Strange RPCSS activity caught by File Monitor

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Critical Update Problem I have windows 98 SE. I first downloaded and installed the latest MS critical update MS03-017 (Windows Media Player)when it came out. This critical update continues to pop up on my screen every other day. In frustration, I downloaded and installed this critical update a second time (which is displayed on my download history). I would like to know what I can do to stop this download from popping up on my system. This critical update will even pop up randomly when I am surfing the web. The most frustrating aspect of this is that I don't even have Windows Media Player 7.1. I would appreciate any help you can offer. Tag: Strange RPCSS activity caught by File Monitor Tag: 31766
  - 2
    - Non-printing password characters and Remote Desktop logon Is it possible to use a password with non-printing characters to logon to a Remote Desktop session? Thanks Tag: Strange RPCSS activity caught by File Monitor Tag: 31765
  - 3
    - NDIS I have recently installed Sygate firewall and see the processes accessing internet. However, what is really bothering me, is one called "NDIS User Mode I/O driver". It downloads increadible amounts of data from internet (just today during 5 hours about 140MB). Could someone please explain what is it good for and whether it can harm security of my PC somehow? Thx... Tag: Strange RPCSS activity caught by File Monitor Tag: 31763
  - 4
    - The ultimate in security software Download Secura NOW! FREE http://www.pc4utech.com Direct Download : http://www.pc4utech.com/download/setup Control access to everthing?????. Tag: Strange RPCSS activity caught by File Monitor Tag: 31761
  - 5
    - hoax emails from microsoft? I am receiving emails that are from "security@microsoft.com" containing a patch for DUMARU. The message inside reads as follows: Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected! Is this legit? KM Tag: Strange RPCSS activity caught by File Monitor Tag: 31760
  - 6
    - File system realtime scan isnt working MY file system realtime scan has been disabled automatically. When i reenable it, it doesnt remain enabled. what should I do Tag: Strange RPCSS activity caught by File Monitor Tag: 31753
  - 7
    - Security Download Update My computer prompts me whenever there are updates available on the Microsoft site. it has prompted me to downlaod #823559, which i have done and installed several times. It keeps telling me i need to download this update even after already having done so. Why doesn't my computer recognize that i have already downloaded it? thanks. kls Tag: Strange RPCSS activity caught by File Monitor Tag: 31752
  - 8
    - Internet Connection Firewall (ICF) Problem I recently used the System Restore feature in WinXP to correct a problem with a bad software installation. It worked fine but when I tried to protect my computer using the Internet Connection Firewall. It came up with an error stating: An Error occured while Internet Connection Sharing was being enabled. The Dependencies Service or Group failed to Start. When I try to manuall start the Internet Connection Firewall Service, I get an error: Could not Start the Internet Connection Firewall (ICF) or Internet Connection Service (ICS) on Local Computer. Error 1068: Group Failed to Start. Please help . . . Thanks in Advance . . . Martin Tag: Strange RPCSS activity caught by File Monitor Tag: 31751
  - 9
    - Wrong Java? Hello, When I want to go to a site with a 'build in chatroom', I can not log in to chat. It's not the wrong java version I think, because I don't get any errormessages from java. I simply can't acess the chatrooms. I can acess the site itself. I did install a couple of weeks ago the free version of 'Zonealarm' (firewall). I did forbid some applications to acess the internet and/or to stopped them from 'acting as a server'. I did then uninstall 'zonealarm', but I still find some traces in the registry and on my hard disk. It appears that not 'everything' is removed from my computer. Tag: Strange RPCSS activity caught by File Monitor Tag: 31749
  - 10
    - outpost firewall free version hi all, Does anybody have any idea about how the Outpost firewall [ free] of Agnitum is ? Any special features of it and likewise any shortcomings of it. regards Tag: Strange RPCSS activity caught by File Monitor Tag: 31746
  - 11
    - Spam Before you people go complaining about my spam, first read up the definition. Tracker Tag: Strange RPCSS activity caught by File Monitor Tag: 31730
  - 12
    - microsoft wireless network question... i have a home network setup using microsoft wireless base station and wireless adapters. i usually log onto my base station management to check what and which computers are logged onto the network and all seems fine. the computers i expect to be on the network are connected (however, i know it's not perfect and sometimes a computer that should be on the network isn't, but i was told this was normal by the microsoft techs). i was just wondering is there another way to find out the exact computers that are on my network that should be on it? is it possible that some outside computer could be on my network, and not have their computer show up on the connected computers to my network? thanks Tag: Strange RPCSS activity caught by File Monitor Tag: 31721
  - 13
    - Can't access secure sites For some reason my computer can't access secure sites. I'm using IE 6.0 and until recently had no problem opening secure sites. Now all I get is an error message saying,"Page cannot be displayed." I've checked my security setting and can't find any reason why this is happening. If anyone has any suggestions of what I should do. I would appreciate it. Thanks, Chris Grier Tag: Strange RPCSS activity caught by File Monitor Tag: 31715
  - 14
    - IMI.1536.A "Dropper" - Different results and findings? I was performing a series of scans of my machine with various utilities, and an item was detected by Pest Patrol as being a "dropper". The name of the suspect entry was IMI.1536.A. I found that this is said to affect .EXE files. Specifically an Extract.exe file. Looking by Find F & F, I see that there are three Extract.exe's in C:\Windows.One is located in Windows\Command, the second is in Options\Cabs, and the third is in Windows\System. I scanned these (and the entire system as well) with AVG AV, Trend Micro AV, and Freedom Online AV - Nothing was detected. Spybot didn't find it either; not that I was expecting it to. Pest Patrol was the only program that detected this "dropper". Presently, I have "quarantined" this item, and have been doing some research. On the one hand, the "dropper" has a bad connotation. First it is *present* and detected for the first time ever; Second, it is attributed with "...In viruses and trojans, the dropper is the part of the program that installs the hostile code onto the system." That sounds quite unsettling. Symantec site stated Detected as: IMI.1536.A. Characteristics: Memory Resident, Triggered. Area of Infection: .EXE Files. OTOH, another site stated "These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed. "Imi.1536.a" infects EXE files only." "Imi.1536.a": "Hello! This is IMI 1.0b.When you see these words, you have been infected the IMI 1.0b virus.This is just for experiment.Please contact me immediately for cure. Fu-Jen U. E.E. Wilbur Dam.1993.4.8." I've not gotten this message as yet, but I've no desire to get it. So, can I safely rid my PC of this thing without affecting these Extract.exe programs? -- LuckyStrike LS@smokedamagedfurniture.youcandriveitawaytoday.com ---------------------------------------------------------------------------- ---------------- Tag: Strange RPCSS activity caught by File Monitor Tag: 31714
  - 15
    - Virus (hoaxes) Got an e-mail on line Friday alerting me to a virus. IIt is something identified as jdbg.exe, and it is reportedly not detected by Norton (which I have) or McAfee anti- virus programs. It is supposed to damage my system within 14 days...is this a hoax? I have heard abouut some hoax viruses that have been reported so that the unsuspecting will delete an important file in their system...and I don't want to go down that route. Someone please let me know if you have heard of this Tag: Strange RPCSS activity caught by File Monitor Tag: 31713
  - 16
    - Attachment Access Denied 90% of time I get message "OE removed access to following unsafe attachments". Why? (Attachments are from people I know.) Tag: Strange RPCSS activity caught by File Monitor Tag: 31704
  - 17
    - Reminder window won't go away Hi A window appeared on my computer...no x to close, can't right click icon in tray to close. alt F4 closes it. The window has the DNS info...like when you can't access a website...no info in it...can't close, refresh cause there is no toolbar...just the title bar that says "Reminder September 5th" I have no reminders set! Can't find anything scheduled on the computer. It 1st appeared at 11:24, appeared at hour intervals, now at 30 minute intervals...still cannot find anything scheduled. Scanned with NAV = no problems NIS shows no intrusion Can this be some type of bug? Or if its something on the computer...how do I get it to stop popping up. I already tried two other newsgroups...Security always has the answers ;) ...please help. HP a250n HP 2210 4 in 1 (printer, etc) XP Home (current on updates) Office 2003 beta NAV/NIS 2003 Any ideas...help...much appreciated. Sheila Tag: Strange RPCSS activity caught by File Monitor Tag: 31702
  - 18
    - My pc had intruder Since 9pm last night I have been working on my pc. It is 9 pm on 9/5. I used goback and system restore to return to a system restore I made at that time before I went to the web page link that I believe caused the problem. I have used Symantec on line virus checker and it found nothing. I have used WD diagnostics on my hard drive and it found nothing. This week I updated the Office XP updates and one windows critical updates before last night and there was nothing left to download. I just ran windows update again and found a modem driver update that I recall downloading about a week ago, 3 critical updates and two xp updates. My backup computer with xpPro had no updates to download. My computer appears to be rebooting and working correctly again. I got correcting scandisk to work on reboot and it reports no problems. I am calling my case closed, but I think the odds are that there will be others. Thanks A T Baehr Tag: Strange RPCSS activity caught by File Monitor Tag: 31701
  - 19
    - w32 RPC warning in win98 I'm running on windows 98, which is not supposed to be affected by this new blaster virus. A strange thing just happened. I was on-line and a window looking like a typical windows dialog box popped up. It said "virus warning!!! W32 RPC Virus Detected. Click on OK to scan and clean." I was suspicious because I didn't think Windows 98 included virus scanning and cleaning software. Maybe clicking OK would have windows trying to access other virus software? Anyway, I copied down the message, clicked cancel, and proceeded to try to learn more on the internet. Everything I can find out says Windows 98 is not affected by this "vulnerability" as they call it. Was it a legitimate warning? What should I do? Thanks! Tag: Strange RPCSS activity caught by File Monitor Tag: 31698
  - 20
    - Security Bulletin MS03-035 We use Word templates in our organisation that include Macros. These Macros are not signed and run automatically, regardless of the Macro Security Settings. I've always assumed that this was because all users have the Template, not just the document(s) derived from it. Is this how it should be - or a symptom of the flaw in Word Macros security reported in MS03-035? Thanks Tag: Strange RPCSS activity caught by File Monitor Tag: 31691
  - 21
    - tracking your kids how do i moniter my kids on the computer if they have learned to delete history(which is were i previously checked) is there a way to view deleted history or bring it back up??? Tag: Strange RPCSS activity caught by File Monitor Tag: 31687
  - 22
    - Is this message from Microsoft legitimate? I received this email message: Dear Microsoft Windows User : It has recently come to our attention in light of the recent Blaster Worm epidemic that an immediate update to our tcp protocols be taken forthwith. Please find the attached file entitled "installer.exe", this is a recent update to our winsock2 dll and is necessary to reduce the risk of a security breech in your Microsoft Windows internet protocols. Please accept our humblest of apologies for this inconvenience and please install the following file installer.exe. Once installed you may delete the file and continue as normal. Thank you again. There is an attachment called "installer.exe" The sender is ""Support" <Support@microsoft.org>" microsoft.ORG? Is this legitimate? I'm too suspicious to run the exe without confirmation. Thanks Thanks Tag: Strange RPCSS activity caught by File Monitor Tag: 31680
  - 23
    - Is the Order of Installing Updates Critical??? I have numerous updates to download and install. How do I know what order to apply them? Any guidance is appreciayed, Karen Tag: Strange RPCSS activity caught by File Monitor Tag: 31679
  - 24
    - Patches /// excel Last week I put all the critical upadtes on for sobig. this tuesday when some one would e-mail me an excel file it came in as corupted. I also have 3 other machines in the office that had the updates put on and now they get excel files via e-mail that are corupted. Thanks for you help Tag: Strange RPCSS activity caught by File Monitor Tag: 31675
  - 25
    - Security Bulletin MS03-033 I am trying to make sense of Security Bulletin MS03-033. I have WindowsNT 4.0 Server with Service Pack #6a running and according to the MDAC ComCheck program I have MDAC v2.6 with Service Pack #1. In the documentation for MS03- 033, it points me to a patch for various releases of MDAC, but only lists MDAC v2.6 with Service Pack #2. Where do I find a patch for MDAC v2.6 with Service Pack #1 ? Please advise. Tag: Strange RPCSS activity caught by File Monitor Tag: 31673
- Next
  - 1
    - Outlook: odd behavior I have Outlook Express v6.00.2800.1123 running in Office 98. After downloading the last series of patches, MacAfee firewll is telling me that Outlook has changed from the last use. I also get a strange temp file that downloads. Any clues what's going on? Tag: Strange RPCSS activity caught by File Monitor Tag: 31667
  - 2
    - MS03-033 won't recognize MDAC 2.5sp3 I have MDAC 2.5 sp3 on an NT box. The MS03-033 patch errors out with the message that it can't figure out the MDAC version. The Component Checker tool finds 4 dlls that have a version 2.53.6002.0 instead of the 2.53.6000.0 that it thinks should be there. Obviously these DLLs have been updated to a newer version than the original sp3 had but the patch and the Component Checker tool (I'm guessing) are still looking for the old version. Does anyone know how I can get this patch installed? Tag: Strange RPCSS activity caught by File Monitor Tag: 31666
  - 3
    - Protocol Numbers Hello .. can anyone shed some light as to what exactly is a "protocol number" and how it is used. I understand the concept of port numbers, but what are "protocol numbers"? Thanks in advance, kovacsa Tag: Strange RPCSS activity caught by File Monitor Tag: 31662
  - 4
    - LEGAL ISSUES I RECENTLY (July 1) left a company (not an employee, but independent contractor). I own my computer outrighht and software except win2000 (entreprise) which i paid through leasing arrangement with the company. i just found out that they are still downloading my info (and not just company related info). is it legal for them to trace and look at documents 2 months after the fact? i have done nothing wrong but now am considering a lawsuit. Tag: Strange RPCSS activity caught by File Monitor Tag: 31661
  - 5
    - Downloading critical patches I just installed Win XP Home version on my computer. Went to MS.Com to download critical patches for security. They would download, the blue bar going all the way to the right, 100%, but would not start to install after waiting for an additional 15 min. What's wrong? Why after download, they won't install. Thanks. Tag: Strange RPCSS activity caught by File Monitor Tag: 31660
  - 6
    - installing sp1a SP1a doesn't finish installing after downloading. It gets to running processes after installing and then frezes? Any suggestions? Tag: Strange RPCSS activity caught by File Monitor Tag: 31655
  - 7
    - Crtical updates I recently installed a fire wall called Black ice. When I recieve critical updates the fire wall tells me that there is a rouge application has been detected. This has happened with two different Microsoft security updates. I have been unsucessful in contacting Microsoft since my XP Home came w/ the computer and I didn't actually purchase the product. Is anyone familiar with this problem ? Is the fire wall having a problem with the updates, or is it really finding a problem. thanks john Tag: Strange RPCSS activity caught by File Monitor Tag: 31652
  - 8
    - someone esle logged into my computer when i try to manually shut down my computer it goes straight back to the desk top screen. the only way i am able to turn my computer off without resorting to taking out the plug is to let the comp go into stand by and then turn off from there. however when i do that it says another user is logged into my computer and if i shut down theyll lose data. this is weird because im the only user ive set up on the comp. Tag: Strange RPCSS activity caught by File Monitor Tag: 31650
  - 9
    - Firewall I followed instructions on "HOW TO: Enable or Disable Internet Connection Firewall in Windows XP". When I right click the aol icon to get 'properties' nothing happens. How can I activate the firewall? Tag: Strange RPCSS activity caught by File Monitor Tag: 31641
  - 10
    - MS03-032 When I install this patch onto my NT4.0 SP6a server running IE 6 sp1 and I only choose this patch from critical updates on windows update webpage. It appears to download and install but then afterwards I never get prompted to restart, and i get a message in the windows update page that says "could not install because of an unkown error" However when I restart the server anyways it appears that the patch has loaded. Has any one run into this problem, is there something wrong with the setup on my server. Thanks Jeremy Tag: Strange RPCSS activity caught by File Monitor Tag: 31638
  - 11
    - help with critical updates Going nuts. When I attempt to download the critical updates a popup box appears asking me to agree to the updates. The box will NOT expand so I am unable to hit the agree button. Any help out there? Tag: Strange RPCSS activity caught by File Monitor Tag: 31636
  - 12
    - windows update It seems my company blocks windows update. When the download starts for the patches, it always fails without error and says to try again later. Is there any other way to get these files like FTP site and apply them myself? Also can you configure windows update to work on different ports... Thanks, LK Tag: Strange RPCSS activity caught by File Monitor Tag: 31629
  - 13
    - windows updates When I try to update my windows xp I get a message that says my security settings are not allowing ActiveX controls to run. I lowered all my security settings and i get asked if i want to install and run http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct l.CAB?37869.2808101852 autenticode signature not found What do i do? Tag: Strange RPCSS activity caught by File Monitor Tag: 31624
  - 14
    - ActiveX controls I installed the latest windows critical update (Windows 98) on my computer and now when the computer starts up I get a message saying that ActiveX security settings might not allow certain functions to run. One thing that is not working correctly is Norton. HELP! Tag: Strange RPCSS activity caught by File Monitor Tag: 31617
  - 15
    - security update Yesterday 9/4 I received an update message for windows. It was called a security update and had the numbers K824105 with it. The thing kinda looks official but after looking at the microsoft web site, I do not see it listed as an update and no search reference is found. Is there something I am missing here? Dave Tag: Strange RPCSS activity caught by File Monitor Tag: 31610
  - 16
    - New Blaster Style Problem I have a fully updated XP home with active firewall and updated Norton AntiVirus. On Sept 4 in the pm I got an eMail dated Fri, 5 Sep 2003 00:22:55 +0300 (IDT) with the subject "14 Gb of Best softcore and hardcore videos with beautiful young russian girls!" Last night I clicked on the reference site link of http://www.geocities.com/stcommahatmaalgol1846/vfr/ and refused the request for a cookie. The site hung and did not completely load. I refreshed once, got the same, and left. Later I defraged and rebooted with a scan disk option. The Pentium 4 2.5 hung on a recycle at the end of the black screen. I rebooted in the safe command prompt and ran chkdsk without the f. It reported no problems and I rebooted and it worked and I got to a slower complete XP boot. I had updated live update and made a 3 hour scan yesterday afternoon (twin 120Gb), and all windows XP and Office XP updates are in. I rebooted again and got the recycle at the end of the black screen again. I safe booted to the command prompt again and ran chkdsk. This time I got errors in the master file record and a request to rerun with F. I did and was told it would happen on reboot. I rebooted and again it recycled at the end of the black screen without running checkdisk. I turned it off and went to bed. This am it started normally. Norton System Works disk doctor reports "Problems were detected on Drive C, they were not corrected" I have made a dos boot but my C is NTFS. Looks to me like there is another hole that needs fixing. Tag: Strange RPCSS activity caught by File Monitor Tag: 31607
  - 17
    - List of folders allowed to a user! Hello All, Is there a way (windows dialog interface or tool ) to get the hierarchy of allowed folders on ntfs to a specific user ? What I mean is to get a list like User : user1 folder allowed D:\inetpub\site1 RWX D:\inetpub\site2 RW D:\inetpub\site5\folder2 R I need this list to know what folders are allowed to a specific user, and what are his permissions. thanks a lot in advance. Imran Tag: Strange RPCSS activity caught by File Monitor Tag: 31603
  - 18
    - E-mail blocks My parents are having problems. Their e-mail system has been corrupted so they receive 20-30 Greek e-mails per day. They cannot block them using Outlook or Norton anti- virus. They run Windows 98. Any suggestions?, Many thanks Tag: Strange RPCSS activity caught by File Monitor Tag: 31601
  - 19
    - Hackers Secret Weapons - Virtual Private Networks For one, if your on a Windows Platform and you didn't disable a number of services which are enabled by default, including file and print sharing, the chances of your computer being hacked/owned are very high. Also, if you haven?t secured your browser or e-mail programs this can cause your computer to be hacked/owned. Not disabling these services and not having a firewall or anti-virus program from the beginning of your computer going on the internet, is a loss cause. Backdoors and Trojan Horses disable your anti-virus and firewalls. So checking for open ports no matter where you go or how you test your ports will not give you accurate results. GRC shields-up has on one occasion showed my computer as having port 110 open. The reason for this is because a malicious hacker was using my e-mail application at the time my computer was checked for open ports. If your on a Windows Platform (minus XP and NT), select Start, Settings, Control Panel, Folder Options, View and make sure you select and have a dot in the circle where it says Show Hidden Files and Folders. Select Start, Control Panel, Network, and if you see two AOL adapters, two TCP/IP, two dial-up adapters, one or two Virtual Private Network adapters your computer has what hackers install called a Virtual Private Network, BEWARE! If you find your system re-boots itself from time to time, this is another sign that an Administrator (hacker) has to update your hacked system. Select Start, type regedit, select Registry, Export Registry, and in the box type say 3-12-02.txt and say OK. Then open this file with a text editor or word application and you might be "shocked" to find what really is installed on your system. Check the bottom of this file, since hackers love to install a bunch of their crap here. What these hackers do is disable your anti-virus program using Trojan Horses, which makes checking for viruses or trojans useless. If running a software firewall, the hackers install another version of what your running and program it so you aren't able to see their activities. Once these factors take into play, the best bet to keep the hackers out of your system is to perform the below. My suggestion would be to keep the hard drive (sent it to the FBI, minus your personal files). Or make a copy of your entire hard drive, this way if the hackers have destroyed any system using your computer, at least you have evidence if the FBI ever come knock on your door. The Trackers would like a copy, but that's another story in itself. You might want to format the hard drive, install from CD-ROM only and obtain a free port scanner for your operating system. You can download one from zdnet.com, and before you go online, port scan your own computer to check for any open ports. Backdoors, Trojan Horses and Viruses are not the consideration you need to be concerned with when your system is hacked. Your system can also be running a Proxy Server, NNTP Server, SMTP Server, Web Server, SQL Server and a Virtual Private Network. All of these factors need to be taken into consideration. Tracker The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and different types of Servers can be found at: http://geocities.com/secure2003222000 Tag: Strange RPCSS activity caught by File Monitor Tag: 31600
  - 20
    - Getting Into A Site What does it mean when I am on the net and using IE 6 and I get a yellow looking thing, something like a leaf I guess with a RED exclamination mark in it. I only see it for a second, but it won't let me into the site, game room, etc. Is this a security problem or what. Please e mail me and let me know. I sure would appreciate it. Thanks in advance. Dale Tag: Strange RPCSS activity caught by File Monitor Tag: 31591
  - 21
    - Installing the Patch Daily I am getting an email with an attachment that says it is from Microsoft. It says Dear Friend: Install this patch immediately. It does not look like a professional or business type email. I keep deleting the emails but they keep coming. Is this really from Microsoft? I don't trust the email the way it looks. Sandy Schoon Tag: Strange RPCSS activity caught by File Monitor Tag: 31580
  - 22
    - should I allow untrusted computers to join my AD domain? Is there any danger in allowing untrusted computers to join my AD domain? I can see that allowing untrusted _users_ to join my domain is a bad idea, because they automatically get access to all kinds of objects. But what about _computers_ ? When a computer joins the domain, it will be put in the OU Computers and in the security group Domain Computers. As far as I can see, the only "benefit" it gets from joining my domain is that it will have to conform to some group policies. Or are there some vulnerabilities I am missing? F O Tag: Strange RPCSS activity caught by File Monitor Tag: 31573
  - 23
    - password problems what have i done? everytime i try to log on before i can log on windows password comes on and ask me to put in my password.this is so annoying.i dont' know how to cancel this.help please Tag: Strange RPCSS activity caught by File Monitor Tag: 31530
  - 24
    - Outlook Express Attachment Removal You have to disable your Unsafe File list option. 1.Open Outlook Express. 2. Click Tools on the menu bar at the top. 3. Click Options in the dropdown window. The Options window appears. 4. Click the Security tab. The Security options screen appears. Click the selection box to remove the check from "Do not allow attachments to be saved or open that could potentially be a virus" under the Virus Protection section. 6. Click the OK button. Tag: Strange RPCSS activity caught by File Monitor Tag: 31528
  - 25
    - Office 2000 SR-1 Update I tried to download the update today and it did not complete successfully. I noticed it was looking for some files in a different program (namely the program my school uses for email). The problem is with Excel and it wants to look in the same place for Add-Ins if I want to add any of those on. Can anyone tell me how to correct this problem by having Excel look in to the proper place to get the add-ins instead of my email program (Eudora)? Thanks. Tag: Strange RPCSS activity caught by File Monitor Tag: 31520

Using ZAP firewall (135->127 blocked) and AVGP antivirus, all MS Updates
applied. OS is registered Win98 1st. Also have AdAware & Spybot. None of
these are indicating any security issues. However, my domain is having LOTS
of static IP's scanned (ICMP ping) every few seconds - pings are blocked on
all machines). I've previously implemented "UnPlug n' Pray" to turn off MS
UPnP, too.

Recently on one machine I had font for a few 3rd party pgms (old installs,
until now been displaying fine for years) start showing blank square boxes
instead of readable text (such as with the Spell Checker named WordWeb
1.51). Restoring backup of Fonts folder content and Registry didn't cure, so
used File Monitor (http://www.sysinternals.com) to watch WordWeb and saw it
try to use a font named MANGAL.TTF (probably installed from MS Update to
support other languages in IE). Used Fonts Folder utility to delete it.
Rebooted, no cure & no trace by File Monitor of what font it was trying to
load for a replacement. But while monitoring with File Monitor this entry
occurred:

6:51:18 AM Rpcss Read C:\BATCH\MOUSEMGR.DLL SUCCESS Offset: 20770816 Length:
4096

Interesting thing is I do have that BATCH folder (I created it years ago)
but no such filename exists there or anywhere on any drive (does now, since
I put a attrib +S+H+R dummy text file of that name in BATCH folder). But how
could File Monitor have had a read success before I created that dummy
filename??? I am seriously suspecting a security breach, but no luck in
pinning it down. Anyone have some comments, ideas, etc.?

Mostly Anonymous