Scanning tool?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - beta version What is a "beta version"? -- Stan "If it ain't broke don't fix it" Tag: Scanning tool? Tag: 51904
 - 2
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.05.05 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info I'm getting an LSASS error message, and/or I have the Sasser virus. 1) Run anti-virus that is configured to download the latest updates every week or even every day. www.grisoft.com is free anti-virus. 2) You also need to install all the patches for your system software from http://windowsupdate.microsoft.com, starting with the MS04-011 patch. Microsoft generally releases security patches on the second Tuesday of more or less every month. 3) Once you're infected, you may need to download and run a free Sasser virus removal tool such as the Stinger tool from www.McAfee.com or the free tool from http://www.microsoft.com/security/incident/sasser.asp 4) You're not running a firewall, or your firewall isn't protecting you. Running a firewall would have protected you from this. Free firewall software is available from www.kerio.com, www.zonealarm.com and/or www.sygate.com 5) You need to do ALL of these things, or you won't have much success. You should also make sure you get the latest Microsoft patches monthly and anti-virus updates at least weekly. My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Scanning tool? Tag: 51903
 - 3
 - Accesing data from a slaved hard drive Hi We have a little problem - a customer's system no longer boots up and he needs the data from it (No backups- of course). We are trying to put it onto another system as a slave drive (like with 95/98/ME) but windows will not allow access -displays 'Access Denied' when you try and open the customers personal data. My question is - is there any way round this? Or is the data no effectivly lost. (Just for info - the HDD and data is fine, it just won't boot!) Thanks In Advance Jamie Tag: Scanning tool? Tag: 51902
 - 4
 - iareghn what is this eating up my files poping on screen file call Iarghn cant find the file on my pc just show up then dipp aging Tag: Scanning tool? Tag: 51900
 - 5
 - file [iareghn} have this pop on my screen any body hear of them Tag: Scanning tool? Tag: 51899
 - 6
 - SUS require admin previlegies on the client Is it possible to install security patches from a SUS server without having admin previlegies on the client? Today all XP users are administrators on there own computers to get updates from the SUS server installed. Regards, Christer Johansson Tag: Scanning tool? Tag: 51895
 - 7
 - Office/Active Directory Compatibility? I run a network with 40 machines, at the moment we have an older version of office (2000) running on a Win 2000 server driven network and a mixture of 2000 and XP workstations. Although the active directory lets me set options on win explorer to limit access to files and folders the settings do not apply to the explorer plug-in built into office. This allows staff to browse other area of the netwok wihout permissions. If I upgrade to office 2003 will there be a better integration with active directory, or are there any other ways of securing the office explorer? Mnay Thanks Dave Tag: Scanning tool? Tag: 51894
 - 8
 - CA Enterprise SCEP-Add on Hi I have a CA Enterprise (2003) in a 2003 Active Directory Domain. I have installed the SCEP-Add on to enroll a certificate to a PIX 525 (Ver. 6.32). When I make a request, from the PIX console, to enroll a certificate, it is rejected by the CA with this message: denied by policy module I had read that there is a different configuration with "SCEP-Add on" in a CA Enterprise. I need to kno which are the steps needed to configure SCEP-Add on in a CA Enterprise. The "SCEP-Add on" release note tells that these steps are described in Windows 2003 Resource Kit Documentation, but i didn't found them Thanks in advanc Paolo Tag: Scanning tool? Tag: 51891
 - 9
 - secedit I'm using secedit to configure file system and registry ACL If the number of entry is more than 8 (or the lenght of string is more than...), for example [Registry Keys] "MACHINE\SOFTWARE\ORACLE",2,"D:P(A;CI;GA;;;SY)(A;CI;GA;;;BA)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1140)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1142)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1143)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1144)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1145)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1146)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1152)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1153)(A;CI;GRGX;;;S-1-5-21-515967899-152049171-725345543-1022)(A;CI;GRGX;;;S-1-5-21-515967899-152049171-725345543-1020) secedit return the following erro Error 87: the parameter is incorrect I must configure ACL for the specified users or group (I can't use the generic group Authenticated Users) than I must use the SID rapresentation (not default user/group) and normally, is more than 8 Do You have an idea to solve my problem Thank Rita Tag: Scanning tool? Tag: 51889
 - 10
 - "835732" upd.problem Hi ! After applying the "835732" security update my title bars and the "start bar"(at the bottom) goes black ? I'm using XP pro sp1. Why is this, and what do i do to remedy this problem ? (lucky for me i did a "ghost" backup before updating) Michael Tag: Scanning tool? Tag: 51888
 - 11
 - SpywareBlaster Hello everyone. I have Ad-Aware (can't recommend this enough) and the free version is great at scanning for spyware/malware and getting rid of some of them AFTER the fact, but I want to get something that can stop from getting them BEFORE they even have a chance to get on my computer. I've been doing my "research" and homework online about various programs like this and I read about SpywareBlaster (by JavaCool). If someone can recommend which is the best, I'd appreciate it. Again, I have noticed SpywareBlaster but I want one or more opinions to make a final decision. I did this before I got any anti-spyware programs as well and came up with Ad-Aware, Spybot Search & Destroy, and some others, but based on "word of mouth," I chose Ad-Aware and I've never been happier. Hopefully, you guys can help me in making the final decision regarding programs that protects one in real time against spyware. Thanks in advance! Tag: Scanning tool? Tag: 51886
 - 12
 - email purporting to be from MS Received email advising me to open attachment and install patch to fix latest security problems with XP Is this legit? I had just checked Windows Update and they indicated no urgent fixes See full header info belo X-Symantec-TimeoutProtection: X-Symantec-TimeoutProtection: X-Symantec-TimeoutProtection: Return-Path: <ljekarna-salus@vz.hinet.hr Received: from ls413.htnet.hr ([195.29.150.117]) by mta1.adelphia.ne (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMT id <20040505015000.TDPN11994.mta1.adelphia.net@ls413.htnet.hr> Tue, 4 May 2004 21:50:00 -040 Received: from ls413.htnet.hr (localhost.localdomain [127.0.0.1] by ls413.htnet.hr (0.0.0/8.12.10) with ESMTP id i451nxSB027873 Wed, 5 May 2004 03:49:59 +020 Received: from tmey (at07-m251.net.htnet.hr [83.131.121.11] by ls413.htnet.hr (0.0.0/8.12.10) with SMTP id i451nblX027681 Wed, 5 May 2004 03:49:37 +020 Date: Wed, 5 May 2004 03:49:37 +020 Message-Id: <200405050149.i451nblX027681@ls413.htnet.hr FROM: "Internet Security Center" <odpyidml@technet.msdn.com TO: "Client" <client.eqtvexlyv@technet.msdn.com SUBJECT: Current Internet Critical Pac Mime-Version: 1. Content-Type: multipart/mixed; boundary="jnbihylm X-Trace: ls413.htnet.hr 1083721799 31753 83.131.121.11 (Wed, 05 May 2004 03:49:59 +0200 --jnbihyl Content-Type: multipart/related; boundary="uizjptqq" type="multipart/alternative --uizjptq Content-Type: multipart/alternative; boundary="yhxadhqpdle --yhxadhqpdl Content-Type: text/plai Content-Transfer-Encoding: quoted-printabl MS Clien this is the latest version of security update, th "May 2004, Cumulative Patch" update which eliminate all known security vulnerabilities affectin MS Internet Explorer, MS Outlook and MS Outlook Express Install now to maintain the security of your compute from these vulnerabilities, the most serious of which coul allow an attacker to run executable on your computer This update includes the functionality of all previously released patches System requirements: Windows 95/98/Me/2000/NT/X This update applies to - MS Internet Explorer, version 4.01 and late - MS Outlook, version 8.00 and late - MS Outlook Express, version 4.01 and late Recommendation: Customers should install the patch at the earliest opportunity How to install: Run attached file. Choose Yes on displayed dialog box How to use: You don't need to do anything after installing this item --yhxadhqpdl Content-Type: text/htm Content-Transfer-Encoding: quoted-printabl <HTML><HEAD><style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none </style></HEAD><BODY BGCOLOR=3D"White" TEXT=3D"Black"><BASEFONT SIZE=3D"2" face=3D"verdana,arial"><TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"><TR height=3D"20"><TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">&nbsp <A class=3D'navtext' HREF=3D"http://www.microsoft.com/ TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A></TD><TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>&nbsp <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' target=3D"_top">All Products</A> |&nbsp <A class=3D'navtext' href=3D'http://support.microsoft.com/' target=3D"_top">Support</A> |&nbsp <A class=3D'navtext' href=3D'http://search.microsoft.com/' target=3D"_top">Search</A> |&nbsp <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top Microsoft.com Guide</A>&nbsp </TD></TR><TR><TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP><A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top" Microsoft Home</A>  </TD></TR></TABLE> <IMG SRC=3D"cid:erekdxk" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD><BR this is the latest version of security update, th "May 2004, Cumulative Patch" update which eliminate all known security vulnerabilities affectin MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your computer. This update includes the functionality = of all previously released patches. </TD></TR></TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements</TD><TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to</TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD><TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD><TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD><TD NOWRAP>You don't need to do = anything after installing this item.</TD></TR></TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%">The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners.</TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"><TR VALIGN=3D"TOP"><TD WIDTH=3D"5"></TD><TD><A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A> |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A> |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A></TD></TR><TR VALIGN=3D"MIDDLE"><TD WIDTH=3D"5"></TD><TD>©2004 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A></TD></TR></TABLE></BODY></HTML> --yhxadhqpdle-- --uizjptqq Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <erekdxk> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZip Tag: Scanning tool? Tag: 51885
 - 13
 - AppName: mshta.exe AppVer: 6.0.2600.0 ModName: unknown The following error message displays whenever I click on "change the way users log on or off" from Control Panel: Microsoft (R) HTML Application host has encountered a problem and needs to close. We are sorry for the inconvenience (the "For more information about this error. click here" message returns the following detail" AppName: mshta.exe AppVer: 6.0.2600.0 ModName: unknown ModVer: 0.0.0.0 Offset: 00000000 > Subject: AppName: mshta.exe AppVer: 6.0.2600.0 ModName: unknown 4/27/2004 11:09 AM > PST By: Richard (search by author) In: microsoft.public.windowsxp.setup_deployment >> To resolve the behavior, type the following commands in > the Run dialog box: > sfc /purgecach > sfc /scanno I performed the operations above and checked the ( \\windows\system32\mshta.exe & \\windows\system32\dllcache\mshta.exe file directory version properties after the operations had completed. File version results were: Microsoft, 6.00.2600.0000 (xpclient.010817-1148, etc.) for each file and rebooted my system. I still recieve the error. I click upon the "change the way users log on or off" link from the Control Panel's "User Accounts" page and the error response comes back with the very same message I identified in the subject line. I would welcome suggestions that anyone might have. Thanks Tag: Scanning tool? Tag: 51884
 - 14
 - This page contains both secure and nonsecure items I'm on a trusted site and when I go from one page to another. I get this warning "This page contains both secure and nonsecure items. Do you want to display thee nonsecure?" It must always choose yest to go to next page. Is there a setting that I can change so this warning doesn't pop up> Thanks/Mike Tag: Scanning tool? Tag: 51882
 - 15
 - MSN issues HELP!!!! I can not log on to my passport account and I can not connect to any of my secure servers. I have went to the update site for Microsoft and when it scans my computer for updates I get an error. HELP!!! Tag: Scanning tool? Tag: 51881
 - 16
 - Outlook disconnect When attempting to open new mails we get disconnected.I have recently started receiving an undeliverable message from daemon@mailer.This started shortly after our home page was hijacked.I did run cw shredder and that corrected the homepage issue .Did I possibly delete something from my start up list that may have created this problem? or is something else going on? Any input will be greatly appreciated. Tag: Scanning tool? Tag: 51880
 - 17
 - blocking spam with blank "From" using outlook express I regularly get spam where the "From" is blank, sometimes the "Subject" is blank. I've tried forwarding these spam emails as attachments to my ISP (Comcast) to block, with limited success. Outlook Express seems to require a domain name in order to block email. I've never opened one of these or tried looking at Properties out of fear I'll catch a virus. Is there any way to block all email that arrives with no "From" information displayed? Tag: Scanning tool? Tag: 51872
 - 18
 - security permissions for windows 2003 server Hi there, I need to write up information related to windows 2003 security. However I don't have much win2k3 experience, I would like to find out information as stated below... 1. Define native Server security 2. Security Auditing 3. What services, minimum, are required to be running Please advise me asap if you have some information.. Thanks in advance and I look forward to hearing from you. Regards, Fred Tag: Scanning tool? Tag: 51866
 - 19
 - UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011 UPDATE (05/04/2004): - This alert is being updated to advise you of an update to Microsoft Security Bulletin MS04-011. This update details additional workaround steps which customers can take to protect against the LSASS vulnerability (CAN-2003-0533). This is the vulnerability which is exploited by the Sasser worm and its variants. Customers who have not yet deployed the security update for MS04-011 can evaluate implementing this new workaround to protect against the Sasser worm and its variants. - In addition, Microsoft has updated the cleanup tool for W32.Sasser.worm to remove the C and D variants of the Sasser worm. The Sasser removal tool now removes Sasser A, B, C and D. The updated removal tool is located at http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en and is documented in Knowledge Base article KB841720 http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720. What is this alert? - Microsoft has been made aware of a worm identified as "W32.Sasser.worm" and it is currently circulating on the Internet. The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004. - Microsoft encourages customers to protect themselves against this worm by installing Microsoft Security Bulletin MS04-011 <www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately. - Customers who have enabled the Windows XP Firewall are protected from the vector this worm attacks, which is TCP Port 139. Most third party firewalls also block this attack vector by default. If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. Thank you, Microsoft PSS Security Team -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Scanning tool? Tag: 51863
 - 20
 - browser redirect My browser gets redirected to an obnoxious search engine "The best search engine". I can't get it to stop. I've tried to reset my internet options and have Google as my default home page. Any suggestions on how to get rid of it would be appreciated. Tag: Scanning tool? Tag: 51855
 - 21
 - PopupEliminator and spyware? Hey guys and gals, I'm thinking about downloading PopupEliminator (by SurfSecret Software). I've heard good things about it. Looks like a good program to stop annoying and invasive pop-ups, BUT...I want to make sure I'm not adding spyware along with it. (Some programs that are suppose to protect you from spyware, such as SpyBan, SpyHunter, SpyGone, etc., actually PUT more spyware on your computer). Call me paranoid but I just wanted to make sure. Tag: Scanning tool? Tag: 51848
 - 22
 - nachi a friends pc has nachi virus which avg can not remove he can not stop online long enough to down load any patches or fixes because the virus reboots his pc Tag: Scanning tool? Tag: 51841
 - 23
 - Do I really need this ?? Hello : I am just your everyday email sender and not into much else . Do I really need THIS ; Microsoft .NET Framework version 1.1 Download size: 23.1 MB, 1 hour 16 minutes The .NET Framework is a component of the Windows operating system. For developers, the .NET Framework makes it easy to rapidly create powerful software that maximizes performance, scalability, opportunities for integration, reliability, security, Regards Bill Davis Tag: Scanning tool? Tag: 51838
 - 24
 - Salary Negot. I'm thinking around 70K. What is the going rates today for a Security position? What are the best salary negot. techniques? What if I walk in with a higher salary than expected? a) walk out and think about it for a later meeting. Thanks, T. Tag: Scanning tool? Tag: 51834
 - 25
 - Error 53 when installing KB835732 I am receiving an error 53 from the installation of K835732 anyone know why? I am having trouble finding the error codes on it Thanks in advanced Matt Tag: Scanning tool? Tag: 51829
- Next
 - 1
 - iexplorer I put zone alarm firewall up. spy-bot said I had a hole in ie and told me to go to mirosoft for a ie patch. I did. I found a patch it suggested but it's 2yrs. old. I just bought this computer from gateway. should this version not already have this update patch? I looked up the version i have of xp and it has some patches included Q330994,q822925,q824145,q832894.the patch it says I need (spy-bot) is q319182. i can't find if these updates include this patch. My computer keeps locking up and i cannot go to any pages after about 1/2 hr of use. Does anyone have any suggestions? Thanks very much in advance, Holly Tag: Scanning tool? Tag: 51825
 - 2
 - Password Complexity I'm running 03 Enterprise that is a DC. I'll have two types of users on it. Users that will actually log onto computers on the network; Users that will only have an account for an exchange mailbox. So what I would like to do is have seperate password complexity requirements for these users. Can I do this? I know how to change the requirements under Domain Security Policy, but is there way to create another security policy and apply it to a serperate OU? Tag: Scanning tool? Tag: 51824
 - 3
 - microsoft.public.security.crypto newsgroup is now live! We now have a dedicated newsgroup to address/discuss cryptography related issues (capi1, capi2, capimon, cert,etc). I encourage you to post all crypto related issues in the new "microsoft.public.security.crypto" newsgroup. Thanks Raj -- Rajkumar Mohanram [MSFT] Windows Core Security This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm --------------------- Tag: Scanning tool? Tag: 51822
 - 4
 - Problems with installing Security patch Q837009 I am running Windows XP Pro and Internet Explorer 6, along with Outlook Express 6 and am having problems installing Security patch Q837009. Each time I try to install the patch I get a Microsoft Internet Explorer Update message telling me that Outlook Express 6.0 needs to be installed - Surely OE6 is part of IE6 and therefore installs when Windows is installed?? I have tried to download OE 6.0 as a separate download from IE and on trying to install it I am told that I have a newer version already on my PC! This is not the first time that I have experienced problems with installing patches relating to Outlook Express - The problem seems to occur whenever I download and install individual patches. Whenever I download and install patches using Critical Updates on the Microsoft Update site, I don't seem to have this problem. Can anyone advise why this happens? alba. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.676 / Virus Database: 438 - Release Date: 03/05/2004 Tag: Scanning tool? Tag: 51816
 - 5
 - StrongNameIdentityPermission does not working with WinForm I'm invoking the same Dll from Console application and WinForm application Both signed with SrongName. the class that I'm invoking is protected with StrongNameIdentityPermission Demand and hear is what happened: the console application pass the demand but the WinForm failed i had try to union the StrongNameIdentityPermission blob with the mscorlib StrongName but it still behave is the same way. Do someone know to solve this issue ???? TNX Bnaya Eshet Tag: Scanning tool? Tag: 51813
 - 6
 - HELP - StrongNameIdentityPermission does not work on WinForm I calling the same DLL (which is protected by StrongNameIdentityPermission) Once from console application and The second time from WinForm Both WinForm and the Console are signing with the same StrongName. But the Console pass the permission Demand and the WinForm failed. I had tried to union the WinForm Strong Name with mscorlib StrongName But its still crashing. Does any one has any idea??? TNX Tag: Scanning tool? Tag: 51811
 - 7
 - Software Update Services Server Synch Problem We have been successfully using the MS SUS server to update all the clients in our domain for almost a year. Suddenly, in the middle of February the system stopped being able to pull down the synch. Whether it is manually run or on auto run, we get the same error message: "Failed to generate the list of files to synchronize. (Error 0x80070003: The system cannot find the path specified.)". The only article I can find talks about having used TweakUI to have changed the path of Program Files - which we didn't do (I'd never use that program on a server!). Anyone having a similar problem This is a critical issue because of the current worm. Norton Enterprise is protecting us now, but I'd feel a whole lot better if I could update the desktops. Greg Tag: Scanning tool? Tag: 51807
 - 8
 - Printer How can I hook up my printer to my computer? Tag: Scanning tool? Tag: 51806
 - 9
 - CertServices 2003 - Web Enrollment and Key Archival We have a new certificate template with Key Archival enabled, and this can be used via the Certificate Web Enrollment pages to successfully get a certificate with archive key. I want to make the certrqbi.asp page issue these certificates to users as a default, to stop them having to go via the advanced request form. I thought this might be as easy as forcing XEnroll.GenKeyFlags|=CRYPT_EXPORTABLE;, but this still gets a denied by policy module error (Private Key missing). In short - has anyone already written a page to issue Key-archivable-certificates based on the web enrollment basic request, or should I start picking through certrqbi.asp in more detail? Any advice much appreciated, Richard Tag: Scanning tool? Tag: 51803
 - 10
 - Instructions for removing Sasser infection and patching affected machines Instructions for patching and cleaning vulnerable Windows 2000 and Windows XP systems: Vulnerable Windows 2000 and Windows XP machines may have the LSASS.EXE process crash every time a malicious worm packet targets the vulnerable machine which can occur very shortly after the machine starts up and initializes the network stack. When cleaning a machine that is vulnerable to the Sasser worm it is necessary to first prevent the LSASS.EXE process from crashing, which in turn causes the machine to reboot after a 60 second delay. This reboot cannot be aborted on Windows 2000 platforms using the Shutdown.exe or psshutdown.exe utilities and can interfere with the downloading and installation of the patch as well as removal of the worm. 1. To prevent LSASS.EXE from shutting down the machine during the cleaning process: a. Unplug the network cable from the machine b. If you are running Windows XP you can enable the built-in Internet Connection Firewall using the instructions found here: Windows XP http://support.microsoft.com/?id=283673 and then plug the machine back into the network and go to step 2. c. If you are running Windows 2000, you won't have a built-in firewall and must use the following work-around to prevent LSASS.EXE from crashing. This workaround involves creating a read-only file named 'dcpromo.log' in the "%systemroot%\debug" directory. Creating this read-only file will prevent the vulnerability used by this worm from crashing the LSASS.EXE process. i. NOTE: %systemroot% is the variable that contains the name of the Windows installation directory. For example if Windows was installed to the "c:\winnt" directory the following command will create a file called dcpromo.log in the c:\winnt\debug directory. The following commands must be typed in a command prompt (i.e. cmd.exe) exactly as they are written below. 1. To start a command shell, click Start and then click run and type 'cmd.exe' and press enter. 2.Type the following command: echo dcpromo >%systemroot%\debug\dcpromo.log For this workaround to work properly you MUST make the file read-only by typing the following command: 3. attrib +R %systemroot%\debug\dcpromo.log 2. After enabling the Internet Connection Firewall or creating the read-only dcpromo.log you can plug the network cable back in and you must download and install the MS04-011 patch from the MS04-011 download link for the affected machines operating system before cleaning the system. If the system is cleaned before the patch is installed it is possible that the system could get re-infected prior to installing the patch. a. Here is the URL for the bulletin which contains the links to the download location for each patch: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx b. If your machine is acting sluggish or your Internet connection is slow you should use Task Manager to kill the following processes and then try downloading the patch again (press the Ctrl + Alt + Del keys simultaneously and select Task Manager): i. Kill any process ending with '_up.exe' (i.e. 12345_up.exe) ii. Kill any process starting with 'avserv' (i.e. avserve.exe, avserve2.exe) iii. Kill any process starting with 'skynetave' (i.e. skynetave.exe) iv. Kill hkey.exe v. Kill msiwin84.exe vi. Kill wmiprvsw.exe 1. Note there is a legitimate system process called 'wmiprvse.exe' that does NOT need to be killed. c. allow the system to reboot after the patch is installed. 3. Run the Sasser cleaner tool from the following URL: a. For the on-line ActiveX control based version of the cleaner you can run it directly from the following URL: http://www.microsoft.com/security/incident/sasser.asp b. For the stand-alone download version of the cleaner you can download it from the following URL: http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en 4. Determine if the machine has been infected with a variant of the Agobot worm which can also get on the machine using the same method as the Sasser worm. a. To do this run a full antivirus scan of your machine after ensuring your antivirus signatures are up to date. b. If you do NOT have an antivirus product installed you can visit HouseCall from TrendMicro to perform a free scan using the following URL: http://housecall.trendmicro.com/ If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. Tag: Scanning tool? Tag: 51796
 - 11
 - 823559 Have Windows 98 and I keep getting a message to install update 823559. Have done it numerous times but it keeps telling me to install it. Any suggestions Tag: Scanning tool? Tag: 51786
 - 12
 - update 835732 causes BSOD Hi, When updating all computers with the critical update 835732 a few started booting with the BSOD. So far it has only happened to the W2K machines. MS knowledgebase has only a single posting on this issue and it doesn't relate to the computers in question...the posting ( Q841384 ) talks about multiprocessor computers and these are only single processor machines.... Has anybody else encountered this problem or...? Help would be greatly appreciated !!!!! /Louise Tag: Scanning tool? Tag: 51769
 - 13
 - start-program are all empty problem does anybody can give me a hand? I need help Sometime, all program are all empty when you press start, progam....(empty). This happen at W2k Pro, W2k svr and Win XP. there are firwall and symantec AV at those PCs. These make me crazy for a long long time. much appreciated that anyone can give me hints Thanks jackie Tag: Scanning tool? Tag: 51768
 - 14
 - Searching for a tool like hfnetchk Hi, does someone know a tool similar to hfnetchk? I only know qfecheck. So please: don't suggest that tool ;-) But perhaps, you know another tool that - like qfecheck - determines which hotfixes are installed on your system... Thanks Tibor Tag: Scanning tool? Tag: 51767
 - 15
 - security starting up Is there anyway that when I start my computer up can I get it to ask me for a password. The problem is that 5 of us use the computer. We all have our own desktops, is there any way that I can get it to ask me for a password and once answered then show us our 5 user names? Tag: Scanning tool? Tag: 51764
 - 16
 - a hack into my hotmail I've been receiving new mail stating "undeliverable mail." The problem is, I never sent the message that was undeliverable. From what I can tell the original message is all in spanish was sent from someone hacking into my hotmail account sending to all spanish hotmail addresses. Has anyone had this happen to them? Tag: Scanning tool? Tag: 51763
 - 17
 - what's this? i get this error when installing service pack 4 for windows 2000. what in the world does it mean? The core system file {kernel} used to start this computer is not a Microsoft Windows file. The Service Pack will not be installed. For more information see blah blah blah... what does it think i'm running on, a mac? just curious Tag: Scanning tool? Tag: 51762
 - 18
 - can't receive e-mail from earthlink why can't I receive email from a friend who has earthlink as his ISP? He is not getting caught up in my spam filters - I have triple, quadruple checked. I can send him e-mail, but his messages are never received by me, nor are they returned to him HELP - Tag: Scanning tool? Tag: 51755
 - 19
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.05.03 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info I'm getting an LSASS error message, and/or I have the Sasser virus. 1) Run anti-virus that is configured to download the latest updates every week or even every day. www.grisoft.com is free anti-virus. 2) You also need to install all the patches for your system software from http://windowsupdate.microsoft.com, starting with the MS04-011 patch. Microsoft generally releases security patches on the second Tuesday of more or less every month. 3) Once you're infected, you may need to download and run a free Sasser virus removal tool such as the Stinger tool from www.McAfee.com or the free tool from http://www.microsoft.com/security/incident/sasser.asp 4) You're not running a firewall, or your firewall isn't protecting you. Running a firewall would have protected you from this. Free firewall software is available from www.kerio.com, www.zonealarm.com and/or www.sygate.com 5) You need to do ALL of these things, or you won't have much success. You should also make sure you get the latest Microsoft patches monthly and anti-virus updates at least weekly. My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: Scanning tool? Tag: 51754
 - 20
 - www.winupdate.net www.winupdate.net, what is this Tag: Scanning tool? Tag: 51752
 - 21
 - Windows Update is there any way of downloading windows update files at another site and install them later. Tag: Scanning tool? Tag: 51746
 - 22
 - Installing 835732 causes my server to crash Early last week I was installing some critical updates to my Win2000 web server. As soon as my server rebooted, I noticed that the system handles kept increasing. It finally got up to about 1.5 million handles and the server would crash and start the whole process again. As soon as I UNINSTALLED 835732 the server acted just fine. So, now with all this Sasser worm stuff I double checked my servers, saw that I did not have this one installed, installed it again and the handle problem started up again!! What can I do!! Thanks, Eric Lund Tag: Scanning tool? Tag: 51745
 - 23
 - how in the heck .... ? First of all, I don't know what in the heck i'm doing. My son always handled the computer but he's in the Air Force now, and I'm lost. I used to have MSNBC as the first screen that opened when I went on line. Something, somewhere got screwed up and now I have this page called "about:blank" that I CANNOT get rid of. Someone suggested Spybot. Tried it, it says the computer is clean, but I cannot get rid of this damn thing. It's on all 5 of our accounts. We go to the "settings" thing and change it to something else and the first time we sign on, it's gone. Sign back on the next time ? Damn thing is back. Is this a virus ? Ever since it happened, our computer is alot slower, too. I'm so lost, and I don't even know who to ask for help. If you have any ideas, could you help please ? I would really appreciate it. Laura Tag: Scanning tool? Tag: 51743
 - 24
 - Have a Problem?? We just opened a new website community at geekregime dot co This is a tech community that offers free computer and software tech support for everyone. There is also discussion on other topics as well. You can let loose in our "anything goes" forum. Registration is always free Very fast OC 48 and OC 192 connections Get in on the ground floor. Suggestions are welcome. Tag: Scanning tool? Tag: 51742
 - 25
 - freestuff 4net pictures by a hacker?????? Does anyone know of this problem? Tag: Scanning tool? Tag: 51736

I wanted to ask everyone in the group what they are using to track trends
caused by for example the sasser worm. Is anyone using a tool that can track
machines that are trying to spam segments of a network or at least could
send notifications of a pattern?

TIA...

Top

Re: Scanning tool? by Keith

Keith
Wed May 05 08:11:00 CDT 2004

IDS and firewall logs are useful. In general, on a given network, it's
trivial to determine the legitimate SMTP servers. From there, mining logs
for systems from client segments and such that are sending outbound mail is
a simple way to achieve this end.

"Larry" <res0jhe3@verizonDOTnet> wrote in message
news:uTX8XypMEHA.1556@TK2MSFTNGP10.phx.gbl...
> I wanted to ask everyone in the group what they are using to track trends
> caused by for example the sasser worm. Is anyone using a tool that can
track
> machines that are trying to spam segments of a network or at least could
> send notifications of a pattern?
>
> TIA...
>
>

Top