What to do (if anything) about SubSeven

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Microsoft email attachments? Over the past week, I've been getting thousands of emails claiming to be from microsoft telling me that there is a patch attached to this email. I know this isn't true and someone has a virus but how do I track them down? The email headers are coming from dozens of places. Should I just shut down my email account and start over or is there a way to fix this. These are like 116kb attachments and my pc is geting quite bogged down. I have 4678 of them right now. I called Verio, who hosts my email server and they said they can show me the email server that the mail came from but that's it. How do I stop this madness? Tag: What to do (if anything) about SubSeven Tag: 37798
  - 2
    - Virus or Microsoft Messenger Problem? Every time I log on to AOL, I get a message from Microsoft Messenger (pop up type). States I must upgrade and download to use. When I click more info, I get http://www.microsoft.com/windows/messenger/whatsnew.asp I have my computer set on security against adult sites, so I cannot excess due to adult content. I think it may be a virus or hi-jack. I ran Norton and came up with the following virus... Backdoor.Sinit JS.Exception.Exploit Java.Nocheat I think I deleted all and also ran Spybot, Hijack this, and Lava, but I am still getting the Microsoft messenger. I have tried deleting Microsoft messenger, but will not let me. PLEASE HELP! Thanks . Tag: What to do (if anything) about SubSeven Tag: 37792
  - 3
    - Security patches Hi, just installed latest update patches KB828035,KB825119,KB823182,KB824141 for Oct.Problem,after installation & I reboot, my desktop screen comes back about 50% larger, so I system restore to get it back to a normal size screen. How do I get these latest security patches on my computer(XP) without distorting the screen. Howard Tag: What to do (if anything) about SubSeven Tag: 37774
  - 4
    - Signing in This may not be the right place to answer this question but anyways. When I sign in for the msn messagner. There is a thing that pops up at the bottom saying to verify your email address click here, but when I do it just takes me to msn today. Dose anyone know where I go to verify my email address. Thanks Tag: What to do (if anything) about SubSeven Tag: 37773
  - 5
    - security Who you know the mothod to security for network, please to send to me on my e_mail:thuongnguyenduy@yahoo.com Tag: What to do (if anything) about SubSeven Tag: 37772
  - 6
    - Blocking?? I keep getting these 3 porn sites in my favorites everytime I logon. But when I click on them - it's either can't find, 404 error, or Forbidden. I don't want these on my computer. I keep deleting them, but they just keep popping up. Also, my homepage changes EVERYTIME as well!!! Do I have a virus??? Tag: What to do (if anything) about SubSeven Tag: 37771
  - 7
    - 128 bit encrpt update I have wasted an hour of my life on microsoft trying to find out how to update my internet explorer ver 5 to 128 bit encryption. I use Win 95 Thanks Tag: What to do (if anything) about SubSeven Tag: 37770
  - 8
    - help ! with security settings for ActiveX I cannot get any embedded messages or graphics to appear (explode) as I constantly get an error message that my ActiveX security settings will prevent images from displaying properly. Please help ! ! - - Thanks ! Tag: What to do (if anything) about SubSeven Tag: 37766
  - 9
    - Weird Emails I have been getting emails from microsoft corporation but the come every minute. I also get emails from administrator and return notices without even sending any emails. I keep deleting them but they keep coming. What can I do? Tag: What to do (if anything) about SubSeven Tag: 37763
  - 10
    - errorlevel I am using errorlevel in a batch file to see if the hotfixes install correctly: if errorlevel 1 goto :label On some of the systems it works correctly and others it does not. My question is this, does anyone know what error levels the hotfixes output and what they equal or how to see what they are outputting? I tried 1>filename.txt 2>error.txt and that does not work. TIA! Tag: What to do (if anything) about SubSeven Tag: 37759
  - 11
    - Security patch Hi, I have been receiving the same email over and over again. The sender is security@microsoft.com, the message tells me to download the attached patch. This is the message: Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected! The attachment: patch.exe Can anyone tell me if this is ligit and secure, and is it really from Microsoft? How can I verify this? Ryg rygatout@videotron.ca Tag: What to do (if anything) about SubSeven Tag: 37756
  - 12
    - outlook express address file I find a file called "~" on my desktop every three or four times I shut down Outlook Express. When I open the file using Word, it appears to be coded but seems to have my address book in it, although the characters are separated by other symbols. So you know anything about this file? Is it normal? Is it something I should stop deleting whenever I find it? Is someone worming his way into my files? Any insight would be appreciated. Tag: What to do (if anything) about SubSeven Tag: 37755
  - 13
    - Web page timeout How can I setup a page so that it will timeout if the user walks away and fails to signoff Tag: What to do (if anything) about SubSeven Tag: 37754
  - 14
    - "SUS Client" is not working I have installed SUS Server SP1 on 2003 Server. I am testing it on two machines, one has 2000 sp3 another xp sp1. I set 'em up using gpedit.msc. It looks alright, but when look at the log file there is nothing, " THE LOG FILE IS BLANK ". Anyone wants to help me out ?? Tag: What to do (if anything) about SubSeven Tag: 37747
  - 15
    - Install CA Hi all, I am installing CA on main domain as Enterprise CA , but when I am trying to request certificate for computer , is show me that my CA is Template ! How to have a normal Cert. which will work normally ?and is there any risk using cetificates in a domin ? Tag: What to do (if anything) about SubSeven Tag: 37745
  - 16
    - Windows update for Windows NT Why are none of the October security updates (MS03-41, MS03-43 to MS03-45) available via Windows updates for Windows NT workstation? Tag: What to do (if anything) about SubSeven Tag: 37737
  - 17
    - INTERNET UPDATE Same as "Paul King", I received an email from someone purporting to be MS Corporation for a security update. I received this immediately after going to MS newsgroups to ask a question and like a dummy, gave my correct email address! Now, this was a week ago. Everytime I open Outlook Exp. I get from 3-9 alerts of infected email. Attachment name is different each time but all have W32.Swen.A@______. Besides MS Patch, some say mail undeliverable to ___________ (different names & email addresses.) How do I stop these messages from coming in my email? I have Norton AntiVirus which warns me every time so I delete them at that time. Thanks for any help. Sam Tag: What to do (if anything) about SubSeven Tag: 37736
  - 18
    - Real weird situation. Hello, I have been asked to setup the security for our application suite and one setup in our lab causes me a great deal of headache! In this setup there are 3 machines, machine A is the pdc, machine B and machine C are normal worstation in the domain. All machines are running windows 2000. As far as I can tell everything is configured OK on the machines, not warning in the event viewers.... BUT On the PDC (machine A) the domain administrator password is 'toto', on machine B the local administrator also has its password set to 'toto'. So I logon machine B as local administrator and then I run 'net group AGroup /ADD /DOMAIN' and to my surprise that works. A new group is created in the domain. If I go on the PDC, and the group has really been created. I don't get it at all. But if the administrator's password on machine B is different that the domain administrator's password, the group is not created. Can anyone help me to understand this one? Thank you! MP Tag: What to do (if anything) about SubSeven Tag: 37734
  - 19
    - Can't open attachments I recently installed microsoft updates as recommended for my system and I now cannot open attachments that are sent to me by e-mail. What should I do? Tag: What to do (if anything) about SubSeven Tag: 37732
  - 20
    - xeturn b & delf c how do I sort out xeturn.b & delf c trojans Tag: What to do (if anything) about SubSeven Tag: 37731
  - 21
    - Technet plus member but no answer!? Hi I posted a question oct 15 2003 2:57 and got no answer I have a Technet plus license ... Is it something wrong with my newsgroup registration? This is not the first time I have not got any answer .. Best regards Stefan Tag: What to do (if anything) about SubSeven Tag: 37724
  - 22
    - How to find if a domain is Win2K or Win XP Hi * Given a domain name, how to find if a domain is Win2K domain or NT domain? * Also, is there any method to do the same without contacting the domain? Thanks MD Tag: What to do (if anything) about SubSeven Tag: 37719
  - 23
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.20 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: What to do (if anything) about SubSeven Tag: 37715
  - 24
    - KB824141 Patch *****BREAKS SOFTWARE***** In the hopes that someone at MS is listening, KB 824141 breaks third party software, specifically Avid XPress, the most high-end video editing software for PCs in the industry. What the patch does has to be seen to be believed. It causes Avid to open jillions of windows on load and then hang. How this can happen from a patch that "fixes" list and combo boxes I have no idea. The "break" has been experienced by every Avid user. See www.avid.com/community/forums/Forum38/HTML/000704.html Dan Tag: What to do (if anything) about SubSeven Tag: 37708
  - 25
    - KB824141 Patch *****BREAKS SOFTWARE***** In the hopes that someone at MS is listening, KB 824141 breaks third party software, specifically Avid XPress, the most high-end video editing software for PCs in the industry. What the patch does has to be seen to be believed. It causes Avid to open jillions of windows on load and then hang. How this can happen from a patch that "fixes" list and combo boxes I have no idea. The "break" has been experienced by every Avid user. See www.avid.com/community/forums/Forum38/HTML/000704.html Dan Tag: What to do (if anything) about SubSeven Tag: 37707
- Next
  - 1
    - Hotbar Is Hotbar adware and spyware? What's the difference between the two? Is is just not worth the risk to have it on your system? Thanks,JJ Tag: What to do (if anything) about SubSeven Tag: 37706
  - 2
    - Still fighting funlove virus Is there a particular security setting or patch I can deploy to help prevent the infection of the funlove virus? I'm currently running McAfee's NetShield on one of our servers (and desktops use virus scan), however, the server continously gets hit with this virus. I'm wondering what others are doing to help prevent the spread of this virus. Also, can an IDS or firewall system (ISA server?) help prevent the infection of this virus? Thanks, - Dave Tag: What to do (if anything) about SubSeven Tag: 37705
  - 3
    - Help: Unable to install WinXp Security Critical Service Pack Hi There: I tried to update my WinXP Home Edition with the Service Pack 1 (Express) critical Update but unable to install it. The update was successfully downloaded and extracted but when it goes to the installation part, it recommended me to close all anti-virus program which I did and did the Back up system or close all open program which I also did. But still this important Critical Update is not able to install and pop-up a window saying: Service Pack 1 Set up Error - Set Up canceled. In the Web Page Dialog - it is shown that it is not done. I review the download history and "Retry" many times but not able to do it. Any help to give me an idea to let me install this important Critical Update. I have just spent 2 months to remove the viruses I have even though I have the latest McAfee Virus Scan and do the DOS SCAN, turn off the System Restore, Disk Clean etc. It is like hell, believed it. I need to go back and forth to McAfee to online chat with them for 12 times with different technicians and also includes 2 supervisors. Hope helping hands are there this time. Tks. H. . Tag: What to do (if anything) about SubSeven Tag: 37704
  - 4
    - secure websites wont display i cant get secure websites to display on my laptop. ive tried every troubleshooter i can find and cant get anything to work . i just want to play the new game i bought but i cant register to play it. its driving me nuts. if you know anything about this please help Tag: What to do (if anything) about SubSeven Tag: 37703
  - 5
    - XP came with comp/need cd 4 repair About a month ago, I downloaded this game called BINARY from natomic.com, it was a simple little Nintendo style game, but it somehow changed some important files. Whenever I restart my computer, and i log in, a message displays saying that some files have been changed, and it asks me to insert the Windows XP CD so the computer can restore the original files. XP came with my comp, so I don't have the CD. The file changes weren't big enough to do much damage, because I haven't noticed anything wrong. But, I just bought a game, and the game required that I install Direct X 9.0b. It tried but then a message came up saying that Direct X didn't pass the security test for XP. I thought this strange, but was sure it was the fault of the changed files. I then downloaded Direct X 9.0b directly from Microsoft.com. It tried to install but the same prompt came up telling me that the download files didn't pass the security test. I'm sure that if I repaired the files, that I would be able to install direct x 9.0b, but I don't have a CD. Does anyone know a way to restore the files without an XP CD? Tag: What to do (if anything) about SubSeven Tag: 37701
  - 6
    - XP came with comp, but need CD for repair About a month ago, I downloaded this game called BINARY from natomic.com, it was a simple little Nintendo style game, but it somehow changed some important files. Whenever I restart my computer, and i log in, a message displays saying that some files have been changed, and it asks me to insert the Windows XP CD so the computer can restore the original files. XP came with my comp, so I don't have the CD. The file changes weren't big enough to do much damage, because I haven't noticed anything wrong. But, I just bought a game, and the game required that I install Direct X 9.0b. It tried but then a message came up saying that Direct X didn't pass the security test for XP. I thought this strange, but was sure it was the fault of the changed files. I then downloaded Direct X 9.0b directly from Microsoft.com. It tried to install but the same prompt came up telling me that the download files didn't pass the security test. I'm sure that if I repaired the files, that I would be able to install direct x 9.0b, but I don't have a CD. Does anyone know a way to restore the files without an XP CD? Tag: What to do (if anything) about SubSeven Tag: 37700
  - 7
    - search engines not working I know that this has been posted before, but I tried to do what it said and it didn't work. When I go to search at msn.com it says that I have downloaded a malicious program that won't let me get to the site and that I should go tweakxp.com. When I try to go to google.com, it sends me to a page that says that I have software on my computer that won't let me go the website. However, using search on netscape.com is no problem. I tried going to http://securityresponse.symantec.com/avcenter/venc/data/tro jan.qhosts.html and used the removal tool found there, but it said that the trojan was not on my computer. What else should I try? Tag: What to do (if anything) about SubSeven Tag: 37697
  - 8
    - Problem searching using search engines Recently I am unable to search using search engines such as Yahoo or Google. I receive the message "The page cannot be found" when I try to search for anything. Is this related to any of the recent security patches & is there a way this problem can be fixed? Any help will be greatly appreciated. Tag: What to do (if anything) about SubSeven Tag: 37696
  - 9
    - help getting to microsoft I went to the microsoft.com website to ask for some assistance several days ago and completed my business. Since then, I have been inundated with multiple copies of the following message. I am getting dozens of these a day. I cannot figure out how to contact microsoft to get them to look into this without paying a fee. I would like them to look into why I am receiving these and stop them. I have not opened any of the attachments for fear of virus. Please help. Thanks. Wabravanel@dc.rr.com ----- Original Message ----- From: Microsoft Customer Assistance To: customer@updates_ms.com Sent: Sunday, October 19, 2003 9:43 AM Subject: New Net Security Patch ALERT!!! This e-mail in its original form contained one or more attached files that were infected with a virus or worm, or contained another type of security threat. The following attachments were infected and have been repaired: No attachments are in this category. The following attachments were deleted due to an inability to clean them: 1. Q977282.exe: W32.Swen.A@mm The Following attachments were not delivered due to inbound mail policy violations: No attachments are in this category. Road Runner does not contact the sender of the infected attachment(s) in the event that they were not actually sent from the indicated party. Please contact the sender directly to alert them of their issue with infected files if you wish to do so. For more information on Road Runner's virus filtering initiative, visit our Help & Member Services pages at http://help.rr.com, or the virus filtering information page directly at http://help.rr.com/faqs/e_mgsp.html. Tag: What to do (if anything) about SubSeven Tag: 37693
  - 10
    - to delete a programe hi pl tell how to delete arograme from address bar Tag: What to do (if anything) about SubSeven Tag: 37692
  - 11
    - grisoft or avast AV protection?? I went to download.com ,as was once suggested here, and I > saw both grisoft & avast as free AV protection- I read > the user opinions on both.The grisoft one sounds good but > I noticed that they do not offer free tech support for > the free version-I know that I would be one to need help > & have lots of questions- > So, then I read about Avast. and it had lots of great > reviews except for some bad ones-the negative ones stated > that it is not good if you have windows XP (which I do)- > it said that pc crashes alot. so now I am back to square > one- Can someone list a few freeware versions of AV > protection that are decent-or maybe you know something > about avast or grisoft you can share with me & others > reading these newsgroups.thanks 4 help Tag: What to do (if anything) about SubSeven Tag: 37684
  - 12
    - Microsoft Patch I have downloaded, from Microsoft Updates, the Cumulative Patch for the Internet Explorer 6, however I keep receiving something in my Yahoo e-mail box to download immediately, The Patch. when I checked into this attachment, my virus scan tells me the attachment is "dirty". I keep deleting, but it keeps coming back. Is this a legitimate Microsoft warning? I do not want any viruses and currently have McAfee virus scan. Is this enough protection? Thank you. lvnv# Tag: What to do (if anything) about SubSeven Tag: 37666
  - 13
    - Bookedspace Hello all! I have a question. Recently I discovered a file named bs2.dll And in the Run folder in the registry there's an entry like "Rundll32.exe bs2.dll" When I connect to internet, this stuff connects to www.bookedspace.com and www.ignkeywords.com Does anybody know what is it? Thanks in advance. -- -=/ Nihr0M \=- Tag: What to do (if anything) about SubSeven Tag: 37665
  - 14
    - Web Sites Reading my E-mail address I am hoping that one of you gurus can help with this. It seems like my e-mail address is getting plucked off of my computer as I surf the web and then being given to spammers. I am inferring this from the type of e-mails I am receiving right after I visit sites (music spam after hitting music sites, diet spam after wieght-loss sights, etc.). I there a way to shield my personal information from these web sites? Thanks in advance Tag: What to do (if anything) about SubSeven Tag: 37664
  - 15
    - Please help...security question! Hi - I am hoping someone can help me! I have been using my Windows 98 computer fine for quite some time. In the last 2 days when I access the internet, my Home page gets changed to www.tooncomics.com everytime I restart - even though I change it back every time and my Favorites menu gets loaded with several links to this website as well. I have run ad-aware from lavasoft and housecall from trendmicro to clean this up and it is still happening. I don't know how to find the program that is loading/changing this information. Any help greatly appreciated! Tag: What to do (if anything) about SubSeven Tag: 37646
  - 16
    - Impact on how to keep a blueprint of my Ad structure, network structure on servers I work as a sysadmin for a 2,000 node organization. I created documentation where I list changes on AD structure (such as delegation of rights, schema modifications, domain admin usernames) and I am wondering how bad would be keep that word file on a folder where only domain admins could access it. I would never keep a file with passwords on a networked server and I would like to confirm how you approach that type of structure information file on the 'network' ? Tag: What to do (if anything) about SubSeven Tag: 37645
  - 17
    - norton anti-virus can anyone help me move norton anti-virus from a file in kazaa lite to where I need to have it for it's proper use? thanks Tag: What to do (if anything) about SubSeven Tag: 37643
  - 18
    - Webpage dialed my modem to ? A German *webpage* dialed out over my modem, when I clicked that I was 18 years old (18 Jarhen). It also put a new Icon on my desktop. I'm worried I'm going to have a $100 charge on my phone bill for 20 seconds of a call to God-Knows-Where. I knew email trojans could do this, but the webpage attack was a surprise. I am on DSL. The modem was just there for a backup, if/when the DSL line is down. Is there an option that would give me a prompt before a webpage does this again, or block modem calls that do not come from me? I already had the: Network and Dialup Connections > Advanced > Dialup Preferences set to "always ask me before autodialing" -but it did it anyway. I found a new New Connection Icon. The number it called was: 0112463531444 WIN2000 IE6.0 ZoneAlarm Norton Anti-Virus Tag: What to do (if anything) about SubSeven Tag: 37632
  - 19
    - Dwn.Updates I have an windows up-date to dwn.load and install which is 5.2 mgz and 30 mintue dwn.load time. I have a slow processor and dial up isp.when I go to install the up-date I get disconnected. Is their a way I could install half now and half later. I have windows me.I/E6.0. Tag: What to do (if anything) about SubSeven Tag: 37625
  - 20
    - Security update I keep getting this security update #823559 once or twice a week. Is this the same update that I keep downloading over and over or not? If so,why do they keep sending it to me? Tag: What to do (if anything) about SubSeven Tag: 37623
  - 21
    - PGP Signed MS security bulletins...fail I received two MS security bulletins on 10/15 both with the subject: Microsoft Exchange Server Security Bulletin Summary for October 2003 One talked about an exchange patch, the other talked about MS03-41 through MS03-45. The information they provided looked legitimate, but **Both** failed PGP verification with Microsoft's key. Ire-downloaded the key with same results. Thumbprint matched so that was expected. I went to technet and found the Oct. article through technet (as if I'd never seen the email) and went and got the patches OK, but did so with due skepticism along the way. Did anyone else have this happen? -- Jim (for e-mail replace invalid with com) "Remember, an amateur built the Ark; professionals built the Titanic." Tag: What to do (if anything) about SubSeven Tag: 37622
  - 22
    - Bogus Microsoft Updates I posted on the Microsoft OneNote newsgroup a few hours ago. I used my email address instead of leaving it anonymous. I have suddenly recieved two bogus emails regarding Windows updates. Silly me. How was I so naive to not know that the villians of the world monitor the newsgroups. beware all. David Tag: What to do (if anything) about SubSeven Tag: 37621
  - 23
    - Lock Violation What is a lock violation? How do I uninstall or install when I keep getting a lock violation message? How do I unlock?? Tag: What to do (if anything) about SubSeven Tag: 37620
  - 24
    - help someone please since some relatives of mine came to visit and used my computer, my home page has been set to luckysearch.com, globe-search.cc or icansearch.net, i have changed it in my registry back to my original homepage but everytime i change this, something is changing it back, does anyone know if there is a maliscous program going about that virus checkers don't recognise or microsoft security updates don't resolve. if someone could help me it would be a great help Tag: What to do (if anything) about SubSeven Tag: 37615
  - 25
    - using my email address to send spam Hi there, Below is a spam letter i got but their usinng MY EMAIL ADDRESS IVE HAD ABOUT 18MONTHS. Hoe can they do this and what about the legality of it. Bob. >From: bobburns43@hotmail.com >Date: 18 Oct 2003 01:40:09 -0700 > ><html><center>225u3105o10307j65652454sc4z 0x48m2316121gz1m4l050705258<br><font color="#ffffff">str4 $</font><br> ><font color="#990000" face="arial" size="6"><b>You wouldn't pass up an extra $1,000.00 a year... Would you? </b></font> ><br><br>We do the work for you. By subrnitting your information across to hundreds of Ienders, we can get you the best interest rates around.<br><font color="#ffffff">str5$</font><br>Imterest rates are lower than they have been in over 40 years, but it won't stay that way for long. Our simple form only takes a few moments, there is absolutly <b>NO OBLlGATlON</b>, and it's <b>100% FREE</b>. You have nothing to lose, and everything to gain.<br><br><br><a href="strurl$cgi- bin/affiliates/clickthru.cgi?id=mail01"><b><font face="arial" size="6">str3 $</font></b></a><br><br><br><br>3438a10126uw2915qr7qy7wn63 i k8v8hd14e3pkb3779tjr625037c<br><font size="1">6z93twg7f5p174313m60225u3105o10307j65652454sc4z0x 48m23<br><br> >str6$, <a href="strurl$gone/">un s ubscr11be</a>.</font> Tag: What to do (if anything) about SubSeven Tag: 37614

I used to report these to the FBI when they came from
outside the USA but I've gotten lazy. I noticed yesterday
our firewall dropped 17 SubSeven Attacks. One host tried
4 times but the others came from all over the place.

Are these bots attempting these or actual idiots w/
nothing better to do? Should I just ignore them? Maybe
there 's a public website where we can post the hostnames
of the computers that launch these, or someone who keeps a
database of such things.

Patrick Rouse
Microsoft MVP - Terminal Server

Re: What to do (if anything) about SubSeven by Karel

Karel
Tue Oct 21 11:29:33 CDT 2003

"Patrick Rouse [MVP]" <anonymous@discussions.microsoft.com> schreef in
bericht news:078701c397ee$c9817120$a001280a@phx.gbl...
> I used to report these to the FBI when they came from
> outside the USA but I've gotten lazy.
Bruhaaaaaaaaaa, FBI and outside USA action against who?

Should I just ignore them?
Yes

Re: What to do (if anything) about SubSeven by Karl

Karl
Wed Oct 22 09:25:56 CDT 2003

"Patrick Rouse [MVP]" <anonymous@discussions.microsoft.com> wrote in message
news:078701c397ee$c9817120$a001280a@phx.gbl...
> I used to report these to the FBI when they came from
> outside the USA but I've gotten lazy. I noticed yesterday
> our firewall dropped 17 SubSeven Attacks. One host tried
> 4 times but the others came from all over the place.

FBI really can't handle port scans, I wouldn't report them to them. [unless
maybe you're talking the former NIPC, which AFAIK just does tracking and not
actual law enforcement]

> Are these bots attempting these or actual idiots w/
> nothing better to do? Should I just ignore them? Maybe
> there 's a public website where we can post the hostnames
> of the computers that launch these, or someone who keeps a
> database of such things.

There are. Go see the free software www.mynetwatchman.com and
www.dshield.org [a.k.a. www.incidents.org ] These benefit you as well, as
you get information on what other IP addresses have been scanned.

I wouldn't be too worried about port scans that are blocked. These happen
every day if not every hour. You definitely want to automate your response
to the noisiest ones instead of trying to do it manually. Do note that some
of these can be false alarms as well.