Virtumonde.O - Help!
am 26.07.2007 13:22:59 von yarondi
Hello all and thanks for any assistance!
I recently suffered a major virus/trojan attack and left to deal now
with
Virtumonde.O trojan.
Windows Defender detecting it but is unable to remove it.
Meanwhile AVG Antivirus is detecting and apparently healing several
threats, though the threats coming back short while after.
Attached HJT Log + AVG log:
Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:55, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?linkid=54834
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497}
- (no file)
R3 - URLSearchHook: CyberDefender safeSEARCH -
{F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and
Settings\dishon\Local Settings\Application
Data\CyberDefender\ssstbar.dll
O2 - BHO: (no name) - {023750DA-500B-481C-9DB5-3EB32314402C} - (no
file)
O2 - BHO: XBTB03748 - {1CBC8587-1E29-4c2b-9739-D0E563905B32} - (no
file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9A2279F8-6E15-47DE-9B13-EF96A3F21317} - (no
file)
O2 - BHO: CyberDefender safeSEARCH -
{F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and
Settings\dishon\Local Settings\Application
Data\CyberDefender\ssstbar.dll
O3 - Toolbar: CyberDefender safeSEARCH -
{F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and
Settings\dishon\Local Settings\Application
Data\CyberDefender\ssstbar.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType
Pro\itype.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Windows Update x86] firefox.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe
-AutoStart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
/STARTUP
O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] firefox.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp
Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\RunOnce: [BoxOfficeAddinUpdate] msiexec /i
C:\DOCUME~1\dishon\LOCALS~1\Temp\boxofficeaddin.msi
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
(User 'Default user')
O4 - Startup: 012.lnk = ?
O4 - Global Startup: 012.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF}
- C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet -
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program
Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image
Uploader 3.5 Control) -
http://www.photo-print.co.il/uploadC...eUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{29A8C7C2-CF6E-4393-B233-0 E83AE7245B2}:
NameServer = 84.95.14.250 212.116.161.39
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awvvv - C:\WINDOWS\
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll (file
missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -
TuneUp Software GmbH - C:\Program Files\TuneUp Utilities
2006\WinStylerThemeSvc.exe
--
End of file - 8413 bytes
AVG LOG:
-
@HL_ReportFindRS
name="filename">C:\DOCUME~1\dishon\LOCALS~1\Temp\qvgtppep.dl l
@EID_Id_trj
Collected.11.B
-
@HL_ActionTaken
name="filename">C:\DOCUME~1\dishon\LOCALS~1\Temp\qvgtppep.dl l
@HL_ActCleaned
-
@HL_ReportFindRS
name="filename">C:\DOCUME~1\dishon\LOCALS~1\Temp\jeyljgly.ex e
@EID_Id_trj
Downloader.Generic4.ZQI
-
@HL_ActionTaken
name="filename">C:\DOCUME~1\dishon\LOCALS~1\Temp\jeyljgly.ex e
@HL_ActCleaned
--
yarondi
------------------------------------------------------------ ------------
yarondi's Profile: http://forums.techarena.in/member.php?userid=28540
View this thread: http://forums.techarena.in/showthread.php?t=790204
http://forums.techarena.in
Re: Virtumonde.O - Help!
am 26.07.2007 14:30:56 von Leythos
In article , yarondi.2ubvbh@DoNotSpam.com
says...
>
> Hello all and thanks for any assistance!
>
> I recently suffered a major virus/trojan attack and left to deal now
> with
> Virtumonde.O trojan.
> Windows Defender detecting it but is unable to remove it.
> Meanwhile AVG Antivirus is detecting and apparently healing several
> threats, though the threats coming back short while after.
>
> Attached HJT Log + AVG log
There is no hope for you, as the HJT documentation tells you where to
post the logs, and posting them in Usenet is not one of those locations.
The problem is that if you can't follow the directions for using this
tool, you are likely to not follow the thousands of sites that tell you
how to secure your computer and remain malware fee. I would suggest that
you give up, turn off the computer, sell it, and go back to school.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
Re: Virtumonde.O - Help!
am 26.07.2007 16:13:59 von yarondi
Do you want me to send a log of my actions?
I'm now between giving up and turning off my computer.
And BTW, the title of this forum indicates HJT logs.
Get a life.
--
yarondi
------------------------------------------------------------ ------------
yarondi's Profile: http://forums.techarena.in/member.php?userid=28540
View this thread: http://forums.techarena.in/showthread.php?t=790204
http://forums.techarena.in
Re: Virtumonde.O - Help!
am 26.07.2007 18:02:30 von Ansgar -59cobalt- Wiechers
yarondi wrote:
> I recently suffered a major virus/trojan attack and left to deal now
> with Virtumonde.O trojan.
Virtumonde is AFAICS not a trojan, but adware [1]. However, unless you
manage to determine how exactly that adware got into your system, your
situation is as follows:
- Something was able to create entries in HKLM, meaning that it had
administrative privileges.
- You have no idea how your system got infected or what else the
infector may have done to it.
The only reasonable course of action in a situation like that is to
backup your data, and then flatten and rebuild your system. Yes, I am
serious about this [2].
> Windows Defender detecting it but is unable to remove it.
> Meanwhile AVG Antivirus is detecting and apparently healing several
> threats, though the threats coming back short while after.
Without knowing the exact attack vectors we can only guess what the
problem may be. However, there are a couple basic measures that may help
avoiding future compromisation of your system:
1. Do not work as administrator, use a normal user account for
day-to-day work.
2. Keep your system (and all software on it) patched. Automatic Updates
help with this.
3. Avoid IE and OE like the plague.
4. Don't expose services to public networks. You can achieve that either
by disabling the services you don't need [3,4] or by activating the
Windows Firewall (provided you use Windows XP or newer), or by using
a router.
[1] http://vil.nai.com/vil/content/v_101169.htm
[2] http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx
[3] http://www.ntsvcfg.de/ntsvcfg_eng.html
[4] http://www.dingens.org/index.html.en
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Re: Virtumonde.O - Help!
am 26.07.2007 18:48:15 von yarondi
Hi there. Thanks for your response.
Well, for several hours now I am not experiencing any problem in my
computer,
and this is after running a whole lot of antispywares. Don't know
exactly what happend, but neither AVG or Windows Defender are now
detecting anything.
Some of the programs I ran, with the advise I found in a lot of posts
was "ComboFix", "Fixit" "Onecare".
I hope everything will stay as it.
--
yarondi
------------------------------------------------------------ ------------
yarondi's Profile: http://forums.techarena.in/member.php?userid=28540
View this thread: http://forums.techarena.in/showthread.php?t=790204
http://forums.techarena.in
Re: Virtumonde.O - Help!
am 26.07.2007 19:54:46 von Ansgar -59cobalt- Wiechers
yarondi wrote:
> Well, for several hours now I am not experiencing any problem in my
> computer, and this is after running a whole lot of antispywares. Don't
> know exactly what happend, but neither AVG or Windows Defender are now
> detecting anything.
If your tools don't detect a problem it means exactly that: your tools
don't *detect* a problem. It does *not* mean there is no problem.
> Some of the programs I ran, with the advise I found in a lot of posts
> was "ComboFix", "Fixit" "Onecare".
>
> I hope everything will stay as it.
*sigh*
You failed to understand what's explained under the second URL I posted.
Try again.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Re: Virtumonde.O - Help!
am 26.07.2007 20:00:30 von Leythos
In article , yarondi.2uc0vh@DoNotSpam.com
says...
>
> Do you want me to send a log of my actions?
> I'm now between giving up and turning off my computer.
>
> And BTW, the title of this forum indicates HJT logs.
>
> Get a life.
The title of this "Forum" is comp.security.firewalls, and it does NOT
indicate HJT Logs anywhere in the charter.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
Re: Virtumonde.O - Help!
am 27.07.2007 00:57:36 von Kayman
"yarondi" wrote in message
news:yarondi.2uc0vh@DoNotSpam.com...
>
> Do you want me to send a log of my actions?
> I'm now between giving up and turning off my computer.
>
> And BTW, the title of this forum indicates HJT logs.
>
> Get a life.
>
{ Please - Do NOT post the HJT Log here ! }
Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Lo gs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Re: Virtumonde.O - Help!
am 27.07.2007 02:11:37 von Kayman
"Ansgar -59cobalt- Wiechers" wrote in message
news:f8agimUj0L1@news.in-ulm.de...
> However, there are a couple basic measures that may help
> avoiding future compromisation of your system:
>
> 1. Do not work as administrator, use a normal user account for
> day-to-day work.
> 2. Keep your system (and all software on it) patched. Automatic Updates
> help with this.
> 3. Avoid IE and OE like the plague.
>
> 4. Don't expose services to public networks. You can achieve that either
> by disabling the services you don't need [3,4] or by activating the
> Windows Firewall (provided you use Windows XP or newer), or by using
> a router.
>
> [1] http://vil.nai.com/vil/content/v_101169.htm
> [2] http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx
> [3] http://www.ntsvcfg.de/ntsvcfg_eng.html
> [4] http://www.dingens.org/index.html.en
>
I basically subscribe to your philosophy and have implemented OS 'hardening'
measures to a large extent. My OS is WinXP Pro SP2.
Yes, previous versions of IE weren't the safest browser applications but IE7
can now be considerably 'tightened similar to FF and Opera. Why therefore
would you discourage the use of IE7?
And, I've been using OE6 for years, follow certain prescribed maintenance
routines and never ever had any bad experiences. I must do something
right...I don't believe in luck (I make it :) )
Why would you discourage the use of OE6?
Re: Virtumonde.O - Help!
am 27.07.2007 03:19:03 von Ansgar -59cobalt- Wiechers
Kayman wrote:
> "Ansgar -59cobalt- Wiechers" wrote:
> I basically subscribe to your philosophy and have implemented OS
> 'hardening' measures to a large extent. My OS is WinXP Pro SP2.
> Yes, previous versions of IE weren't the safest browser applications
> but IE7 can now be considerably 'tightened similar to FF and Opera.
> Why therefore would you discourage the use of IE7?
Because a) they don't support ActiveX, and b) they are not made an
"inseparable part" of the operating system.
Yes, IE (even previous versions) can be locked down pretty tightly via
group policies (which is really convenient compared to the pain that is
locked preferences in Mozilla/Firefox), but it's rather difficult to do
that without breaking something.
> And, I've been using OE6 for years, follow certain prescribed
> maintenance routines and never ever had any bad experiences. I must
> do something right...I don't believe in luck (I make it :) )
> Why would you discourage the use of OE6?
Because it uses IE as its HTML renderer, and until OE6 (IIRC) it wasn't
even possible to disable HTML viewing. Also OE has a history of
(mis-)interpreting mail text as active content (e.g. JavaScript), even
though the mail was declared as plain text. Not to mention the crappy
formatting, the absence of message-id creation, broken quoting, or the
begin-space-space bug (didn't they finally fix that a while ago, after
10 years or so?). Of course the latter reasons aren't security-related,
but still suggest to stay the heck away from OE.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Re: Virtumonde.O - Help!
am 27.07.2007 10:09:40 von Kayman
"Ansgar -59cobalt- Wiechers" wrote in message
news:f8bh67UochL1@news.in-ulm.de...
> Kayman wrote:
>> "Ansgar -59cobalt- Wiechers" wrote:
>> I basically subscribe to your philosophy and have implemented OS
>> 'hardening' measures to a large extent. My OS is WinXP Pro SP2.
>> Yes, previous versions of IE weren't the safest browser applications
>> but IE7 can now be considerably 'tightened similar to FF and Opera.
>> Why therefore would you discourage the use of IE7?
>
> Because a) they don't support ActiveX, and b) they are not made an
> "inseparable part" of the operating system.
>
> Yes, IE (even previous versions) can be locked down pretty tightly via
> group policies (which is really convenient compared to the pain that is
> locked preferences in Mozilla/Firefox), but it's rather difficult to do
> that without breaking something.
>
>> And, I've been using OE6 for years, follow certain prescribed
>> maintenance routines and never ever had any bad experiences. I must
>> do something right...I don't believe in luck (I make it :) )
>> Why would you discourage the use of OE6?
>
> Because it uses IE as its HTML renderer, and until OE6 (IIRC) it wasn't
> even possible to disable HTML viewing. Also OE has a history of
> (mis-)interpreting mail text as active content (e.g. JavaScript), even
> though the mail was declared as plain text. Not to mention the crappy
> formatting, the absence of message-id creation, broken quoting, or the
> begin-space-space bug (didn't they finally fix that a while ago, after
> 10 years or so?). Of course the latter reasons aren't security-related,
> but still suggest to stay the heck away from OE.
>
Thanks for informative response, Ansgar.