes appeared .
Microsoft built the road with the holes ... and then even more appeared and they 're doing nothing to mitigate the situation and they 're still building the roads the same way .</tokentext>
<sentencetext>But when taken with Microsoft's entire approach, no.Microsoft has always chosen "ease of use" over security.
And then their licenses are constructed so that a large segment of the machines out there don't even have clean-bootable media to resolve issues like this.In your pot hole analogy, Microsoft didn't build the road ... and then then pot holes appeared.
Microsoft built the road with the holes ... and then even more appeared and they're doing nothing to mitigate the situation and they're still building the roads the same way.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31120494</id>
	<title>Re:Product idea for Microsoft support?</title>
	<author>Anonymous</author>
	<datestamp>1265973360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Probably this would be pretty useless.  Maybe not, but probably.</p><p>You see, there are some common Windows files, but there are a lot more that are type-dependent.  So it would be dependent on the installation type (XP Pro, XP Home, Media Center Edition, etc.)  I don't know how many there are for XP, but it is more than just a few.</p><p>Next, just checking what you would like to believe is "current" isn't going to work.  There are hotfixes, optional updates and various dependencies in the updates.  Therefore you are going to have to have a hash for nearly every patch level of every file.  That would be the real killer for this - 1000 hashes for user32.exe, 25 for cdfs.sys, 2500 for ntdll.dll.  You get the idea.</p><p>This is why they haven't done that already.  Just running System File Checker would be OK, and I believe this can be done from the repair console.</p></htmltext>
<tokenext>Probably this would be pretty useless .
Maybe not , but probably.You see , there are some common Windows files , but there are a lot more that are type-dependent .
So it would be dependent on the installation type ( XP Pro , XP Home , Media Center Edition , etc .
) I do n't know how many there are for XP , but it is more than just a few.Next , just checking what you would like to believe is " current " is n't going to work .
There are hotfixes , optional updates and various dependencies in the updates .
Therefore you are going to have to have a hash for nearly every patch level of every file .
That would be the real killer for this - 1000 hashes for user32.exe , 25 for cdfs.sys , 2500 for ntdll.dll .
You get the idea.This is why they have n't done that already .
Just running System File Checker would be OK , and I believe this can be done from the repair console .</tokentext>
<sentencetext>Probably this would be pretty useless.
Maybe not, but probably.You see, there are some common Windows files, but there are a lot more that are type-dependent.
So it would be dependent on the installation type (XP Pro, XP Home, Media Center Edition, etc.
)  I don't know how many there are for XP, but it is more than just a few.Next, just checking what you would like to believe is "current" isn't going to work.
There are hotfixes, optional updates and various dependencies in the updates.
Therefore you are going to have to have a hash for nearly every patch level of every file.
That would be the real killer for this - 1000 hashes for user32.exe, 25 for cdfs.sys, 2500 for ntdll.dll.
You get the idea.This is why they haven't done that already.
Just running System File Checker would be OK, and I believe this can be done from the repair console.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116726</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116618</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Opportunist</author>
	<datestamp>1266004500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Pretty worthless if anything is run with Admin rights anyway. Until WinXP (and this is a WinXP problem), it was quite normal for the ordinary user to be constantly logged in with an account that has administrator privileges. Consider now that the standard setup in XP (IIRC) sets user password and "Administrator" password identical and you can easily see what this would be worth.</p></htmltext>
<tokenext>Pretty worthless if anything is run with Admin rights anyway .
Until WinXP ( and this is a WinXP problem ) , it was quite normal for the ordinary user to be constantly logged in with an account that has administrator privileges .
Consider now that the standard setup in XP ( IIRC ) sets user password and " Administrator " password identical and you can easily see what this would be worth .</tokentext>
<sentencetext>Pretty worthless if anything is run with Admin rights anyway.
Until WinXP (and this is a WinXP problem), it was quite normal for the ordinary user to be constantly logged in with an account that has administrator privileges.
Consider now that the standard setup in XP (IIRC) sets user password and "Administrator" password identical and you can easily see what this would be worth.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115696</id>
	<title>I'm in favor of requiring Internet User's License</title>
	<author>Anonymous</author>
	<datestamp>1266000840000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>If you need a license to operate a vehicle, why not an internet-connected device, which has the ability to wreak havoc and cost millions or even hundreds of millions of dollars in lost productivity, ID theft, etc. if compromised?  I'll leave the details of the implementation up to people like Obama who have supreme confidence in mouth-breathing bureaucrats to correctly implement his vision for grandiose programs.  Hey, it worked for health care, right?  Right???</p></htmltext>
<tokenext>If you need a license to operate a vehicle , why not an internet-connected device , which has the ability to wreak havoc and cost millions or even hundreds of millions of dollars in lost productivity , ID theft , etc .
if compromised ?
I 'll leave the details of the implementation up to people like Obama who have supreme confidence in mouth-breathing bureaucrats to correctly implement his vision for grandiose programs .
Hey , it worked for health care , right ?
Right ? ? ?</tokentext>
<sentencetext>If you need a license to operate a vehicle, why not an internet-connected device, which has the ability to wreak havoc and cost millions or even hundreds of millions of dollars in lost productivity, ID theft, etc.
if compromised?
I'll leave the details of the implementation up to people like Obama who have supreme confidence in mouth-breathing bureaucrats to correctly implement his vision for grandiose programs.
Hey, it worked for health care, right?
Right???</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116290</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>girlintraining</author>
	<datestamp>1266003060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>If a system has been rooted, nothing short of booting to another OS from a known clean media, mounting the disk read only, and scanning, is guaranteed to detect a root kit.</p></div><p> <i>Oh ye of little faith...</i> You forgot to clear the microcode, the firmware, test the TPM, disconnect all the peripherals, and inspect the major components to ensure they aren't stamped with "Made in China," or "Endorsed by the RIAA".</p></div>
	</htmltext>
<tokenext>If a system has been rooted , nothing short of booting to another OS from a known clean media , mounting the disk read only , and scanning , is guaranteed to detect a root kit .
Oh ye of little faith... You forgot to clear the microcode , the firmware , test the TPM , disconnect all the peripherals , and inspect the major components to ensure they are n't stamped with " Made in China , " or " Endorsed by the RIAA " .</tokentext>
<sentencetext>If a system has been rooted, nothing short of booting to another OS from a known clean media, mounting the disk read only, and scanning, is guaranteed to detect a root kit.
Oh ye of little faith... You forgot to clear the microcode, the firmware, test the TPM, disconnect all the peripherals, and inspect the major components to ensure they aren't stamped with "Made in China," or "Endorsed by the RIAA".
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122362</id>
	<title>Patrick Barnes may have been /.</title>
	<author>Neanderthal Ninny</author>
	<datestamp>1265980920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Or did Patrick Barnes server crash because of this bug?<br>I did access Patrick Barnes webpage earlier in this week, but today Friday February 12, 2010 there is no server and IP address to connect to. Any word from Patrick Barnes from other than his website? Did we<nobr> <wbr></nobr>/. his website out of existence?<br>I read his webpage and he did put a solution on his webapge to detect and fix this but now the webpage is gone and now I wonder what happened to it.</p></htmltext>
<tokenext>Or did Patrick Barnes server crash because of this bug ? I did access Patrick Barnes webpage earlier in this week , but today Friday February 12 , 2010 there is no server and IP address to connect to .
Any word from Patrick Barnes from other than his website ?
Did we / .
his website out of existence ? I read his webpage and he did put a solution on his webapge to detect and fix this but now the webpage is gone and now I wonder what happened to it .</tokentext>
<sentencetext>Or did Patrick Barnes server crash because of this bug?I did access Patrick Barnes webpage earlier in this week, but today Friday February 12, 2010 there is no server and IP address to connect to.
Any word from Patrick Barnes from other than his website?
Did we /.
his website out of existence?I read his webpage and he did put a solution on his webapge to detect and fix this but now the webpage is gone and now I wonder what happened to it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116366</id>
	<title>Re:Sounds like a good thing</title>
	<author>Opportunist</author>
	<datestamp>1266003360000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>So I'd call that latest update a critical security fix. Install immediately!</p></htmltext>
<tokenext>So I 'd call that latest update a critical security fix .
Install immediately !</tokentext>
<sentencetext>So I'd call that latest update a critical security fix.
Install immediately!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31119176</id>
	<title>Re:Sounds like a good thing</title>
	<author>Anonymous</author>
	<datestamp>1265969520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>That's one way of forcing users to take care of an infection.</p></div><p>We had a significant number of machines impacted. However, ours didn't fail on the atapi.sys file.  Ours failed on a kernel level file that was associated with of all things an antivirus program.</p></div>
	</htmltext>
<tokenext>That 's one way of forcing users to take care of an infection.We had a significant number of machines impacted .
However , ours did n't fail on the atapi.sys file .
Ours failed on a kernel level file that was associated with of all things an antivirus program .</tokentext>
<sentencetext>That's one way of forcing users to take care of an infection.We had a significant number of machines impacted.
However, ours didn't fail on the atapi.sys file.
Ours failed on a kernel level file that was associated with of all things an antivirus program.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Anonymous</author>
	<datestamp>1266001140000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I'm not sure it'd be such a pain. Windows already demands to restart after critical updates anyway. Couldn't it throw a flag to boot from a secondary, encrypted, trusted "update partition" that only the Windows root can edit, and only during shutdown, then use that to mount the disk as read-only and install updates? You could call it Microsoft SafeUpdate, part of the Trusted Computing Initiative. Heck, make the secondary partition an SSD, give the hardware manufacturers a reason to get behind it.</p></htmltext>
<tokenext>I 'm not sure it 'd be such a pain .
Windows already demands to restart after critical updates anyway .
Could n't it throw a flag to boot from a secondary , encrypted , trusted " update partition " that only the Windows root can edit , and only during shutdown , then use that to mount the disk as read-only and install updates ?
You could call it Microsoft SafeUpdate , part of the Trusted Computing Initiative .
Heck , make the secondary partition an SSD , give the hardware manufacturers a reason to get behind it .</tokentext>
<sentencetext>I'm not sure it'd be such a pain.
Windows already demands to restart after critical updates anyway.
Couldn't it throw a flag to boot from a secondary, encrypted, trusted "update partition" that only the Windows root can edit, and only during shutdown, then use that to mount the disk as read-only and install updates?
You could call it Microsoft SafeUpdate, part of the Trusted Computing Initiative.
Heck, make the secondary partition an SSD, give the hardware manufacturers a reason to get behind it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31196626</id>
	<title>Basic security principles</title>
	<author>curryandbeer</author>
	<datestamp>1266571080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If you want a system thats totally locked down and doesn't let you do ANYTHING remotely useful then go buy an iPad.
Else don't go live on the internet when logged on with Administrator privilages. Basic security principles! That way the bad boy dodgy software can't install itself.</htmltext>
<tokenext>If you want a system thats totally locked down and does n't let you do ANYTHING remotely useful then go buy an iPad .
Else do n't go live on the internet when logged on with Administrator privilages .
Basic security principles !
That way the bad boy dodgy software ca n't install itself .</tokentext>
<sentencetext>If you want a system thats totally locked down and doesn't let you do ANYTHING remotely useful then go buy an iPad.
Else don't go live on the internet when logged on with Administrator privilages.
Basic security principles!
That way the bad boy dodgy software can't install itself.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122556</id>
	<title>Caught that too...</title>
	<author>Aredridel</author>
	<datestamp>1265981940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Caught that myself yesterday. http://aria.blogs.theinternetco.net/2010/02/11/kb977165-causes-a-blue-screen/</p></htmltext>
<tokenext>Caught that myself yesterday .
http : //aria.blogs.theinternetco.net/2010/02/11/kb977165-causes-a-blue-screen/</tokentext>
<sentencetext>Caught that myself yesterday.
http://aria.blogs.theinternetco.net/2010/02/11/kb977165-causes-a-blue-screen/</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122310</id>
	<title>Manually removing TDSS</title>
	<author>nuckfuts</author>
	<datestamp>1265980740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The first time I came up against a TDSS infection it was incredibly hard to deal with. Then I learned a little trick to disable the thing:</p><ul>
  <li> Start Device Manager</li><li> Click View, Show Hidden Devices</li><li> Scroll down to Non-Plug and Play Drivers</li><li> Click + at left</li><li> Right-click on TDSSserv.sys or TDSSxyz.sys where xyz are random characters,
    clbdriver.sys, gaopdxserv.sys, seneka or seneka.sys</li></ul><p>
This information is from about 1 year ago, however. I haven't looked at any current variants, so they might be quite different. Nevertheless, the technique of installing as a device driver was novel to me at the time, and may still be used. Just as with autorun entries, check your Non-Plug and Play devices. If you see something with a name that looks randomly generated or otherwise suspicious, you might want to disable it.</p></htmltext>
<tokenext>The first time I came up against a TDSS infection it was incredibly hard to deal with .
Then I learned a little trick to disable the thing : Start Device Manager Click View , Show Hidden Devices Scroll down to Non-Plug and Play Drivers Click + at left Right-click on TDSSserv.sys or TDSSxyz.sys where xyz are random characters , clbdriver.sys , gaopdxserv.sys , seneka or seneka.sys This information is from about 1 year ago , however .
I have n't looked at any current variants , so they might be quite different .
Nevertheless , the technique of installing as a device driver was novel to me at the time , and may still be used .
Just as with autorun entries , check your Non-Plug and Play devices .
If you see something with a name that looks randomly generated or otherwise suspicious , you might want to disable it .</tokentext>
<sentencetext>The first time I came up against a TDSS infection it was incredibly hard to deal with.
Then I learned a little trick to disable the thing:
   Start Device Manager Click View, Show Hidden Devices Scroll down to Non-Plug and Play Drivers Click + at left Right-click on TDSSserv.sys or TDSSxyz.sys where xyz are random characters,
    clbdriver.sys, gaopdxserv.sys, seneka or seneka.sys
This information is from about 1 year ago, however.
I haven't looked at any current variants, so they might be quite different.
Nevertheless, the technique of installing as a device driver was novel to me at the time, and may still be used.
Just as with autorun entries, check your Non-Plug and Play devices.
If you see something with a name that looks randomly generated or otherwise suspicious, you might want to disable it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116438</id>
	<title>Re:I'm in favor of requiring Internet User's Licen</title>
	<author>Anonymous</author>
	<datestamp>1266003660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have no idea why you get modded Flamebait, maybe because you dared to suggest something that "takes away freedoms".</p><p>Bluntly, if anything it might save our freedoms. Because, well, do you think our politicians will not use the rampart spreading infections to spin? "You cannot take care of your computer, therefore we have to limit your ability to install stuff. Only approved applications may run anymore and that way no spyware can infect your machines. And only machines that adhere to this standard may join the internet".</p><p>Watch the sheeple cheer. Yay! Finally safe and protected from those evil malware infections!</p></htmltext>
<tokenext>I have no idea why you get modded Flamebait , maybe because you dared to suggest something that " takes away freedoms " .Bluntly , if anything it might save our freedoms .
Because , well , do you think our politicians will not use the rampart spreading infections to spin ?
" You can not take care of your computer , therefore we have to limit your ability to install stuff .
Only approved applications may run anymore and that way no spyware can infect your machines .
And only machines that adhere to this standard may join the internet " .Watch the sheeple cheer .
Yay ! Finally safe and protected from those evil malware infections !</tokentext>
<sentencetext>I have no idea why you get modded Flamebait, maybe because you dared to suggest something that "takes away freedoms".Bluntly, if anything it might save our freedoms.
Because, well, do you think our politicians will not use the rampart spreading infections to spin?
"You cannot take care of your computer, therefore we have to limit your ability to install stuff.
Only approved applications may run anymore and that way no spyware can infect your machines.
And only machines that adhere to this standard may join the internet".Watch the sheeple cheer.
Yay! Finally safe and protected from those evil malware infections!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115696</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31117390</id>
	<title>Will reinstalling XPSP3 be a good starting point?</title>
	<author>KJSwartz</author>
	<datestamp>1266008040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm tossing in this idea reloading SP3 may be a proper starting point.</p></htmltext>
<tokenext>I 'm tossing in this idea reloading SP3 may be a proper starting point .</tokentext>
<sentencetext>I'm tossing in this idea reloading SP3 may be a proper starting point.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122390</id>
	<title>Re:Sounds like a good thing</title>
	<author>rubi</author>
	<datestamp>1265981040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Not really if you have ALL your machines taken out by said measure.</htmltext>
<tokenext>Not really if you have ALL your machines taken out by said measure .</tokentext>
<sentencetext>Not really if you have ALL your machines taken out by said measure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116378</id>
	<title>Re:Sounds like a good thing</title>
	<author>SCPaPaJoe</author>
	<datestamp>1266003420000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext>I sure am glad I have Vista!!!</htmltext>
<tokenext>I sure am glad I have Vista ! !
!</tokentext>
<sentencetext>I sure am glad I have Vista!!
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116022</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Anonymous</author>
	<datestamp>1266001980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>You could call it Microsoft SafeUpdate</i></p><p>or even <a href="YoucouldcallitMicrosoftSafeUpdate" title="slashdot.org">Windows File Protection</a> [slashdot.org] and only allow drivers that have been <a href="http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx" title="microsoft.com">digitally signed</a> [microsoft.com].</p><p>Nice idea I suppose, but as they didn't work there's only one solution - DRM on everything in your C drive!!</p></htmltext>
<tokenext>You could call it Microsoft SafeUpdateor even Windows File Protection [ slashdot.org ] and only allow drivers that have been digitally signed [ microsoft.com ] .Nice idea I suppose , but as they did n't work there 's only one solution - DRM on everything in your C drive !
!</tokentext>
<sentencetext>You could call it Microsoft SafeUpdateor even Windows File Protection [slashdot.org] and only allow drivers that have been digitally signed [microsoft.com].Nice idea I suppose, but as they didn't work there's only one solution - DRM on everything in your C drive!
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31119966</id>
	<title>TOLD YOU SO</title>
	<author>GameboyRMH</author>
	<datestamp>1265971620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><a href="http://slashdot.org/comments.pl?sid=1546966&amp;cid=31115634" title="slashdot.org">http://slashdot.org/comments.pl?sid=1546966&amp;cid=31115634</a> [slashdot.org]</p></htmltext>
<tokenext>http : //slashdot.org/comments.pl ? sid = 1546966&amp;cid = 31115634 [ slashdot.org ]</tokentext>
<sentencetext>http://slashdot.org/comments.pl?sid=1546966&amp;cid=31115634 [slashdot.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116994</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Anonymous</author>
	<datestamp>1266006600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Well, You say it's on the user to detect malware... How many regular users have You met who would be anything but completely clueless about computer security?<br>You should be hired by Microsoft's tiger team, You'll fit in just fine, I guess.<br>As an IT support guy it REALLY doesn't make me happy to find out about a rootkit, as I'll have to reinstall the whole machine plus all the terabytes of patches and service packs....<br>If my company wouldn't be in a hopeless vendor lock-in, I'd mandate all workstations use Linux or BSD!</p></htmltext>
<tokenext>Well , You say it 's on the user to detect malware... How many regular users have You met who would be anything but completely clueless about computer security ? You should be hired by Microsoft 's tiger team , You 'll fit in just fine , I guess.As an IT support guy it REALLY does n't make me happy to find out about a rootkit , as I 'll have to reinstall the whole machine plus all the terabytes of patches and service packs....If my company would n't be in a hopeless vendor lock-in , I 'd mandate all workstations use Linux or BSD !</tokentext>
<sentencetext>Well, You say it's on the user to detect malware... How many regular users have You met who would be anything but completely clueless about computer security?You should be hired by Microsoft's tiger team, You'll fit in just fine, I guess.As an IT support guy it REALLY doesn't make me happy to find out about a rootkit, as I'll have to reinstall the whole machine plus all the terabytes of patches and service packs....If my company wouldn't be in a hopeless vendor lock-in, I'd mandate all workstations use Linux or BSD!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116494</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Cl1mh4224rd</author>
	<datestamp>1266003960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Couldn't it throw a flag to boot from a secondary, encrypted, trusted "update partition" that only the Windows root can edit, and only during shutdown, then use that to mount the disk as read-only and install updates?</p></div><p>I'm pretty sure that if your system's been rooted, that's no protection at all. Besides, rootkits would quickly evolve to account for this process.</p></div>
	</htmltext>
<tokenext>Could n't it throw a flag to boot from a secondary , encrypted , trusted " update partition " that only the Windows root can edit , and only during shutdown , then use that to mount the disk as read-only and install updates ? I 'm pretty sure that if your system 's been rooted , that 's no protection at all .
Besides , rootkits would quickly evolve to account for this process .</tokentext>
<sentencetext>Couldn't it throw a flag to boot from a secondary, encrypted, trusted "update partition" that only the Windows root can edit, and only during shutdown, then use that to mount the disk as read-only and install updates?I'm pretty sure that if your system's been rooted, that's no protection at all.
Besides, rootkits would quickly evolve to account for this process.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116960</id>
	<title>Ways to alleviate this problem...</title>
	<author>madhatter256</author>
	<datestamp>1266006480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have just repaired TWO computers with this rootkit infection. Both are XP Pro machines made by DELL.</p><p>What I did was simply do a repair installation onto the OS.  This requires the XP Pro CD OEM (the kind where you can boot into recovery console).</p><p>I did the automatic repair install. Got into the desktop and managed to install Malware Bytes onto both machines. I also updated Malwarebytes. Then I did a full scan of the PC, and eventually the program managed to find numerous infected files on the PC. They all had the same trojan: Vundo, among other ones.</p><p>After removal, both PCs functioned normally and was able to run a full batch of Windows XP updates, including SP3.</p></htmltext>
<tokenext>I have just repaired TWO computers with this rootkit infection .
Both are XP Pro machines made by DELL.What I did was simply do a repair installation onto the OS .
This requires the XP Pro CD OEM ( the kind where you can boot into recovery console ) .I did the automatic repair install .
Got into the desktop and managed to install Malware Bytes onto both machines .
I also updated Malwarebytes .
Then I did a full scan of the PC , and eventually the program managed to find numerous infected files on the PC .
They all had the same trojan : Vundo , among other ones.After removal , both PCs functioned normally and was able to run a full batch of Windows XP updates , including SP3 .</tokentext>
<sentencetext>I have just repaired TWO computers with this rootkit infection.
Both are XP Pro machines made by DELL.What I did was simply do a repair installation onto the OS.
This requires the XP Pro CD OEM (the kind where you can boot into recovery console).I did the automatic repair install.
Got into the desktop and managed to install Malware Bytes onto both machines.
I also updated Malwarebytes.
Then I did a full scan of the PC, and eventually the program managed to find numerous infected files on the PC.
They all had the same trojan: Vundo, among other ones.After removal, both PCs functioned normally and was able to run a full batch of Windows XP updates, including SP3.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116110</id>
	<title>Re:Ah, well, that lets Microsoft off the hook then</title>
	<author>Tuidjy</author>
	<datestamp>1266002340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>You know, it is far from easy to implement a "secondary, encrypted, trusted "update partition" that only the Windows root can edit, and only during shutdown" on a PC that has been rooted, unless you support this in hardware.  And I can already hear the screaming and gnashing of teeth if some people, present company very much included, learned that PCs come with something like that.</p><p>I would certainly not be happy running hardware that I knew had something that I and no one I know could get into.  And I can get into it, it's not that "trusted", is it?</p></htmltext>
<tokenext>You know , it is far from easy to implement a " secondary , encrypted , trusted " update partition " that only the Windows root can edit , and only during shutdown " on a PC that has been rooted , unless you support this in hardware .
And I can already hear the screaming and gnashing of teeth if some people , present company very much included , learned that PCs come with something like that.I would certainly not be happy running hardware that I knew had something that I and no one I know could get into .
And I can get into it , it 's not that " trusted " , is it ?</tokentext>
<sentencetext>You know, it is far from easy to implement a "secondary, encrypted, trusted "update partition" that only the Windows root can edit, and only during shutdown" on a PC that has been rooted, unless you support this in hardware.
And I can already hear the screaming and gnashing of teeth if some people, present company very much included, learned that PCs come with something like that.I would certainly not be happy running hardware that I knew had something that I and no one I know could get into.
And I can get into it, it's not that "trusted", is it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116994
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31120494
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116726
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116520
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31119176
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116138
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116202
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31117032
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116366
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122390
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116618
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116290
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116022
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116438
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115832
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116378
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116110
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31121218
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116658
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116494
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_12_1455203_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116650
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116960
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115356
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31119176
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116202
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116366
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116378
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115696
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116438
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122390
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116650
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116904
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31122310
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116630
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116726
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31120494
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_12_1455203.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115370
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115466
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116290
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31117032
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115788
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116022
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116618
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116494
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116110
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115832
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116492
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31115518
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116994
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116520
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116138
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31116658
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_12_1455203.31121218
</commentlist>
</conversation>
