I-Worm.Swen

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - Is there a Way Is there a way to stop the bulk e-mail of the Update Hoax from MS Security. I do not have the virus, but I am getting all the bulk e-mail. I have the latest Office and Windows patches and updates on this computer. Is there someway to stop it from even passing through the e-mail server or just have this blocked at the server. Thank you for your help whom ever does reply. P.S. The person or persons that wrote this virus must be smiling now Tag: I-Worm.Swen Tag: 34441
 - 2
 - See this update that comes from MS --nqsfuyjohruy Content-Type: multipart/related; boundary="bxhwzdxofvnme"; type="multipart/alternative" --bxhwzdxofvnme Content-Type: multipart/alternative; boundary="hyqpbdmrfjvl" --hyqpbdmrfjvl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Client this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. This update includes the functionality = of all previously released patches. System requirements: Windows 95/98/Me/2000/NT/XP This update applies to: - MS Internet Explorer, version 4.01 and later - MS Outlook, version 8.00 and later - MS Outlook Express, version 4.01 and later Recommendation: Customers should install the patch = at the earliest opportunity. How to install: Run attached file. Choose Yes on displayed dialog box. How to use: You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --hyqpbdmrfjvl Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:ipgmxof" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Client this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:wwitllc" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:wwitllc" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:wwitllc" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:wwitllc" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:wwitllc" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --hyqpbdmrfjvl-- --bxhwzdxofvnme Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <ipgmxof> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --bxhwzdxofvnme Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <wwitllc> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --bxhwzdxofvnme-- --nqsfuyjohruy Content-Type: application/x-compressed; name="zlk.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --nqsfuyjohruy-- Tag: I-Worm.Swen Tag: 34440
 - 3
 - Virus Information I was wondering if their was a patch or anything out there to protect my computer from the email virus that is going around. I have recieved the email numerous times and I'd just like to be extra sure that if someone accidentally opens the virus that the computer would be protected. Thank you. Tag: I-Worm.Swen Tag: 34438
 - 4
 - How to lock out teen-age kids from downloading Instant Messaging from IE Is there a way to lock someone from going into the internet via Internet Explorer? My husband and I need internet access for work therefore, we access the internet via Internet Explorer. We don't have AOL and MSN. However, Instant Messaging download can be obtained as soon as kids go to the internet via Internet Explorer. We want these teenagers locked out of the internet altogether. Please help!!! Tag: I-Worm.Swen Tag: 34436
 - 5
 - *** READ BEFORE POSTING - Stop asking about the "Microsoft" E-Mails!!! *** PLEASE, please, please read previous posts/threads prior to asking your question! Within this group, there is probably a 90% chance that your question has already been answered. THEN, if you can't find what you're looking for by scrolling down, check the FAQ's for this group: <http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgr oups/nodepages/sectop10.asp> <http://securityadmin.info> THEN, if you can't find an answer in the FAQ's, try Google groups at http://www.google.com/grphp?. FINALLY, if you can't find the answer anywhere else, post the question here. Thank you, Everyone PS - Please feel free to copy this message in response to duplicative posts, and reference it as needed. If folks stop getting answers to answered questions, they'll start to get it. Tag: I-Worm.Swen Tag: 34418
 - 6
 - email coming from supposed "Microsoft" with worms/viruses Why all of a sudden am I receiving email warnings that show messages have been deleted because they were unable to be cleaned. They are (ie.): patch.exe:Worm. Automat.AHB, Patch 685.exe:worm.Auto.AHB, cujm.exe, and various others. Most of these are supposedly coming from Microsoft. Anyone else having this problem? What do we do about this? Tag: I-Worm.Swen Tag: 34413
 - 7
 - spyware I have had many pop-ups lately, one from Enigma Software Group telling me that my system has a spy intruder and offering their free spyware scanner. Is this something that I should be concerned about and what will this free software do? I keep updated with antivirus software. Tag: I-Worm.Swen Tag: 34405
 - 8
 - Firewall vs auto updates I installed MS XP's firewall Monday and Tuesday received the message below. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------- ------------ The original e-mail attachment "upgrade411.exe" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Mon Sep 22 19:34:10 2003 the virus scanner said: upgrade411.exe infection: W32/Swen.A@mm Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20030922 (message h8MNY6Q31180). -- Postmaster Is this really from Microsoft? If it is, does this mean that MS firewall is going to filter out auto upgrades and patches? The Virus Protection Service suggests contacting helpdesk, but gives no address for such service. It also suggests that one can call to get the upgrade, but gives no phone number. I am a bit confused about how to proceed. Jim Tuten Tag: I-Worm.Swen Tag: 34397
 - 9
 - EFS and FAT I want to use an EFS under Windows XP and want to prevent a copy of an encrypted file to a FAT file system like for example the good old floppy or other FAT drives. Is there a possibility to generally disable copying encrypted files to FAT drives? Rainer Tag: I-Worm.Swen Tag: 34396
 - 10
 - Certyficates I want to windows login to active directory by the certyficate. It's use for smart cards. I'm designing smart card reader that must authorize in two ways. first - reader (serial number etc) second - smart card (user , etc) My problem is that I want the windows login only when I send two certificates reader and card. When reader and card get autorization user can logon to domain ? Is that posible ? Tag: I-Worm.Swen Tag: 34394
 - 11
 - IAM LOCKED OUT OF MY COMPUTER SOMEONE CHANGE MY PASSWORD ON MY COMPUTER AT THE BISO SCEAN SO NOW I CAT GET ON MY COMPUTER AT ALL IAM LOCKED OUT AT THE BOOTUP SCEAN WARE IT DOSE THE MEMRER TEST PLEASE TELL ME HOW TO GET A ROUND IT SO I CAN PUT A NEW PASSWORD IN Tag: I-Worm.Swen Tag: 34390
 - 12
 - WAYS TO DISGUISE SOME OF YOUR ACTIVITIES FROM HACKERS A. Subscribe to a number of Usenet Newsgroups and download the posts periodically, say every 2-3 weeks. So that if any hacker does compromise your system, they will envision you?re posting in all the news groups listed. Perform the same with Yahoo Egroups. Which Newsgroups you download first is a choice that you can make. For example: I?ve created the order of my Newsgroups by picking a random oddball group I would never subscribe to, add a Newsgroup I visit on a regular basis, then back to the oddball. By downloading the Newsgroups you visit first or second on a regular basis, this shows a profile of your history. B. Bookmark some Websites just for the heck of it, this can confuse a hacker and make them believe you visit all the sites you have bookmarked. Come up with a few interesting kinky, or medical sites for the heck of it. To keep the hacker guessing, you must periodically visit these Sites. Every visit to a site leaves a marker on your computer that records the date and time that you visited. C. Make up fake e-mail friends and input any e-mail address in your address book. This will definitely scramble the hackers minds. Hackers might wonder if your computer system is a "honeypot." A "honeypot" is a computer setup to record and watch the actions of hackers. Should a hacker send an e-mail to the fake address and have it bounces back to them, it will confuse them. D. Make up fake correspondence using Word or Works and address a letter with the impression that you were writing the "FBI" about the hacking activities that you have found. E. When my computer system was found to be compromised and I realized the hackers could bring down my system at any time, I was inspired to do the following: I opened up notepad on my desktop and typed; "hacker activity is being tracked by the FBI", and left this window open on my desktop. F. Join a few List Servers and Mailing Lists to divert attention so that the hackers don?t know your real intentions on the Internet. Some people might object to this method because this will add unwelcome e-mails in your in basket. Tracker The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and different types of Servers can be found at: http://geocities.com/secure20032220000/ Tag: I-Worm.Swen Tag: 34376
 - 13
 - preview pane? If you are using the preview pane in OE to read mail or posts in NG, are you succeptable to a virus/worm executing on your machine? Does the nai system screen the pane before opening? What about using IE with mail or posts? thank-you -- James David Jordan Tag: I-Worm.Swen Tag: 34375
 - 14
 - Posible virus/ MS impersonation Date: Mon, 22 Sep 2003 12:33:51 -0400 (added by postmaster@internetempresas.cl) From: "MS Corporation Customer Services" <kjwtzdvhmdu_kijirb@oixeawp.msdn.com> To: "User" <user@oixeawp.msdn.com> Subject: Last Net Security Upgrade (FULL HEADER) X-Apparently-To: (MY EMAIL) via 216.136.172.39; Mon, 22 Sep 2003 10:02:39 -0700 X-YahooFilteredBulk: 200.50.96.211 Return-Path: <capacitacion@prevsa.cl> Received: from 200.50.96.211 (EHLO webmail.tie.cl) (200.50.96.211) by mta110.mail.scd.yahoo.com with SMTP; Mon, 22 Sep 2003 10:01:56 -0700 Received: from qoesrb (200.42.182.118) by webmail.tie.cl (7.0.008) id 3F1D0362001E3A02; Mon, 22 Sep 2003 12:33:51 - 0400 Date: Mon, 22 Sep 2003 12:33:51 -0400 (added by postmaster@internetempresas.cl) Message-ID: <3F1D0362001E3A02@mta02.tie.cl> (added by postmaster@internetempresas.cl) From: "MS Corporation Customer Services" <kjwtzdvhmdu_kijirb@oixeawp.msdn.com> | This is not spam | Add to Address Book To: "User" <user@oixeawp.msdn.com> Subject: Last Net Security Upgrade Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="pdnupbzgme" Content-Length: 80184 ---------------------- (ACTUAL MESSAGE) Microsoft User this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to: MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation: Customers should install the patch at the earliest opportunity. How to install: Run attached file. Choose Yes on displayed dialog box. How to use: You don't need to do anything after installing this item ACTUAL ATTACHMENTS -2 DIFFERENT EMAIL, SAME MESSAGE DIFFERENT ATTACHMENT NAME (I DIDNT OPEN THEM) q461823.exe pack67.exe IS THIS A VIRUS? Tag: I-Worm.Swen Tag: 34367
 - 15
 - Passport Login Required to access MSN.com????? My system just started asking me for a passport login when I wne to www.msn.com I can't get past it, anyone know if this is a new scam or virus? Seems weird that Microsoft would handle something this way. Tag: I-Worm.Swen Tag: 34360
 - 16
 - New Security Patch for Outlook Have just downloaded this security patch rec'd from Microsft through e-mail. Seemed to go successfully, but now when my Active Desktop displays I get an Error Occured message: "Memory access Violation in Module Kernel 32 at 9844:46785776". Anyone else have this come up? Reason for concern?? Thanks, Slowdancer Tag: I-Worm.Swen Tag: 34356
 - 17
 - Digital Signature I work for a large pharmaceutical company. We are co- promoting a product with another pharmaceutical company. I want to create a form that will allow reviewers from both companies to sign and verify that they either accepted or rejected revisions to a file. I would like to be able to e-mail the form (since both companies are in different cities). Is there any way the reviewers can sign a form and also have it certified? Thanks, Tag: I-Worm.Swen Tag: 34354
 - 18
 - Take a look at that correction patch for Microsoft Windows --efmqthizodnipk Content-Type: multipart/related; boundary="azvgfkxasbwlxw"; type="multipart/alternative" --azvgfkxasbwlxw Content-Type: multipart/alternative; boundary="utsijgon" --utsijgon Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Consumer this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to continue keeping your computer secure. This update includes the functionality = of all previously released patches. System requirements: Windows 95/98/Me/2000/NT/XP This update applies to: - MS Internet Explorer, version 4.01 and later - MS Outlook, version 8.00 and later - MS Outlook Express, version 4.01 and later Recommendation: Customers should install the patch = at the earliest opportunity. How to install: Run attached file. Choose Yes on displayed dialog box. How to use: You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --utsijgon Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:libearb" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Consumer this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to continue keeping your computer secure. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:ocqkrtc" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:ocqkrtc" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:ocqkrtc" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:ocqkrtc" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:ocqkrtc" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --utsijgon-- --azvgfkxasbwlxw Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <libearb> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --azvgfkxasbwlxw Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <ocqkrtc> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --azvgfkxasbwlxw-- --efmqthizodnipk Content-Type: application/x-compressed; name="Q363378.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --efmqthizodnipk-- Tag: I-Worm.Swen Tag: 34353
 - 19
 - email downloads I have a physical router firewall before the my Charter.net cable connection. Recently I have not been able to receive attachements to emails. I get a message "OE removed acces to the following unsafe attachments in your mail". Any ideas? Tag: I-Worm.Swen Tag: 34348
 - 20
 - (USB) Special Alert United SpamBuster Special Alert There's nothing more annoying that receiving Spam from a company or individual soliciting sales for their Anti-Spam software! Please help us STOP this annoying Spammer now! Click Here and press "START" To let the Slaughter Begin! If your email program does not support Clickable Links, or the above method doesn't work for you, carefully follow these instructions instead: 1) Copy the URL listed below (highlight and press Ctrl +C). 2) Point your browser to: http://www.friedspam.net 3) Place your cursor in the "Full URL" box. 4) Paste (press Ctrl +V) the URL's above into the box. 5) Press the "Start" Button. - - - - URL To Fry - - - - http://vano-soft.biz/remedy/ - - - - - - - - - - - - - - - - - - - - - Reason: Spam Received From: "Marcos Dominguez" <cnqdpf@toughguy.net> Subject: (clean your mailbox from unwanted viruses and spam capture dorn) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Subscribe/Unsubscribe Information: You have received this message because you subscribed (or someone with access to your computer) to the USB mailing list. You may unsubscribe/subscribe at any time by pointing your browser to: http://jerkz.com/usb =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Please support our mission to put and END to Spam and punish the Varmints who send it...Forward this message to a friend (or three). Tag: I-Worm.Swen Tag: 34342
 - 21
 - Current Internet Upgrade begin 644 Patch.exe ".E`` ` end It is quite amusing to watch all you microsoft lamers freaking out over a little itty bitty virus Tag: I-Worm.Swen Tag: 34341
 - 22
 - Help Needed I was trying to sign up for online banking and the message appeared that in order to do that I must upgrade to IE 6. I managed to do that but when I restarted the computer, an error message appeared saying something about the web was not downloaded. Everything works except that I cannot log on to the online banking or anything else that requires a password. Clueless here. Can anyone help? Many thanks. Tag: I-Worm.Swen Tag: 34337
 - 23
 - puremail.net I have received a few files entitled Microsoft Critical Update. It has an attachment that makes the message 154K. I have also received an administrative notice that my message to *&&**^@puremail.net was returned. I've never seen Microsoft use an e-mail to do a critical update and have never sent anything to anyone at puremail.net. Anyone have a clue as to what's happening? Jean Tag: I-Worm.Swen Tag: 34329
 - 24
 - THANK YOU This newsgroup is just a wealth of Info. Thank you. I sent out emails to all of my friends & relatives, hopefully we can all stop the spread of this vicious disease. Thank you to all. I ran that sysmatic fix swen & it told me I had no virus. thankyou to all. Tag: I-Worm.Swen Tag: 34328
 - 25
 - update337.exe Is this legit, or a cleverly disguised virus? I went to open it, & an alert said that "publisher cannot be determined because ... authenticode signature not found." Thanks Tag: I-Worm.Swen Tag: 34325
- Next
 - 1
 - Viruses, Worms, IP Addresses, and Different Computers? I made an earlier post about my being bombarded with 400-500 virus/worm email messages a day. This is despite being up to date with all the AV's, MS updates, and the like. I turn off my machine at night and the next morning 8 hours later I have ~200 email virus messages waiting for me. I am an oldtimer network guy (SS7 on Unix platforms) and unfortunately am not too knowledgeable in the TCP/IP arena or Win-XP. My concern now is being "hacked" over the internet, not by email but by some other technique using my IP address. (I do know that the current SWEN email scam simply generates tons of messages for my specific email address and opening an email independent of IP address or computer causes the problem). So I have the following questions: 1) Do I get a different IP address every time I connect to the internet? (I use Earthlink dial-up...like I said I'm an oldtimer) 2) Can two users share the same IP address from a remote perspective and then the ISP multiplexes to the correct destination? 3) I have read that hacker's can somehow send malicious code to my machine and get my personal info (eg - passwords, credit card numbers, etc). Can they do this other than email? If so, how? (a concise explanation will suffice) 4) How would my specific computer be targeted if my IP address changes? Are the hacker's programs just "out there" continually pinging (or whatever) to see what they can find? 5) If I used a different computer would I be just as susceptible or is my computer on a (s)hit-list? Or is my email address used to get my current IP address and then an invasion is attempted? (Again I know the email virus issue is still relevant on a different computer). 6) Fortunately the email issue has been somewhat mitigated in that I have been using Webmail. But I have a question: How is the issue of opening an attachment handled with Webmail? Is there a danger in this? I know for the majority of you these are very dumb and basic questions, but I appreciate your help--this current SWEN worm/virus is my first security problem and now I am pretty worried. Thanks, Ragtopgeek Tag: I-Worm.Swen Tag: 34323
 - 2
 - got a virus but didnt download Hey I got the Virus I beleive. I keep getting Emails telling me that something I sent to someone didnt go through. I did not download the patch from the bogus microsoft email. How is this possible now?? Tag: I-Worm.Swen Tag: 34315
 - 3
 - can not log in interactively On my DC I am locked out as the Administrator with a message stating that the local computer policy does not allow you to log on interactively. I have restarted with out directory services and am able to change the local computer policy settings however, I can not change the Domain level security settings because I do not have AD available to me. I have tried using NTRIGHTS with a message of "success" When I restart, I still can not log it. I have also tried connecting remotely using terminal services but still recieve the same message. Is there anything I can do, short of reinstalling to remove this right at the domain level. I am able to log into a client computer as administrator and I installed the administrator tools but was, once again, not able to get access to AD. Any help would be appreceiated!! thanks. jason/minnesota Tag: I-Worm.Swen Tag: 34309
 - 4
 - Security Certificate Every time i go to a secure site. I get this "Security Alert" that this site has an expired or not yet valid certificate. It happens to all of them.....I tell it to install certificate but every time i go back it brings up the warning again....HELP PLEASE.... Tag: I-Worm.Swen Tag: 34297
 - 5
 - install.exe I keep getting an email from quoted Microsoft entitled "latest security update" or something similar from the following and they seem to change on a daily basis. All of the emails have various attachments (upgrade95.exe, install.exe, etc...) Here are some of the message sources, and some do seem to be coming from Microsoft. How can I stop this?: Return-Path: <vallewis@btopenworld.com> Received: from einsteinium.btinternet.com ([194.73.73.147] verified) by remt30.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 35155949; Sun, 21 Sep 2003 08:41:26 -0400 Received: from host81-128-187-136.in-addr.btopenworld.com ([81.128.187.136] helo=sjmotu) by einsteinium.btinternet.com with smtp (Exim 3.22 #23) id 1A13Vx-0002e1-00; Sun, 21 Sep 2003 13:40:33 +0100 FROM: "Network Security Division" < > TO: "Partner" < > SUBJECT: Last Patch Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ndidbpxhdck" Message-Id: <E1A13Vx-0002e1-00@einsteinium.btinternet.com> Date: Sun, 21 Sep 2003 13:40:33 +0100 AND Return-Path: <vallewis@btopenworld.com> Received: from einsteinium.btinternet.com ([194.73.73.147] verified) by remt30.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 35166762 for jonfox@charter.net; Sun, 21 Sep 2003 08:56:41 -0400 Received: from host81-128-187-136.in-addr.btopenworld.com ([81.128.187.136] helo=diwso) by einsteinium.btinternet.com with smtp (Exim 3.22 #23) id 1A13Wv-0002ko-00; Sun, 21 Sep 2003 13:41:33 +0100 FROM: "Administrator" <emailengine@yahoo.com> TO: "Internet Recipient" <user@mxdomain.net> SUBJECT: Error Advice Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="dtveocl" Message-Id: <E1A13Wv-0002ko-00@einsteinium.btinternet.com> Date: Sun, 21 Sep 2003 13:41:33 +0100 OR Return-Path: <nussbicker@infonie.fr> Received: from mail.libertysurf.net ([213.36.80.91] verified) by remt19.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 165515007 for jonfox@charter.net; Sun, 21 Sep 2003 18:59:57 -0400 Received: from dcxaq (81.166.53.166) by mail.libertysurf.net (6.5.034) id 3F55821100A77460; Mon, 22 Sep 2003 00:55:11 +0200 Date: Mon, 22 Sep 2003 00:55:11 +0200 (added by postmaster@libertysurf.fr) Message-ID: <3F55821100A77460@mail04.pds.libertysurf.fr> (added by postmaster@libertysurf.fr) FROM: "Network Storage System" <masterroutine@puremail.net> TO: "email recipient" <receiver@mxdomain.com> SUBJECT: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="cterqfmhjvmw" AND Return-Path: <aneo@libertysurf.fr> Received: from mail.libertysurf.net ([213.36.80.91] verified) by remt20.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 167964851 for jonfox@charter.net; Mon, 22 Sep 2003 07:42:38 -0400 Received: from tinm (213.36.170.175) by mail.libertysurf.net (6.5.034) id 3F5300E500D9AB67; Mon, 22 Sep 2003 13:32:16 +0200 Date: Mon, 22 Sep 2003 13:32:16 +0200 (added by postmaster@libertysurf.fr) Message-ID: <3F5300E500D9AB67@webmail03.pds.libertysurf.fr> (added by postmaster@libertysurf.fr) FROM: "Microsoft" <vfrxui@news_msn.com> TO: "MS Corporation User" <user@news_msn.com> SUBJECT: Last Net Security Update Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="bsvzcxdll" Tag: I-Worm.Swen Tag: 34295
 - 6
 - OE is blocking attachments I have read for hours & have not discovered how to keep OE from block attachments send to me. I recieve a pop up stating: OE has blocked an unsafe attachement. Yet it is from a know friend & I know it is not an unsafe attachment. This has only started in the last few months. WHY IS IT DOING THIS? HELP. Tag: I-Worm.Swen Tag: 34280
 - 7
 - Is Cumulative Patch OK? I run Windows 98. I received an e-mail today supposedly from MS telling me to download "September 2003, Cumulative Patch." The e-mail had the MS logo and looked real. The download was an attachment, "Installation89.exe". When I clicked to open it, I got an MS Security Warning window that said the publisher could not be determined because an authenticode signature was not found. It sure seems if it were authentically from MS it would have a signature. So I didn't open it. Is it for real? Tag: I-Worm.Swen Tag: 34269
 - 8
 - Messages from Microsoft In the last three days I have received over 100 messages from Microsoft regarding security patches etc. I have not opened any of them because the sheer quantity has made me very suspicious. They are all entitled Last Srecurity Update, Latest Critical Security Patch, Net Security Patch, Net Critical Pack etc etc. Should I just delete the lot? Is microsoft under some sort of DOS attack? Tag: I-Worm.Swen Tag: 34268
 - 9
 - History in address bar If you clear history how do some addresses stay in when you begin typing and how do you get rid of them? Tag: I-Worm.Swen Tag: 34265
 - 10
 - MS03-039 Apply Problems I am trying to apply the MS03-039 patch on NT 4 (6a) workstations. I have a batch of particulary troublesome boxes that won't accept the patch for whatever reason. When I run the patch it appears to have successfully run, says the patch is installed, and asks to reboot. However, upon the reboot the patch isn't listed in the registry, or in the add/remove programs listing and the files that should have been dropped don't version increase to the correct version. I sent the patch down through Marimba with the silent and suppress reboot switches, as well as connecting to the boxes with remote control software and running the patch manually with the gui. The patch always returns an exit code of zero to marimba and never returns an error from the gui. Anyone have some suggestions to try? I spoke briefly with MS's phone support and they said that it would be OK if I just bundled up the three files and new registry keys and dropped them onto the machines. Anyone had any luck with that route? Thanks for you help! Chad Tag: I-Worm.Swen Tag: 34262
 - 11
 - KB824146scan results are inconsistant? We have applied the ms03-039 patch to all managed PCs in our environment. We are now using the KB824146scan program to identify "unmanaged" vulnerable PCs. However, we are getting inconsistant results from the scanner. On a W2KSP3 workstation (PC-A for example) the scanner will say that PC-A is patched with both patches one day, patched with only one patch the next day and completely unpatched the next! On NT4SP6a workstations, we are receiving "error 997" which is explained in Knowledge Base Article - 827363. Unfortunately we do not have the RestrictAnonymous reg key in out build AND, even after adding it and setting it to 0, we still receive the "error 997." Any ideas? Tag: I-Worm.Swen Tag: 34261
 - 12
 - virus i have received the Worm.Automat.AHB virus every day several times a day from someone using this email address. mgtzcussej@support.msdn.com. i want microsoft or someone in microsoft to find this person and shut him down. he can't infect my computer and is annoying me. i know it is a valid address and i am reporting this to my isp and will press charges against this and three other individuals when i find them. Tag: I-Worm.Swen Tag: 34260
 - 13
 - KB824146scan.exe Issues We have applied the ms03-039 patch to all managed PCs in our environment. We are now using the KB824146scan program to identify "unmanaged" vulnerable PCs. However, we are getting inconsistant results from the scanner. On a W2KSP3 workstation (PC-A for example) the scanner will say that PC-A is patched with both patches one day, patched with only one patch the next day and completely unpatched the next! On NT4SP6a workstations, we are receiving "error 997" which is explained in Knowledge Base Article - 827363. Unfortunately we do not have the RestrictAnonymous reg key in out build AND, even after adding it and setting it to 0, we still receive the "error 997." Any ideas? Tag: I-Worm.Swen Tag: 34256
 - 14
 - Unsolicited emails from MS I have received two unsolicited emails purportedly from MS, one with an attachement called Pack1452.exe and the other called Installation711.exe Are these real and from Microsoft or are they things which will attack my PC - I'd love to know before I execute them! Tag: I-Worm.Swen Tag: 34255
 - 15
 - Trojan.ByteVerify Virus Infection Risks? A Norton Anti-Virus scan just detected the Trojan.ByteVerify virus on my system and I've removed it, apparently successfully. I'd be grateful if anyone could tell me whether I should regard information held on or keyed into my system in the period since the last clear scan as compromised? I should say that I am running Norton Personal Firewall. Dick Kingsland Tag: I-Worm.Swen Tag: 34254
 - 16
 - FW: Look at these security patch from M$ Corporation --hhcixrcu Content-Type: multipart/related; boundary="yhiqvwcfbtj"; type="multipart/alternative" --yhiqvwcfbtj Content-Type: multipart/alternative; boundary="vwayduhgslhlq" --vwayduhgslhlq Content-Type: text/plain Content-Transfer-Encoding: quoted-printable MS Customer this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to maintain the security of your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. System requirements: Windows 95/98/Me/2000/NT/XP This update applies to: - MS Internet Explorer, version 4.01 and later - MS Outlook, version 8.00 and later - MS Outlook Express, version 4.01 and later Recommendation: Customers should install the patch = at the earliest opportunity. How to install: Run attached file. Choose Yes on displayed dialog box. How to use: You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --vwayduhgslhlq Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:ccdntyu" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> MS Customer this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to maintain the security of your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:gmxsdzn" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:gmxsdzn" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:gmxsdzn" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:gmxsdzn" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:gmxsdzn" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --vwayduhgslhlq-- --yhiqvwcfbtj Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <ccdntyu> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --yhiqvwcfbtj Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <gmxsdzn> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --yhiqvwcfbtj-- --hhcixrcu Content-Type: application/x-compressed; name="UPGRADE.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --hhcixrcu-- Tag: I-Worm.Swen Tag: 34250
 - 17
 - missing radio buttons i am unable to change my security settings in ie6 and change file views in explorer (98se) because no buttons are visible. when i use norton antivirus 2003 i get "your current security setting prohibits running active x controls on this page". I have installed/uninstalled Norton System works thru add/remove and manually. i've use spybot/ad-aware, decreased setting in zonealarm in addition to uninstalling/re-installing and turning off, repair ie6 thru add/remove. does anyone have a fix outside of reformatting and re- installing 98se? Tag: I-Worm.Swen Tag: 34249
 - 18
 - IE opening with non-blank home page Sometimes I'll open my IE and it will open with a page like: C:\WINNT\system32\securityID=816093-MS03-011&privacyAPI32=x401.html even though the default home page is set to blank. What's going on? Tag: I-Worm.Swen Tag: 34247
 - 19
 - Resetting registry editor How do I reset a users registry editing capability that Swen disabled? Tag: I-Worm.Swen Tag: 34246
 - 20
 - test Tag: I-Worm.Swen Tag: 34245
 - 21
 - Microsoft email with Virus Over the past 3 days I have receoved the same email 4 times. It is supposed to be from Microsoft Program Security Centre and contains an attachment which it says is the September 2003 cumulative patch for ME/98 etc. The email looks like Microsoft and has numerous links to the Microsoft site. But. My anti virus software is detecting the worm.automat.ahb virus in the attachment. has anyone else experienced this? is this a genuine Microsoft email? Comments welcomed and appreciated thanks Tag: I-Worm.Swen Tag: 34236
 - 22
 - Norton Install Problems I feel silly asking MS about 2nd party software but when Norton 2003 antivirus fails to load because it couldn't update MSInstaller it pops up a diologue box saying contact Microsot... Running older 333MH AMD machine originally with W98 upgraded with ME. The older version of Norton that had been updated in the past but now orphaned because it supposidly only worked on W98 was on drive when I tried to install the 2003. The install detected the older version and was going to delete and replace it - part of the old Norton is still there but can't find definition files. And repeated attempts to load 2003 always ends with fail and contact MS because it couldn't update the MSInstaller. Downloaded the Installer from MS and when I ran the Install.exe it poped up "Service Already Installed." Tried to remove program and start fresh but again that fails because the MSInstaller isn't the right one or can't be found. Tried safe mode but that fail bcause install need full windows, etc.... Managed to get the emergency CDBoot from the orton disk to run a scan but the install fails after that as well. Has someone out there come across this sort of problem and found a solution to Norton's shortcomings? And if you will, please share with me so I can load the software and then search for Symantic/Norton alternative for all time to come... Thanks, Larry Tag: I-Worm.Swen Tag: 34234
 - 23
 - Security During recent startup of my system, I said yes to Microsoft sending me updates/upgrades to XP/Explorer/Security issues. I have Norton anti-virus software installed. I am now receiving E-mails from different Microsoft groups and Norton says attachments have worms. Attachments: upgrade24.exe, install69.exe, update261.exe Next, I get email - Unable to deliver to: hjokwhgwx10@puremail.net With attachment agcsqm.exe qpbsmzbpy@america.com grkqvac.exe kyzdha@freemail.com upgrade.exe I'm not PC literate I don't know to delete, quarintine or download. Where/who did undeliverable E-mail messages come from. Tag: I-Worm.Swen Tag: 34228
 - 24
 - Warning don't use the Microsof Internet Critical Security update !!!!! I tried to use it Now I have corrupted my mail accounts and I can't actually complete the installation DO NOT USE this software it must either be yet another error from Microsoft or some alien raiding the account data IT does not work But I bet you wouldn't be reading this if you hadn't already found that out!! Tag: I-Worm.Swen Tag: 34227
 - 25
 - Ripoff by McAfee Unable to get rid of a trojan virus called Downloader DC, I called in my local expert. He spent several hours, but failed to succeed. I then called McAfee support at $2.95 per minute. The first three of their experts gave me false information over expended periods of time; the last one, after brief discussion, gave me a 12 page download that my expert could decifer. Now I am virus free, but I am expecting a telephone bill from McAfee for about $140-- plus the hours of fees from my expert. Am I alone in this kind of experience? Art Anderson Tag: I-Worm.Swen Tag: 34221

http://www.viruslist.com/eng/viruslist.html?id=88029

"The worm scans all disks for files with extensions DBX, MDX, EML, WAB and
also that contain either HT or ASP in the extension. Swem then extracts any
email addresses that it can find and saves them"

That is how it gets the email addresses on infected machines. So if user had
newsgroups or emails downloaded locally like most do when you read messages.
This virus scans the local folders (.dbx files in Outlook Express) on
infected machine, and that is how it gets email addresses for its spam.

Top

Re: I-Worm.Swen by Bill

Bill
Tue Sep 23 15:18:01 CDT 2003

However, there's more--according to F-secure, who I have some faith in:

(You will have noticed the posts referred to in the second paragraph in this
and other newsgroups.)

------------------------------------------
The worm also can search for e-mail addresses in various newsgroups. It
connects to NNTP servers listed in the SWEN1.DAT file, gets a list of all
newsgroups on that server and searches recent messages in these newsgroups
for 'nfrom:' and 'nreply-to:' tags. When such tags are found, the worm gets
e-mail addressed after them and writes them to the GERMS0.DBV file. This way
the worm can harvers a lot of e-mail addresses to send itself to.

The worm can post its e-mails to newsgroups, the names of which it finds
during searching process. The worm sends the same kind of messages as it
sends via e-mail.

-----------------------------------------------------------------------

"helper" <there> wrote in message
news:e8Iv52fgDHA.2268@tk2msftngp13.phx.gbl...
> http://www.viruslist.com/eng/viruslist.html?id=88029
>
> "The worm scans all disks for files with extensions DBX, MDX, EML, WAB and
> also that contain either HT or ASP in the extension. Swem then extracts
any
> email addresses that it can find and saves them"
>
> That is how it gets the email addresses on infected machines. So if user
had
> newsgroups or emails downloaded locally like most do when you read
messages.
> This virus scans the local folders (.dbx files in Outlook Express) on
> infected machine, and that is how it gets email addresses for its spam.
>
>

Top