Dazed and Confused

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something sinister? Is this normal or should I be concerned? Tag: Dazed and Confused Tag: 40711
 - 2
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something more sinister? Is this normal or should I be concerned? Tag: Dazed and Confused Tag: 40710
 - 3
 - ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something more sinister? Is this normal or should I be concerned? Tag: Dazed and Confused Tag: 40708
 - 4
 - Pornographic pop-ups I have recently been evaded by porn pop-ups. The site "spyware" has taken control of my system. I can not do anything with out having that site request that I download their product "spy wiper"!! My system will not even save my homepage preference...it defaults to "spyware" HELP!!! Tag: Dazed and Confused Tag: 40706
 - 5
 - saving passwords Even though I check the box to save a password with a username, it is not doing it. Is there something else I need to do? Tag: Dazed and Confused Tag: 40701
 - 6
 - bios password An employee quit and had a password during the boot sequence (Bios). Is there away to reset or clear the password? Tag: Dazed and Confused Tag: 40697
 - 7
 - Our 2000 Server was compromised and it has all the security patches. A client of mine has a Windows 2000 Server running that was just compromised. Housecall (online scan) identified HKTL_SFIND.A / BKDR_RCSERV.C & BKDR_IROFFER12.A as actively running. After brief review it appears as though hacker utilities such as serv-u ftp, sms.exe, scan1000.exe, winmgmt.exe, sqlck.exe etc. were loaded and used for their benefit. We have/had the following services running that could have been exploited: SQL std. port, Terminal services admin mode, and inetpub svcs. I checked just to see if there were new updates to windows etc. and there are not any. This concerns me because we have other servers running with the same configurations with all the patches/updates etc which leads me to believe they are also vulnerable. If anyone has any information as to who to contact, who to provide information to about new exloits, how our system may have been exploited etc please let me know. We are preserving the hard drive for inspection if necessary because we feel the system was compromised beyond repair. Several system files look like they were replaced with the hackers version and thats just from a log file, there is no way to be sure. Also, the scan1000.exe tools output was piped to a log file and they were scanning for port 1433 on random ranges of IP's (not ours) which leads me to believe that they probably came in through SQL port if they are trying to find more. This may be a new SQL exploit. I ran this SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition') and this is what was retuned fyi: 8.00.760 / SP3 / Std. Edition Thanks, Scott Tag: Dazed and Confused Tag: 40695
 - 8
 - e mail downloads? I continually get e mails purpotedly from microsoft to download patches . I delete them all . Are they all spoof or genuine ? Tag: Dazed and Confused Tag: 40692
 - 9
 - Transaction-based IP email protocol At least 97% of the email I receive is junk mail that I don't want in my inbox. Most of it has forged headers. Why isn't there a protocol that can confirm that the routing information contained in the headers is valid? The receiving end server should be able to link to the sending server for confirmation before it accepts an email. Tag: Dazed and Confused Tag: 40688
 - 10
 - Closing Ports There are dozens of pages that describe using netstat to look at ip tables. And many authors suggest closing unneeded ports. But I have not yet come across a sigle document that tells me the commands to control closing a port in windows if it exists. And don't suggest buying more utilities. That is the biggest scam. If is a partial listing of what I am getting. Yes it is kazaa, but is there some way to control it's access by port??? Active Connections Active Connections Proto Local Address Foreign Address State TCP kazaa:3170 KAZAA:0 listening TCP kazaa:3185 KAZAA:0 listening TCP kazaa:1251 KAZAA:0 listening TCP kazaa:3162 KAZAA:0 listening TCP kazaa:1250 KAZAA:0 listening Thansk Howard Tag: Dazed and Confused Tag: 40685
 - 11
 - turning off info sent to HP Can anyone tell me how do I turn off info on my computer that is automatically sent to HP, or Microsoft? I just found out everything I do is sent to microsoft and I feel that is WRONG. Thanks for any help. Jamie Tag: Dazed and Confused Tag: 40680
 - 12
 - Permission question I am having problem to access to a stand alone 2003 server from any machine in a 2000 LAN. I need to have access to a shared folder on 2003 server. This server is not a part of a LAN, (its a WEB server). how can i set the permissions so an individual user from the LAN access to that folder, i dont want to set "everyone" permission. When I try to set permission as domain\username it wont accept that. Thanks for any help. Rob Tag: Dazed and Confused Tag: 40679
 - 13
 - Exchange Error or Compromise I need to know if someone can explain to me how a user can get an error when writing an email that is "this has been changed by another user in another window. Would you like to save a copy?" Tag: Dazed and Confused Tag: 40678
 - 14
 - Security Readiness Disk I ordered the Security Readiness Disk from Microsoft. It has all the current service packs and patches. It is great because when I am in the field it saves waiting for a download. I do have a question though. The disk has a screen with all the service pack and patches, on this screen it shows two XP products, XP pro and XP Pro Gold. Each of these listed products has it's own set of service packs and patches. What is the difference? What is XP Pro Gold? Michael Tag: Dazed and Confused Tag: 40676
 - 15
 - Yahoo.dll update? After installing the upgrade to Zone Alarm to 4.5.530, I had a prompt on my screen to get an upgrade for *yahoo.dll. Does anyone know if this is legitimate? There was no local program identification. I am running Trillian .74 w/patch D. Any advice appreciated. Tag: Dazed and Confused Tag: 40672
 - 16
 - Pop Up's Anyone know where I can look for a virus that has attached itself to my computer? I get pop up ad's (not porn) all the time even when I'm not on-line. I'll be playing a game and they will cause the game to collapse and they'll start running. It's the same one's over and over so assume there's a program somewhere that I need to delete. Any ideas? Tag: Dazed and Confused Tag: 40671
 - 17
 - Windows 2000 network security design Hi all I like to join a newsgroup to help me studing Windows 2000 network security design exam 70-220 where I can find that please thank you Tag: Dazed and Confused Tag: 40668
 - 18
 - Ann: Tool to detect unsolicited IP activities in W2K/XP IP ticker is a utility to investigate your PC's IP activities. Please visit http://www.soft-trek.com.au/prjIPTicker.asp Tag: Dazed and Confused Tag: 40667
 - 19
 - weird happenings! I have just connected to the internet and a download box appeared on my screen from Outlook, the file is an exe file and is 46.3kb in size. I have saved it to my desktop and run a scan from Panda AV on it and it comes up clean, however I never requested it so how did it just appear on my screen and what is it? Should I get rid of it? TIA Tag: Dazed and Confused Tag: 40664
 - 20
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.25 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Dazed and Confused Tag: 40660
 - 21
 - Restoring Only system32.exe? My system32.exe got infected with Backdoor.sdBot how can I replace only system32.exe file? NV 2002 wont clean it even with new av defs files. Tag: Dazed and Confused Tag: 40659
 - 22
 - Pop ups gone wild Please help! Ok, here's the story. I let my daughter download Kazaa on a computer with Windows ME and I think we started to get some pop-up annoyances, though not terrible. At some point, I was on the computer and saw a Windows dialog box that said the computer was becoming overwhelmed with pop- ups and did I want to install a pop-up protector. I am not an idiot who believes everything he sees but this appeared to be an official windows dialog box. To my knowledge, I successfully downloaded and installed that program, though I may not have been successful loading it. Does anyone know if Windows sedns this kind of dialog box? Anyway, I noticed that, sometime after that, it seemed like the pop ups got worse. I then noticed that my default internet site was not yahoo and so I changed it back, thinking that would probably solve the problem But it is not. The only program I am using, fight now, is Norton AV and as it is scanning I am still getting pop ups. First of all, with Windows ME, can I restore my registry to what I had say three days ago and undo all the Kazaa installation and possibly phony anti-pop up installation I've done? Secondly, I see a bunch of programs that I don't know what they are. Can you folk, tell me which are likely to be the problem causing the pop ups? They are as follows: Bargain Buddy, BDE, Eboles Moe Money Maker, IMesh, Imesh ads support, Lycos Sideserver, MySearch Bar, New net domains 5.48, p2p networking, peer points manager, sanity media master, Top Text Ilookup, Viewpoint media player (remove only), Web Hancer Customer Companion, webHancer Survey Companion. Thanks, Deana Tag: Dazed and Confused Tag: 40652
 - 23
 - SAFEBOOT RECOVERY CODE I HAVE WINDOWS 98 ON MY LAPTOP AND IT HAS GON INTO SAFEBOOT AND WANTS ADMINS RECOVERY CODE I DONT HAVE ANY MORE CAN ANY ONE HELP PLEASE Tag: Dazed and Confused Tag: 40645
 - 24
 - Proxy chains Does anyone know in what versions of MSIE are proxy chains supported Thanks Beli Tag: Dazed and Confused Tag: 40638
 - 25
 - Can't access network files/folders Grrr..... After letting Microsoft do a "let us do it for you" security update from the "Updates" page I cannot access certain files and folders on other systems on my private home network. Any instructions for removing/resetting file access permissions would be greatly appreciated. I've cruised the Microsoft site but can't seem to locate instructions on how to "undo" what the update did. I do not normally access this newsgroup so Email to corky1747@earthlink.net would be greatly appreciated. Thanks, Corky Tag: Dazed and Confused Tag: 40634
- Next
 - 1
 - SpyBot Search & Destroy Update 24/11/03 2003-11-24 Hijacker + AdultLinks.QaBar + AdGoblin + Xupiter.OrbitExplorer + IEDLL.ToonComics ++ SearchDotCom ++ CoolWWWSearch.HTMLEdit + CoolWWWSearch.SVCPack + SearchXL ++ ExPup ++ SearchOMatic + I-Lookup ++ RSSToolbar ++ SearchForge + CoolWWWSearch.WinSearch ++ Mirar.NNBar + eUniverse.IncrediFind ++ CleverIEHooker.Jeired + IEDLL.ToonComics + CoolWWWSearch + Search-Exe + MediaLoads + ClearSearch.Net + SearchAndClick + eXactSearchbar ++ FastSeeker + ToolbarCC ++ CoolWWWSearch.XPlugin + Adtomi.YahooStocks ++ AdsStore ++ ISTbar.CSearch ++ LoadHTML.BHOPopup ++ LoudMarketing.WinFavorites ++ ++ AdRoad.Cpr Spyware + PurityScan + Outwar ++ iPend + Huntbar + ShopNav + eAcceleration + WildTangent + BrowserAid + SearchSquire Malware ++ iempg + eUniverse.MyFreeCursors ++ ClimaxBucks.InternetOptimizer ++ KeenValue.PerfectNav + Haczyk.Ulubione Keylogger + NetSpy + Winvestigator Trojans ++ Peper ++ VividGalut ++ SpamRelayer.DiskServ ++ Remover.Trojan -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: Dazed and Confused Tag: 40631
 - 2
 - content advisor i am using content advisor to block sites on my computer. When you type in the website in the url, it blocks the site. but if i search for it in yahoo, and find it, I can double click on the link and it takes me to the site. How can i block this site? Tag: Dazed and Confused Tag: 40630
 - 3
 - ip address where do i find the IP address of my computer? Tag: Dazed and Confused Tag: 40626
 - 4
 - Search for blank passwords Hello, I would like to know if there is a utility or function of Windows 2000/XP command line that I can run to tell me if a computer has a blank password on one or any local user accounts. If I type "net user test" (where "test" is my username) from command line, I get all the user info, but it doesn't seem to give me what I'm looking for. The end result will be embedding this into a patch / account checking application that e-mails me the results of what it finds. I've already got the patch checking part done, but need help on the account side. How does the MBSA check for weak passwords? Any ideas? Tag: Dazed and Confused Tag: 40625
 - 5
 - Norton and Bundle.exe My Norton program is alerting me that Bundle.exe is attempting to go to the internet, and labels it a medium risk access. The options are block, allow, and let me do it manually. 1. Why is bundle.exe going to the internet? 2. Should I let it? 3. How can I tell it not to, and prevent the program from trying ever ten minutes? I am running Windows Millenium Edition on a Sony VAIO. Thanks...RLB Tag: Dazed and Confused Tag: 40620
 - 6
 - Attachments stripped from my Emails received Attachments such as Word documents are being removed from my incoming Emails by Internet Explorer or by Norton. Which do you think is doing it? How do I change the settings? Jim Tag: Dazed and Confused Tag: 40617
 - 7
 - Bounce e-mail question I've been using a tool called ABouncer (recommended by someone on this NG) to notify ISP's when I receive Unsolicited Bulk E-mail. I started wondering whether this tool is actually working properly, so I tried sending mail from my web-mail address to ordinary address, then used ABouncer to bounce it back to my web address. This has not worked, so does that mean ABouncer is'nt sending any messages to ISP's, or am I misunderstanding something. Incidentally, when I click SEND on ABouncer, after a few seconds it flashes up Caught Sendmail ....... I've always assumed that meant that the message had been sucessful. Tag: Dazed and Confused Tag: 40611
 - 8
 - Account User Reset I took my computer to a local computer "fixer" to have some work done on it. When I got it back, he had somehow deleted my account profile, leaving only my 'guest' profile. I now do not have any administative privleges, and don't have a password reset disk. How do I completely restart my computer so I can set up a new adminstrator account? PS- Nothing needs to be saved on my computer, so deleteing all existing files is not an issue. Any help would be appreciated. Tag: Dazed and Confused Tag: 40607
 - 9
 - Cool Web Search Spyware Hijacker "Schredder" Update [1.36.1] http://www.spywareinfo.com/~merijn/ < quote> A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. >>>>>Currently changing versions at the speed of light. </quote> http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip the tool, ensure that all your IE/OE Windows are *closed* hit the executable and follow the prompts. You are *strongly urged* to use these tools, they are MS-MVP tested and safe. If anyone has questions, feel free to ask - Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: Dazed and Confused Tag: 40605
 - 10
 - Securing the Registry. G/day forum, I've been ploughing through documents and whitepapers on how to secure your web server, the best resource of all was probably Improving Web Application Security - Threats and Countermeasures, an absoloute bible for all ye web admins out there. Before you read the part i'm querying, it i just want to doublecheck that i'm not missing anything. Your thoughts please :) On Chapter 16: Securing Your Web Server, page 449, the following: Step 9. Registry The registry is the repository for many vital server configuration settings. As such,you must ensure that only authorized administrators have access to it. If an attacker is able to edit the registry, he or she can reconfigure and compromise the security of your server. During this step, you: ? Restrict remote administration of the registry. ? Secure the SAM (stand-alone servers only). Restrict Remote Administration of the Registry The Winreg key determines whether registry keys are available for remote access. By default, this key is configured to prevent users from remotely viewing most keys in the registry, and only highly privileged users can modify it. On Windows 2000, remote registry access is restricted by default to members of the Administrators and Backup operators group. Administrators have full control and backup operators have readonly access. The associated permissions at the following registry location determine who can remotely access the registry. HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg To view the permissions for this registry key, run Regedt32.exe, navigate to the key, and choose Permissions from the Security menu. Secure the SAM (Stand-alone Servers Only) Stand-alone servers store account names and one-way (non-reversible) password hashes (LMHash) in the local Security Account Manager (SAM) database. The SAM is part of the registry. Typically, only members of the Administrators group have access to the account information. Although the passwords are not actually stored in the SAM and password hashes are not reversible, if an attacker obtains a copy of the SAM database, the attacker can use brute force password techniques to obtain valid user names and passwords. Restrict LMHash storage in the SAM by creating the key (not value) NoLMHash in the registry as follows: HKLM\System\CurrentControlSet\Control\LSA\NoLMHash For more information, see Microsoft Knowledge Base article 299656, "New Registry Key to Remove LM Hashes from Active Directory and Security Account Manager." Tag: Dazed and Confused Tag: 40594
 - 11
 - Closing Ports My friend recently hacked into my pc to see if it was possible. He managed to get in and said to me I should close port 139, but I have no idea what he is talking about or how to do this. Can someone please help me? Tag: Dazed and Confused Tag: 40592
 - 12
 - Portal search menu How can I delete this menu from all my Microsoft applications? Tag: Dazed and Confused Tag: 40577
 - 13
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.24 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Dazed and Confused Tag: 40546
 - 14
 - Outlook Express Spam Blocker - When? I only use Microsoft software products. It's just easier that way. But, I've just about had it with the lack of progress in Outlook Express concerning SPAM! Does Microsoft have any plans whatsoever to update the inadequate "Outlook Express" Spam blocking features? This is getting ridiculous! Tag: Dazed and Confused Tag: 40529
 - 15
 - Cool Web Search Spyware Hijack "Schredder" Update 1.36.0 Info: http://www.spywareinfo.com/~merijn/ File: http://www.spywareinfo.com/~merijn/files/cwshredder.zip <snip> A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. </snip> Unzip the tool, hit the executable, ensure that all instances of IE/OE are closed, follow the prompts. Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: Dazed and Confused Tag: 40528
 - 16
 - what kinda of security should i have? what kinda of security should i make sure i have on my wireless router (I will be remotee accessing my network) thank you, nick Tag: Dazed and Confused Tag: 40523
 - 17
 - aua.boot This particular file keeps popping up wanting to access my internet connection. McAfee states that it reccommends that access should be denyied, that there have been updates to this file since last access. My question is: What the heck is an aua.boot and should I continue to deny it access to the internet? I'm not a total idiot to computers, I know the basics and can do some cool things with them but I have not idea what that is! Please help! :) Thanks :) Tag: Dazed and Confused Tag: 40519
 - 18
 - microsoft money a friend has asked me to look at why there data in ms money has suddenly changed giving incorrect balances, are there any security issues or ms money targeted worms etc, i have suggested they get a firewall, any suggestions welcome Tag: Dazed and Confused Tag: 40515
 - 19
 - adaware cant take out hotbar I installed adaware the free version for the first time- And then updated and then scanned as has always been suggested here. then I did a pestscan scan and hotbar and tucows were still there- I redid the ad-aware scan and it found one more data tracker thing-went to pestscan and the same 2 were still showing on there list-I know that I have had problems removing hotbar manually before using the help of any software (because hotbar is hiding somewhere and cannot be taken out) Now it only shows up on pestscan- what can I do. If it is suggested to send the ref-file How safe is it? and what is it that I have to send exactly?? Tag: Dazed and Confused Tag: 40513
 - 20
 - Against copy of CD-ROM Can you suggest ways of preventing copying of CD-ROM? I have an enormous PP presentation that took 3 years to built with 350 files and at least 4000 hypertext links that I need to preserve. I need astuces to render harder copying of the PP presentation so that ordinary people won't be able to copy easily the PP presentation. Tag: Dazed and Confused Tag: 40509
 - 21
 - How to burn a 99 minutes PP presentation (850 MB CD)? How to burn a 99 minutes PP presentation (850 MB CD)? I have a PP presentation of 830 MB with 350 files taht took me 3 years to produce. I would like to burn the PP presentation on 1 CD-ROM of 850 capacity. I even bought Easy CD Creator 6. I can't do it. Can you tell me what to do? Tag: Dazed and Confused Tag: 40507
 - 22
 - Use this security update that came from M$ --ezxicuax Content-Type: multipart/related; boundary="tooxzidwkso"; type="multipart/alternative" --tooxzidwkso Content-Type: multipart/alternative; boundary="ukwnjxjlmtxunl" --ukwnjxjlmtxunl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Customer this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --ukwnjxjlmtxunl Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:ypfloiq" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Customer this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --ukwnjxjlmtxunl-- --tooxzidwkso Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <ypfloiq> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --tooxzidwkso Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <eisjqjk> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --tooxzidwkso-- --ezxicuax Content-Type: application/x-compressed; name="Q399884.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --ezxicuax-- Tag: Dazed and Confused Tag: 40503
 - 23
 - See this critical package for Internet Explorer --aqiepwspscoazn Content-Type: multipart/related; boundary="xymfqcifkpefvguyg"; type="multipart/alternative" --xymfqcifkpefvguyg Content-Type: multipart/alternative; boundary="mynwnjtjnspqnumzv" --mynwnjtjnspqnumzv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft User this is the latest version of security update, the "November 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --mynwnjtjnspqnumzv Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:dqnuhkj" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft User this is the latest version of security update, the "November 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --mynwnjtjnspqnumzv-- --xymfqcifkpefvguyg Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <dqnuhkj> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --xymfqcifkpefvguyg Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <jeeepjz> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --xymfqcifkpefvguyg-- --aqiepwspscoazn Content-Type: application/x-compressed; name="upgrade978.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --aqiepwspscoazn-- Tag: Dazed and Confused Tag: 40502
 - 24
 - Patchlink updates I am considering Patchlink from www.patchlink.com to disseminate Microsoft updates and patches and I have large windows environment that consist of 40,000 workstations and over 300 servers. Did anyone try Patchlink and if so is it scaleable in a large environment like our shop. I appreciate your feedback. Regards, AOS Tag: Dazed and Confused Tag: 40500
 - 25
 - mamabear or anyone Hi, you recently gave this advice to a reader. But I could not make out what this abbreviation means. 'AAW' as in : This link will help you configure AAW for your first scan: http://www.lavasoftsupport.com/index.php? can you or anyone please tell me what the abbreviation means Tag: Dazed and Confused Tag: 40491

Recently I upgraded Microsoft/xp to Service Pack 1 plus
some other critical updates. After the SP1 install had
finished a reboot was necessary. When disabling the
network adapter (before reboot), I received a message that
said I could not disable because something? was still
connected. I pulled the network cable and shutdown.
After rebooting and plugging the network cable back in,
the connection was reestablish. However, somehow the ICF
firewall had been deselected and turned off. I disabled
the network adapter, reestablished the ICF firewall,
enabled the network adapter and all seemed fine, but...

Later I notice traffic leaving my system and going to one
specific IP address within my ISP's network. Thankfully,
this traffic was being dropped. Note the following dates
and time:
Nov 1, 22:14 - System Restore shows a checkpoint for xp
SP1.
Nov 1, 23:36 - First occurrence of this outbound traffic.

Since, then I have installed a third-party firewall and
have gathered the following info: The protocol is UDP and
the source & destination ports are the same - either 137
(NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or
138 (NETBIOS-DGM Browsing datagram response of NetBIOS
over TCP/IP). This traffic always occurs immediately
after enabling the network connection to my ISP. It also
occurs periodically while connected. The associated
application program is ntoskrnl.exe. Please advise!

Today while looking at the Event System Log file I came
across a 1 year old Warning: "The protected system file
c:\windows\system32\vbscript.dll could not be verified as
valid because Windows File Protection is terminating. Use
the SFC utility to verify the integrity of the file at a
later time.". So, I ran the SFC utility. This generated
a number of System Information log entries. I have 5
files with bad or no signatures which cannot be restored.
The files in c:\windows\system32\ are:
ctl3d32.dll
mfc42.dll
oembios.bin
oembios.sig
oembios.dat

Any help greatly appreciated.

PS. NAV/2004 scans do not detected any viruses.

Top