<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
So exactly why is he unable to kill the process? Even as su ? But
also, if this is all taking place, what spook "agency" is doing the
install, where a new drive gets the same and spreads?<br>
Where did the install iso get downloaded from, and did the hash
get checked?<br>
<br>
Me<br>
<br>
<div class="moz-cite-prefix">On 05/31/2016 03:16 PM, Greg Moss
wrote:<br>
</div>
<blockquote cite="mid:026601d1bb70$fc891ab0$f59b5010$@gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Wow
– I’m looking to see if mine has been taken over. How do I
find that file below on mine?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
tor-relays [<a class="moz-txt-link-freetext" href="mailto:tor-relays-bounces@lists.torproject.org">mailto:tor-relays-bounces@lists.torproject.org</a>]
<b>On Behalf Of </b>Percy Blakeney<br>
<b>Sent:</b> Tuesday, May 31, 2016 12:07 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>
<b>Subject:</b> Re: [tor-relays] [Fwd: Re: I'm Running A Tor
Exit But Never Initiated It]<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">And this:<br>
<br>
# Tor state file last generated on 2016-05-31 14:31:06 local
time<br>
# Other times below are in UTC<br>
# You *do not* need to edit this file.<br>
<br>
<span style="color:red">EntryGuard Jans
50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache<br>
EntryGuardUnlistedSince 2016-05-31 18:00:11<br>
EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2
0.2.4.27 2016-04-28 16:16:20<br>
EntryGuardPathBias 104.000000 104.000000 100.000000
4.000000 0.000000 0.000000<br>
</span>EntryGuard Unnamed
B2CB9E5C80367C9026A806EC4801E22425AA7E8A DirCache<br>
EntryGuardAddedBy B2CB9E5C80367C9026A806EC4801E22425AA7E8A
0.2.4.27 2016-04-20 04:00:54<br>
EntryGuardPathBias 5.000000 4.000000 4.000000 0.000000
0.000000 0.000000<br>
EntryGuard Unnamed 1DE193C88576C3B377CEFCDB6E6E8B91F195D252
DirCache<br>
EntryGuardUnlistedSince 2016-05-17 01:51:36<br>
EntryGuardAddedBy 1DE193C88576C3B377CEFCDB6E6E8B91F195D252
0.2.4.27 2016-04-20 10:24:57<br>
EntryGuard CatRelay12
ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC DirCache<br>
EntryGuardAddedBy ADE45DA3A6D318FEB07E2E099BCCCFEA8ADAC8DC
0.2.4.27 2016-04-22 14:09:45<br>
TorVersion Tor 0.2.4.27 (git-412e3f7dc9c6c01a)<br>
LastWritten 2016-05-31 18:31:06<br>
TotalBuildTimes 108<br>
CircuitBuildTimeBin 325 3<br>
CircuitBuildTimeBin 375 1<br>
CircuitBuildTimeBin 425 18<br>
CircuitBuildTimeBin 475 22<br>
CircuitBuildTimeBin 525 9<br>
CircuitBuildTimeBin 575 13<br>
CircuitBuildTimeBin 625 5<br>
CircuitBuildTimeBin 675 8<br>
CircuitBuildTimeBin 725 4<br>
CircuitBuildTimeBin 775 4<br>
CircuitBuildTimeBin 825 4<br>
CircuitBuildTimeBin 875 3<br>
CircuitBuildTimeBin 925 2<br>
CircuitBuildTimeBin 975 2<br>
CircuitBuildTimeBin 1025 3<br>
CircuitBuildTimeBin 1075 1<br>
CircuitBuildTimeBin 1125 1<br>
CircuitBuildTimeBin 1175 1<br>
CircuitBuildTimeBin 1275 1<br>
CircuitBuildTimeBin 1375 1<br>
CircuitBuildTimeBin 1525 1<br>
CircuitBuildTimeBin 2275 1<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, May 31, 2016 at 3:02 PM, Percy
Blakeney <<a moz-do-not-send="true"
href="mailto:di99in5@gmail.com" target="_blank">di99in5@gmail.com</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I'm
not offended in the least. No worries. The only
reason I'm contacting anyone about this is the sheer
fact Tor folders, files and connections are running
through my systems and connection. Otherwise, I
would have kept all of this to myself. Tor is
extremely important and my fear is that someone out
there maybe attempting to disguise themselves to
enter it. I'm far from being IT savvy, however,
I've spent the last six or so months trying to read
everything I can possibly read to get a better
understanding as to what's going on. Now, according
to my Dell and Acer which both run Mint, when I try
to install Tor I'm told I already have it. When I
try to run Tor I'm told I don't have it. When I try
to remove it, it comes back. However, I have a
Lenovo with Windows10 on it. With that computer I
was able to install the Tor browser with no
problems. So here I am with one laptop that has the
browser installed while my other two computers show
that I'm running a relay. If this is nothing to be
concerned over then that's that but I would like to
make sure from possibly the friendly people here
just in case. This is what I have as of today:<br>
<br>
<br>
May 31 07:35:23.000 [notice] Tor 0.2.4.27
(git-412e3f7dc9c6c01a) opening new log file.<br>
May 31 09:48:33.000 [notice] Heartbeat: Tor's uptime
is 14 days 12:00 hours, with 0 circuits open. I've
sent 6.34 MB and received 138.42 MB.<br>
May 31 09:48:33.000 [notice] Average packaged cell
fullness: 77.895%<br>
May 31 09:48:33.000 [notice] TLS write overhead: 7%<br>
May 31 12:42:51.000 [notice] Tor 0.2.4.27
(git-412e3f7dc9c6c01a) opening log file.<br>
May 31 12:42:53.000 [notice] Bootstrapped 5%:
Connecting to directory server.<br>
May 31 12:42:53.000 [notice] Bootstrapped 45%:
Asking for relay descriptors.<br>
May 31 12:42:53.000 [notice] Bootstrapped 50%:
Loading relay descriptors.<br>
May 31 12:42:53.000 [notice] I learned some more
directory information, but not enough to build a
circuit: We need more microdescriptors: we have
0/7013, and can only build 0% of likely paths. (We
have 0% of guards bw, 0% of midpoint bw, and 0% of
exit bw.)<br>
May 31 12:42:53.000 [notice] Bootstrapped 51%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 53%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 54%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 56%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 57%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 59%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 60%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 62%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 63%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 65%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 66%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 68%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 69%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 71%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 72%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 74%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 75%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 77%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] Bootstrapped 78%:
Loading relay descriptors.<br>
May 31 12:42:54.000 [notice] I learned some more
directory information, but not enough to build a
circuit: We need more microdescriptors: we have
3220/7013, and can only build 11% of likely paths.
(We have 48% of guards bw, 48% of midpoint bw, and
49% of exit bw.)<br>
May 31 12:42:56.000 [notice] We now have enough
directory information to build circuits.<br>
May 31 12:42:56.000 [notice] Bootstrapped 80%:
Connecting to the Tor network.<br>
May 31 12:42:56.000 [notice] Bootstrapped 90%:
Establishing a Tor circuit.<br>
May 31 12:42:57.000 [notice] Tor has successfully
opened a circuit. Looks like client functionality is
working.<br>
May 31 12:42:57.000 [notice] Bootstrapped 100%:
Done.<br>
<br>
<br>
<br>
<br>
May 30 07:35:20.000 [notice] Tor 0.2.4.27
(git-412e3f7dc9c6c01a) opening new log file.<br>
May 30 09:48:33.000 [notice] Heartbeat: Tor's uptime
is 13 days 12:00 hours, with 0 circuits open. I've
sent 6.00 MB and received 128.80 MB.<br>
May 30 09:48:33.000 [notice] Average packaged cell
fullness: 78.591%<br>
May 30 09:48:33.000 [notice] TLS write overhead: 7%<br>
May 30 15:48:33.000 [notice] Heartbeat: Tor's uptime
is 13 days 18:00 hours, with 0 circuits open. I've
sent 6.06 MB and received 130.60 MB.<br>
May 30 15:48:33.000 [notice] Average packaged cell
fullness: 78.468%<br>
May 30 15:48:33.000 [notice] TLS write overhead: 7%<br>
May 30 21:48:33.000 [notice] Heartbeat: Tor's uptime
is 14 days 0:00 hours, with 0 circuits open. I've
sent 6.19 MB and received 134.22 MB.<br>
May 30 21:48:33.000 [notice] Average packaged cell
fullness: 78.172%<br>
May 30 21:48:33.000 [notice] TLS write overhead: 7%<br>
May 31 03:48:33.000 [notice] Heartbeat: Tor's uptime
is 14 days 6:00 hours, with 0 circuits open. I've
sent 6.25 MB and received 136.02 MB.<br>
May 31 03:48:33.000 [notice] Average packaged cell
fullness: 78.053%<br>
May 31 03:48:33.000 [notice] TLS write overhead: 7%<br>
May 31 07:35:23.000 [notice] Received reload signal
(hup). Reloading config and resetting internal
state.<br>
May 31 07:35:23.000 [notice] Read configuration file
"/usr/share/tor/tor-service-defaults-torrc".<br>
May 31 07:35:23.000 [notice] Read configuration file
"/etc/tor/torrc".<br>
<br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, May 31, 2016 at 2:12
PM, Gumby <<a moz-do-not-send="true"
href="mailto:info@gumbyzee.torzone.net"
target="_blank">info@gumbyzee.torzone.net</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">I am a tech, a good one,
who also runs 2 relays from my shop. I have
found in client PC's many hidden things - such
as proxys running for malware delivery. They
were totally unaware except for slow and
losing disk space. (Finding Tor running is a
bit too extreme) I've also had two clients
that were "absolutely" sure that someone was
out to get them - cyber-stalking in their
eyes. I actually did all of the suggestions
made prior - new drive, reset or new router,
even walked the home and perimeter looking for
connections. I was positive of my security (30
years doing this) but they were calm for less
than 4 weeks then started again. Their
spouses, to their credit, stayed quiet and
just rolled their eyes.<br>
Could a malicious technician do this? Hell
yeah - most of us could do it dozens of times
and they'd never know. We have too much moral
decency, but.... others don't.<br>
More than likely, it is a scenario as
christian states .... too much overload
somewhere.<br>
Or a troll, we hope not.<br>
<br>
Me<br>
<br>
<br>
On 05/30/2016 04:27 PM, Christian wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">-------- Weitergeleitete
Nachricht --------<o:p></o:p></p>
<blockquote
style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">Von: Christian Adam
<<a moz-do-not-send="true"
href="mailto:hirnwurst@t-online.de"
target="_blank">hirnwurst@t-online.de</a>><br>
An: <a moz-do-not-send="true"
href="mailto:tor-relays@lists.torproject.org"
target="_blank">tor-relays@lists.torproject.org</a><br>
Betreff: Re: [tor-relays] I'm Running A
Tor Exit But Never Initiated<br>
It<br>
Datum: Mon, 30 May 2016 22:14:51 +0200<br>
<br>
Dear Percy,<br>
<br>
I read all of your messages very carefully
and, please, believe me, I<br>
don't mean to be rude, but just want to
provide you a little bit of<br>
relief.<br>
<br>
First of all, I have to share that I AM in
fact a schizophrenic for 16<br>
years now, but fully therapied to the
extent I do a job as a system<br>
administrator and get certified for being
a data security officer this<br>
week.<br>
This won't reveal any competence on my
side, but gives a clue about my<br>
functional level which is, after all,
related to sanity.<br>
<br>
<< snip >><br>
<br>
Given my experience with newbie users,
paranoia and system<br>
administration, what you wrote seemed
quite normal and you didn't<br>
provide (as far as I remember) any unusual
technical details.<br>
<br>
Maybe what just happened was a lack of
informed consent resulting in a<br>
tasteless prank.<br>
<br>
I don't want to do injustice to you, but
since Edward Snowden, we're all<br>
used to question every system crash and
honestly, our times seem to be<br>
hysterical and violence-saturated.<br>
<br>
The rule is simple. When a user thinks
he's infected, he's almost always<br>
not.<br>
If he's infected, he wouldn't notice.<br>
<br>
Hugs, I hope you find peace again soon.<br>
<br>
Please don't feel offended, I only told my
story based on the facts you<br>
gave.<br>
<br>
And kind regards,<br>
<br>
christian<br>
<br>
<br>
Am Montag, den 30.05.2016, 13:25 +0200
schrieb Christian Pietsch:<o:p></o:p></p>
<blockquote
style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal"><o:p> </o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><o:p> </o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
tor-relays mailing list<br>
<a moz-do-not-send="true"
href="mailto:tor-relays@lists.torproject.org"
target="_blank">tor-relays@lists.torproject.org</a><br>
<a moz-do-not-send="true"
href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><o:p></o:p></p>
</blockquote>
<div>
<div>
<p class="MsoNormal"><br>
_______________________________________________<br>
tor-relays mailing list<br>
<a moz-do-not-send="true"
href="mailto:tor-relays@lists.torproject.org"
target="_blank">tor-relays@lists.torproject.org</a><br>
<a moz-do-not-send="true"
href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
tor-relays mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
</pre>
</blockquote>
<br>
</body>
</html>