abnormal traffic going out after applying the windows update and office update

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - need help please I've noticed lately that my computer has been acting strange. It seems almost as if someone else is controling my computer in the backgroud. For example after a few minutes of inactivity my screen saver will come on, and a few minutes later the screen saver will stop and the main desktop screen comes back on. It doesn't make scence for this to occure since no one is working at the computer. I scanned for computer viruses with Norton Antivirus 2002 and found none. It even has the newest virus definitions and updates installed. I also scanned my computer for spyware with Spybot Search & Destroy and found nothing. It too was up to date. I have Windows XP firewall enabled along with Norton's Personal Firewall. Any suggestions as to what could be causing my screen saver to stop and the main desktop screen to come back on for no reason? Please email me. flowmaster85@charter.net Tag: abnormal traffic going out after applying the windows update and office update Tag: 52004
 - 2
 - ZestyFind Can anyone help me get rid of this annoying ZestyFind? Adaware & Spybot wont do it. Tag: abnormal traffic going out after applying the windows update and office update Tag: 52001
 - 3
 - Virus I recieved by uploading from Microsoft - Hehlp I recieved a trojan from downloading upgrades to windows XP HE. the trojan is in my start up. my antivirus programs are not getting rid of it. if anyone has had this problem or can help me, please E-mail me at YesReasons@aol.com. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51998
 - 4
 - Unlock Locked xp Computer I need to Unlock my Locked up xp Computer. Can anybody help?? Thanks Joel Tag: abnormal traffic going out after applying the windows update and office update Tag: 51994
 - 5
 - Site unavailable - windows 2000 pro I am not able to access secure sites since my latest critical update. What settings might have changed in the update to cause this? Tag: abnormal traffic going out after applying the windows update and office update Tag: 51992
 - 6
 - What is mWinXp ,mWinXpD, mWinXpD2 While I was working last night these three new files appeared in my windows 98 file area What are the files mWinXp, mWinXpD, and mWinXpD2 are they form Microsoft? Or are they some sort of Virus? And if they are from Microsoft will they cause problems because they are meant for Xp and I have windows 98 thank you. Glen Tag: abnormal traffic going out after applying the windows update and office update Tag: 51988
 - 7
 - Repeating Updates Using Automatic Updates on WinXP Pro. Received KB835732 and installed it. Every time I go on line, it downloads again. Any suggestions? Tag: abnormal traffic going out after applying the windows update and office update Tag: 51987
 - 8
 - dloading updates I get the message when dloading security updates (Security Update for Windows XP (KB837001)Security Update for Windows XP (KB828741)Security Update for Windows XP (KB835732)) "this software has not passed windows logo testing yada yada" and then a warning about continuinng to install the updates and then they fail to install. Is it possible updates from microsoft would give such an error msg?? Tag: abnormal traffic going out after applying the windows update and office update Tag: 51985
 - 9
 - VIRUS THREAT I WAS CHECKING MY EMAIL AND CAME ACROSS THE FOLLOWING=20 THREAT, THIS IS BOGUS, IT CONTAINS A W32.Swen.A virus X-Apparently-To: shadowcat624@yahoo.com via 66.218.93.78;=20 Wed, 05 May 2004 01:39:47 -0700=20 Return-Path: <benecastan@terra.es>=20 Received: from 213.4.129.129 (EHLO tsmtp4.mail.isp)=20 (213.4.129.129) by mta173.mail.dcn.yahoo.com with SMTP;=20 Wed, 05 May 2004 01:39:42 -0700=20 Received: from njdts ([213.97.6.187]) by tsmtp4.mail.isp=20 (terra.es) with SMTP id HX8G1G00.A0F; Wed, 5 May 2004=20 10:39:16 +0200 =20 From: "MS Program Security Center"=20 <mpreekhiolnybzg@pvnfoayc.microsoft.net> Add to Address=20 Book=20 To: "Commercial Client" <client@pvnfoayc.microsoft.net>=20 Subject: latest microsoft pack=20 Mime-Version: 1.0=20 Content-Type: multipart/mixed; boundary=3D"qpzvbkgmsukl"=20 Content-Length: 58661=20 =20 =20 Microsoft All Products | Support | Search | =20 Tiscalinet.it Guide =20 TiscaliSEXHome =20 =20 Microsoft Client this is the latest version of security update, the "May=20 2004, Cumulative Patch" update which fixes all known=20 security vulnerabilities affecting MS Internet Explorer,=20 MS Outlook and MS Outlook Express. Install now to protect=20 your computer from these vulnerabilities, the most serious=20 of which could allow an attacker to run executable on your=20 computer. Questo programma consente al vostro PC of all=20 previously released patches. =20 System requirements Windows 95/98/Me/2000/NT/XP=20 This update applies to MS Internet Explorer, version=20 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later =20 Recommendation Customers should install the patch at the=20 earliest opportunity.=20 How to install Run attached file. Choose Yes on displayed=20 dialog box.=20 How to use You don't need to do anything after installing=20 this item.=20 TISCALI Product Support Services and Knowledge Base=20 articles can be found on the Tiscali Technical Support web=20 site. For security-related information about TISCALI=20 products, please visit the Tiscali Security Advisor web=20 site, or Contact Us.=20 Thank you for using TISCALI products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. ----------------------------------------------------------- --------------------- The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners. =20 Contact Us | Legal | TRUSTe =20 =A92004 TiscalinetCorporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility =20 Attachment =20 =20 =20 =20 =20 upgrade7524.exe .exe file Scan and Download Attachment Scan and Save to my Yahoo! Briefcase=20 Scan Results [Back to Message] =20 File name: upgrade7524.exe=20 File type: application/x-msdownload=20 Scan result: Virus "W32.Swen.A@mm" found. You can not download this attachment. You have two=20 options:=20 1. Sign up for Yahoo! Mail Plus to get automatic cleaning=20 of infected attachments. Learn more. (Note: Not all viruses can be cleaned.)=20 2. Contact the message sender and request that they resend=20 the attachment to you after cleaning it with anti-virus=20 software=20 =20 =20 =20 Tag: abnormal traffic going out after applying the windows update and office update Tag: 51977
 - 10
 - I need help with kazaa media desktop 2.6 I downloaded kazaa, and when i tried to uninstall it, it seemed to go fine and i thought it was gone. I restarted the computer and it was back on the add/remove programs list. I tried to uninstall it again, and I had a problem. I got the following message, "InstallShield (R) Setup Launcher has encountered a problem and needs to close. We are sorry for the inconvenience." I searched the hard drive for files concerning kazaa and found none. I need some suggestions on how to deal with this problem. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51972
 - 11
 - DO I NEED TO DO ANYTHING ELSE TO KEEP MY COMPUTER W/OUT ANY VIRUSES I am currently running an antivirus ---- McAfee do I need to add or download anything else to keep my computer safe form viruses. I heard there are some things in your web page you can load to keep your Microsoft programs without any viruses. What are they if there are any and how do I know if I have them or if I need to install them or how do I even get them if they are not installed? Oh, I am currently using Windows XP. Thanks for the help before hand. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51969
 - 12
 - vbv Tag: abnormal traffic going out after applying the windows update and office update Tag: 51963
 - 13
 - security web PLEASE PLEASE HELP I can not open a security web page it keeps coming up web page not found I am using windows xp if that helps many thanks in advance Lynnette Tag: abnormal traffic going out after applying the windows update and office update Tag: 51962
 - 14
 - MS04-011 on DELL CPxJ corrupts video? Running NT4 SP6a after installing the patch, the video is corrupted and will only run using the default VGA drivers. Removing / reinstalling drivers doesn't fix. the only way to get it to work is by removing the patch. This is a DELL Lattitude CPxJ, NT4, SP6a, ATI Rage Mobility video. Please help! Tag: abnormal traffic going out after applying the windows update and office update Tag: 51954
 - 15
 - MSSQL Stack Overflow? Hi: My Norton Firewall blocks this message numerous times a day. B4 this same companies were blocked with another message having to do with backdoor ports. anyone having similar problems, and should i be concerned. ? Should I restore my computer back a month or so? Thx Tag: abnormal traffic going out after applying the windows update and office update Tag: 51952
 - 16
 - firewalls can anyone tell me the name of another security company other than norton? Tag: abnormal traffic going out after applying the windows update and office update Tag: 51931
 - 17
 - AVOID THESE LIKE THE PLAGUE! If you need to protect your computer from malware (unwanted pop-ups from software installed on your computer, browser/homepage hijackings, dialers, keyloggers, etc.), then please get Ad-Aware, Spybot Search & Destroy and some others; they are REPUTABLE! However, do NOT get the following; they are programs that SAY they will protect you, but have been found by various websites/individuals to actually HARM your computer! Notice some have similar names to the REPUTABLE programs like the fantastic Ad-Aware, Spybot, SpywareBlaster, etc. So... AVOID THESE LIKE THE PLAGUE: Spy Wiper AdWare Remover Gold BPS Spyware Remover Online PC-Fix SpyFerret SpyBan SpyBlast SpyGone SpyHunter SpyKiller SpyKiller Pro SpywareNuker TZ Spyware-Adware Remover SpyAssault InternetAntiSpy Virtual Bouncer AdProtector SpyFerret SpyGone SpyAssault Pal Spyware Remover NoAdware Spyware Killa Scanspyware ALSO: XP Antispy is LEGIT, however, their former domain was taken over by someone who's pushing a dialer and trying to pass it off as XP Antispy. My suggestion: avoid XP Antispy for now to be on the safe side! You never know which one you are getting! If anyone else has anything to add to the list, feel free but make sure it deserves the "recognition" (in other words, don't put it here because you "don't like it"; put it here because a reputable researcher found it to be bad). And please, send this list to all your friends/co-workers so the word spreads about these programs that will do NOTHING but harm your computer and betray your trust. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51927
 - 18
 - Manually installed patches do not show up 1) When I Download&Save updates/patches for our current corporate configuration (Office 97, and Outlook2K) and manually install them (successfully) When I check using the automatic install, M/S say's that these patches/updates need to be installed. What's going on? Do I have to use the automatic installer from the internet for every client PC ? Tag: abnormal traffic going out after applying the windows update and office update Tag: 51922
 - 19
 - lsass.exe, problems after applying ms04-11 Hello, I had several calls concerning the patch ms04-11 needed for the sasser. There are articles about the problems related to it, but nothing's talking about printers malfunctioning. Anybody had similar problems? I asked the local support people to reinstall the printers with the drivers to see if the problem persists. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51916
 - 20
 - Sasser: How critical is "not critical" From http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin? No. None of these vulnerabilities are critical in severity on Windows 98, on Windows 98 Second Edition, or on Windows Millennium Edition. Any comment welcome. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51915
 - 21
 - Help with MS Baseline Security Analyzer I am somewhat confused by the results of a scan I just ran with the MS Baseline Security Analyzer. It is telling me that two security updates are out of date and 3 could not be confirmed as follows: MSXML 3 lacks the latest service pack SP 4 MSXML 4 lacks the latest service pack SP 2 MS)#-008 MS03-030 MS03-051 Yet when I run Windows Update it tells me there are no critical updates to be installed? Exactly what are the MSXML service packs and what do they do? Where can they be found to download? Can some kind soul explain what is happening and should I attempt to download and install the above updates even though Windows Update doesn't recognize the need? Thanks for any assistance. Frank Tag: abnormal traffic going out after applying the windows update and office update Tag: 51914
 - 22
 - Possible security threat - Passport and Sympatico.ca users If you receive the following email, you may be at risk from a malicious attack if you follow the instructions contained within. Can anyone verify the validity of this email?: --------------------------- -----Original Message----- From: Microsoft .NET Passport [mailto:PPMSVCMG@PASSPORT.NET] Sent: May 5, 2004 12:15 AM To: Subject: Important message from Microsoft .NET Passport - action required Hello : This is an important message from Microsoft concerning the Microsoft .NET Passport account associated with your sympatico.ca e-mail address. Both Microsoft and Bell Canada are committed to simplifying your online experience. Therefore we are taking efforts to ensure that active Bell Sympatico Internet customers can continue to use the .NET Passport that is associated with their sympatico.ca e-mail address. Since there is a Passport account associated to your Sympatico e-mail address, we ask that you please verify that you are the user of the Passport account and that you give consent to Bell Canada to manage your Microsoft .NET Passport account. It's a quick and easy process to verify your account. Instructions on how to verify your account are below, as well as some important questions and answers. To verify your Passport account: 1. In your Web browser, type passport.net in the Address bar and press Enter. 2. On the Passport home page, click the Sign In button, and sign in to your Passport account. 3. Follow the instructions to verify your e-mail address. If you did not register the Passport using this e-mail address, or if you do not agree to give Bell Canada consent to manage your Passport account, take no action, and we will disable the Passport account 20 days from the date this message was sent. This will have no affect on your Sympatico subscription or sympatico.ca e-mail address. To request additional help from Passport Customer Support, click http://register.passport.net/contactus.srf?LC=1033. Important Questions and Answers What is a .NET Passport account? Microsoft .NET Passport is a service that enables you to sign in to multiple services, such as MSN Messenger or Hotmail, with a single e-mail address and password. For more information, visit the Passport home page at http://www.passport.net. I don't have a Passport account. Why am I seeing this message? Another person may have created a Passport account with your current sympatico.ca e-mail address (such as a family member, or an individual who had the e-mail address before you). This does not mean that the user has access to your e-mail messages or any other personal information - it simply means that they have used the e- mail address as a sign-in name for their Passport account. If this is the case, you can ignore this e-mail message and do nothing, and 20 days from the date this message was sent, we will disable the user from using your e-mail address as their Passport sign-in name. What does it mean to give consent to Bell Canada to manage my sympatico.ca .NET Passport? As the owner of the sympatico.ca domain, Bell Canada assigns sympatico.ca e-mail addresses. In addition, sympatico.ca is now a 'sponsored domain' which is associated with a special kind of .NET Passport where Bell Canada will ensure only Bell Sympatico Internet customers can obtain sympatico.ca .NET Passports. What happens if I don't verify my e-mail address or give Sympatico consent to manage my Passport account? After 20 days from the date this e-mail message was sent, if you have not yet verified your e-mail address with Passport, you will no longer be able to sign in to any Passport participating site until you change the e-mail address in your Passport account. In addition, you will lose data associated with your Passport sign-in e-mail address, such as your MSN Messenger contact list. No matter what your decision is, your existing Sympatico subscription and e-mail account will not be affected. Only your Passport account will be affected. ADDITIONAL INFORMATION: Passport is committed to protecting your privacy. We encourage you to review the Passport privacy statement at: http://www.passport.net/privacypolicy.asp To request additional help from Passport Customer Support, click http://register.passport.net/contactus.srf?LC=1033 Please do not reply to this message; it was sent from an unmonitored e-mail address and we are unable to respond to any replies. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51913
 - 23
 - SUS require admin previlegies on client to install No, that's right, I do not want the users to be admins. But if the not are admins, no security patches from the SUS server will be installed. Solution? <- Christer -> >-----Original Message----- >Christer wrote: >> Is it possible to install security patches from a SUS >> server without having admin previlegies on the client? >> >> Today all XP users are administrators on there own >> computers to get updates from the SUS server installed. > >If you want the best from SUS, you want the end users to NOT be admins. > >-- ><- Shenan -> >-- Tag: abnormal traffic going out after applying the windows update and office update Tag: 51912
 - 24
 - Re: Problems with installing Security patch Q837009 Hi Bill, Thanks for the reply post! Having looked at the version installed in Help (as you suggested) it shows version 6.00.280.1123. This would mean that I am running OE6 with IE version 6.0.2800.1106.xpsp2.030422-1633. Do either of these versions have flaws that make them incompatible? Both are updated via Microsoft Official Updates site and I have no problems updating from the site. My problem seems to come when installing individual patches... alba. "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message news:%23mrP3EkMEHA.2532@TK2MSFTNGP10.phx.gbl... When you go to Help, about, in Outlook Express--what version number is displayed? It is possible to be running Outlook Express 5.x and IE 6, because of a flaw in the upgrade process. It is important to fix this because the older OE has some bugs which are not getting patched. "alba" <alba1314@ntlworld.com> wrote in message news:%23Tg4bTgMEHA.3944@tk2msftngp13.phx.gbl... I am running Windows XP Pro and Internet Explorer 6, along with Outlook Express 6 and am having problems installing Security patch Q837009. Each time I try to install the patch I get a Microsoft Internet Explorer Update message telling me that Outlook Express 6.0 needs to be installed - Surely OE6 is part of IE6 and therefore installs when Windows is installed?? I have tried to download OE 6.0 as a separate download from IE and on trying to install it I am told that I have a newer version already on my PC! This is not the first time that I have experienced problems with installing patches relating to Outlook Express - The problem seems to occur whenever I download and install individual patches. Whenever I download and install patches using Critical Updates on the Microsoft Update site, I don't seem to have this problem. Can anyone advise why this happens? alba. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.677 / Virus Database: 439 - Release Date: 04/05/2004 Tag: abnormal traffic going out after applying the windows update and office update Tag: 51910
 - 25
 - Sasser virus I read alot about this Vasser worm or virus and that Microsoft has a patch for it. I run Windows update and there are no updates available for my system. Windows ME. I then check my install history for updates and the patch for this Sasser MS835732 does not show as being installed. I have Works Suite 2000. Should I manually install this patch or just forget about it. I don't appear to be infected. Thanks Tag: abnormal traffic going out after applying the windows update and office update Tag: 51908
- Next
 - 1
 - Scanning tool? I wanted to ask everyone in the group what they are using to track trends caused by for example the sasser worm. Is anyone using a tool that can track machines that are trying to spam segments of a network or at least could send notifications of a pattern? TIA... Tag: abnormal traffic going out after applying the windows update and office update Tag: 51906
 - 2
 - beta version What is a "beta version"? -- Stan "If it ain't broke don't fix it" Tag: abnormal traffic going out after applying the windows update and office update Tag: 51904
 - 3
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.05.05 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info I'm getting an LSASS error message, and/or I have the Sasser virus. 1) Run anti-virus that is configured to download the latest updates every week or even every day. www.grisoft.com is free anti-virus. 2) You also need to install all the patches for your system software from http://windowsupdate.microsoft.com, starting with the MS04-011 patch. Microsoft generally releases security patches on the second Tuesday of more or less every month. 3) Once you're infected, you may need to download and run a free Sasser virus removal tool such as the Stinger tool from www.McAfee.com or the free tool from http://www.microsoft.com/security/incident/sasser.asp 4) You're not running a firewall, or your firewall isn't protecting you. Running a firewall would have protected you from this. Free firewall software is available from www.kerio.com, www.zonealarm.com and/or www.sygate.com 5) You need to do ALL of these things, or you won't have much success. You should also make sure you get the latest Microsoft patches monthly and anti-virus updates at least weekly. My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: abnormal traffic going out after applying the windows update and office update Tag: 51903
 - 4
 - Accesing data from a slaved hard drive Hi We have a little problem - a customer's system no longer boots up and he needs the data from it (No backups- of course). We are trying to put it onto another system as a slave drive (like with 95/98/ME) but windows will not allow access -displays 'Access Denied' when you try and open the customers personal data. My question is - is there any way round this? Or is the data no effectivly lost. (Just for info - the HDD and data is fine, it just won't boot!) Thanks In Advance Jamie Tag: abnormal traffic going out after applying the windows update and office update Tag: 51902
 - 5
 - iareghn what is this eating up my files poping on screen file call Iarghn cant find the file on my pc just show up then dipp aging Tag: abnormal traffic going out after applying the windows update and office update Tag: 51900
 - 6
 - file [iareghn} have this pop on my screen any body hear of them Tag: abnormal traffic going out after applying the windows update and office update Tag: 51899
 - 7
 - SUS require admin previlegies on the client Is it possible to install security patches from a SUS server without having admin previlegies on the client? Today all XP users are administrators on there own computers to get updates from the SUS server installed. Regards, Christer Johansson Tag: abnormal traffic going out after applying the windows update and office update Tag: 51895
 - 8
 - Office/Active Directory Compatibility? I run a network with 40 machines, at the moment we have an older version of office (2000) running on a Win 2000 server driven network and a mixture of 2000 and XP workstations. Although the active directory lets me set options on win explorer to limit access to files and folders the settings do not apply to the explorer plug-in built into office. This allows staff to browse other area of the netwok wihout permissions. If I upgrade to office 2003 will there be a better integration with active directory, or are there any other ways of securing the office explorer? Mnay Thanks Dave Tag: abnormal traffic going out after applying the windows update and office update Tag: 51894
 - 9
 - CA Enterprise SCEP-Add on Hi I have a CA Enterprise (2003) in a 2003 Active Directory Domain. I have installed the SCEP-Add on to enroll a certificate to a PIX 525 (Ver. 6.32). When I make a request, from the PIX console, to enroll a certificate, it is rejected by the CA with this message: denied by policy module I had read that there is a different configuration with "SCEP-Add on" in a CA Enterprise. I need to kno which are the steps needed to configure SCEP-Add on in a CA Enterprise. The "SCEP-Add on" release note tells that these steps are described in Windows 2003 Resource Kit Documentation, but i didn't found them Thanks in advanc Paolo Tag: abnormal traffic going out after applying the windows update and office update Tag: 51891
 - 10
 - secedit I'm using secedit to configure file system and registry ACL If the number of entry is more than 8 (or the lenght of string is more than...), for example [Registry Keys] "MACHINE\SOFTWARE\ORACLE",2,"D:P(A;CI;GA;;;SY)(A;CI;GA;;;BA)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1140)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1142)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1143)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1144)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1145)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1146)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1152)(A;CI;GRGX;;;S-1-5-21-602162358-1606980848-1708537768-1153)(A;CI;GRGX;;;S-1-5-21-515967899-152049171-725345543-1022)(A;CI;GRGX;;;S-1-5-21-515967899-152049171-725345543-1020) secedit return the following erro Error 87: the parameter is incorrect I must configure ACL for the specified users or group (I can't use the generic group Authenticated Users) than I must use the SID rapresentation (not default user/group) and normally, is more than 8 Do You have an idea to solve my problem Thank Rita Tag: abnormal traffic going out after applying the windows update and office update Tag: 51889
 - 11
 - "835732" upd.problem Hi ! After applying the "835732" security update my title bars and the "start bar"(at the bottom) goes black ? I'm using XP pro sp1. Why is this, and what do i do to remedy this problem ? (lucky for me i did a "ghost" backup before updating) Michael Tag: abnormal traffic going out after applying the windows update and office update Tag: 51888
 - 12
 - SpywareBlaster Hello everyone. I have Ad-Aware (can't recommend this enough) and the free version is great at scanning for spyware/malware and getting rid of some of them AFTER the fact, but I want to get something that can stop from getting them BEFORE they even have a chance to get on my computer. I've been doing my "research" and homework online about various programs like this and I read about SpywareBlaster (by JavaCool). If someone can recommend which is the best, I'd appreciate it. Again, I have noticed SpywareBlaster but I want one or more opinions to make a final decision. I did this before I got any anti-spyware programs as well and came up with Ad-Aware, Spybot Search & Destroy, and some others, but based on "word of mouth," I chose Ad-Aware and I've never been happier. Hopefully, you guys can help me in making the final decision regarding programs that protects one in real time against spyware. Thanks in advance! Tag: abnormal traffic going out after applying the windows update and office update Tag: 51886
 - 13
 - email purporting to be from MS Received email advising me to open attachment and install patch to fix latest security problems with XP Is this legit? I had just checked Windows Update and they indicated no urgent fixes See full header info belo X-Symantec-TimeoutProtection: X-Symantec-TimeoutProtection: X-Symantec-TimeoutProtection: Return-Path: <ljekarna-salus@vz.hinet.hr Received: from ls413.htnet.hr ([195.29.150.117]) by mta1.adelphia.ne (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with ESMT id <20040505015000.TDPN11994.mta1.adelphia.net@ls413.htnet.hr> Tue, 4 May 2004 21:50:00 -040 Received: from ls413.htnet.hr (localhost.localdomain [127.0.0.1] by ls413.htnet.hr (0.0.0/8.12.10) with ESMTP id i451nxSB027873 Wed, 5 May 2004 03:49:59 +020 Received: from tmey (at07-m251.net.htnet.hr [83.131.121.11] by ls413.htnet.hr (0.0.0/8.12.10) with SMTP id i451nblX027681 Wed, 5 May 2004 03:49:37 +020 Date: Wed, 5 May 2004 03:49:37 +020 Message-Id: <200405050149.i451nblX027681@ls413.htnet.hr FROM: "Internet Security Center" <odpyidml@technet.msdn.com TO: "Client" <client.eqtvexlyv@technet.msdn.com SUBJECT: Current Internet Critical Pac Mime-Version: 1. Content-Type: multipart/mixed; boundary="jnbihylm X-Trace: ls413.htnet.hr 1083721799 31753 83.131.121.11 (Wed, 05 May 2004 03:49:59 +0200 --jnbihyl Content-Type: multipart/related; boundary="uizjptqq" type="multipart/alternative --uizjptq Content-Type: multipart/alternative; boundary="yhxadhqpdle --yhxadhqpdl Content-Type: text/plai Content-Transfer-Encoding: quoted-printabl MS Clien this is the latest version of security update, th "May 2004, Cumulative Patch" update which eliminate all known security vulnerabilities affectin MS Internet Explorer, MS Outlook and MS Outlook Express Install now to maintain the security of your compute from these vulnerabilities, the most serious of which coul allow an attacker to run executable on your computer This update includes the functionality of all previously released patches System requirements: Windows 95/98/Me/2000/NT/X This update applies to - MS Internet Explorer, version 4.01 and late - MS Outlook, version 8.00 and late - MS Outlook Express, version 4.01 and late Recommendation: Customers should install the patch at the earliest opportunity How to install: Run attached file. Choose Yes on displayed dialog box How to use: You don't need to do anything after installing this item --yhxadhqpdl Content-Type: text/htm Content-Transfer-Encoding: quoted-printabl <HTML><HEAD><style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none </style></HEAD><BODY BGCOLOR=3D"White" TEXT=3D"Black"><BASEFONT SIZE=3D"2" face=3D"verdana,arial"><TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"><TR height=3D"20"><TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">&nbsp <A class=3D'navtext' HREF=3D"http://www.microsoft.com/ TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A></TD><TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>&nbsp <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' target=3D"_top">All Products</A> |&nbsp <A class=3D'navtext' href=3D'http://support.microsoft.com/' target=3D"_top">Support</A> |&nbsp <A class=3D'navtext' href=3D'http://search.microsoft.com/' target=3D"_top">Search</A> |&nbsp <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top Microsoft.com Guide</A>&nbsp </TD></TR><TR><TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP><A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top" Microsoft Home</A>  </TD></TR></TABLE> <IMG SRC=3D"cid:erekdxk" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD><BR this is the latest version of security update, th "May 2004, Cumulative Patch" update which eliminate all known security vulnerabilities affectin MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your computer. This update includes the functionality = of all previously released patches. </TD></TR></TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements</TD><TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to</TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD><TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD><TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD></TR><TR VALIGN=3D"TOP"><TD NOWRAP><IMG SRC=3D"cid:amekurm" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD><TD NOWRAP>You don't need to do = anything after installing this item.</TD></TR></TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%">The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners.</TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"><TR VALIGN=3D"TOP"><TD WIDTH=3D"5"></TD><TD><A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A> |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A> |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A></TD></TR><TR VALIGN=3D"MIDDLE"><TD WIDTH=3D"5"></TD><TD>©2004 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A></TD></TR></TABLE></BODY></HTML> --yhxadhqpdle-- --uizjptqq Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <erekdxk> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZip Tag: abnormal traffic going out after applying the windows update and office update Tag: 51885
 - 14
 - AppName: mshta.exe AppVer: 6.0.2600.0 ModName: unknown The following error message displays whenever I click on "change the way users log on or off" from Control Panel: Microsoft (R) HTML Application host has encountered a problem and needs to close. We are sorry for the inconvenience (the "For more information about this error. click here" message returns the following detail" AppName: mshta.exe AppVer: 6.0.2600.0 ModName: unknown ModVer: 0.0.0.0 Offset: 00000000 > Subject: AppName: mshta.exe AppVer: 6.0.2600.0 ModName: unknown 4/27/2004 11:09 AM > PST By: Richard (search by author) In: microsoft.public.windowsxp.setup_deployment >> To resolve the behavior, type the following commands in > the Run dialog box: > sfc /purgecach > sfc /scanno I performed the operations above and checked the ( \\windows\system32\mshta.exe & \\windows\system32\dllcache\mshta.exe file directory version properties after the operations had completed. File version results were: Microsoft, 6.00.2600.0000 (xpclient.010817-1148, etc.) for each file and rebooted my system. I still recieve the error. I click upon the "change the way users log on or off" link from the Control Panel's "User Accounts" page and the error response comes back with the very same message I identified in the subject line. I would welcome suggestions that anyone might have. Thanks Tag: abnormal traffic going out after applying the windows update and office update Tag: 51884
 - 15
 - This page contains both secure and nonsecure items I'm on a trusted site and when I go from one page to another. I get this warning "This page contains both secure and nonsecure items. Do you want to display thee nonsecure?" It must always choose yest to go to next page. Is there a setting that I can change so this warning doesn't pop up> Thanks/Mike Tag: abnormal traffic going out after applying the windows update and office update Tag: 51882
 - 16
 - MSN issues HELP!!!! I can not log on to my passport account and I can not connect to any of my secure servers. I have went to the update site for Microsoft and when it scans my computer for updates I get an error. HELP!!! Tag: abnormal traffic going out after applying the windows update and office update Tag: 51881
 - 17
 - Outlook disconnect When attempting to open new mails we get disconnected.I have recently started receiving an undeliverable message from daemon@mailer.This started shortly after our home page was hijacked.I did run cw shredder and that corrected the homepage issue .Did I possibly delete something from my start up list that may have created this problem? or is something else going on? Any input will be greatly appreciated. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51880
 - 18
 - blocking spam with blank "From" using outlook express I regularly get spam where the "From" is blank, sometimes the "Subject" is blank. I've tried forwarding these spam emails as attachments to my ISP (Comcast) to block, with limited success. Outlook Express seems to require a domain name in order to block email. I've never opened one of these or tried looking at Properties out of fear I'll catch a virus. Is there any way to block all email that arrives with no "From" information displayed? Tag: abnormal traffic going out after applying the windows update and office update Tag: 51872
 - 19
 - security permissions for windows 2003 server Hi there, I need to write up information related to windows 2003 security. However I don't have much win2k3 experience, I would like to find out information as stated below... 1. Define native Server security 2. Security Auditing 3. What services, minimum, are required to be running Please advise me asap if you have some information.. Thanks in advance and I look forward to hearing from you. Regards, Fred Tag: abnormal traffic going out after applying the windows update and office update Tag: 51866
 - 20
 - UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011 UPDATE (05/04/2004): - This alert is being updated to advise you of an update to Microsoft Security Bulletin MS04-011. This update details additional workaround steps which customers can take to protect against the LSASS vulnerability (CAN-2003-0533). This is the vulnerability which is exploited by the Sasser worm and its variants. Customers who have not yet deployed the security update for MS04-011 can evaluate implementing this new workaround to protect against the Sasser worm and its variants. - In addition, Microsoft has updated the cleanup tool for W32.Sasser.worm to remove the C and D variants of the Sasser worm. The Sasser removal tool now removes Sasser A, B, C and D. The updated removal tool is located at http://www.microsoft.com/downloads/details.aspx?FamilyId=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en and is documented in Knowledge Base article KB841720 http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720. What is this alert? - Microsoft has been made aware of a worm identified as "W32.Sasser.worm" and it is currently circulating on the Internet. The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004. - Microsoft encourages customers to protect themselves against this worm by installing Microsoft Security Bulletin MS04-011 <www.microsoft.com/technet/security/bulletin/ms04-011.mspx> immediately. - Customers who have enabled the Windows XP Firewall are protected from the vector this worm attacks, which is TCP Port 139. Most third party firewalls also block this attack vector by default. If you have any questions regarding the security updates or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. Thank you, Microsoft PSS Security Team -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51863
 - 21
 - browser redirect My browser gets redirected to an obnoxious search engine "The best search engine". I can't get it to stop. I've tried to reset my internet options and have Google as my default home page. Any suggestions on how to get rid of it would be appreciated. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51855
 - 22
 - PopupEliminator and spyware? Hey guys and gals, I'm thinking about downloading PopupEliminator (by SurfSecret Software). I've heard good things about it. Looks like a good program to stop annoying and invasive pop-ups, BUT...I want to make sure I'm not adding spyware along with it. (Some programs that are suppose to protect you from spyware, such as SpyBan, SpyHunter, SpyGone, etc., actually PUT more spyware on your computer). Call me paranoid but I just wanted to make sure. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51848
 - 23
 - nachi a friends pc has nachi virus which avg can not remove he can not stop online long enough to down load any patches or fixes because the virus reboots his pc Tag: abnormal traffic going out after applying the windows update and office update Tag: 51841
 - 24
 - Do I really need this ?? Hello : I am just your everyday email sender and not into much else . Do I really need THIS ; Microsoft .NET Framework version 1.1 Download size: 23.1 MB, 1 hour 16 minutes The .NET Framework is a component of the Windows operating system. For developers, the .NET Framework makes it easy to rapidly create powerful software that maximizes performance, scalability, opportunities for integration, reliability, security, Regards Bill Davis Tag: abnormal traffic going out after applying the windows update and office update Tag: 51838
 - 25
 - Salary Negot. I'm thinking around 70K. What is the going rates today for a Security position? What are the best salary negot. techniques? What if I walk in with a higher salary than expected? a) walk out and think about it for a later meeting. Thanks, T. Tag: abnormal traffic going out after applying the windows update and office update Tag: 51834

Hi

our PCs using win2000 pro w/sp4 and office xp w/sp3.
Recently, on 20 April and 3 May, we applied the windows
updates and office xp updates over the web. AFter that we
discovered abnormal traffic sent out every 10 minutes
from the PCs which were applied the updates. This 10
minutes seems hardened on somewhere and cannot be changed
even I set the clock of the PC. The abnormal traffic
started to sent out 10 minutes after the PC start up and
continue to sent until the PCs was shutdown. This traffic
trying to go to many different IP addresses and are all
go to 129.x.x.x network. I have used symantec antivirus
7.5.1 with latest virus definition (5/5/2004)to scan
those PCs but no virsu was found.

Below is a traffic denied by the firewall:

cifs[623378450]: access denied for xxx.xxx.xxx.xxx to
129.133.164.224 [default rule] [no rules found]

Statistics: duration=0.48 id=4lh98 srcif=Vpn3
src=xxx.xxx.xxx.xxx/1040 svsrc=yyy.yyy.yyy.yyy dstif=Vpn4
dst=129.133.164.224/139 proto=cifs (Access denied)

some of the destination site:
129.133.164.224
129.77.42.8
129.66.122.232
129.101.12.104
129.61.184.104
129.56.98.200
129.64.177.136
129.63.190.8
129.67.94.232
129.62.145.40
129.62.216.72
129.53.206.8
some-darbishire.some.ox.ac.uk
ingw129-37-64-40.ny.us.prserv.net
stu0073.keble.ox.ac.uk
micron.ece.northwestern.edu
Wireless.campus.uidaho.edu
ath102311.utep.edu
v1006ash208.sju.edu
A235168.N1.Vanderbilt.Edu

Any expert can help me to solve the problem?
Many many thanks

Top