E-Mail Update Notifications
Hey group,
I don't think Microsoft does this, but I've been getting
e-mails that look like they're from Microsoft, but check
out the header of one of these messages and let me know
what you think, Thanks, Trav
-- BEGIN HEADER --
Microsoft Mail Internet Headers Version 2.0
Received: from vison.ip.pt ([195.23.132.15]) by
exchsrvr.plascoincorporated.com with Microsoft SMTPSVC
(5.0.2195.5329);
Thu, 25 Sep 2003 07:39:33 -0400
Received: (qmail 31265 invoked from network); 25 Sep 2003
11:39:20 -0000
Received: from unknown (HELO tainha.ip.pt) (195.23.132.7)
by vison.ip.pt with SMTP; 25 Sep 2003 11:39:20 -0000
Received: (qmail 18968 invoked from network); 25 Sep 2003
11:39:13 -0000
Received: from unknown (HELO frukizl) ([195.23.52.68])
(envelope-sender <spinarq.lisboa@spinarq.com.pt>)
by polvo.isp.ip.pt (qmail-ldap-1.03) with SMTP
for <chade@jdbyrider.com>; 25 Sep 2003 11:39:13 -
0000
FROM: "Technical Services" <yobrnhtn@updates.microsoft.com>
TO: "Customer" <xoflomqv_yiffnvhcf@updates.microsoft.com>
SUBJECT: New Microsoft Update
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="jarfaciaoggaxfkx"
Return-Path: spinarq.lisboa@spinarq.com.pt
Message-ID:
<EXCHSRVRB5Rw1SSfWXW0000010e@exchsrvr.plascoincorporated.co
m>
X-OriginalArrivalTime: 25 Sep 2003 11:39:33.0881 (UTC)
FILETIME=[B0D87690:01C38359]
Date: 25 Sep 2003 07:39:33 -0400
--jarfaciaoggaxfkx
Content-Type: multipart/related; boundary="oqrlydztlebrm";
type="multipart/alternative"
--oqrlydztlebrm
Content-Type: multipart/alternative;
boundary="tzrzddhgkjoeov"
--tzrzddhgkjoeov
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
--tzrzddhgkjoeov
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
--tzrzddhgkjoeov--
--oqrlydztlebrm
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-ID: <llailzw>
--oqrlydztlebrm
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-ID: <tbnjevi>
--oqrlydztlebrm--
--jarfaciaoggaxfkx
Content-Type: application/x-msdownload; name="pack78.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment
--jarfaciaoggaxfkx-- Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34801
Authentication
Two XP clients trying to access 3rd party software
through a web interface hosted on an NT4 server.
One can access this fine. On the NT4 server the entry
for the working XP client appears to be using the KsecDD
logon process where as the other one appears as Ntlmssp.
It appears that the credentials are not being passed
through correctly by using NtlmSsp any suggestions would
be greatly appreciated. I have compared registry
settings and group policy settings on the two machines to
no avail.
Many Thanks Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34785
Warning: the virus is posted to the newsgroups!
In case you didn't see it - there are some messages (ca 150KB each) with
subjects like "Try these patches". Needless to say, it's our friend SWEN.
regards
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =- Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34784
This New Patch Problem IS MICROSOFT!!!
sick of this cr*p Microsoft is putting out, you must
think we are idiots
1. From 50 people I know ONLY people who registered for
Microsoft updates are being effected - YAHOO, HOTMAIL,
AOL - Does not matter. ALl the other people have received
nothing..
So YOU are being used!!!
Why no announcement eh?
BLASTER Worm loads of press
This nothing - WE ARE TELLING YOU whats going on.
This is not service, this company has no idea what the
word means. I am sick of second rate products that I
spend hours downloading patch's for.
SORT YOUR HOUSE OUT. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34783
MICROSOFT F*KING STOP NOW!! YOU ARE KILLING ME!!
I AM VERY ANGRY!!!!! I WANT MICROSOFT TO STOP THE BARRAGE
OF SECURITY PATCH'S THAT ARE CRASHING MY EMAIL ADDRESS
EVERYDAY!!! YOU IDIOTS HAVE SENT ME THE SAME PATCH'S
HUNDREDS OF TIMES 150K EACH AND MY MAIL BOX CAN NOT TAKE
IT!! I HAVE MISSED A JOB!! A JOB!!@!!! BECAUSE YOU INSIST
ON SENDING THESE THINGS OVER AND OVER AND OVER AGAIN.
STOP SENDING ME THIS STUFF, YOU ARE WORSE THAN ANY
VIRUS*********
DUE TO THE LOSS OF EMPLOYMENT, AFTER TRYING TO CONTACT
YOU THROUGH DOZENS OF FORUMNS, EMAILS, I AM SEEKING LEGAL
COUNCIL!!!
THINK BEFORE YOU TURN PEOPLE'S EMAIL SITES INTO THE
DUMPING GROUNDS FOR HUNDREDS OF PATCHS!!
MUPPETTS@YAHOO.COM IS THE SITE - DO SOMETHING NOW AS I
HAVE LOST ALL REASON , HUMOUR AND PATIENCE WITH THIS
AROGANT MISUSE OF MY COMPUTER!!!!.
CHRIS SLADE - VERY VERY VERY ANGRY CONSUMER!!!!!!!!!!! Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34779
Local Security Policy
I'm trying to add the administrator group to the 'change
sytem time' option in Local Policies\User Rights
Assignments. due to the nature of our business we can not
have the users changing the time, although as
synchronisation is vital we need to be able to change the
time for them when it lapses.
i've double clicked the option, clicked add user group,
advanced, find now and the administrator group is not
there to add..... is there a way i can add this?
also if anyone happens to know of any time synchronisation
programs that run as a service i'd think about giving you
some kind of medal! Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34776
Latest Network Critical Patch
Dear Sirs,
I have received an email from Microsoft with attached to=20
this email a file with the name Q661959.exe
How can I verify that this email originates from Microsoft.
How can I be sure that I m not loading a Virus or worse=20
from someone giving himself out to be MS.
Thank you for your assistance
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Return-Path:=20
<leif@ab.se>
Received:=20
from focus2.focus.lu (focus2.focus.lu=20
[161.58.236.92]) by mailbox.lu (8.12.9p1/8.11.6) with ESMTP
id h8OLX56r084494 for=20
<dolphin@mailbox.lu>; Wed, 24 Sep 2003 23:33:10 +0200=20
(CEST)
Received:=20
from smtp.wineasy.se (smtp.wineasy.se=20
[195.42.198.20]) by focus2.focus.lu (8.12.9p1/8.11.6) with
ESMTP id h8OLX0hl007872 for=20
<info@delphinus.lu>; Wed, 24 Sep 2003 23:33:04 +0200 (CEST)
Received:=20
from fsnaqc=20
(242.210.88.213.host.tele1europe.se [213.88.210.242]) by=20
smtp.wineasy.se with SMTP
id h8OLVbNJ000744; Wed, 24 Sep 2003=20
23:31:48 +0200
Date:=20
Wed, 24 Sep 2003 23:31:48 +0200
Message-ID:=20
=20
<200309242131.h8OLVbNJ000744@smtp.wineasy.se>
From:=20
""=20
<brlbjfedf@support.go.microsoft.akadns.net>
To:=20
"Microsoft Partner"=20
<partner-xwhccaqi@support.go.microsoft.akadns.net>
Subject:=20
Latest Network Critical Patch
Mime-Version:=20
1.0
Content-Type:=20
multipart/mixed;=20
boundary=3D"braxatdbefarmvg"
X-Mozilla-Status:=20
8001
X-Mozilla-Status2:=20
00000000
X-UIDL:=20
]p3"!^k!"!~HH!!#$["!
Microsoft=20
All Products=20
| Support | Search | Microsoft.com Guide =20
=20
Microsoft Home =20
=20
Microsoft Partner
this is the latest version of security update, the=20
"September 2003, Cumulative Patch" update which fixes all
known security vulnerabilities affecting MS Internet=20
Explorer, MS Outlook and MS Outlook Express as well as
three newly discovered vulnerabilities. Install now to=20
protect your computer from these vulnerabilities, the
most serious of which could allow an attacker to run=20
executable on your computer. This update includes the
functionality of all previously released patches.=20
System requirements=20
Windows 95/98/Me/2000/NT/XP
This update applies to=20
MS Internet Explorer, version 4.01=20
and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01=20
and later=20
Recommendation
Customers should install the patch=20
at the earliest opportunity.
How to install
Run attached file. Choose Yes on=20
displayed dialog box.
How to use
You don't need to do anything=20
after installing this item.
Microsoft Product Support Services and Knowledge Base=20
articles can be found on the Microsoft Technical
Support web site. For security-related information about=20
Microsoft products, please visit the Microsoft
Security Advisor web site, or Contact Us.=20
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an=20
unmonitored e-mail address and we are unable to respond to=20
any replies.
The names of the actual companies and products mentioned=20
herein are the trademarks of their respective owners.=20
Contact Us | Legal | TRUSTe=20
=A92003 Microsoft Corporation. All rights reserved. Terms=20
of Use | Privacy Statement | Accessibility=20
Q661959.exe
Content-Type:=20
=20
application/x-msdownload; name=3D"Q661959.exe"
Content-Transfer-Encoding:=20
base64
Content-Disposition:=20
attachment Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34771
This legit?
I just recieved this email:
Microsoft All Products | Support | Search | =20
Microsoft.com Guide =20
Microsoft Home =20
=20
MS Consumer
this is the latest version of security update,=20
the "September 2003, Cumulative Patch" update which=20
resolves all known security vulnerabilities affecting MS=20
Internet Explorer, MS Outlook and MS Outlook Express as=20
well as three newly discovered vulnerabilities. Install=20
now to protect your computer from these vulnerabilities,=20
the most serious of which could allow an attacker to run=20
code on your system. This update includes the=20
functionality of all previously released patches. =20
System requirements Windows 95/98/Me/2000/NT/XP=20
This update applies to MS Internet Explorer, version=20
4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later =20
Recommendation Customers should install the patch at the=20
earliest opportunity.=20
How to install Run attached file. Choose Yes on displayed=20
dialog box.=20
How to use You don't need to do anything after installing=20
this item.=20
Microsoft Product Support Services and Knowledge Base=20
articles can be found on the Microsoft Technical Support=20
web site. For security-related information about Microsoft=20
products, please visit the Microsoft Security Advisor web=20
site, or Contact Us.=20
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an=20
unmonitored e-mail address and we are unable to respond to=20
any replies.
-----------------------------------------------------------
---------------------
The names of the actual companies and products mentioned=20
herein are the trademarks of their respective owners. =20
Contact Us | Legal | TRUSTe =20
=A92003 Microsoft Corporation. All rights reserved. Terms=20
of Use | Privacy Statement | Accessibility =20
I was wanting to know if it was legitimate??/ Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34766
security update
Every day I get a update messaage from Microsoft to
download a security patch 823559 which I do . Is it their
fault or something I am doing? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34764
installer11.exe
I got an email from Microsoft instructing me to run the
attached file "installer11.exe" to fix several security
problems. When I save installer11.exe, Norton dectected a
virus and made this file inaccessible. Is this really a
Microsoft patch or just a virus spreader? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34732
Publish KRA certificate to the AD (Event ID:80)
Hi, I have a problem about publishing the KRA Certificate to the Active
Directory. Below is my test environment :
1 Server with the following configuration : Windows 2000 Domain Controller,
Exchange 2000 Server with KMS service, Enterprise Root CA. With the help of
KMS, enrolling mailbox enabled users to advanced security was working
properly.
I Exported the KMS database and uninstalled KMS service. Then upgraded from
Exchange 2000 to Exchange 2003 and then upgraded from Windows 2000 Server to
Windows 2003 Advanced Server. After a successfull upgrade I tried to
configure the CA for Key Archival and Key Recovery. For this reason I added
the new certificate template (Key Recovery Agent certificate template) with
proper security permissions. Administrator user requested a KRA certificate
with the web enrollment wizard and installed the certificate successfully.
At that point, Enterprise CA should publish the certificate to the directory
automatically(to the userCertificate attribute of CN=KRA,CN=Public Key
Services,CN=Services,CN=Configuration,DC=domain,DC=local).
But there is a warning message in the application event log. I dont see
anything in the KRA container in AD Sites And Services snap-in. I could not
find any article in the KB. Any ideas? Thanks
AydinK
Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 80
User: N/A
Computer: SERVER
Description:
Certificate Services could not publish a Certificate for request 11 to the
following location on server SERVER: ldap:///CN=EntRootCA,CN=KRA,CN=Public
Key Services,CN=Services,CN=Configuration,DC=test,DC=local. Directory
object not found. 0x8007208d (WIN32: 8333).
ldap: 0x20: 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data
0, best match of:
'CN=KRA,CN=Public Key
Services,CN=Services,CN=Configuration,DC=company,DC=local' Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34728
Security Issues (I think)
I am having problems accessing some sites that require
pretty hefty security.. I get the cannot find server
stuff. When I to tools, internet options, avanced tab
security, mine showes only SSL 2.0 SSL 3.0 TLS 1.0. What
is PCT 1.0? that is suggested be included in the security
settings and how do I get it.
Most of the sites I have been having trouble with are like
banking sites or government sites (licensing vehicle
sites, etc.)
Frustating. Any suggestions? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34723
Virtual Private Network Is One Of The Hackers Secrets
VIRTUAL PRIVATE NETWORK:
A Virtual Private Network (VPN) is used mainly for business travelers
and home users, connecting more than one system together. (ie: remote
office, remote user and remote partner (extranet) communications.) Your
average home user, connecting one computer to the Internet, has no
reason to be running a VPN.
ALTHOUGH VPN SUPPORT IS NATIVE TO WINDOWS X (EXCLUDING 2000,NT, XP), IT
DOES NOT INSTALL BY DEFAULT.
1. For hackers to install this, they have to click on the Control
Panel, open the Add/Remove Programs applet and then click on the Windows
Setup page.
2. From the Windows Setup page, Select the Communications option and
Select Details. The bottom Communications options is Virtual Private
Networking. Check the box to this option and Select OK.
3. When you return to the Windows Setup page, Select OK again, and all
necessary files are copied.
4. Restart the computer to complete the VPN installation.
After a VPN is installed on your computer, a new adapter is added to the
Network properties for use through your modem. Two adapters are
installed if using a network interface card, but this rarely is the
case. A computer with a standard Dial-Up Adapter, an additional
Dial-Up Adapter to provide VPN support, and also the Microsoft Virtual
Private Networking Adapter that serves as the backbone for all VPN
connections. It?s not always necessary to have a network interface card
for two VPN?s to be installed on a victims computer. A number of other
computers analyzed, were using one modem, but had two VPN?s adapters
installed. Some of the more technically inclined people will have a
better understanding of the terminology.
Below is the VPN adapter file the hackers were using on a compromised
computer system. These files were found in the Black Ice Defender
directory which was hidden from my view. Of course, once you can view
all the Files and Folders, you will find your eyes getting bigger and
bigger. As you can see below, the hackers were utilizing this adapter
on different platforms and software applications.
#This document contains special adapter information that we
#use to adjust how the product interacts with the driver.
#It's main purpose is to handle those adapters that we find
#in the system who lie about being network adapters.
#
#format:
#action: name[=<>] value
# 01 Sep 2000--Added to handle Intel/Shiva VPN client
IGNORE: DriverDesc > Shiva Virtual NIC
IGNORE: Description > Shiva Virtual NIC
# 15 Sep 2000--Added to fix PGP related issues; supersedes other
# PGPMAC or PGPnet entries
# For Win9x
ICE_ADAPTER: LogDriverName > PGPMAC
# For WinNT AND Win2000
ICE_ADAPTER: Description > PGPnet
# 31 Jul 2000--Added to handle VPNet VPNremote client 3.0 for NT
ICE_ADAPTER: Description > Vpn Adapter
# 24 Jul 2000--Added to handle VPNet VPNremote client
ICE_ADAPTER: DriverDesc > VPNremote
ICE_ADAPTER: Description > VPNremote
# Added to handle Raptor Mobile VPN
IGNORE: DriverDesc > RaptorMobile
IGNORE: Description > RaptorMobile
# added to handle Bay Networks Extranet Access Client VPN
IGNORE: DriverDesc > IPsecShm
IGNORE: Description > IPsecShm
IGNORE: DriverDesc > Extranet Access Client Adapter
IGNORE: Description > Extranet Access Client Adapter
ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3010 PPP
ICE_ADAPTER: Description > Efficient Networks SpeedStream 3010 PPP
ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3020 PPP
ICE_ADAPTER: Description > Efficient Networks SpeedStream 3020 PPP
ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3041 PPP
ICE_ADAPTER: Description > Efficient Networks SpeedStream 3041 PPP
ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 3060 PPP
ICE_ADAPTER: Description > Efficient Networks SpeedStream 3060 PPP
# 09 Oct 2000--added to handle SpeedStream model 4060 interfaces
ICE_ADAPTER: DriverDesc > Efficient Networks SpeedStream 4060 PPP
ICE_ADAPTER: Description > Efficient Networks SpeedStream 4060 PPP
ICE_ADAPTER: DriverDesc > Deterministic Network
ICE_ADAPTER: Description > Deterministic Network
# added to handle some possible iteration of firewire adapters
IGNORE: DriverDesc > 1394
IGNORE: Description > 1394
IGNORE: DriverDesc > Sony i.LINK(1394) Adapter
IGNORE: Description > Sony i.LINK(1394) Adapter
IGNORE: DriverDesc > Infrared
IGNORE: Description > Infrared
IGNORE: DriverDesc > SMC IrCC
IGNORE: Description > SMC IrCC
IGNORE: DriverDesc > Toshiba FIR Port
IGNORE: Description > Toshiba FIR Port
IGNORE: DriverDesc > Efficient ENI-25p ATM Adapter
IGNORE: Description > Efficient ENI-25p ATM Adapter
# Check Point VPN-1 SecuRemote
ICE_ADAPTER: DriverDesc > FW1 Adapter
ICE_ADAPTER: Description > FW1 Adapter
IGNORE: DriverDesc > Network TeleSystems PPPoE Adapter
IGNORE: Description > Network TeleSystems PPPoE Adapter
IGNORE: DriverDesc > Token-Ring
IGNORE: Description > Token-Ring
IGNORE: DriverDesc > SpeedStream 30
IGNORE: Description > SpeedStream 30
IGNORE: DriverDesc > 3010 SpeedStream
IGNORE: Description > 3010 SpeedStream
IGNORE: DriverDesc > 3020 SpeedStream
IGNORE: Description > 3020 SpeedStream
IGNORE: DriverDesc > 3040 SpeedStream
IGNORE: Description > 3040 SpeedStream
IGNORE: DriverDesc > 3041 SpeedStream
IGNORE: Description > 3041 SpeedStream
IGNORE: DriverDesc > 3060 SpeedStream
IGNORE: Description > 3060 SpeedStream
IGNORE: DriverDesc > SpeedStream 40
IGNORE: Description > SpeedStream 40
IGNORE: DriverDesc > 4020 SpeedStream
IGNORE: Description > 4020 SpeedStream
IGNORE: DriverDesc > 4041 SpeedStream
IGNORE: Description > 4041 SpeedStream
IGNORE: DriverDesc > 4060 SpeedStream
IGNORE: Description > 4060 SpeedStream
IGNORE: DriverDesc > (unknown model) SpeedStream (00) RFC 1577
IGNORE: Description > (unknown model) SpeedStream (00) RFC 1577
IGNORE: DriverDesc > (unknown model) SpeedStream (01) RFC 1577
IGNORE: Description > (unknown model) SpeedStream (01) RFC 1577
IGNORE: DriverDesc > (unknown model) SpeedStream (02) RFC 1577
IGNORE: Description > (unknown model) SpeedStream (02) RFC 1577
IGNORE: DriverDesc > (unknown model) SpeedStream (00) RFC 1483
IGNORE: Description > (unknown model) SpeedStream (00) RFC 1483
IGNORE: DriverDesc > (unknown model) SpeedStream (01) RFC 1483
IGNORE: Description > (unknown model) SpeedStream (01) RFC 1483
IGNORE: DriverDesc > (unknown model) SpeedStream (02) RFC 1483
IGNORE: Description > (unknown model) SpeedStream (02) RFC 1483
IGNORE: DriverDesc > (unknown model) SpeedStream (03) RFC 1483
IGNORE: Description > (unknown model) SpeedStream (03) RFC 1483
IGNORE: DriverDesc > (unknown model) SpeedStream (04) RFC 1483
IGNORE: Description > (unknown model) SpeedStream (04) RFC 1483
IGNORE: DriverDesc > Cisco 605 PCI ADSL Adapter Driver for PPP
IGNORE: Description > Cisco 605 PCI ADSL Adapter Driver for PPP
IGNORE: DriverDesc > ITK Columbus Card 3.0
IGNORE: Description > ITK Columbus Card 3.0
IGNORE: DriverDesc > TELES.ISDN WAN-NDIS-Miniport driver
IGNORE: Description > TELES.ISDN WAN-NDIS-Miniport driver
IGNORE: DriverDesc > TV Data Adapter
IGNORE: Description > TV Data Adapter
Tracker
The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking,
Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus,
Windows and different types of Servers can be found at:
http://geocities.com/secure20032220000/ Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34719
http://www.pass-this-on
I keep getting a website that takes over Microsoft
Explorer and sets itself as the default web page.
Thereafter we get literally hundreds of pop-ups.
How do I stop this??? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34716
Everyone's virus problem info....
Those of you being smart asses about this situation
because you don't have it and THINK you have the solution
are complete morons.
This worm infects through file sharing progams (kazaa,
etc). The victim does not have to open ANYTHING to start
it. It is NOT recognized by any of the "leading virus
software protection" therefore your Virus protection
program is obsolete in this matter (unless they come up
with a patch).
I receive nearly 200 of these infected e-mails per day. I
(as well as most computer users) am smart enough NOT to
open them. Since this happens, important e-mail does not
go through and I don't feel like scanning every single e-
mail that I KNOW IS INFECTED.
I have tried numerous applications that have been posted
on this newsgroup (which are greatly appreciated) but
each one has never detected a virus or worm running on my
computer.
IF ANYONE HAS A VALID ANSWER TO STOP THIS PLEASE POST IN
A HEADER TO HELP THOSE THAT ARE EXPERIENCING THIS.
SMART ASS COMMENTS ARE NOT WELCOME. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34710
The info everyone needs....
Those of you being smart asses about this situation
because you don't have it and THINK you have the solution
are complete morons.
This worm infects through file sharing progams. The
victim does not have to open ANYTHING to start it.
I receive nearly 200 of these infected e-mails per day.
Since this happens, important e-mail does not go through.
I have tried numerous applications that have been posted
on this newsgroup (which are greatly appreciated) but
each one has never detected a virus or worm running on my
computer.
IF ANYONE HAS A VALID ANSWER TO STOP THIS PLEASE POST IN
A HEADER TO HELP THOSE THAT ARE EXPERIENCING THIS.
SMART ASS COMMENTS ARE NOT WELCOME. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34702
something needs to be done about spammers: now deceiving more
I think this is a serious problem and Microsoft needs to=20
actively pursure those parties who have started such fake=20
emails posing as Microsoft employees, and prosecute them=20
in court for fraud.
The following is copied from a spam I received (graphics=20
omitted, but were done exactly in co-ordination to MS's):
"Microsoft All Products | Support | Search | =20
Microsoft.com Guide =20
Microsoft Home =20
=20
MS Consumer
this is the latest version of security update,=20
the "September 2003, Cumulative Patch" update which fixes=20
all known security vulnerabilities affecting MS Internet=20
Explorer, MS Outlook and MS Outlook Express as well as=20
three newly discovered vulnerabilities. Install now to=20
continue keeping your computer secure from these=20
vulnerabilities, the most serious of which could allow an=20
attacker to run executable on your computer. This update=20
includes the functionality of all previously released=20
patches. =20
System requirements Windows 95/98/Me/2000/NT/XP=20
This update applies to MS Internet Explorer, version=20
4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later =20
Recommendation Customers should install the patch at the=20
earliest opportunity.=20
How to install Run attached file. Choose Yes on displayed=20
dialog box.=20
How to use You don't need to do anything after installing=20
this item.=20
Microsoft Product Support Services and Knowledge Base=20
articles can be found on the Microsoft Technical Support=20
web site. For security-related information about Microsoft=20
products, please visit the Microsoft Security Advisor web=20
site, or Contact Us.=20
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an=20
unmonitored e-mail address and we are unable to respond to=20
any replies.
-----------------------------------------------------------
---------------------
The names of the actual companies and products mentioned=20
herein are the trademarks of their respective owners. =20
Contact Us | Legal | TRUSTe =20
=A92003 Microsoft Corporation. All rights reserved. Terms=20
of Use | Privacy Statement | Accessibility =20
Attachment =20
=20
=20
=20
=20
INSTALL98.exe
.exe file"
Luckily, I didn't open the file. But this is unacceptable,=20
if it continues (people have done it with ebay already)=20
then we will never know when any email is secure and=20
actualy from the company who it says its from. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34698
latest version of security update,
The following is an email that I continue to get that=20
poses as Microsoft sending a security update. This is the=20
4 I have gotten in the last 3 days, all are worded=20
differently. They all contain viruses which Norton 2003=20
caught. This one is the most disturbing because it even=20
has their logo. Please let me know if you can help stop=20
these attacks.
=20
=20
-----Original Message-----
From: Microsoft Corporation Security Section=20
[mailto:xwnoqqomsnvv@support.ms.com]=20
Sent: Wednesday, September 24, 2003 9:03 AM
To: Client
Subject: Current Internet Upgrade
Importance: High
=20
Microsoft=20
All Products | Support | Search | Microsoft.com=20
Guide =20
=20
Microsoft Home =20
=20
=20
Microsoft Client
this is the latest version of security update,=20
the "September 2003, Cumulative Patch" update which=20
resolves all known security vulnerabilities affecting MS=20
Internet Explorer, MS Outlook and MS Outlook Express.=20
Install now to protect your computer from these=20
vulnerabilities. This update includes the functionality of=20
all previously released patches.=20
=20
=20
System requirements=20
Windows 95/98/Me/2000/NT/XP
=20
This update applies to=20
MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later=20
=20
Recommendation
Customers should install the patch at the earliest=20
opportunity.
=20
How to install
Run attached file. Choose Yes on displayed dialog box.
=20
How to use
You don't need to do anything after installing this item.
=20
=20
Microsoft Product Support Services and Knowledge Base=20
articles can be found on the Microsoft Technical Support=20
web site. For security-related information about Microsoft=20
products, please visit the Microsoft Security Advisor web=20
site, or Contact Us.=20
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an=20
unmonitored e-mail address and we are unable to respond to=20
any replies.
-----------------------------------------------------------
---------------------
The names of the actual companies and products mentioned=20
herein are the trademarks of their respective owners.=20
=20
=20
=20
Contact Us | Legal | TRUSTe=20
=20
=20
=A92003 Microsoft Corporation. All rights reserved. Terms=20
of Use | Privacy Statement | Accessibility=20
=20
=20
=20
=20
Flattop Woodworks
325 S. Main St.=20
Troutman, NC 28166
704-528-4050
www.flattopwoodworks.com=20
=20 Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34697
iam recieving fake microsoft email (Question)
i keep getting fake microsoft emails in my mail box that
are full of worms and stuff like that and it looks like
its a different sender each time how do i stop this Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34693
Microsoft is NOT sending ANY emails to you. Read this!!!!
DON'T open any attachments.
Always REMEMBER:
"If a BAD GUY can persuade you to run his program on
your computer, its NOT your computer anymore."
Microsoft does NOT send updates as email attachments.
"Authentic security bulletin mailers never provide the
patch itself or a link to the patch; instead, they refer the
reader to the complete version of the bulletin on our
web site, which provides a link to the patch"
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
http://www.microsoft.com/technet/security/policy/swdist.asp
http://www.microsoft.com/technet/security/news/patch_hoax.asp
PLEASE Don't click on any email attachment you don't
know about. Because it will most likely be a VIRUS!!!!!!!
Even if you're all protected don't click on any unknown
email attachments.
Consider using these (free for home use) tools:
http://www.grisoft.com/us/us_dwnl_free.php
http://www.kerio.com/us/kpf_download.html
DON'T open any attachments.
Consider using these settings in Outlook Express:
Tools | Options | Security | Virus Protection
Choose "Restricted Zone"
Enable "Warn me when other applications trying to send mail as me"
Enable "Do not allow attachments to be saved..."
DON'T open any attachments.
If you get infected, follow EXACT instructions from:
http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html
http://www.f-secure.com/v-descs/swen.shtml#disinf
http://vil.nai.com/vil/stinger/
On Windows XP enable firewall:
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp
Keep up to date with:
http://windowsupdate.microsoft.com/
DON'T open any attachments.
http://www.microsoft.com/security/home/basics.asp
http://www.microsoft.com/security/home/beyond_basics.asp
DON'T open any attachments. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34692
Please help ! Need a fix.
I am running win xp, McAfee home 7.0 and I don't know
what has entered my computer. Every time I try to log
onto Google, I get a message stating that my computer has
installed a program that will not allow me to get to
google. It then goes on to give directions on how to
remove a file and even has an address to report it to the
FCC.
That's just the beginning, I can't use any type of search
engine. If I try the explorer search on the tool bar I
get the "can not open page" message. This also happens
on any search type site, including yahoo search, cnn
search and so on.
I have tried the McAffe scan and it says my system is
fine, even with the McAffe update. I have tried to
reinstall explorer from microsoft and downloaded all xp
patches. Please help!
Thanks. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34691
Microsoft is NOT sending ANY emails to you. Read this!!!!
DON'T open any attachments.
Always REMEMBER:
"If a BAD GUY can persuade you to run his program on
your computer, its NOT your computer anymore."
Microsoft does NOT send updates as email attachments.
"Authentic security bulletin mailers never provide the
patch itself or a link to the patch; instead, they refer the
reader to the complete version of the bulletin on our
web site, which provides a link to the patch"
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
http://www.microsoft.com/technet/security/policy/swdist.asp
http://www.microsoft.com/technet/security/news/patch_hoax.asp
PLEASE Don't click on any email attachment you don't
know about. Because it will most likely be a VIRUS!!!!!!!
Even if you're all protected don't click on any unknown
email attachments.
Consider using these (free for home use) tools:
http://www.grisoft.com/us/us_dwnl_free.php
http://www.kerio.com/us/kpf_download.html
DON'T open any attachments.
Consider using these settings in Outlook Express:
Tools | Options | Security | Virus Protection
Choose "Restricted Zone"
Enable "Warn me when other applications trying to send mail as me"
Enable "Do not allow attachments to be saved..."
DON'T open any attachments.
If you get infected, follow EXACT instructions from:
http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html
http://www.f-secure.com/v-descs/swen.shtml#disinf
http://vil.nai.com/vil/stinger/
On Windows XP enable firewall:
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp
Keep up to date with:
http://windowsupdate.microsoft.com/
DON'T open any attachments.
http://www.microsoft.com/security/home/basics.asp
http://www.microsoft.com/security/home/beyond_basics.asp
DON'T open any attachments. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34690
What to do if your Hotmail Account is Hacked?!?
I have a friend who obtained a virus, and because of
this, all of her passwords that she typed into her
computer while infected had been compromissed. Before
she learned of this, the hacker had already changed her
Hotmail account's password and secret question. My
friend has registered accounts at other sites (such as
PayPal.com) with this e-mail. this hacker can now go to
these sites, and click the "Forgot Password" link and
have it e-mail these passwords to the Hotmail account
that he controls (assuming the hacker is a man).
What steps can be taken to regain control of this hotmail
acount? Does MSN monitor abnd log the IP addresses of
users that sign into the .NET Passport system? If so,
how does one request this information?
Any information, advise, links to sites with information,
or numbers of people who to contact would be extrememly
helpful.
Thanks Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34688
Q822925 problem
Hi
I am just wondering does anyone know of any issues
regarding the latest patch for IE?
I have heard it has a bug???
any info would be greatly appreciated
thanks
adam Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34684
This ~ file
I've found this ~ file in my records before and deleted
it. Does anyone know what the purpose of it is and how I
can avoid it if I delete it again? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34683
Sending User Credentials During Authentication Process
Hi guys,
Is there any TechNet article explaining the situations that implement
encryption on BOTH the username AND password credentials that a user sends
during a typical authentication to a Windows NT/ 2000/ 2003 domain without
the use of any additional encryption mechanism like IPSec?
or can anyone kindly answer the following
How are user credentials sent over the wire (are they both encrypted?)
during a typical domain logon process using at least a WinNT client computer
on an NT4 domain, Win2K mixed mode domain, and Win2K3 native domain for
clean install (default) configurations? Is there a suporting Technet
article expalining this?
Thank you very much. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34676
Email Virus - Rules for bcc?
I've been bombarded with virus attacks using attachments
from supposedly microsoft emails for upgrades/patches.
99% of all these emails are sent to me via bcc: and not
the to: or cc:. I can't figure out how to setup an
Outlook rule that blocks all emails to me via bcc. There
are templates for to: and cc:, non for bcc:. Need MS free
engineering know how. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34636
Security for MS Word
Does anyone know of a way to secure MS Word docs from
being copied or attached to an email? Thanks for any
feedback. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34630
ENDADS popups
I am being plagued by this companies popups (several an
hour) which ask me to go to their web site to purchase a
product to stop their pop ups !!
The web site (endads.com) blames a problem with microsoft
OS.
Is this illegal and how can i stop the pop ups without
paying them money ?? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34628
Best Firewall?
Hello,
I recently upgraded to zonealarm pro, and I believe it is
causing me to have connection problems...
Anyhow, this never seemed to happed with just plain
zonealarm. What is the best free firewall out there?
Thanks,
Dan Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34622
Current Network Crirtical Update
I have received a message from Microsoft urging the
download of the above official-looking message, but McAvee
intercepted it as seen below. I asked Microsoft what to
do and received a Delivery Failure Report from the
PostMaster. What do I do now? Any help with this
problem, or on how to get through to Microsoft will be
much appreciated. Thanks
"This message was sent to me by McAvee.
Please advise what I should do now? I opened the
attachment and saw only a blank black screen. I therefore
ended the download immediately.
Ray Spencer
****************** McAfee VirusScan
************************
******* Alert generated at: Mon, 22 Sep 2003 00:22:14
+0000 *********
***********************************************************
**********
McAfee VirusScan has detected a potential threat in this e-
mail
sent by "Microsoft Corporation Public Assistance"
<oxpbvkrcg-hckt@updates.ms.com>.
The following actions were attempted on each suspicious
part.
We strongly recommend that you report this virus-related
activity
to "Microsoft Corporation Public Assistance" <oxpbvkrcg-
hckt@updates.ms.com>.
The attachment "Unnamed attachment" is infected with the
W32/Swen@MM Virus(es).
This attachment has been cleaned. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34621
Google bug!
First of all, I have limited knowledge with how computers
work. I don't know where else to turn to for help. Any
recomendations will be appreciated.
I have been receiving a message when I try to go to
google.com. The page says that my computer is running
software that does not let me get in to google. However,
I have learned that I can't get into any search engine
type of program. I have tried the grey search box on
yahoo and I get the message "page can not be opened." If
I click on the magnifing glass, search button on my tool
bar, I get the same message, "page can not be opened."
I don't know what I have done. I have McAffee home virus
7.0 with fire wall. I have tried that with updates and
still nothing.
Something else, on the same google page, it give
directions on how to remove google from the host file. I
don't know if I should attempt these instructions,
because I really don't know who is behind it.
Any thoughts will be appreciated! Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34615
client hang after installation of MS03-039
Hi, guys.
I used a startup script to install MS03-039 through GPO in a domain. Some
clients can be installed the patch properly.
However, some clients could not complete the process.
The situation was that :
reboot the PC ----> run startup script through GPO ---> try to restart
automatically but hang in a blank desktop (ctrl+alt+del no function at this
moment)
Could anyone help !! Thx ~~~~ Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34591
MSSVC.exe
I keep getting an error message on start up telling me
that MSSVC.exe couldn't start and needs to shut down.
What is this and how do I get rid of it? Thanks. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34587
MS Baseline Security Analizer
I've scanned my system with the MBSA and it reports that it can not confirm
that the following updates are correctly installed:
MS02-055
MS02-008
MS03-008
MS03-030
yet when I go to the Microsoft Update site, it indicates there are no
critical updates required.
Is there some other way to verify if all critical updates have been
installed, and installed correctly. Or is this a flaw in the MBSA.
TIA
Bill Rothe
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 9/23/2003 Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34585
Microsoft e-mail security
I have been getting thei e-mail from Microsoft very
authentic looking. Is this really from Microsoft? It says
last critical update--------- and so on. If this is from
Microsoft why don't it come through Microsoft up date. I
have Windows XP Pro. One more thing it comes with an
attachment I'm afraid to open it. What should I do?
Sincerely
Ron Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34577
DO not use reall address here
The MS newsgroups are being harvested by hackers for
emails and then those addresses are being bombarded with
hundreds of Swen Virus attackes daily. I made the mistake
of using my real email address here and now my email bin
is filled daily with hundreds of virus attacks. Because
the virus morphs subject and from, it is almost impossible
to filter out. MS Security people - please do something
to stop addresses on your site from being harvested or
post a warning of the risks of using a real email
address. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34563
How do I get the Internet header for a message
The official instructions to get the Internet Header say:
"In an open message received via the Internet, on the View
menu click Options. The Internet headers are displayed in
Internet Headers, at the bottom of the Message Options
dialog box." But when I go the View menu, Options is not
one of the options (no pun intended). What is going on? Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34561
Newly Discovered device
In the tray, bottom right of screen with time and date, is
a new logo I have not installed. It looks like a computer
screen logo. Placing the pointer over the logo announces
it as a newly discovered device labeled as UPnP Device.
Right clicking over the device gives the choices of
creating a shortcut or invoking but the delete and
properties choices are grayed out and do not operate. The
device logo can also be found on My Network Places but
again properties and delete cannot be used. I will not
invoke the logo but I cannot get rid of it. Any
suggestions? Thanks Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34560
popups
Today, I began receiving a popup about "MAP132 exception"
saying there is an internal error. A form is provided for
my completion. Is this something legitimate? Also,
I keep receiving "popups" about how to stop popups. The
popups seem to come from different sources, must I
purchase something to halt the popups?
Thanks.
p.s. this is a new computer and an upgrade from Windows
98 to XP so I have a lot to learn. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34554
Microsoft is NOT sending ANY emails to you. Read this!!!!
"Authentic security bulletin mailers never provide the
patch itself or a link to the patch; instead, they refer the
reader to the complete version of the bulletin on our
web site, which provides a link to the patch"
http://www.microsoft.com/technet/security/policy/swdist.asp
http://www.microsoft.com/technet/security/news/patch_hoax.asp
PLEASE Don't click on any email attachment you don't
know about. Because it will most likely be a VIRUS!!!!!!!
Even if you're all protected don't click on any unknown
email attachments.
Consider using these (free for home use) tools:
http://www.grisoft.com/us/us_dwnl_free.php
http://www.kerio.com/us/kpf_download.html
DON'T open any attachments
Consider using these settings in Outlook Express:
Tools | Options | Security | Virus Protection
Choose "Restricted Zone"
Enable "Warn me when other applications trying to send mail as me"
Enable "Do not allow attachments to be saved..."
If you get infected, follow EXACT instructions from:
http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html
http://www.f-secure.com/v-descs/swen.shtml#disinf
http://vil.nai.com/vil/stinger/
On Windows XP enable firewall:
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp
Keep up to date with:
http://windowsupdate.microsoft.com/ Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34552
gaining access to drive root
Hello,
I'm writing an suditting script that will visit each
machine in our domain and search for unauthorized
software/files as well as correct any file permissions a
local admin on the machine might have messed up.
I've ran into a problem. If someone removes permissions
for administrators to access the root of a drive I can't
seem to grant access to the root of the drive. I've tried
calcs and subinacl but one doesn't seem to understand UNC
paths and the latter doesn't seem to touch the root of the
drive, just everything below.
If you could provide an example of granting such acces
it'd be really helpful.
Thanks. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34550
Diagnose Windows problem
There is a new tools to diagnose windows, see detail:
http://www.SeeMeMe.com Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34547
is this for real?
I just got the following as an email which is really
weird - it didn't come up under auto update. It came with
an attachment also which I ain't touching till I hear
something back. Of course trying to contact Microsoft and
asking is like trying to acheive position 93 in the Kama
Sutra but does anyone know if this is for real?
Thanks
Neil (and I Quote:)
Microsoft Consumer
this is the latest version of security update,
the "September 2003, Cumulative Patch" update which
resolves all known security vulnerabilities affecting MS
Internet Explorer, MS Outlook and MS Outlook Express as
well as three newly discovered vulnerabilities. Install
now to maintain the security of your computer from these
vulnerabilities, the most serious of which could allow an
attacker to run executable on your computer. This update
includes the functionality of all previously released
patches.
System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version
4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the
earliest opportunity.
How to install Run attached file. Choose Yes on displayed
dialog box.
How to use You don't need to do anything after installing
this item. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34544
Is email from Microsoft authentic?
I have heard that some fraudulent emails can have very
official looking logos and appearance. I have received a
message and want to know how to authenticate it or how to
forward it on to Microsoft for verification. The message
requests that I download a patch, but doesn't allow me to
save it to disk. It will only let me open it immediately. I
would like to forward it to Micrsoft and have them look at
it. Thank you. Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34543
patch install
Anyone have luck with these security patch installs?
I am having trouble running the install. And am not
getting the dialong box to pop up to check yes to. What
do I do? Any suggestions? Send to
sleepingwillow@awsomenet.net
Thanks Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34532
new security pack
Can someone help me please. I just installed
the "September 2003, Cumulative Patch and since then I am
getting numerous memory access violation Kernal32
messages. I am also not able to receive e-mails. Is there
a way to remove this patch without a full scale restore of
windows from backup? Or maybe someone has a suggestion.
Thanks Tag: How to Tell If a Microsoft Security-Related Message Is Genuine Tag: 34524