Hacker trying to logon...

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - "Messanger Service" Pop Ups Since I have installed Windows XP, I have recieved CONSTANT "Messanger Service" Pop ups. They make it difficult to enjoy games or other programs. Does anyone know how to block them without purchasing something, as many of the pop ups suggest? Tag: Hacker trying to logon... Tag: 27165
  - 2
    - Microsoft Security Bulletin MS03-026 When will the hotfix for this patch be in production and downloadable? I support a lot of tiny LANs that characteristically have a single NT4 server and most have RRAS installed. Installing the new security patch hoses that, so the hotfix from PSS is required. I'd rather do one round of installs. Are we talking a couple of days or a few weeks? Tag: Hacker trying to logon... Tag: 27164
  - 3
    - Question about implimentation of AES A partner of ours is encoding text in AES via Microsoft's CAPICOM, while we are doing the same via C#. Interesting thing is CAPICOM seems to handle the seed (i.e. the initialization vector) within the component, and we are generating our own IV. Is there a way for us to get both of our seeds to match while still using these implimentations or are we pretty much confined to both of us using CAPICOM, or doing it the same way in C#? I find it very odd that we can't control the IV in Capicom, but we can in .NET. This would make them pretty much incompatible with each other although it seems like they should be able to work together. Any thoughts? Tag: Hacker trying to logon... Tag: 27152
  - 4
    - how do I remove malicious still image service from win2000 server Hi Someone seems to have installed still image service on my PC. Scan on the net reveals that it is being used to gain control over the PC remotely I have stopped the service and set it to manual and now wish to completely remove it from the services list. How do I do that? Are there any other programs that I need to check? Thanks Tag: Hacker trying to logon... Tag: 27149
  - 5
    - HOMELAND SECURITY NOTICE TO APPLY SAFETY PATCH Followed Procedure Until It Came to Listing Type Of MSN ON Computer AND Windows 98 WAS Not on List. Do I Use NT4 Or WHAT? Tag: Hacker trying to logon... Tag: 27143
  - 6
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.08 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info/faq.htm#top My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette My computer is giving RPC Remote Procedure Call messages, or there is a TFTP message on my computer, or my computer keeps locking up, or rebooting, or telling me that it will reboot in 1 minute. http://www.google.com/groups?selm=OTzjGT5WDHA.1888%40TK2MSFTNGP10.phx.gbl I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor I just heard about a new Microsoft security patch update. Where can I get it? http://securityadmin.info/faq.htm#patch I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Hacker trying to logon... Tag: 27134
  - 7
    - Norton Internet Security 2003 I have tried unsuccessfully to install the Norton Internet Security 2003 on my Windows ME. I am told that 1% cannot upgrade to 2% and that the MSIEXEC.EXE File is linked to a missing export MSI.DLL:222. How can I resolve this conflict and successfully install the software package? Tag: Hacker trying to logon... Tag: 27114
  - 8
    - I cannot delete some strange fiels/directories. Dear all I got a backdoor attack with tzolibr.dll and I found that the hackers transfered some files and directories in my Windows2000. However I could not remove it. The error message is "Cannot read from the source file or disk". All of them contains a space within the name and at the end of the name such as "x 3847 ". Please help me to delete all these stuffs. Thank you a lot Mr. Voravit H. Tag: Hacker trying to logon... Tag: 27110
  - 9
    - INTERNET MISTAKES TO AVOID A. Some Internet Service Provider?s like MSN reveal your sign-up full name when you try to send out requests to List Serves, Mailing Lists and E-mail. This reveals to the world what your real name is. Anyone who so desires can find out your Internet habits - even co-workers. B. There are plenty of Websites that track and take hold of your name which can then cause them to send snail mail (US Mail) with unsolicited garbage. Remember, there are sites which list every e-mail address you have associated yourself with on the Internet. C. An employer you have applied to for employment can go on the Internet and search for your real name and see what your Internet habits. They can also attain personal information that you would like to keep private. D. Let?s say you posted to a Medical Website pertaining to a medical condition you have. As a new employer prospect they can find out what your condition is. Again, this is personal and private information. E. This is one mistake I?ve never made and never will. Some employers ask their employees to go online using their personal e-mail address to download software drivers and patches, etc. This is a Big No-No! Again, refer back to #1. By using a company computer, your e-mail address will be available and visible to your employer. And they could chose to track your Internet habits which is personal information. These words are not spoken lightly. F. God forbid you ever anger a person on the Internet, then your nightmares are just beginning. It isn?t going to matter which Egroups, Newsgroup, List Serve or Mailing List that you make a comment to. If people have a mean streak they will take revenge against you. G. It?s not a bright idea when filling out any form on the Internet to include your real name, city and state you reside in, except when making an actual purchase. In fact, there are times you might want to setup any new account using the opposite gender. H. This one is a humdinger, if you are truly one of them egotistical types. Say that you post from work; well guess what? Your work IP address is now present for all to see. I?ve had people tell me they were e-mailing me from their place of employment, but not to respond back to their e-mail address. Now your in deep if you anger anyone on the Internet. Your in for some trouble now when letters start appearing at your work place, to your bosses office or unwanted phone calls start coming in. I. Many people have a desire to read their daily horoscopes. For your own protection and security, when setting up an account to get your horoscope, type in a birthday a few days before or after your true birthday. This way, if your computer is compromised, the hackers won?t know your "true birthday". The less you provide to the hackers the better off you are in securing your personal information. A minute of your time now is less expensive then a big bottle of aspirin later. Tracker Beefs Fiancee' I know how important it is for me not to define myself by how others perceive me. Interested in purchasing my book named "Security Minds versus Malicious Minds" visit: www.securityminds2003.com It will teach you to learn about Windows, the Internet and Hacking To view some kick butt artwork, visit: http://www.captiveimagery.com/index.cfm Tag: Hacker trying to logon... Tag: 27099
  - 10
    - HACKERS SECRET WEAPONS Copyright 2003 by Debbie Xl. All rights Reserved. No part of this publication may be reproduced in any form or by any means, or stored in a data base or retrieval system, without prior written permission of the publisher. A. Hackers disable your Daylight Savings Time. B. The clock on the desktop can be one hour ahead or one hour behind, on occasion. C. Your Network Places Icon on the desktop disappears. D. If using a Windows platform: when you start your computer, your original screen will pop up, but since the hackers need to boot into their Networks, or Server(s), the system will quickly re-boot and the original screen will appear twice. But your system may re-boot twice instead of once when loading Windows OEM versions. E. If your computer system occasionally re-boots on it?s own, the hacker may need to update their Networks, or Servers to make their computer system function properly. F. If you play Yahoo Games, you may find yourself being kicked out of the board your playing in. If your winning a game and you?re the host, the hacker may not let you back in to finish. This means you just lost a game at the hackers expense. When the computer was hacker safe, I went back to playing games and haven?t been booted out of a game, since. G. A browser application like Netscape, or Internet Explorer you use to filter out, or kill file certain individuals will not function indefinitely. When your computer system is compromised, you aren?t able to filter out people in your browser for more then 1-2 days. A number of computer owners whose systems have been compromised, have advised me they also had the same problem. Because hackers were using your illegally installed Servers for posting to the Internet, this is why you are unable to filter or kill file them. This information was very apparent to myself and other ferret owners whose computer were compromised. H. When you begin to see Usenet remarks, made on behalf of your personal life which is private information. I. Some of your personal files are modified years before they were created. I have seen a number of personal files modified 7-8 years before they were even created. How to accomplish this maneuver: Select Start, Settings, Control Panel, Date/Time, where the year is, Select the up or down arrow and, viola. Then open up any file and Select Save. A new creation date is present. J. You will find a number of files hidden/readable only, which is a common practice in the hacking world. K. When you find additional information in your boot.ini file which relate to a Virtual Private Network, this can be either software, hardware or device driver oriented. L. Under Search for Files and Folders, perform a search on any file modified in the past month, you will see files which just don?t need to be modified, or files you don?t even recognize. For the basic computer user, you?ll want to focus on the files which you don?t recognize. Unless your a skilled professional, you won?t realize which files need to be present or modified, but give it a try anyways. [To perform the above you will need to see all Hidden Files and Folders.] M. Select Start, Settings, Control Panel and Network, and look at, following network components showing. If you see one AOL adapter and have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up adapters, one or two Virtual Private Network adapters, your computer could be compromised. A Virtual Private Network is widely used by hackers because it can host up to 254 users. "This applies to the basic Internet user who has one modem, one ISP and isn?t running any FTP, HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID SERVER." My skills working with VPNs is almost zero. Every victims system I?ve seen had two VPNs setup and they were only using a modem to connect to the Internet. N. Next, Select Start, Run, type Regedit, Select Registry, Select Export Registry File, in the box type a name say 4-12-02.txt and Select save. Then open this file with a text editor, and you might be shocked to find what really is installed on your computer system. Check the bottom of this file because hackers love to install an array of applications including Network/Server files and device drivers. O. You will have to turn your computer off by the power supply on a regular basis. P. Installing a Network Interface Card will cause problems until the hackers configure this device into their Servers or Virtual Private Network they setup on your computer. Q. You find your CD-ROM drive opens and closes without your permission. R. You could hear an annoying beep coming from your system speakers. S. Your windows screen goes horizontal or vertical. T. The screen saver picture changes without your permission. U. On occasion your mouse is out of your control or has an imagination of it?s own. But this could also be caused by a corrupt mouse driver. V. All of a sudden, your speakers decide to play you some music. W. Installing a hardware/software firewall for the first time can cause a number of different problems for you to setup and configure. Considering you didn?t have these installed from the beginning of your computer going on the Internet. X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and back to 11:59. Y. If using a dial-up/cable/dsl connection you see a number of pings, port 0, to your computer. The reason is so that the hackers can see if your computer is online. A system needs to be online for the hackers to access these Networks and Servers. What the hackers actually do is port scan your Internet Service Provider Block of IP addresses and find your computer either with file sharing enabled or a Backdoor/Trojan present. Z. If someone is port scanning your system, in your firewall logs the port assignment aren?t in any type of order. You might see a probe at port 1,10,9,8,6,12,6,43 etc. AA. When you find you have to set Zone Alarm firewall on medium instead of high settings. BB. Once you can view all Files and Folders search for files named spool*.*. CC. You may find another installed version of your software firewall application on your hard drive. You will need to Show all Hidden Files and Folders under your Settings, Control Panel, Folder Option and View, if using a Windows Platform (excluding 2000,NT and XP). DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080, 3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes. Your computer is probably running an illegal "VPN server"; "web server"; "proxy"; "mail and news"; "ftp"; which hackers are attempting to access for their own personal use. EE. If you don?t see your computer node/source IP address on a consistent basis to the right side of your firewall log, your system is compromised. (See the firewall logs below.) The hackers are entering through your system to attack other "Networks, or Servers and Systems", so their identity can?t be traced. FF. When you perform a traceroute on an IP address and you lose your node/source IP address, ISP routers IP, or when you don?t see your node/source IP address at all. Tracker Beefs Fiancee' I know how important it is for me not to define myself by how others perceive me. Interested in purchasing my book named "Security Minds versus Malicious Minds" visit: www.securityminds2003.com It will teach you to learn about Windows, the Internet and Hacking To view some kick butt artwork, visit: http://www.captiveimagery.com/index.cfm Tag: Hacker trying to logon... Tag: 27097
  - 11
    - Keyboard just types"I love you" A friend from a couple of states away called me and told me about a keyboard problem she had. No matter what keys she typed, even the backspace and spacebar, All that would be on the screen would be "I love you..." over and over. After we had a laugh she told me it seemed pretty serious. I had her shut off the computer for a few minutes, use the control alt delete to see if any programs were running, I had her check the add/remove programs to see if anything was added recently , then Start/programs/startup. All to no avail. The only thing we came up with is a "One touch multimedia keyboard" program. I know they have issues with spyware, but I didn't think this could be it, or could it? Has one ever heard of this? Any help would be appreciated... --really loved in CA Tag: Hacker trying to logon... Tag: 27096
  - 12
    - ms03-026 Is windows 98 affected by this? Tag: Hacker trying to logon... Tag: 27084
  - 13
    - dcomx.exe i had this window telling me about this dcomx.exe file. I have no idea what to do. any ideas? thanks Tag: Hacker trying to logon... Tag: 27083
  - 14
    - 'Blank URL/timeout' log entries in proxy. As shown in the include entries from my log file, i am getting constant entries saying 'blank URL' and 'Timeout'. These entries have been going on for a few days. About every 24 hours the IP address will change. Can anyone explain what this constant repeating set of timout's with blank url's means? 12:50:34 PROXY: 1288 217.5.68.128 Connection has arrived. 12:55:34 PROXY: 1288 Timeout in transfer. 12:55:34 PROXY: 1288 Blank URL 12:55:34 PROXY: 1288 Connection closed. 13:04:24 PROXY: 1384 217.5.68.128 Connection has arrived. 13:09:25 PROXY: 1384 Timeout in transfer. 13:09:25 PROXY: 1384 Blank URL 13:09:25 PROXY: 1384 Connection closed. 13:17:33 PROXY: 1272 217.5.68.128 Connection has arrived. 13:22:33 PROXY: 1272 Timeout in transfer. 13:22:33 PROXY: 1272 Blank URL 13:22:33 PROXY: 1272 Connection closed. 13:32:30 PROXY: 1596 217.5.68.128 Connection has arrived. 13:37:31 PROXY: 1596 Timeout in transfer. 13:37:31 PROXY: 1596 Blank URL 13:37:31 PROXY: 1596 Connection closed. 13:45:45 PROXY: 1272 217.5.68.128 Connection has arrived. 13:50:46 PROXY: 1272 Timeout in transfer. 13:50:46 PROXY: 1272 Blank URL 13:50:46 PROXY: 1272 Connection closed. Tag: Hacker trying to logon... Tag: 27077
  - 15
    - "Access is Denied" Error Message When Encrypting or Decrypting Files or Folders I have a problem decrypting files that were decrypted in XP Pro using the properties dialog box. I have searched the KB and cannot find a solution except for Win2000 systems (264064). I followed the instructions and it did NOT work I have found the cert for "Encrpting File System" in IE Certificates tab. EVERYTHING is checked (except Client Authentication and Secure Email) I believe I'm the owner of the files (not certain how to verify this) I've searched hi and low for an answer and still can't decrpyt these files. HELP! TIA MM Tag: Hacker trying to logon... Tag: 27072
  - 16
    - Homepage control Every time I reboot my computer, my homepage in Internet Explorer is changed. I will then go to Internet options and change my homepage back. I can get in and out of internet explorer and my homepage stays correct. I'm using Win 98 and Explorer ver 6. How do I get rid of this clever marketing ploy? Greg Tag: Hacker trying to logon... Tag: 27071
  - 17
    - visitorcapture.com and pop-up windows How does one block these annoying, would-be illegal messages from coming up on the screen??? Tag: Hacker trying to logon... Tag: 27069
  - 18
    - Blocking all email ? Is there a way to block all mail through outlook express that I am not finding. I use my aol account for e-mail and internet explorer for browsing. I do not want to get any e- mail through my outlook express but can not find how to turn it off completely??? Tag: Hacker trying to logon... Tag: 27066
  - 19
    - VBScript for server security monitoring? Hi all- First of all, sorry for the multiple cross-posts; I tried to pick out germane groups to post to, so sorry-in-advance if it's not appropriate. Anway, getting down to business: As one of three AD administrators for a campus of more than 50000 users, I'm a little strapped for time. However, one of the major things that needs paying attention to is security on servers -- especially domain controllers (the recent RPC exploit madness just reiterated that fact). What I'm wondering is what tools have other network admins [yes, you!] have used -- via VBScript and WMI -- to automate the process of security auditing. Ideally, I would have a vbscript that fires off once every fifteen minutes, looks for weirdness (ie, >400 failed log in attempts from the same workstation or for the same username) in the the logs of a list of computers, then output the results to a file, and, if weirdness was found, email a short text message to my phone. Is this even possible?!?! Thanks in advance, chris. ---------------------------------------------- Christopher Gautam Hota Information and Media Technologies University of Wisconsin - Milwaukee (414) 229-3186 office (414) 840-4682 cell ---------------------------------------------- Tag: Hacker trying to logon... Tag: 27057
  - 20
    - Downloading "Updates" from MS Hello - 1st of all, what a bunch of hassle just to try to send an email or whatever to MS to get some kind of simple answer. Anyway, all I want to know is how I can find out if the Updates I periodically have downloaded over the years have actually "installed" or not? The reason I ask is because I came across a folder full of ZIPPED files and I'm not sure if they had been UNzipped or not (they are the files from MS UPDATE). I just read that each downloaded file from MS Update must be UNzipped manually. Is this correct? And is there a way to find out what DL files installed and any that did not? Thankyou for any feedback - James Tag: Hacker trying to logon... Tag: 27031
  - 21
    - Home Page My home page is being changed to http://youfindall.net/656387/ at each start up. I am able to reset the home page and as long as I do not re-start my system it remains the same. Only at start up does it change to http://youfindall.net/656387/ I was wondering if I might get assistance with locating the coding which obviously has been downloaded onto my system with out my permission. Any suggestions would be appreciated. Thank you for your time David loomis david@dml-inc.com Tag: Hacker trying to logon... Tag: 27028
  - 22
    - IPsec the IPsec policy for the domain, w2k server (require) w2k pro (respond) what would be the effect of setting perfect forward secrecy on win2k server? using new key everytime would be more secure? Tag: Hacker trying to logon... Tag: 27019
  - 23
    - upgrading of web browser?? Help me trying to go to a site, and it saids I should upgrade my web browser????it needed 128bit version, so it won't let me in,so tell me how do i do that, is it done by my server or can I do it though my computer??? thank you cheryl Tag: Hacker trying to logon... Tag: 27017
  - 24
    - How is XP Firewall Updated? How and by whom is the Firewall in Windows XP Home updated? Thank you, Tag: Hacker trying to logon... Tag: 27016
  - 25
    - windows messenger still allowing pop-ups PLEASE HELP me get rid of these stupid messages that look official saying that my computer is open for the world to see. I have followed the instructions about checking the box to protect my computer... This DOES NOT WORK. Any suggestions would be helpful. I actually would rather delete this program, since I have no use for it. Tag: Hacker trying to logon... Tag: 27012
- Next
  - 1
    - VIRUS ? JDBGMGR.EXE ? I RECEIVED THE FOLLOWING VIRUS ANNOUNCEMENT, IS IT LEGITIMATE?? Subj: A possible virus in your computer Date: 8/8/2003 2:46:19 PM Pacific Standard Time From: cocoris@ix.netcom.com To: cocoris@ix.netcom.com Sent from the Internet (Details) I received a message today that suggested that I might have a virus in my computer. I followed the instructions I was given and sure enough I had a virus. I highly recommend that you check your computer following the instructions below. Mike Cocoris > A virus has been passed on to me. My address book was > infected and since you are in my address book, you will probably find it in your > computer too. > > The virus jdgb.exe is not detected by Norton, OR McAfee > Anti-virus systems. > The virus sits quietly for 14 days before damaging the > system. It is sent > automatically by "MESSENGER" and by ADDRESS BOOK, WHETHER OR > NOT YOU SENT AN E-MAIL TO YOUR > CONTACTS OR NOT. I found this on my drive. > Please check it takes a minute. > > Here is how to check for the virus and how to get rid of it. > > PLEASE DO THIS IMMEDIATELY!!!!! Remember, if you find it, DO > NOT OPEN IT! > 1. Go to START, then click your "FIND" OR "SEARCH" option. > 2. In the FOLDER OPTION, type the jdbgmgr.exe > 3. Be sure to search your C. DRIVE and all the subfolders > and any other drives you may have. > 4. Click "FIND NOW" 5. > The virus has a TEDDY BEAR ICON with the name jdbgmgr.exe DO > NOT OPEN > IT! > 6. Go to EDIT (on the menu bar) and choose "SELECT ALL" to > highlight the > file without opening it. > 7. Now go to File (on the menu bar) and select DELETE. It > will then go to the recycle bin. If you find the virus, you > must > contact all the people in your Address Book so that they may > eradicate the virus from their own Address Books. > > TO DO THIS: > 1. Open a new e-mail message. > 2. Click the icon Address Book next to "TO," > 3. Highlight every name and add to "BCC," > 4. Copy this message and past to e-mail. My sincerest > apologies to all of you! Please do this right away Tag: Hacker trying to logon... Tag: 27001
  - 2
    - NT 4.0 workstation user rights How do we lock out lock out items such as the control panal, recycle bin, and display properties for users in a computer lab. We have converted to NTFS. We are tring to set up passwords and prevent students from changing settings. Tag: Hacker trying to logon... Tag: 27000
  - 3
    - pop ups Doesn't Microsoft protect its product users by providing us with a defense from the pop up annoyances? Am I being forced to purchase non-Microsoft software to use my computers Microsoft technology without continual interruption? Tag: Hacker trying to logon... Tag: 26993
  - 4
    - IE6 cum patch june 4(818529) problem - need help I think I was affected by this before patching. I am sometimes being forced to visit certain sites, regardless of what link/favorite I am clicking on. And once I put in a particular URL and I get forced to other site, I can no longer go back to that URL ever. ie . I type in www.micro.com but get forced to www.dutch-sex.com. Now every time I try and go to micro.com(regardless if its from typing in URL,clicking a favortie, or clicking a link from another page) I always get forced to dutch-sex.com I have loaded update and problem still exists. Any ideas on what I can do? I know a fair amount about computers, but wouldn't call myself a techie by any stretch of the imagination. any help or ideas would be appreciated. GM Tag: Hacker trying to logon... Tag: 26990
  - 5
    - NT workstation 4.0 security How to install this operationg system using the NTSF file system. We ant to be able to set specific security and user rights, which the FAT system seems unable to do. Tag: Hacker trying to logon... Tag: 26988
  - 6
    - Vulnerability Assessment/Management Process I am looking for an example of a Vulnerability Assessment/Management process. Any info would be helpful Tag: Hacker trying to logon... Tag: 26987
  - 7
    - Hundreds of "pops-up" Is-it some thing I can do to stop thoses "pops-up" to hit my computer. They hit you with hundred of "pops-up" and at the same time they offer you to be able to stop them by buying from them their software. I feel that I am a "Blackmail" victim. Is it somebody out there to tell me what to do to not participate to that blackmail. Thank you, Percy Tag: Hacker trying to logon... Tag: 26975
  - 8
    - Event ID 577 & Failed Install of Microsoft Firewall Client Upon attempting to install the Microsoft Firewall Client software Event ID 577 is generated in the security log (details below) and approximately half-way through the install it rolls back and brings me to a window that states "Installation Wizard was completed with an ERROR!". No clue what the exact error is. Have just found out that this event is being logged at the same time. I am logged on as the domain administrator. Anyone have ANY clues? Searched newsgroups and web endlessly without finding anything at all. Event details: Privileged Service Called: Server: Security Service: - Primary User Name: administrator Primary Domain: SPACEAGE Primary Logon ID: (0x0,0x5EEA12) Client User Name: - Client Domain: - Client Logon ID: - Privileges: SeIncreaseBasePriorityPrivilege Tag: Hacker trying to logon... Tag: 26971
  - 9
    - XP Registry I have just got an XP box to play with. One of the first things I did notice, is that I can't see the registry remotely from my W2K box. I then noticed I couldn't see the event logs either. Why is this? How can I setup the XP box to see these remotely? The remote registry service is running, and my account is in the local admins group on the XP box. Tag: Hacker trying to logon... Tag: 26960
  - 10
    - Outlook express I just started using XP and in my mail settings I like to disable the preview pane so I can delete anything unknown before my computer accepts it. I can't figure out where it is now that I disable it?? Not sure if it has anything at all to do with the fact I switched from 2000 to XP, but, I thought it was in views or tools but don't see it anywhere, can someone guide me??? Thanks in advance! Tag: Hacker trying to logon... Tag: 26956
  - 11
    - hotmail acct hacked!!! i own a hotmail account of the loggin name armon_d@hotmail.com. Some one hacked my email and sent an offensive letter to one of my frnds from my hotmail account. now i am sure no ones knows my password or the answer to my secret question. even if the intruder happen to guess the answer to my secret password, hotmail ask the user to change and reset the password in the next step of the process, it does not as i belive tell u the earlier password. now if the intruder gained acces to my email through this method he would have to rest my password. but i accessed my account my using the same old password after the incident had occurdered and reported to me by my frnd. i still have the email intact in in his acct , the ones sent from my acct to his account. I earnestly look for help in this matter and would like to have a thorough investigation done and find out the culprit if possible. i look forward to your help in this regard. Tag: Hacker trying to logon... Tag: 26939
  - 12
    - IUSR lockout All, I tried to repeat a problem I was able to get to work before, but I am not having any luck. I thought I was able to create a DOS on a web server by locking out the IUSR account at one point. However, when I lock it out now, I can't seem to get it to cause a DOS. The links and everything else seems to behave normally even after locking out that account. Any thoughts on what I may be doing wrong? FYI, to do this, I created a test directory, and a user named test. For the test directory, I allowed only the test user, administrators, and system to have access to that folder. IIS was set to Integrated Auth, and Allow Anon access. I thought I was able to demonstrate this problem before, but for some reason I can't get it to work now. Thoughts? Thanks, Pair Tag: Hacker trying to logon... Tag: 26931
  - 13
    - Administrator cannot access device manager on DC ON the DC the administrator can not access the device manager. Windows 2000 Server Sp2 ADintergrated DNS, WINS. When you go to Device manager it says you do not have sufficient right to access this. login as an administrator and try again. What is causing this? Any Ideas?? Thanks in Advance Paul McGuire Tag: Hacker trying to logon... Tag: 26926
  - 14
    - Spyware What are the best programs to remove Spyware, and protect from getting them? Tag: Hacker trying to logon... Tag: 26917
  - 15
    - Critical Updates I continualy receive pop-up messages from MSN "Critical Updates" Notify Later/ Update Now. I know there is a default setting for updates, but for quite sometime now I have not been able to download a "Critcal Update", always displays a 0 updates available. This pop-up always displays itself in the middle of being on-line and can be quite annoying, especially if you quit what you doing and and click "View Critical Updates Now" and there are no immediate updates to view or download. Any suggestions? Tag: Hacker trying to logon... Tag: 26901
  - 16
    - unblock Help!! How do I 'unblock' an E-mail address?? Sorry, I'm a neophite when it comes to this electronic stuff. John Tag: Hacker trying to logon... Tag: 26899
  - 17
    - MSN Messenger A friend's hotmail acount was hacked by someone. Microsoft Security would not help her out because they could not positively identify my friend as the owner of the account. So I hope to find a solution here. The problem now is that the hacker is posing as my friend initiating "cyber sex" with all those on her list. I myself just ran into the hacker on msn messenger yesterday. My friend has no access to her hotmail account whatsoever. What I want to know is whether it is possible to check for the other person's IP address through Messenger. If so then how would I do it. I really want to nail the S.O.B. Thanks Tag: Hacker trying to logon... Tag: 26892
  - 18
    - software restriction policy. I've turn on the software restriction(to download and install) to all users includes administrative acount. Now that i need to turn it off (control panel/ local security policy) it wont even let me go into local security policy to change. What can i do to turn this off? Also i've make sure that i was logged on as administrative. Reply if you know. Thanks. Tag: Hacker trying to logon... Tag: 26891
  - 19
    - What are these registry entries? While looking through the startup files, I found these two entries in the registry that have me wondering what they could be. I used a program called Pest Patrol to view both the startup files and the running processes of the PC, to obtain this information that I've provided. HKLM\software\CLASSES\htafile\shell\open\command (MSHTA.EXE "%1"%*) HKey_CLASSES_ROOT\htafile\shell\open\command (MSHTA.EXE "%1"%*) Paths for the two are C:\windows\system\mshta.exe Both possess an MD5 "signature" of {95e7e4913891bd12ff9a58c60ea8d143} What the heck are they? Would any of these be an issue for concern? Thanks, LuckyStrike LS@smokedamagedfurniture.youcandriveitawaytoday.com ---------------------------------------------------------------------------- ----------- Tag: Hacker trying to logon... Tag: 26884
  - 20
    - malicious mischief I just downloaded Microsoft Software Inventory Analyzer (MSIA) (MsiaSetup.exe) and when trying to install it, Norton warned me that the program was attempting malicious mischief and that I should cancel the script. The program is asking to delete system files. Should I allow it? Tag: Hacker trying to logon... Tag: 26878
  - 21
    - backdoor.hale I received a note from my Nortonanti virus... I have acquired a trojan virus, backdoor.hale. Quarantine failed. Does anyone have information on this virus and how to delete from my system without harm? Tag: Hacker trying to logon... Tag: 26876
  - 22
    - Critical Security Bulletin MS03-026 If this vulnerability is as critical as Microsoft and the U.S. Department of Homeland Security indicate, why doesn't Microsoft test and offer a patch for the millions of Windows 98 users? Tag: Hacker trying to logon... Tag: 26874
  - 23
    - Unknown Security Update = Q367067 Not sure what is up on this but I received an mail that contains Q367067.exe. Have never been sent patches via email before so I deleted it. I preformed a basic search for subject patch but no match. Merk Tag: Hacker trying to logon... Tag: 26871
  - 24
    - MSM Back door trojans For the past week, every day, several times a day, my Norton has alerted to me that MSM has been attempting to plant a back door trojan into my system. This crap has got to stop!! It specifically is identified as (my IP address) Admin$\system32\msmssri32.exe Cookies is one thing...back door trojans is another!! Tag: Hacker trying to logon... Tag: 26869
  - 25
    - New Security Patch Does the Millenium Edition need the new security patch? Tag: Hacker trying to logon... Tag: 26862

Some is trying to logon onto my server and some how they have obtained the
user list. The security log doesn't give me any IP address information
(only workstation name & the failed account name). First how do I block
logon access for IPs other than the local spoofed subnet (10.0.0.x) and
secondly how did dthey get the list?

Top

Re: Hacker trying to logon... by Susan

Susan
Sun Aug 10 20:09:19 CDT 2003

Got a firewall? Got netbios blocked? If not get one!

Mark Daly wrote:

> Some is trying to logon onto my server and some how they have obtained the
> user list. The security log doesn't give me any IP address information
> (only workstation name & the failed account name). First how do I block
> logon access for IPs other than the local spoofed subnet (10.0.0.x) and
> secondly how did dthey get the list?

--
"Don't lose sight of security. Security is a state of being, not a
state of budget. He with the most firewalls still does not win.
Put down that honeypot and keep up to date on your patches. Demand
better security from vendors and hold them responsible. Use what
you have, and make sure you know how to use it properly and effectively."
~ Rain Forest Puppy

http://www.wiretrip.net/rfp/txt/evolution.txt

Top