RePost: Security Log has sequence of failed attempts to change passwords

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - Deleted infected emails Whenever I receive "bogus" security emails from Microsoft (and there have been a barrage lately), I immediately delete them from my "In" folder, then go and delete them from my "Deleted" folder. My question is, do those emails continue to reside somewhere on my system - and, if so, how can I get rid of them permanently. If they're left to remain there, can they do me any harm? I'm using Windows 2000 and run Symantec's Norton Internet Security 2003. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34821
 - 2
 - How to Tell If a Microsoft Security-Related Message Is Genuine http://www.microsoft.com/security/antivirus/authenticate_ma il.asp Go to the above address for your answer. best... Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34818
 - 3
 - Never mind, Warning: message got me, thanks! Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34804
 - 4
 - E-Mail Update Notifications Hey group, I don't think Microsoft does this, but I've been getting e-mails that look like they're from Microsoft, but check out the header of one of these messages and let me know what you think, Thanks, Trav -- BEGIN HEADER -- Microsoft Mail Internet Headers Version 2.0 Received: from vison.ip.pt ([195.23.132.15]) by exchsrvr.plascoincorporated.com with Microsoft SMTPSVC (5.0.2195.5329); Thu, 25 Sep 2003 07:39:33 -0400 Received: (qmail 31265 invoked from network); 25 Sep 2003 11:39:20 -0000 Received: from unknown (HELO tainha.ip.pt) (195.23.132.7) by vison.ip.pt with SMTP; 25 Sep 2003 11:39:20 -0000 Received: (qmail 18968 invoked from network); 25 Sep 2003 11:39:13 -0000 Received: from unknown (HELO frukizl) ([195.23.52.68]) (envelope-sender <spinarq.lisboa@spinarq.com.pt>) by polvo.isp.ip.pt (qmail-ldap-1.03) with SMTP for <chade@jdbyrider.com>; 25 Sep 2003 11:39:13 - 0000 FROM: "Technical Services" <yobrnhtn@updates.microsoft.com> TO: "Customer" <xoflomqv_yiffnvhcf@updates.microsoft.com> SUBJECT: New Microsoft Update Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="jarfaciaoggaxfkx" Return-Path: spinarq.lisboa@spinarq.com.pt Message-ID: <EXCHSRVRB5Rw1SSfWXW0000010e@exchsrvr.plascoincorporated.co m> X-OriginalArrivalTime: 25 Sep 2003 11:39:33.0881 (UTC) FILETIME=[B0D87690:01C38359] Date: 25 Sep 2003 07:39:33 -0400 --jarfaciaoggaxfkx Content-Type: multipart/related; boundary="oqrlydztlebrm"; type="multipart/alternative" --oqrlydztlebrm Content-Type: multipart/alternative; boundary="tzrzddhgkjoeov" --tzrzddhgkjoeov Content-Type: text/plain Content-Transfer-Encoding: quoted-printable --tzrzddhgkjoeov Content-Type: text/html Content-Transfer-Encoding: quoted-printable --tzrzddhgkjoeov-- --oqrlydztlebrm Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <llailzw> --oqrlydztlebrm Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <tbnjevi> --oqrlydztlebrm-- --jarfaciaoggaxfkx Content-Type: application/x-msdownload; name="pack78.exe" Content-Transfer-Encoding: base64 Content-Disposition: attachment --jarfaciaoggaxfkx-- Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34801
 - 5
 - Authentication Two XP clients trying to access 3rd party software through a web interface hosted on an NT4 server. One can access this fine. On the NT4 server the entry for the working XP client appears to be using the KsecDD logon process where as the other one appears as Ntlmssp. It appears that the credentials are not being passed through correctly by using NtlmSsp any suggestions would be greatly appreciated. I have compared registry settings and group policy settings on the two machines to no avail. Many Thanks Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34785
 - 6
 - Warning: the virus is posted to the newsgroups! In case you didn't see it - there are some messages (ca 150KB each) with subjects like "Try these patches". Needless to say, it's our friend SWEN. regards -- Svyatoslav Pidgorny, MVP, MCSE -= F1 is the key =- Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34784
 - 7
 - This New Patch Problem IS MICROSOFT!!! sick of this cr*p Microsoft is putting out, you must think we are idiots 1. From 50 people I know ONLY people who registered for Microsoft updates are being effected - YAHOO, HOTMAIL, AOL - Does not matter. ALl the other people have received nothing.. So YOU are being used!!! Why no announcement eh? BLASTER Worm loads of press This nothing - WE ARE TELLING YOU whats going on. This is not service, this company has no idea what the word means. I am sick of second rate products that I spend hours downloading patch's for. SORT YOUR HOUSE OUT. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34783
 - 8
 - MICROSOFT F*KING STOP NOW!! YOU ARE KILLING ME!! I AM VERY ANGRY!!!!! I WANT MICROSOFT TO STOP THE BARRAGE OF SECURITY PATCH'S THAT ARE CRASHING MY EMAIL ADDRESS EVERYDAY!!! YOU IDIOTS HAVE SENT ME THE SAME PATCH'S HUNDREDS OF TIMES 150K EACH AND MY MAIL BOX CAN NOT TAKE IT!! I HAVE MISSED A JOB!! A JOB!!@!!! BECAUSE YOU INSIST ON SENDING THESE THINGS OVER AND OVER AND OVER AGAIN. STOP SENDING ME THIS STUFF, YOU ARE WORSE THAN ANY VIRUS********* DUE TO THE LOSS OF EMPLOYMENT, AFTER TRYING TO CONTACT YOU THROUGH DOZENS OF FORUMNS, EMAILS, I AM SEEKING LEGAL COUNCIL!!! THINK BEFORE YOU TURN PEOPLE'S EMAIL SITES INTO THE DUMPING GROUNDS FOR HUNDREDS OF PATCHS!! MUPPETTS@YAHOO.COM IS THE SITE - DO SOMETHING NOW AS I HAVE LOST ALL REASON , HUMOUR AND PATIENCE WITH THIS AROGANT MISUSE OF MY COMPUTER!!!!. CHRIS SLADE - VERY VERY VERY ANGRY CONSUMER!!!!!!!!!!! Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34779
 - 9
 - Local Security Policy I'm trying to add the administrator group to the 'change sytem time' option in Local Policies\User Rights Assignments. due to the nature of our business we can not have the users changing the time, although as synchronisation is vital we need to be able to change the time for them when it lapses. i've double clicked the option, clicked add user group, advanced, find now and the administrator group is not there to add..... is there a way i can add this? also if anyone happens to know of any time synchronisation programs that run as a service i'd think about giving you some kind of medal! Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34776
 - 10
 - Latest Network Critical Patch Dear Sirs, I have received an email from Microsoft with attached to=20 this email a file with the name Q661959.exe How can I verify that this email originates from Microsoft. How can I be sure that I m not loading a Virus or worse=20 from someone giving himself out to be MS. Thank you for your assistance =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Return-Path:=20 <leif@ab.se> Received:=20 from focus2.focus.lu (focus2.focus.lu=20 [161.58.236.92]) by mailbox.lu (8.12.9p1/8.11.6) with ESMTP id h8OLX56r084494 for=20 <dolphin@mailbox.lu>; Wed, 24 Sep 2003 23:33:10 +0200=20 (CEST) Received:=20 from smtp.wineasy.se (smtp.wineasy.se=20 [195.42.198.20]) by focus2.focus.lu (8.12.9p1/8.11.6) with ESMTP id h8OLX0hl007872 for=20 <info@delphinus.lu>; Wed, 24 Sep 2003 23:33:04 +0200 (CEST) Received:=20 from fsnaqc=20 (242.210.88.213.host.tele1europe.se [213.88.210.242]) by=20 smtp.wineasy.se with SMTP id h8OLVbNJ000744; Wed, 24 Sep 2003=20 23:31:48 +0200 Date:=20 Wed, 24 Sep 2003 23:31:48 +0200 Message-ID:=20 =20 <200309242131.h8OLVbNJ000744@smtp.wineasy.se> From:=20 ""=20 <brlbjfedf@support.go.microsoft.akadns.net> To:=20 "Microsoft Partner"=20 <partner-xwhccaqi@support.go.microsoft.akadns.net> Subject:=20 Latest Network Critical Patch Mime-Version:=20 1.0 Content-Type:=20 multipart/mixed;=20 boundary=3D"braxatdbefarmvg" X-Mozilla-Status:=20 8001 X-Mozilla-Status2:=20 00000000 X-UIDL:=20 ]p3"!^k!"!~HH!!#$["! Microsoft=20 All Products=20 | Support | Search | Microsoft.com Guide =20 =20 Microsoft Home =20 =20 Microsoft Partner this is the latest version of security update, the=20 "September 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet=20 Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to=20 protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run=20 executable on your computer. This update includes the functionality of all previously released patches.=20 System requirements=20 Windows 95/98/Me/2000/NT/XP This update applies to=20 MS Internet Explorer, version 4.01=20 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01=20 and later=20 Recommendation Customers should install the patch=20 at the earliest opportunity. How to install Run attached file. Choose Yes on=20 displayed dialog box. How to use You don't need to do anything=20 after installing this item. Microsoft Product Support Services and Knowledge Base=20 articles can be found on the Microsoft Technical Support web site. For security-related information about=20 Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.=20 Thank you for using Microsoft products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners.=20 Contact Us | Legal | TRUSTe=20 =A92003 Microsoft Corporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility=20 Q661959.exe Content-Type:=20 =20 application/x-msdownload; name=3D"Q661959.exe" Content-Transfer-Encoding:=20 base64 Content-Disposition:=20 attachment Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34771
 - 11
 - This legit? I just recieved this email: Microsoft All Products | Support | Search | =20 Microsoft.com Guide =20 Microsoft Home =20 =20 MS Consumer this is the latest version of security update,=20 the "September 2003, Cumulative Patch" update which=20 resolves all known security vulnerabilities affecting MS=20 Internet Explorer, MS Outlook and MS Outlook Express as=20 well as three newly discovered vulnerabilities. Install=20 now to protect your computer from these vulnerabilities,=20 the most serious of which could allow an attacker to run=20 code on your system. This update includes the=20 functionality of all previously released patches. =20 System requirements Windows 95/98/Me/2000/NT/XP=20 This update applies to MS Internet Explorer, version=20 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later =20 Recommendation Customers should install the patch at the=20 earliest opportunity.=20 How to install Run attached file. Choose Yes on displayed=20 dialog box.=20 How to use You don't need to do anything after installing=20 this item.=20 Microsoft Product Support Services and Knowledge Base=20 articles can be found on the Microsoft Technical Support=20 web site. For security-related information about Microsoft=20 products, please visit the Microsoft Security Advisor web=20 site, or Contact Us.=20 Thank you for using Microsoft products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. ----------------------------------------------------------- --------------------- The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners. =20 Contact Us | Legal | TRUSTe =20 =A92003 Microsoft Corporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility =20 I was wanting to know if it was legitimate??/ Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34766
 - 12
 - security update Every day I get a update messaage from Microsoft to download a security patch 823559 which I do . Is it their fault or something I am doing? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34764
 - 13
 - installer11.exe I got an email from Microsoft instructing me to run the attached file "installer11.exe" to fix several security problems. When I save installer11.exe, Norton dectected a virus and made this file inaccessible. Is this really a Microsoft patch or just a virus spreader? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34732
 - 14
 - Source: installation.exe Be advised this bogus Microsoft Security email is=20 circulating. Microsoft All Products | Support | Search | =20 Microsoft.com Guide =20 Microsoft Home =20 =20 Microsoft User this is the latest version of security update,=20 the "September 2003, Cumulative Patch" update which=20 resolves all known security vulnerabilities affecting MS=20 Internet Explorer, MS Outlook and MS Outlook Express.=20 Install now to protect your computer from these=20 vulnerabilities, the most serious of which could allow an=20 malicious user to run executable on your computer. =20 System requirements Windows 95/98/Me/2000/NT/XP=20 This update applies to MS Internet Explorer, version=20 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later =20 Recommendation Customers should install the patch at the=20 earliest opportunity.=20 How to install Run attached file. Choose Yes on displayed=20 dialog box.=20 How to use You don't need to do anything after installing=20 this item.=20 Microsoft Product Support Services and Knowledge Base=20 articles can be found on the Microsoft Technical Support=20 web site. For security-related information about Microsoft=20 products, please visit the Microsoft Security Advisor web=20 site, or Contact Us.=20 Thank you for using Microsoft products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. ----------------------------------------------------------- --------------------- The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners. =20 Contact Us | Legal | TRUSTe =20 =A92003 Microsoft Corporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility =20 ---------------------------------------------------- ---------------------------------------------------- Below, I copied the html source of the bogus email for all to see. Anti-Virus software stopped the virus. Source: installation.exe=20 Description: The email attachment installation.exe is=20 infected with the Worm.Automat.AHB virus.=20 Click for more information about this virus :=20 Worm.Automat.AHB <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text- decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400"=20 ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext'=20 href=3D'http://www.microsoft.com/catalog/' target=3D"_top">All=20 Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/'=20 target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/'=20 target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/'=20 target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/'=20 TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:mbrqyia" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft User this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your computer. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3"=20 WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:agczvvw"=20 ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows=20 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:agczvvw"=20 ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies=20 to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:agczvvw"=20 ALIGN=3D"absmiddle"=20 BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the=20 patch at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:agczvvw"=20 ALIGN=3D"absmiddle" BORDER=3D"0"> How to=20 install</TD> <TD NOWRAP>Run attached file. Choose Yes on=20 displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:agczvvw"=20 ALIGN=3D"absmiddle" BORDER=3D"0"> How to=20 use</TD> <TD NOWRAP>You don't need to do anything=20 after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base=20 articles can be found on the <A=20 HREF=3D"http://support.microsoft.com/"=20 TARGET=3D"_top">Microsoft Technical Support</A> web site.=20 For security-related information about Microsoft products,=20 please visit the <A=20 HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, or <A=20 HREF=3D"http://www.microsoft.com/contactus/contactus.asp"=20 TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. It was=20 sent from an unmonitored e-mail address and we are unable=20 to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual=20 companies and products mentioned herein are the trademarks=20 of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext'=20 HREF=3D"http://www.microsoft.com/contactus/contactus.asp"=20 TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/"=20 TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext'=20 HREF=3D"https://www.truste.org/validate/605" TARGET=3D"_top"=20 TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;"=20 HREF=3D"http://www.microsoft.com/info/cpyright.htm"=20 TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;"=20 HREF=3D"http://www.microsoft.com/info/privacy.htm"=20 TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;"=20 HREF=3D"http://www.microsoft.com/enable/"=20 TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34729
 - 15
 - Publish KRA certificate to the AD (Event ID:80) Hi, I have a problem about publishing the KRA Certificate to the Active Directory. Below is my test environment : 1 Server with the following configuration : Windows 2000 Domain Controller, Exchange 2000 Server with KMS service, Enterprise Root CA. With the help of KMS, enrolling mailbox enabled users to advanced security was working properly. I Exported the KMS database and uninstalled KMS service. Then upgraded from Exchange 2000 to Exchange 2003 and then upgraded from Windows 2000 Server to Windows 2003 Advanced Server. After a successfull upgrade I tried to configure the CA for Key Archival and Key Recovery. For this reason I added the new certificate template (Key Recovery Agent certificate template) with proper security permissions. Administrator user requested a KRA certificate with the web enrollment wizard and installed the certificate successfully. At that point, Enterprise CA should publish the certificate to the directory automatically(to the userCertificate attribute of CN=KRA,CN=Public Key Services,CN=Services,CN=Configuration,DC=domain,DC=local). But there is a warning message in the application event log. I dont see anything in the KRA container in AD Sites And Services snap-in. I could not find any article in the KB. Any ideas? Thanks AydinK Event Type: Warning Event Source: CertSvc Event Category: None Event ID: 80 User: N/A Computer: SERVER Description: Certificate Services could not publish a Certificate for request 11 to the following location on server SERVER: ldap:///CN=EntRootCA,CN=KRA,CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local. Directory object not found. 0x8007208d (WIN32: 8333). ldap: 0x20: 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=KRA,CN=Public Key Services,CN=Services,CN=Configuration,DC=company,DC=local' Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34728
 - 16
 - Security Issues (I think) I am having problems accessing some sites that require pretty hefty security.. I get the cannot find server stuff. When I to tools, internet options, avanced tab security, mine showes only SSL 2.0 SSL 3.0 TLS 1.0. What is PCT 1.0? that is suggested be included in the security settings and how do I get it. Most of the sites I have been having trouble with are like banking sites or government sites (licensing vehicle sites, etc.) Frustating. Any suggestions? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34723
 - 17
 - Virtual Private Network Is One Of The Hackers Secrets VIRTUAL PRIVATE NETWORK: A Virtual Private Network (VPN) is used mainly for business travelers and home users, connecting more than one system together. (ie: remote office, remote user and remote partner (extranet) communications.) Your average home user, connecting one computer to the Internet, has no reason to be running a VPN. ALTHOUGH VPN SUPPORT IS NATIVE TO WINDOWS X (EXCLUDING 2000,NT, XP), IT DOES NOT INSTALL BY DEFAULT. 1. For hackers to install this, they have to click on the Control Panel, open the Add/Remove Programs applet and then click on the Windows Setup page. 2. From the Windows Setup page, Select the Communications option and Select Details. The bottom Communications options is Virtual Private Networking. Check the box to this option and Select OK. 3. When you return to the Windows Setup page, Select OK again, and all necessary files are copied. 4. Restart the computer to complete the VPN installation. After a VPN is installed on your computer, a new adapter is added to the Network properties for use through your modem. Two adapters are installed if using a network interface card, but this rarely is the case. A computer with a standard Dial-Up Adapter, an additional Dial-Up Adapter to provide VPN support, and also the Microsoft Virtual Private Networking Adapter that serves as the backbone for all VPN connections. It?s not always necessary to have a network interface card for two VPN?s to be installed on a victims computer. A number of other computers analyzed, were using one modem, but had two VPN?s adapters installed. Some of the more technically inclined people will have a better understanding of the terminology. Below is the VPN adapter file the hackers were using on a compromised computer system. These files were found in the Black Ice Defender directory which was hidden from my view. Of course, once you can view all the Files and Folders, you will find your eyes getting bigger and bigger. As you can see below, the hackers were utilizing this adapter on different platforms and software applications. #This document contains special adapter information that we #use to adjust how the product interacts with the driver. #It's main purpose is to handle those adapters that we find #in the system who lie about being network adapters. # #format: #action: name[=<>] value # 01 Sep 2000--Added to handle Intel/Shiva VPN client IGNORE: DriverDesc > Shiva Virtual NIC IGNORE: Description > Shiva Virtual NIC # 15 Sep 2000--Added to fix PGP related issues; supersedes other # PGPMAC or PGPnet entries # For Win9x ICE_ADAPTER: LogDriverName > PGPMAC # For WinNT AND Win2000 ICE_ADAPTER: Description > PGPnet # 31 Jul 2000--Added to handle VPNet VPNremote client 3.0 for NT ICE_ADAPTER: Description > Vpn Adapter # 24 Jul 2000--Added to handle VPNet VPNremote client ICE_ADAPTER: DriverDesc > VPNremote ICE_ADAPTER: Description > VPNremote # Added to handle Raptor Mobile VPN IGNORE: DriverDesc > RaptorMobile IGNORE: Description > RaptorMobile # added to handle Bay Networks Extranet Access Client VPN IGNORE: DriverDesc > IPsecShm IGNORE: Description > IPsecShm IGNORE: DriverDesc > Extranet Access Client Adapter IGNORE: Description > Extranet Access Client Adapter ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3010 PPP ICE_ADAPTER: Description > Efficient Networks SpeedStream 3010 PPP ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3020 PPP ICE_ADAPTER: Description > Efficient Networks SpeedStream 3020 PPP ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3041 PPP ICE_ADAPTER: Description > Efficient Networks SpeedStream 3041 PPP ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3060 PPP ICE_ADAPTER: Description > Efficient Networks SpeedStream 3060 PPP # 09 Oct 2000--added to handle SpeedStream model 4060 interfaces ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 4060 PPP ICE_ADAPTER: Description > Efficient Networks SpeedStream 4060 PPP ICE_ADAPTER: DriverDesc > Deterministic Network ICE_ADAPTER: Description > Deterministic Network # added to handle some possible iteration of firewire adapters IGNORE: DriverDesc > 1394 IGNORE: Description > 1394 IGNORE: DriverDesc > Sony i.LINK(1394) Adapter IGNORE: Description > Sony i.LINK(1394) Adapter IGNORE: DriverDesc > Infrared IGNORE: Description > Infrared IGNORE: DriverDesc > SMC IrCC IGNORE: Description > SMC IrCC IGNORE: DriverDesc > Toshiba FIR Port IGNORE: Description > Toshiba FIR Port IGNORE: DriverDesc > Efficient ENI-25p ATM Adapter IGNORE: Description > Efficient ENI-25p ATM Adapter # Check Point VPN-1 SecuRemote ICE_ADAPTER: DriverDesc > FW1 Adapter ICE_ADAPTER: Description > FW1 Adapter IGNORE: DriverDesc > Network TeleSystems PPPoE Adapter IGNORE: Description > Network TeleSystems PPPoE Adapter IGNORE: DriverDesc > Token-Ring IGNORE: Description > Token-Ring IGNORE: DriverDesc > SpeedStream 30 IGNORE: Description > SpeedStream 30 IGNORE: DriverDesc > 3010 SpeedStream IGNORE: Description > 3010 SpeedStream IGNORE: DriverDesc > 3020 SpeedStream IGNORE: Description > 3020 SpeedStream IGNORE: DriverDesc > 3040 SpeedStream IGNORE: Description > 3040 SpeedStream IGNORE: DriverDesc > 3041 SpeedStream IGNORE: Description > 3041 SpeedStream IGNORE: DriverDesc > 3060 SpeedStream IGNORE: Description > 3060 SpeedStream IGNORE: DriverDesc > SpeedStream 40 IGNORE: Description > SpeedStream 40 IGNORE: DriverDesc > 4020 SpeedStream IGNORE: Description > 4020 SpeedStream IGNORE: DriverDesc > 4041 SpeedStream IGNORE: Description > 4041 SpeedStream IGNORE: DriverDesc > 4060 SpeedStream IGNORE: Description > 4060 SpeedStream IGNORE: DriverDesc > (unknown model) SpeedStream (00) RFC 1577 IGNORE: Description > (unknown model) SpeedStream (00) RFC 1577 IGNORE: DriverDesc > (unknown model) SpeedStream (01) RFC 1577 IGNORE: Description > (unknown model) SpeedStream (01) RFC 1577 IGNORE: DriverDesc > (unknown model) SpeedStream (02) RFC 1577 IGNORE: Description > (unknown model) SpeedStream (02) RFC 1577 IGNORE: DriverDesc > (unknown model) SpeedStream (00) RFC 1483 IGNORE: Description > (unknown model) SpeedStream (00) RFC 1483 IGNORE: DriverDesc > (unknown model) SpeedStream (01) RFC 1483 IGNORE: Description > (unknown model) SpeedStream (01) RFC 1483 IGNORE: DriverDesc > (unknown model) SpeedStream (02) RFC 1483 IGNORE: Description > (unknown model) SpeedStream (02) RFC 1483 IGNORE: DriverDesc > (unknown model) SpeedStream (03) RFC 1483 IGNORE: Description > (unknown model) SpeedStream (03) RFC 1483 IGNORE: DriverDesc > (unknown model) SpeedStream (04) RFC 1483 IGNORE: Description > (unknown model) SpeedStream (04) RFC 1483 IGNORE: DriverDesc > Cisco 605 PCI ADSL Adapter Driver for PPP IGNORE: Description > Cisco 605 PCI ADSL Adapter Driver for PPP IGNORE: DriverDesc > ITK Columbus Card 3.0 IGNORE: Description > ITK Columbus Card 3.0 IGNORE: DriverDesc > TELES.ISDN WAN-NDIS-Miniport driver IGNORE: Description > TELES.ISDN WAN-NDIS-Miniport driver IGNORE: DriverDesc > TV Data Adapter IGNORE: Description > TV Data Adapter Tracker The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and different types of Servers can be found at: http://geocities.com/secure20032220000/ Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34719
 - 18
 - http://www.pass-this-on I keep getting a website that takes over Microsoft Explorer and sets itself as the default web page. Thereafter we get literally hundreds of pop-ups. How do I stop this??? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34716
 - 19
 - Everyone's virus problem info.... Those of you being smart asses about this situation because you don't have it and THINK you have the solution are complete morons. This worm infects through file sharing progams (kazaa, etc). The victim does not have to open ANYTHING to start it. It is NOT recognized by any of the "leading virus software protection" therefore your Virus protection program is obsolete in this matter (unless they come up with a patch). I receive nearly 200 of these infected e-mails per day. I (as well as most computer users) am smart enough NOT to open them. Since this happens, important e-mail does not go through and I don't feel like scanning every single e- mail that I KNOW IS INFECTED. I have tried numerous applications that have been posted on this newsgroup (which are greatly appreciated) but each one has never detected a virus or worm running on my computer. IF ANYONE HAS A VALID ANSWER TO STOP THIS PLEASE POST IN A HEADER TO HELP THOSE THAT ARE EXPERIENCING THIS. SMART ASS COMMENTS ARE NOT WELCOME. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34710
 - 20
 - The info everyone needs.... Those of you being smart asses about this situation because you don't have it and THINK you have the solution are complete morons. This worm infects through file sharing progams. The victim does not have to open ANYTHING to start it. I receive nearly 200 of these infected e-mails per day. Since this happens, important e-mail does not go through. I have tried numerous applications that have been posted on this newsgroup (which are greatly appreciated) but each one has never detected a virus or worm running on my computer. IF ANYONE HAS A VALID ANSWER TO STOP THIS PLEASE POST IN A HEADER TO HELP THOSE THAT ARE EXPERIENCING THIS. SMART ASS COMMENTS ARE NOT WELCOME. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34702
 - 21
 - something needs to be done about spammers: now deceiving more I think this is a serious problem and Microsoft needs to=20 actively pursure those parties who have started such fake=20 emails posing as Microsoft employees, and prosecute them=20 in court for fraud. The following is copied from a spam I received (graphics=20 omitted, but were done exactly in co-ordination to MS's): "Microsoft All Products | Support | Search | =20 Microsoft.com Guide =20 Microsoft Home =20 =20 MS Consumer this is the latest version of security update,=20 the "September 2003, Cumulative Patch" update which fixes=20 all known security vulnerabilities affecting MS Internet=20 Explorer, MS Outlook and MS Outlook Express as well as=20 three newly discovered vulnerabilities. Install now to=20 continue keeping your computer secure from these=20 vulnerabilities, the most serious of which could allow an=20 attacker to run executable on your computer. This update=20 includes the functionality of all previously released=20 patches. =20 System requirements Windows 95/98/Me/2000/NT/XP=20 This update applies to MS Internet Explorer, version=20 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later =20 Recommendation Customers should install the patch at the=20 earliest opportunity.=20 How to install Run attached file. Choose Yes on displayed=20 dialog box.=20 How to use You don't need to do anything after installing=20 this item.=20 Microsoft Product Support Services and Knowledge Base=20 articles can be found on the Microsoft Technical Support=20 web site. For security-related information about Microsoft=20 products, please visit the Microsoft Security Advisor web=20 site, or Contact Us.=20 Thank you for using Microsoft products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. ----------------------------------------------------------- --------------------- The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners. =20 Contact Us | Legal | TRUSTe =20 =A92003 Microsoft Corporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility =20 Attachment =20 =20 =20 =20 =20 INSTALL98.exe .exe file" Luckily, I didn't open the file. But this is unacceptable,=20 if it continues (people have done it with ebay already)=20 then we will never know when any email is secure and=20 actualy from the company who it says its from. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34698
 - 22
 - latest version of security update, The following is an email that I continue to get that=20 poses as Microsoft sending a security update. This is the=20 4 I have gotten in the last 3 days, all are worded=20 differently. They all contain viruses which Norton 2003=20 caught. This one is the most disturbing because it even=20 has their logo. Please let me know if you can help stop=20 these attacks. =20 =20 -----Original Message----- From: Microsoft Corporation Security Section=20 [mailto:xwnoqqomsnvv@support.ms.com]=20 Sent: Wednesday, September 24, 2003 9:03 AM To: Client Subject: Current Internet Upgrade Importance: High =20 Microsoft=20 All Products | Support | Search | Microsoft.com=20 Guide =20 =20 Microsoft Home =20 =20 =20 Microsoft Client this is the latest version of security update,=20 the "September 2003, Cumulative Patch" update which=20 resolves all known security vulnerabilities affecting MS=20 Internet Explorer, MS Outlook and MS Outlook Express.=20 Install now to protect your computer from these=20 vulnerabilities. This update includes the functionality of=20 all previously released patches.=20 =20 =20 System requirements=20 Windows 95/98/Me/2000/NT/XP =20 This update applies to=20 MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later=20 =20 Recommendation Customers should install the patch at the earliest=20 opportunity. =20 How to install Run attached file. Choose Yes on displayed dialog box. =20 How to use You don't need to do anything after installing this item. =20 =20 Microsoft Product Support Services and Knowledge Base=20 articles can be found on the Microsoft Technical Support=20 web site. For security-related information about Microsoft=20 products, please visit the Microsoft Security Advisor web=20 site, or Contact Us.=20 Thank you for using Microsoft products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. ----------------------------------------------------------- --------------------- The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners.=20 =20 =20 =20 Contact Us | Legal | TRUSTe=20 =20 =20 =A92003 Microsoft Corporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility=20 =20 =20 =20 =20 Flattop Woodworks 325 S. Main St.=20 Troutman, NC 28166 704-528-4050 www.flattopwoodworks.com=20 =20 Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34697
 - 23
 - iam recieving fake microsoft email (Question) i keep getting fake microsoft emails in my mail box that are full of worms and stuff like that and it looks like its a different sender each time how do i stop this Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34693
 - 24
 - Microsoft is NOT sending ANY emails to you. Read this!!!! DON'T open any attachments. Always REMEMBER: "If a BAD GUY can persuade you to run his program on your computer, its NOT your computer anymore." Microsoft does NOT send updates as email attachments. "Authentic security bulletin mailers never provide the patch itself or a link to the patch; instead, they refer the reader to the complete version of the bulletin on our web site, which provides a link to the patch" http://www.microsoft.com/security/antivirus/authenticate_mail.asp http://www.microsoft.com/technet/security/policy/swdist.asp http://www.microsoft.com/technet/security/news/patch_hoax.asp PLEASE Don't click on any email attachment you don't know about. Because it will most likely be a VIRUS!!!!!!! Even if you're all protected don't click on any unknown email attachments. Consider using these (free for home use) tools: http://www.grisoft.com/us/us_dwnl_free.php http://www.kerio.com/us/kpf_download.html DON'T open any attachments. Consider using these settings in Outlook Express: Tools | Options | Security | Virus Protection Choose "Restricted Zone" Enable "Warn me when other applications trying to send mail as me" Enable "Do not allow attachments to be saved..." DON'T open any attachments. If you get infected, follow EXACT instructions from: http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html http://www.f-secure.com/v-descs/swen.shtml#disinf http://vil.nai.com/vil/stinger/ On Windows XP enable firewall: http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp Keep up to date with: http://windowsupdate.microsoft.com/ DON'T open any attachments. http://www.microsoft.com/security/home/basics.asp http://www.microsoft.com/security/home/beyond_basics.asp DON'T open any attachments. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34692
 - 25
 - Please help ! Need a fix. I am running win xp, McAfee home 7.0 and I don't know what has entered my computer. Every time I try to log onto Google, I get a message stating that my computer has installed a program that will not allow me to get to google. It then goes on to give directions on how to remove a file and even has an address to report it to the FCC. That's just the beginning, I can't use any type of search engine. If I try the explorer search on the tool bar I get the "can not open page" message. This also happens on any search type site, including yahoo search, cnn search and so on. I have tried the McAffe scan and it says my system is fine, even with the McAffe update. I have tried to reinstall explorer from microsoft and downloaded all xp patches. Please help! Thanks. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34691
- Next
 - 1
 - Microsoft is NOT sending ANY emails to you. Read this!!!! DON'T open any attachments. Always REMEMBER: "If a BAD GUY can persuade you to run his program on your computer, its NOT your computer anymore." Microsoft does NOT send updates as email attachments. "Authentic security bulletin mailers never provide the patch itself or a link to the patch; instead, they refer the reader to the complete version of the bulletin on our web site, which provides a link to the patch" http://www.microsoft.com/security/antivirus/authenticate_mail.asp http://www.microsoft.com/technet/security/policy/swdist.asp http://www.microsoft.com/technet/security/news/patch_hoax.asp PLEASE Don't click on any email attachment you don't know about. Because it will most likely be a VIRUS!!!!!!! Even if you're all protected don't click on any unknown email attachments. Consider using these (free for home use) tools: http://www.grisoft.com/us/us_dwnl_free.php http://www.kerio.com/us/kpf_download.html DON'T open any attachments. Consider using these settings in Outlook Express: Tools | Options | Security | Virus Protection Choose "Restricted Zone" Enable "Warn me when other applications trying to send mail as me" Enable "Do not allow attachments to be saved..." DON'T open any attachments. If you get infected, follow EXACT instructions from: http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html http://www.f-secure.com/v-descs/swen.shtml#disinf http://vil.nai.com/vil/stinger/ On Windows XP enable firewall: http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp Keep up to date with: http://windowsupdate.microsoft.com/ DON'T open any attachments. http://www.microsoft.com/security/home/basics.asp http://www.microsoft.com/security/home/beyond_basics.asp DON'T open any attachments. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34690
 - 2
 - What to do if your Hotmail Account is Hacked?!? I have a friend who obtained a virus, and because of this, all of her passwords that she typed into her computer while infected had been compromissed. Before she learned of this, the hacker had already changed her Hotmail account's password and secret question. My friend has registered accounts at other sites (such as PayPal.com) with this e-mail. this hacker can now go to these sites, and click the "Forgot Password" link and have it e-mail these passwords to the Hotmail account that he controls (assuming the hacker is a man). What steps can be taken to regain control of this hotmail acount? Does MSN monitor abnd log the IP addresses of users that sign into the .NET Passport system? If so, how does one request this information? Any information, advise, links to sites with information, or numbers of people who to contact would be extrememly helpful. Thanks Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34688
 - 3
 - Q822925 problem Hi I am just wondering does anyone know of any issues regarding the latest patch for IE? I have heard it has a bug??? any info would be greatly appreciated thanks adam Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34684
 - 4
 - This ~ file I've found this ~ file in my records before and deleted it. Does anyone know what the purpose of it is and how I can avoid it if I delete it again? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34683
 - 5
 - Sending User Credentials During Authentication Process Hi guys, Is there any TechNet article explaining the situations that implement encryption on BOTH the username AND password credentials that a user sends during a typical authentication to a Windows NT/ 2000/ 2003 domain without the use of any additional encryption mechanism like IPSec? or can anyone kindly answer the following How are user credentials sent over the wire (are they both encrypted?) during a typical domain logon process using at least a WinNT client computer on an NT4 domain, Win2K mixed mode domain, and Win2K3 native domain for clean install (default) configurations? Is there a suporting Technet article expalining this? Thank you very much. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34676
 - 6
 - Email Virus - Rules for bcc? I've been bombarded with virus attacks using attachments from supposedly microsoft emails for upgrades/patches. 99% of all these emails are sent to me via bcc: and not the to: or cc:. I can't figure out how to setup an Outlook rule that blocks all emails to me via bcc. There are templates for to: and cc:, non for bcc:. Need MS free engineering know how. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34636
 - 7
 - Security for MS Word Does anyone know of a way to secure MS Word docs from being copied or attached to an email? Thanks for any feedback. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34630
 - 8
 - ENDADS popups I am being plagued by this companies popups (several an hour) which ask me to go to their web site to purchase a product to stop their pop ups !! The web site (endads.com) blames a problem with microsoft OS. Is this illegal and how can i stop the pop ups without paying them money ?? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34628
 - 9
 - Best Firewall? Hello, I recently upgraded to zonealarm pro, and I believe it is causing me to have connection problems... Anyhow, this never seemed to happed with just plain zonealarm. What is the best free firewall out there? Thanks, Dan Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34622
 - 10
 - Current Network Crirtical Update I have received a message from Microsoft urging the download of the above official-looking message, but McAvee intercepted it as seen below. I asked Microsoft what to do and received a Delivery Failure Report from the PostMaster. What do I do now? Any help with this problem, or on how to get through to Microsoft will be much appreciated. Thanks "This message was sent to me by McAvee. Please advise what I should do now? I opened the attachment and saw only a blank black screen. I therefore ended the download immediately. Ray Spencer ****************** McAfee VirusScan ************************ ******* Alert generated at: Mon, 22 Sep 2003 00:22:14 +0000 ********* *********************************************************** ********** McAfee VirusScan has detected a potential threat in this e- mail sent by "Microsoft Corporation Public Assistance" <oxpbvkrcg-hckt@updates.ms.com>. The following actions were attempted on each suspicious part. We strongly recommend that you report this virus-related activity to "Microsoft Corporation Public Assistance" <oxpbvkrcg- hckt@updates.ms.com>. The attachment "Unnamed attachment" is infected with the W32/Swen@MM Virus(es). This attachment has been cleaned. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34621
 - 11
 - Google bug! First of all, I have limited knowledge with how computers work. I don't know where else to turn to for help. Any recomendations will be appreciated. I have been receiving a message when I try to go to google.com. The page says that my computer is running software that does not let me get in to google. However, I have learned that I can't get into any search engine type of program. I have tried the grey search box on yahoo and I get the message "page can not be opened." If I click on the magnifing glass, search button on my tool bar, I get the same message, "page can not be opened." I don't know what I have done. I have McAffee home virus 7.0 with fire wall. I have tried that with updates and still nothing. Something else, on the same google page, it give directions on how to remove google from the host file. I don't know if I should attempt these instructions, because I really don't know who is behind it. Any thoughts will be appreciated! Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34615
 - 12
 - Sorry about that sorry Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34609
 - 13
 - client hang after installation of MS03-039 Hi, guys. I used a startup script to install MS03-039 through GPO in a domain. Some clients can be installed the patch properly. However, some clients could not complete the process. The situation was that : reboot the PC ----> run startup script through GPO ---> try to restart automatically but hang in a blank desktop (ctrl+alt+del no function at this moment) Could anyone help !! Thx ~~~~ Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34591
 - 14
 - MSSVC.exe I keep getting an error message on start up telling me that MSSVC.exe couldn't start and needs to shut down. What is this and how do I get rid of it? Thanks. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34587
 - 15
 - MS Baseline Security Analizer I've scanned my system with the MBSA and it reports that it can not confirm that the following updates are correctly installed: MS02-055 MS02-008 MS03-008 MS03-030 yet when I go to the Microsoft Update site, it indicates there are no critical updates required. Is there some other way to verify if all critical updates have been installed, and installed correctly. Or is this a flaw in the MBSA. TIA Bill Rothe --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 9/23/2003 Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34585
 - 16
 - Microsoft e-mail security I have been getting thei e-mail from Microsoft very authentic looking. Is this really from Microsoft? It says last critical update--------- and so on. If this is from Microsoft why don't it come through Microsoft up date. I have Windows XP Pro. One more thing it comes with an attachment I'm afraid to open it. What should I do? Sincerely Ron Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34577
 - 17
 - DO not use reall address here The MS newsgroups are being harvested by hackers for emails and then those addresses are being bombarded with hundreds of Swen Virus attackes daily. I made the mistake of using my real email address here and now my email bin is filled daily with hundreds of virus attacks. Because the virus morphs subject and from, it is almost impossible to filter out. MS Security people - please do something to stop addresses on your site from being harvested or post a warning of the risks of using a real email address. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34563
 - 18
 - How do I get the Internet header for a message The official instructions to get the Internet Header say: "In an open message received via the Internet, on the View menu click Options. The Internet headers are displayed in Internet Headers, at the bottom of the Message Options dialog box." But when I go the View menu, Options is not one of the options (no pun intended). What is going on? Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34561
 - 19
 - Newly Discovered device In the tray, bottom right of screen with time and date, is a new logo I have not installed. It looks like a computer screen logo. Placing the pointer over the logo announces it as a newly discovered device labeled as UPnP Device. Right clicking over the device gives the choices of creating a shortcut or invoking but the delete and properties choices are grayed out and do not operate. The device logo can also be found on My Network Places but again properties and delete cannot be used. I will not invoke the logo but I cannot get rid of it. Any suggestions? Thanks Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34560
 - 20
 - popups Today, I began receiving a popup about "MAP132 exception" saying there is an internal error. A form is provided for my completion. Is this something legitimate? Also, I keep receiving "popups" about how to stop popups. The popups seem to come from different sources, must I purchase something to halt the popups? Thanks. p.s. this is a new computer and an upgrade from Windows 98 to XP so I have a lot to learn. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34554
 - 21
 - Microsoft is NOT sending ANY emails to you. Read this!!!! "Authentic security bulletin mailers never provide the patch itself or a link to the patch; instead, they refer the reader to the complete version of the bulletin on our web site, which provides a link to the patch" http://www.microsoft.com/technet/security/policy/swdist.asp http://www.microsoft.com/technet/security/news/patch_hoax.asp PLEASE Don't click on any email attachment you don't know about. Because it will most likely be a VIRUS!!!!!!! Even if you're all protected don't click on any unknown email attachments. Consider using these (free for home use) tools: http://www.grisoft.com/us/us_dwnl_free.php http://www.kerio.com/us/kpf_download.html DON'T open any attachments Consider using these settings in Outlook Express: Tools | Options | Security | Virus Protection Choose "Restricted Zone" Enable "Warn me when other applications trying to send mail as me" Enable "Do not allow attachments to be saved..." If you get infected, follow EXACT instructions from: http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html http://www.f-secure.com/v-descs/swen.shtml#disinf http://vil.nai.com/vil/stinger/ On Windows XP enable firewall: http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp Keep up to date with: http://windowsupdate.microsoft.com/ Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34552
 - 22
 - gaining access to drive root Hello, I'm writing an suditting script that will visit each machine in our domain and search for unauthorized software/files as well as correct any file permissions a local admin on the machine might have messed up. I've ran into a problem. If someone removes permissions for administrators to access the root of a drive I can't seem to grant access to the root of the drive. I've tried calcs and subinacl but one doesn't seem to understand UNC paths and the latter doesn't seem to touch the root of the drive, just everything below. If you could provide an example of granting such acces it'd be really helpful. Thanks. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34550
 - 23
 - Diagnose Windows problem There is a new tools to diagnose windows, see detail: http://www.SeeMeMe.com Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34547
 - 24
 - is this for real? I just got the following as an email which is really weird - it didn't come up under auto update. It came with an attachment also which I ain't touching till I hear something back. Of course trying to contact Microsoft and asking is like trying to acheive position 93 in the Kama Sutra but does anyone know if this is for real? Thanks Neil (and I Quote:) Microsoft Consumer this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your computer. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34544
 - 25
 - Is email from Microsoft authentic? I have heard that some fraudulent emails can have very official looking logos and appearance. I have received a message and want to know how to authenticate it or how to forward it on to Microsoft for verification. The message requests that I download a patch, but doesn't allow me to save it to disk. It will only let me open it immediately. I would like to forward it to Micrsoft and have them look at it. Thank you. Tag: RePost: Security Log has sequence of failed attempts to change passwords Tag: 34543

Never saw the original post:

> My security log on a Windows 2000 server (HOST in the example below)
> contains several suspicious entries all in a row where a user from the
> domain (DOMAIN\admin in the example below) attempts to change the password
> on every local account. This server is part of a NT4 domain and runs IIS
> and a MSDE database.
>
> Event Type: Failure Audit
>
> Event Source: Security
>
> Event Category: Account Management
>
> Event ID: 627
>
> Date: 9/23/2003
>
> Time: 4:14:30 PM
>
> User: Domain\admin
>
> Computer: HOST
>
> Description:
>
> Change Password Attempt:
>
> Target Account Name: IUSR_HOST
>
> Target Domain: HOST
>
> Target Account ID: HOST\IUSR_HOST
>
> Caller User Name: admin
>
> Caller Domain: Domain
>
> Caller Logon ID: (0x0,0x517DED)
>
> Privileges: -
>
>
> Any insight appreciated.
>
>

Top

RePost: Security Log has sequence of failed attempts to change passwords by BG

BG
Fri Sep 26 10:26:58 CDT 2003

This appears to be caused by running MBSA.

>-----Original Message-----
>Never saw the original post:
>
>> My security log on a Windows 2000 server (HOST in the
example below)
>> contains several suspicious entries all in a row where
a user from the
>> domain (DOMAIN\admin in the example below) attempts to
change the password
>> on every local account. This server is part of a NT4
domain and runs IIS
>> and a MSDE database.
>>
>> Event Type: Failure Audit
>>
>> Event Source: Security
>>
>> Event Category: Account Management
>>
>> Event ID: 627
>>
>> Date: 9/23/2003
>>
>> Time: 4:14:30 PM
>>
>> User: Domain\admin
>>
>> Computer: HOST
>>
>> Description:
>>
>> Change Password Attempt:
>>
>> Target Account Name: IUSR_HOST
>>
>> Target Domain: HOST
>>
>> Target Account ID: HOST\IUSR_HOST
>>
>> Caller User Name: admin
>>
>> Caller Domain: Domain
>>
>> Caller Logon ID: (0x0,0x517DED)
>>
>> Privileges: -
>>
>>
>> Any insight appreciated.
>>
>>
>
>
>.
>

Top