deluged w/"MS email notifications" containing virus in attch

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Norton/Symantecs I downloaded Symantecs Suite from their on-line store, (and paid for it), and it didn't down load correctly, then I went and bought a copy, and apparently didn't register it - so I can't get rid of it or use it. I would like to get it off my operating system so I can get another type of antivirus program. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52096
  - 2
    - MSXML 2.6 SP3 Running Microsoft Baseline Analyzer 1.2 against an NT4 server and it shows that MSXML 3.0 and MSXML 2.6 are installed and one service pack behind. I've updated the MSXML 3.0 to SP4 but can not find MSXML 2.6 SP3 anywhere. Tried Windows Update Catalogue site, Download Center.... 1. Anyone know where I can find that service pack 2. Is there a way to remove just the MSXML 2.6 3. What might the implications be of removing 2.6? Are there some apps that need 2.6 and some that need 3.0? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52091
  - 3
    - An site invaded my computer Hello, i'm brazilian, and maybe there will be a lot of mistakes of language. I need your help! A site called http://nkvd.us, that after entering this name becomes as "http://searchpage.cc" invaded my computer. Some sites that i try to enter becomes not available and enter direct in this site of search. When you enter the link where they say "if problem", it opens a page saying this: If you don't want to continue using this page, follow instruction below: 1. Download uninstaller (right click and choose "Save target as.." from pulldown menu 2. Run it 3. Reboot your PC 4. Run it second time 5. Change your start page to "about:blank" in the IE settings (Tools -> Internet Options) 6. Click "Start" -> "Run" -> regedit 7. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio n\Explorer\Browser Helper Objects\ 8. Select key {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} and delete it Enjoy with your clear PC.. and stop looking for free porn - try to buy membership on a good paysite But, the question is that this porn site opened without i look for, when i was making a search on Google. I tried to do what they say, but i couldn't, and i don't have money to pay someone do to this to me. Help me please! Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52090
  - 4
    - access to my online status Is it possible to make your computer show as offline at all times without having to constantly change your status, as I would be offline more than I would be online? I would like it to always show offline when I turn the computer on. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52087
  - 5
    - CryptImportKey NTE_BAD_KEY error. Hi Everyone, I am having my first crack at using the Crypto API and am having problems exporting and importing DH keys. What I'm doing is generate a DH key set, exporting the public and private keys to a pair of blobs, writing them to a disk file then reading them back in and trying to import them. The import of the private key is just fine but when I try to import the public key I get a NTE_BAD_KEY error thrown. Can anyone help me out with this. Essentially all I'm doing is calling the OnGenerateEncrypKey() and then the OnImportKey(). When I call the OnImportKey function I select from the dialog the public key file that was created in the OnGenerateEncrypKey() call. The eventual goal is to get the public key stored on disk so that I can distribute it with my software and then use it to decode information that I have created using the private key. I would like to also have the private key backed up onto a disk for safety sake. Any help on what I might be missing here would be a great help. My code is as follows: //////////////////////////////////////////////////////////////////////////// / // CECCRLicenseToolDlg message handlers BOOL CECCRLicenseToolDlg::OnInitDialog() { CDialog::OnInitDialog(); // Add "About..." menu item to system menu. // IDM_ABOUTBOX must be in the system command range. ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); ASSERT(IDM_ABOUTBOX < 0xF000); CMenu* pSysMenu = GetSystemMenu(FALSE); if (pSysMenu != NULL) { CString strAboutMenu; strAboutMenu.LoadString(IDS_ABOUTBOX); if (!strAboutMenu.IsEmpty()) { pSysMenu->AppendMenu(MF_SEPARATOR); pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); } } // Set the icon for this dialog. The framework does this automatically // when the application's main window is not a dialog SetIcon(m_hIcon, TRUE); // Set big icon SetIcon(m_hIcon, FALSE); // Set small icon // TODO: Add extra initialization here m_hCryptProv = NULL; m_hExportPubKey = NULL; m_hExportPrivKey= NULL; m_hSessionKey = NULL; // Add the types of License to the combobox. CComboBox *pCombo = (CComboBox*)GetDlgItem(IDC_COMBO1); pCombo->AddString("SEAT"); pCombo->AddString("TIME"); // Set the key display to have EOL automatically inserted. CEdit *display = (CEdit *) GetDlgItem(IDC_EDIT6); display->FmtLines(true); Init(); return TRUE; // return TRUE unless you set the focus to a control } //************************************************************************** *********************************************** //************************************************************************** *********************************************** BOOL CECCRLicenseToolDlg::CanExit() { // If the proxy object is still around, then the automation // controller is still holding on to this application. Leave // the dialog around, but hide its UI. if (m_pAutoProxy != NULL) { ShowWindow(SW_HIDE); return FALSE; } if(m_hCryptProv != NULL) CryptReleaseContext(m_hCryptProv, 0); return TRUE; } //************************************************************************** *********************************************** // Create a public and private key pair then store them to a file. void CECCRLicenseToolDlg::OnGenerateEncrypKey() { CString csStr; HCRYPTKEY hKey; // Now get the key pair for asymetic encryption (AT_KEYEXCHANGE) if(!(CryptGenKey(m_hCryptProv,AT_KEYEXCHANGE,CRYPT_EXPORTABLE,&hKey))){ CryptError("Error trying to create the exchange pair."); return; } ExportAsymKeys(hKey); } //************************************************************************** *********************************************** // Gets the cryptography interface and loads the key pair for this user. // This Asymetric key set will be used to create the Autherization Code. bool CECCRLicenseToolDlg::Init() { if(m_hCryptProv != NULL) CryptReleaseContext(m_hCryptProv, 0); // Get the Diffie-Hellman service provider. if(!(CryptAcquireContext(&m_hCryptProv, "ECCR", MS_DEF_DSS_DH_PROV, PROV_DSS_DH, 0))) { CryptError("Attempting to create a new key set. "); if(!CryptAcquireContext(&m_hCryptProv, "ECCR", MS_DEF_DSS_DH_PROV, PROV_DSS_DH, CRYPT_NEWKEYSET)) { CryptError("Error getting new keys in the context."); return false; } } return true; } //************************************************************************** *********************************************** // Exports the current keys held by the current crypto provider. bool CECCRLicenseToolDlg::ExportAsymKeys(HCRYPTKEY hKey) { unsigned long ulPathIndex, ulIndex; BYTE *psBuffer; DWORD dwKeySize; CString csPath,OutputString; ASSERT(m_hCryptProv != NULL); // Get the destination directory. CString strPath(""); CFileDialog cFile(TRUE, NULL, NULL, OFN_OVERWRITEPROMPT|OFN_PATHMUSTEXIST|OFN_LONGNAMES); // OFN_FILEMUSTEXIST - use to get an existing Key. if(cFile.DoModal() == IDOK){ strPath = cFile.GetPathName(); } // Isolate the path from the file name! ulIndex = 0; while((ulIndex = strPath.Find('\\',ulIndex)+1) != -1) { if(strPath.Find('\\',ulIndex) == -1){ ulPathIndex = ulIndex; break; } } csPath = strPath.Left(ulPathIndex); if(!CryptExportKey(hKey,NULL,PUBLICKEYBLOB,0,NULL, &dwKeySize)){ CryptError("Error getting the length of the Public key."); return false; } psBuffer = new BYTE[dwKeySize]; if(!CryptExportKey(hKey,NULL,PUBLICKEYBLOB,0,psBuffer, &dwKeySize)){ CryptError("Error getting the Public key."); return false; } // now store the key to a file. CFile publicKey(csPath+"publickey.key", CFile::modeWrite|CFile::modeCreate); publicKey.Write(static_cast<void*> (psBuffer),dwKeySize); publicKey.Close(); // Display the key on screen. OutputString += "Public Key:\r\n"; char *pszPublicKey = new char[2*(dwKeySize+(dwKeySize%30))+1]; *pszPublicKey = '\0'; int i=0; for(int n=0; n<dwKeySize; n++){ sprintf(&pszPublicKey[i], "%02x", psBuffer[n]); i += 2; if((n+1)%30 == 0){ pszPublicKey[i] = '\r'; pszPublicKey[i+1]= '\n'; i += 2; } } OutputString += pszPublicKey; OutputString += "\r\n\r\nPrivate Key:\r\n"; delete pszPublicKey; delete [] psBuffer; if(!CryptExportKey(hKey,NULL,PRIVATEKEYBLOB,0,NULL, &dwKeySize)){ CryptError("Error getting the length of the Private key."); return false; } psBuffer = new BYTE[dwKeySize]; if(!CryptExportKey(hKey,NULL,PRIVATEKEYBLOB,0,psBuffer, &dwKeySize)){ CryptError("Error exporting the Private key."); return false; } // now store the key to a file. CFile privateKey(csPath+"privatekey.key", CFile::modeWrite|CFile::modeCreate); privateKey.Write(static_cast<void*> (psBuffer),dwKeySize); privateKey.Close(); //************************************ // Display the key on screen. pszPublicKey = new char[2*(dwKeySize+(dwKeySize%30))+1]; *pszPublicKey = '\0'; i=0; for(n=0; n<dwKeySize; n++) { sprintf(&pszPublicKey[i], "%02x", psBuffer[n]); i += 2; if((n+1)%30 == 0){ pszPublicKey[i] = '\r'; pszPublicKey[i+1]= '\n'; i += 2; } } OutputString += pszPublicKey; delete pszPublicKey; delete [] psBuffer; SetDlgItemText(IDC_EDIT6,OutputString); return true; } //************************************************************************** *********************************************** // Loads a key from the designated file into memory and inputs it to the current // crypto provider. If the interface is not initialized it will be using this key. bool CECCRLicenseToolDlg::ImportKeys() { // Get the destination directory. BYTE *psBuffer; DWORD ulKeySize = 0; CString strPath(""); CFileDialog cFile(TRUE, NULL, NULL, OFN_PATHMUSTEXIST|OFN_FILEMUSTEXIST); // OFN_FILEMUSTEXIST - use to get an existing Key. // Import the public key from file. MessageBox("Select public key source file."); if(cFile.DoModal() == IDOK){ strPath = cFile.GetPathName(); } // now store the key to a file. CFile publicKey(strPath, CFile::modeRead); ulKeySize = publicKey.GetLength(); psBuffer = new BYTE[ulKeySize]; publicKey.ReadHuge(static_cast<void*> (psBuffer),ulKeySize); // Because this is not a public private key pair we don't need to worry about the CRYPT_EXPORTABLE flag! if(!CryptImportKey(m_hCryptProv, psBuffer, ulKeySize, NULL, 0, &m_hExportPubKey)){ CryptError("Error importing the Public key."); delete [] psBuffer; return false; } delete [] psBuffer; // Import the private key from file. MessageBox("Select private key source file."); if(cFile.DoModal() == IDOK){ strPath = cFile.GetPathName(); } // now store the key to a file. CFile privateKey(strPath, CFile::modeRead); ulKeySize = privateKey.GetLength(); psBuffer = new BYTE[ulKeySize]; publicKey.ReadHuge(static_cast<void*> (psBuffer),ulKeySize); if(!CryptImportKey(m_hCryptProv, psBuffer, ulKeySize, NULL, CRYPT_EXPORTABLE, &m_hExportPubKey)){ CryptError("Error importing the private key."); delete [] psBuffer; return false; } delete [] psBuffer; publicKey.Close(); privateKey.Close(); return true; } //************************************************************************** *********************************************** void CECCRLicenseToolDlg::OnImport() { ImportKeys(); } //************************************************************************** *********************************************** void CECCRLicenseToolDlg::CryptError(CString csMsg) { char sTemp[256]; DWORD e; csMsg += "\n\nERROR: "; e = GetLastError(); switch(e) { case NTE_BAD_KEY: csMsg += "NTE_BAD_KEY - "; break; case ERROR_INVALID_HANDLE: csMsg += "ERROR_INVALID_HANDLE - "; break; case ERROR_INVALID_PARAMETER: csMsg += "ERROR_INVALID_PARAMETER - "; break; case ERROR_MORE_DATA: csMsg += "ERROR_MORE_DATA - "; break; case NTE_BAD_FLAGS: csMsg += "NTE_BAD_FLAGS - "; break; case NTE_BAD_KEY_STATE: csMsg += "NTE_BAD_KEY_STATE - "; break; case NTE_BAD_PUBLIC_KEY: csMsg += "NTE_BAD_PUBLIC_KEY - "; break; case NTE_BAD_TYPE: csMsg += "NTE_BAD_TYPE - "; break; case NTE_BAD_UID: csMsg += "NTE_BAD_UID - "; break; case NTE_NO_KEY: csMsg += "NTE_NO_KEY - "; break; default: csMsg += "Unknown error - "; } sprintf(sTemp,"0x%x\n",e); csMsg += sTemp; MessageBox(csMsg,"Crypto Error",MB_ICONERROR); } //************************************************************************** *********************************************** void CECCRLicenseToolDlg::OnDeleteAllKeys() { CString str; HCRYPTKEY hKey; DWORD dwRC; // Get the Diffie-Hellman service provider. if(!(CryptAcquireContext(&m_hCryptProv, "ECCR", MS_DEF_DSS_DH_PROV, PROV_DSS_DH, CRYPT_DELETEKEYSET))) CryptError("Error deleting the key container."); // Display error and exit. else{ // Reinitialize the context with a new key set. if(!CryptAcquireContext(&m_hCryptProv, "ECCR", MS_DEF_DSS_DH_PROV, PROV_DSS_DH, CRYPT_NEWKEYSET)) CryptError("Error recreating the container after deletion."); MessageBox("The keys have been deleted."); } } Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52086
  - 6
    - This page is not available After about 1hr. of uninterupted internet access the computer wil no longer let me enter any page, out look express etc. I cannot under stand this. I have a zone alarm fire wall which I am very careful about letting in the correct progams. I also have norton antivirus, ad- aware,(which I highly reccommend) spybot and spyhunter to remove Parasites etc.. My isp says their equiptment said zone alarm is the problem(possible but not leaning that way, it has work too long to just go am the blink)I also, uninstalled it and reinstalled it and let in known programs only. All to no avail. I have to reboot each time to get on line for a short period. HAS ANYONE HAVE ANY IDEAS? THANKS, Holly Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52084
  - 7
    - Strange behavior ... New trojan? I was observing strange behavior in my computer recently. I am running Windows Me with Outpost firewall. On the Open Ports page of Outpost firewall I see that Internet Explorer sequentially tries to open ports. For example IExplorer.exe 1017 IExplorer.exe 1018 IExplorer.exe 1019 A few seconds later I see IExplorer.exe 1020 IExplorer.exe 1021 IExplorer.exe 1022 Then IExplorer.exe 1023 IExplorer.exe 1024 IExplorer.exe 1025 And so on. The Outpost is in Block Most mode. In addition to that I defined rules that block all well known ports like 135-139, 389, 445, 593, 636, 3368-3369, 1025, 1720, 1503 and 443 (both TCP and UDP, both inbound and outbound). Besides that I used DCOMBobulator utility from grc.com web site to shut down DCOM. Does anyone encounter similar behavior? Any ideas why is it happening? Might it be new trojan? May be the IExplorer.exe was infected/modified by some virus/trojan? I did check my computer regularly and neither Spybot, nor Adaware, nor Norton Antivirus find any viruses/trojans. Thanks in advance Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52083
  - 8
    - rogue file a file named CREATE~1.exe keeps attaching itself to my system everytime i think ive deleted it. it just appeared within the last couple weeks. what the heck is this? cant find any reference to it anywhere. it has no identifying anything. its constantly running processes Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52077
  - 9
    - rogue file a file named CREATE~1. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52076
  - 10
    - Can I run XP firewall and Sygate at same time ? Hello I have turned on the XP internal firewall .. Trying to end the internet explorer pop ups that are plaguing me. I have reg edit closed that port that is supposed to let them thru and they still come thru at a rate of one every 3 min while I surf the web - even with my XP firewall turned on ... SO .. .I downloaded the Free version of Sygate firewall .. in hopes that it will be more aggressive at stopping the pop ups ... BUT ... Can I run both firewalls ? or should I disable the XP internal one NOW ? Any Advice will be welcome ... This is my first attempt at running a firewall of any kind and I am really just learning at what all the warning messages mean ... Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52070
  - 11
    - Forcing no reboot on Hotfixes Does anyone know how you can force a computer not to reboot after installing a hotfix? I knowsome patches have an option either in a switch or in an ini file, but some do not. For example, if you look at js56nen.exe and use a '/?' on a command-line, you don't have an option to not reboot or hide the message that prompts you to do so. There's the /q for qwuiet-mode but that doesn't supress everything. Thanks in advance. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52061
  - 12
    - Sasser Virus I have followed Microsoft's step-by-step instruction to erase and patch this virus, but it is not working - I am still finding avserve2.exe and av.exe in my Task Manager. I have followed these instructions three times and still cannot send or receive emails or access the internet - any suggestions? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52060
  - 13
    - What is it- "support.comAgent" icon in systray Hi- This icon has(suddenly)appeared in my sys-tray. It looks like a redish x with a dot for a head. When you roll over it it says "support.com Agent". If you right-click it says something about connecting with "Nexus Communications". It doesn't give me an option to delete it, or even see properties. Web and newsgroup searches haven't really found anything specific. (there are a lot of nexuses and support.coms!) I don't see it in add/remove programs. Any ideas? Thanks, M. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52058
  - 14
    - downloads What do you do when you download andit fails?? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52057
  - 15
    - MBSA ans SUS Is there a way to configure MBSA so it does not go back to Microsoft to get its updates? I run MBSA on a secure Windows 2000 Active Directory network which also has a SUS server on it. When I run MBSA on a test W/S and use the SUS option, I get an error and it doesn't seem to run the scan properly. The error I get is "Unable to access Security.xml file". I thought that if I used the SUS server option during a scan, that MBSA would use the SUS server to identify which patches were missing on the test W/S. Am I wrong in my thinking? Any thoughts Thank Brun Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52053
  - 16
    - Remove administrators from Local Profiles Can anyone tell me how to prevent the Administrator Group from getting access automatically to any of the profiles under Documents and Settings?? ie. can Documents and Settings be setup such that when a new user logs in, their profile will only have the user and other "selected" users/groups with access to that profile? I realise that anyone in the Administrators group will (probably) still be able to take ownership of the directory, I am just trying to "deter" prying.... Thanks John. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52051
  - 17
    - secure web sites Can any one help I can not connect to a secure web site using windows XP any one any ideas I tried the http://support.microsoft.com/?id=261328 but this didnt help any clues on what else I can do many thanks Lynnette Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52041
  - 18
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.05.06 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info I'm getting an LSASS error message, and/or I have the Sasser virus. 1) Run anti-virus that is configured to download the latest updates every week or even every day. www.grisoft.com is free anti-virus. 2) You also need to install all the patches for your system software from http://windowsupdate.microsoft.com, starting with the MS04-011 patch. Microsoft generally releases security patches on the second Tuesday of more or less every month. [Theh MS04-011 patch is also available here: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx ... though you still want to visit the Windows Update site to get all patches.] 3) Once you're infected, you may need to download and run a free Sasser virus removal tool such as the Stinger tool from www.McAfee.com or the free tool from http://www.microsoft.com/security/incident/sasser.asp 4) You're not running a firewall, or your firewall isn't protecting you. Running a firewall would have protected you from this. Free firewall software is available from www.kerio.com, www.zonealarm.com and/or www.sygate.com 5) You need to do ALL of these things, or you won't have much success. You should also make sure you get the latest Microsoft patches monthly and anti-virus updates at least weekly. My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52034
  - 19
    - Could someone explain please : re Sasser and others Hi, I have 1 pc running windows 2000 Adv Server and 2 machines running Windows 2000 and Windows XP. All computers have a virus protection program and all sit behind an ADSL Router and a 3com Firewall DMZ with all ports blocked except 25. Q1. If I DON'T install the latest security updates am I vunerable to Sasser or will the hardware firewall protect me? Q2. What role exactly does the hardware firewall play in my configuration. Thanks for any help to clear up this matter in my mind. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52029
  - 20
    - Application of MS04-011 to NT4W SP6a causes STOP 7B Anyone seen this issue with application of MS04-011 (Sasser patch and others) on NT4 Workstation with SP6a? Applied it in a roll out to about 15 machines on our domain and 20% of them failed to start again with STOP 7B errors (at which point I stopped the rollout). I need to try to get these machines up and running, standard solutions are a pain in the arse without easy access to the drive and, of course, NT repair never works once you've got SP6a Hi Encryption installed. Any ideas would be appreciated. Thanks, Freakstone (reply by mail and post if possible, ta) Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52026
  - 21
    - vpn HI one of my customer is using nortel vpn , i want o establish a vpn from my windows 2000 server using l2tp/ipsec to the nortel vpn is it possible from windows 2000. is there any interoperability document between nortel vpn and windows 2000 vpn , any pointer or docs regarding this will help me a lot thanks Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52025
  - 22
    - Someone is scanning your computer HI, I have a strange problem. My XP Pro system is connected to DSL all the time and I have Sygate firewall installed. When I am working on the system, occasionally I get alerts that somebody is scanning my ports giving a list of port numbers. Roughtly 2-3 alerts in an hour. The strange part is that these alerts never come when the system is idle even though the Net connection is always on. The source ip address always has the same Net id as mine. Any ideas what could be happening? I doubt if somebody is actually scanning my computer. Thanks for any tips. Ramesh Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52024
  - 23
    - Getting tons of Low Risk Warnings with Norton I have been inundated with "Low Risk" warnings under my Norton Internet Security Program Control and it's driving me crazy! In order to reduce the number of warnings, the program suggests 1) Turning on Automatic Program Control and 2) Running a Program Scan. I have done both and the messages continue popping up on my screen. Any suggestions on how to get rid of this continual barrage of "Low Risk" warnings? Can't find anything in manual or on Norton site to help me. Thanks for any suggestions you can give me! Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52022
  - 24
    - Security Update MS03-030 (Direct X buffer overrun)) I am using the Microsoft Baseline Security Analyzer to scan machines on our network. I have several Win2K Machines (Traditional Chinese) machines that show that "1 Security Updates could not be confirmed." Clicking on the Result details link shows that Security Update MS03-030 has not been installed. However, when I download the Security Update and it installs it, the installer tells me that the update can be applied only to DirectX 8.x and that the update is already included in the version I have installed (DirectX 9.0b). Am I at risk for this security hole if I have DirectX 9.b installed? Can I ignore the 'Severe Risk' assessment for these machines? Is there any way to make this assessment go away TIA Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52021
  - 25
    - ie tools menu was changed Hi I was out of town for two weeks and somehow one line on the tools menu was changed. I think it was "Messenger" to some foreign language - I cannot read it. If I click - it delivers porno, damn.. Can someone help? How to get rid of it? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52020
- Next
  - 1
    - Windows update error Having problems on my laptop. Everytime I attempt to update windows (www.microsoft.com) I receive an error message. No description. (WINDOWS UPDATE ERROR) Help. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52015
  - 2
    - Using xp firewall/ Crazy things going on!! I'm experiencing some mous problems. Sometimes I'll try to click on a link and it won't do anything. Now if I close the web page and come back to it , I'm then able to click on a link, and its not all links that I'm unable to see, just some I went to a link here on microsofts web page (security) to check for sasser worm. It said I wasn't enfected what I'm curious about is 1: Does my internet provider also provide me with a firewall and 2: should I, and can I, without making it impossible to navigate the internet, enable my Xp firewall for added protection. I'm also wondering if i should download this sasser patch everybodys talking about even though I don' have the worm yet I've got the latest AVG control center, and it updates regularly and my AVG runs every night just like clockwork In reference to my computer acting up. I'v recently disenfected it from a trojan worm as of a week ago. I'd say my AVG is working profishiantly can someone help Thanks Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52014
  - 3
    - office 2000 everytime I tried to install office 2000 it gives me an error 1933. I tried the suggested instructions that were listed on this site but I still get the error. Please help! Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52012
  - 4
    - XP Firewall I've been using the McAfee Personal Firewall since I bought my pc about a year and a half ago. I was also running McAfee Viruscan up until this past weekend but decided to get Norton (again) since it seems to run better on my pc. I just uninstalled the firewall and enabled the XP firewall. Is the XP firewall any good? Will I get the same (or good enough) protection from it that I was getting from McAfee? Now I know with McAfee and other firewalls you can change the programs that have access to the "outside world", which came in handy every now and then. Is it possible to view and change the programs or settings with the XP firewall? I DID run a hacker test from the Norton website and it said that I was protected from all threats but I'm still kinda "iffy". My pc is just used at home, not for anything important but playing blackjack, paying bills, reservations, dirty pictures... the basic home user stuff. I just wanna make sure that I'm safe. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52010
  - 5
    - abnormal traffic going out after applying the windows update and office update Hi our PCs using win2000 pro w/sp4 and office xp w/sp3. Recently, on 20 April and 3 May, we applied the windows updates and office xp updates over the web. AFter that we discovered abnormal traffic sent out every 10 minutes from the PCs which were applied the updates. This 10 minutes seems hardened on somewhere and cannot be changed even I set the clock of the PC. The abnormal traffic started to sent out 10 minutes after the PC start up and continue to sent until the PCs was shutdown. This traffic trying to go to many different IP addresses and are all go to 129.x.x.x network. I have used symantec antivirus 7.5.1 with latest virus definition (5/5/2004)to scan those PCs but no virsu was found. Below is a traffic denied by the firewall: cifs[623378450]: access denied for xxx.xxx.xxx.xxx to 129.133.164.224 [default rule] [no rules found] Statistics: duration=0.48 id=4lh98 srcif=Vpn3 src=xxx.xxx.xxx.xxx/1040 svsrc=yyy.yyy.yyy.yyy dstif=Vpn4 dst=129.133.164.224/139 proto=cifs (Access denied) some of the destination site: 129.133.164.224 129.77.42.8 129.66.122.232 129.101.12.104 129.61.184.104 129.56.98.200 129.64.177.136 129.63.190.8 129.67.94.232 129.62.145.40 129.62.216.72 129.53.206.8 some-darbishire.some.ox.ac.uk ingw129-37-64-40.ny.us.prserv.net stu0073.keble.ox.ac.uk micron.ece.northwestern.edu Wireless.campus.uidaho.edu ath102311.utep.edu v1006ash208.sju.edu A235168.N1.Vanderbilt.Edu Any expert can help me to solve the problem? Many many thanks Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52009
  - 6
    - need help please I've noticed lately that my computer has been acting strange. It seems almost as if someone else is controling my computer in the backgroud. For example after a few minutes of inactivity my screen saver will come on, and a few minutes later the screen saver will stop and the main desktop screen comes back on. It doesn't make scence for this to occure since no one is working at the computer. I scanned for computer viruses with Norton Antivirus 2002 and found none. It even has the newest virus definitions and updates installed. I also scanned my computer for spyware with Spybot Search & Destroy and found nothing. It too was up to date. I have Windows XP firewall enabled along with Norton's Personal Firewall. Any suggestions as to what could be causing my screen saver to stop and the main desktop screen to come back on for no reason? Please email me. flowmaster85@charter.net Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52004
  - 7
    - ZestyFind Can anyone help me get rid of this annoying ZestyFind? Adaware & Spybot wont do it. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 52001
  - 8
    - Virus I recieved by uploading from Microsoft - Hehlp I recieved a trojan from downloading upgrades to windows XP HE. the trojan is in my start up. my antivirus programs are not getting rid of it. if anyone has had this problem or can help me, please E-mail me at YesReasons@aol.com. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51998
  - 9
    - Unlock Locked xp Computer I need to Unlock my Locked up xp Computer. Can anybody help?? Thanks Joel Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51994
  - 10
    - Site unavailable - windows 2000 pro I am not able to access secure sites since my latest critical update. What settings might have changed in the update to cause this? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51992
  - 11
    - What is mWinXp ,mWinXpD, mWinXpD2 While I was working last night these three new files appeared in my windows 98 file area What are the files mWinXp, mWinXpD, and mWinXpD2 are they form Microsoft? Or are they some sort of Virus? And if they are from Microsoft will they cause problems because they are meant for Xp and I have windows 98 thank you. Glen Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51988
  - 12
    - Repeating Updates Using Automatic Updates on WinXP Pro. Received KB835732 and installed it. Every time I go on line, it downloads again. Any suggestions? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51987
  - 13
    - dloading updates I get the message when dloading security updates (Security Update for Windows XP (KB837001)Security Update for Windows XP (KB828741)Security Update for Windows XP (KB835732)) "this software has not passed windows logo testing yada yada" and then a warning about continuinng to install the updates and then they fail to install. Is it possible updates from microsoft would give such an error msg?? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51985
  - 14
    - VIRUS THREAT I WAS CHECKING MY EMAIL AND CAME ACROSS THE FOLLOWING=20 THREAT, THIS IS BOGUS, IT CONTAINS A W32.Swen.A virus X-Apparently-To: shadowcat624@yahoo.com via 66.218.93.78;=20 Wed, 05 May 2004 01:39:47 -0700=20 Return-Path: <benecastan@terra.es>=20 Received: from 213.4.129.129 (EHLO tsmtp4.mail.isp)=20 (213.4.129.129) by mta173.mail.dcn.yahoo.com with SMTP;=20 Wed, 05 May 2004 01:39:42 -0700=20 Received: from njdts ([213.97.6.187]) by tsmtp4.mail.isp=20 (terra.es) with SMTP id HX8G1G00.A0F; Wed, 5 May 2004=20 10:39:16 +0200 =20 From: "MS Program Security Center"=20 <mpreekhiolnybzg@pvnfoayc.microsoft.net> Add to Address=20 Book=20 To: "Commercial Client" <client@pvnfoayc.microsoft.net>=20 Subject: latest microsoft pack=20 Mime-Version: 1.0=20 Content-Type: multipart/mixed; boundary=3D"qpzvbkgmsukl"=20 Content-Length: 58661=20 =20 =20 Microsoft All Products | Support | Search | =20 Tiscalinet.it Guide =20 TiscaliSEXHome =20 =20 Microsoft Client this is the latest version of security update, the "May=20 2004, Cumulative Patch" update which fixes all known=20 security vulnerabilities affecting MS Internet Explorer,=20 MS Outlook and MS Outlook Express. Install now to protect=20 your computer from these vulnerabilities, the most serious=20 of which could allow an attacker to run executable on your=20 computer. Questo programma consente al vostro PC of all=20 previously released patches. =20 System requirements Windows 95/98/Me/2000/NT/XP=20 This update applies to MS Internet Explorer, version=20 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later =20 Recommendation Customers should install the patch at the=20 earliest opportunity.=20 How to install Run attached file. Choose Yes on displayed=20 dialog box.=20 How to use You don't need to do anything after installing=20 this item.=20 TISCALI Product Support Services and Knowledge Base=20 articles can be found on the Tiscali Technical Support web=20 site. For security-related information about TISCALI=20 products, please visit the Tiscali Security Advisor web=20 site, or Contact Us.=20 Thank you for using TISCALI products. Please do not reply to this message. It was sent from an=20 unmonitored e-mail address and we are unable to respond to=20 any replies. ----------------------------------------------------------- --------------------- The names of the actual companies and products mentioned=20 herein are the trademarks of their respective owners. =20 Contact Us | Legal | TRUSTe =20 =A92004 TiscalinetCorporation. All rights reserved. Terms=20 of Use | Privacy Statement | Accessibility =20 Attachment =20 =20 =20 =20 =20 upgrade7524.exe .exe file Scan and Download Attachment Scan and Save to my Yahoo! Briefcase=20 Scan Results [Back to Message] =20 File name: upgrade7524.exe=20 File type: application/x-msdownload=20 Scan result: Virus "W32.Swen.A@mm" found. You can not download this attachment. You have two=20 options:=20 1. Sign up for Yahoo! Mail Plus to get automatic cleaning=20 of infected attachments. Learn more. (Note: Not all viruses can be cleaned.)=20 2. Contact the message sender and request that they resend=20 the attachment to you after cleaning it with anti-virus=20 software=20 =20 =20 =20 Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51977
  - 15
    - I need help with kazaa media desktop 2.6 I downloaded kazaa, and when i tried to uninstall it, it seemed to go fine and i thought it was gone. I restarted the computer and it was back on the add/remove programs list. I tried to uninstall it again, and I had a problem. I got the following message, "InstallShield (R) Setup Launcher has encountered a problem and needs to close. We are sorry for the inconvenience." I searched the hard drive for files concerning kazaa and found none. I need some suggestions on how to deal with this problem. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51972
  - 16
    - DO I NEED TO DO ANYTHING ELSE TO KEEP MY COMPUTER W/OUT ANY VIRUSES I am currently running an antivirus ---- McAfee do I need to add or download anything else to keep my computer safe form viruses. I heard there are some things in your web page you can load to keep your Microsoft programs without any viruses. What are they if there are any and how do I know if I have them or if I need to install them or how do I even get them if they are not installed? Oh, I am currently using Windows XP. Thanks for the help before hand. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51969
  - 17
    - vbv Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51963
  - 18
    - security web PLEASE PLEASE HELP I can not open a security web page it keeps coming up web page not found I am using windows xp if that helps many thanks in advance Lynnette Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51962
  - 19
    - MS04-011 on DELL CPxJ corrupts video? Running NT4 SP6a after installing the patch, the video is corrupted and will only run using the default VGA drivers. Removing / reinstalling drivers doesn't fix. the only way to get it to work is by removing the patch. This is a DELL Lattitude CPxJ, NT4, SP6a, ATI Rage Mobility video. Please help! Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51954
  - 20
    - MSSQL Stack Overflow? Hi: My Norton Firewall blocks this message numerous times a day. B4 this same companies were blocked with another message having to do with backdoor ports. anyone having similar problems, and should i be concerned. ? Should I restore my computer back a month or so? Thx Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51952
  - 21
    - firewalls can anyone tell me the name of another security company other than norton? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51931
  - 22
    - AVOID THESE LIKE THE PLAGUE! If you need to protect your computer from malware (unwanted pop-ups from software installed on your computer, browser/homepage hijackings, dialers, keyloggers, etc.), then please get Ad-Aware, Spybot Search & Destroy and some others; they are REPUTABLE! However, do NOT get the following; they are programs that SAY they will protect you, but have been found by various websites/individuals to actually HARM your computer! Notice some have similar names to the REPUTABLE programs like the fantastic Ad-Aware, Spybot, SpywareBlaster, etc. So... AVOID THESE LIKE THE PLAGUE: Spy Wiper AdWare Remover Gold BPS Spyware Remover Online PC-Fix SpyFerret SpyBan SpyBlast SpyGone SpyHunter SpyKiller SpyKiller Pro SpywareNuker TZ Spyware-Adware Remover SpyAssault InternetAntiSpy Virtual Bouncer AdProtector SpyFerret SpyGone SpyAssault Pal Spyware Remover NoAdware Spyware Killa Scanspyware ALSO: XP Antispy is LEGIT, however, their former domain was taken over by someone who's pushing a dialer and trying to pass it off as XP Antispy. My suggestion: avoid XP Antispy for now to be on the safe side! You never know which one you are getting! If anyone else has anything to add to the list, feel free but make sure it deserves the "recognition" (in other words, don't put it here because you "don't like it"; put it here because a reputable researcher found it to be bad). And please, send this list to all your friends/co-workers so the word spreads about these programs that will do NOTHING but harm your computer and betray your trust. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51927
  - 23
    - Manually installed patches do not show up 1) When I Download&Save updates/patches for our current corporate configuration (Office 97, and Outlook2K) and manually install them (successfully) When I check using the automatic install, M/S say's that these patches/updates need to be installed. What's going on? Do I have to use the automatic installer from the internet for every client PC ? Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51922
  - 24
    - lsass.exe, problems after applying ms04-11 Hello, I had several calls concerning the patch ms04-11 needed for the sasser. There are articles about the problems related to it, but nothing's talking about printers malfunctioning. Anybody had similar problems? I asked the local support people to reinstall the printers with the drivers to see if the problem persists. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51916
  - 25
    - Sasser: How critical is "not critical" From http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin? No. None of these vulnerabilities are critical in severity on Windows 98, on Windows 98 Second Edition, or on Windows Millennium Edition. Any comment welcome. Tag: deluged w/"MS email notifications" containing virus in attch Tag: 51915

I' m receiving 2 to 3 of these bogus (confirmed bogus by MVP Jupiter Jones in earlier post) per day. All of course from diferent email sources. Some with very official looking MS Document advising to open attachment immediately, some with just garble. All intercepted by Norton AV, but volume of posts is ridiculous. Is there a way to bring this to attention to MS security who may be able to track down the perp(s)

I'm reporting them to my ISP abuse, but who knows what they are doing with my complaints?

Top

deluged w/"MS email notifications" containing virus in attch by Russell

Russell
Thu May 06 19:33:51 CDT 2004

Microsoft knows about them. This has been happening for a
long time now. Two or Three a day is not many. I
regualarly get 10 to 12 a day, and at one time was getting
30 a day. Other people at its hit where reporting 1500
plus a day.

Just delete them.

>-----Original Message-----
>I' m receiving 2 to 3 of these bogus (confirmed bogus by
MVP Jupiter Jones in earlier post) per day. All of course
from diferent email sources. Some with very official
looking MS Document advising to open attachment
immediately, some with just garble. All intercepted by
Norton AV, but volume of posts is ridiculous. Is there a
way to bring this to attention to MS security who may be
able to track down the perp(s)?
>
>I'm reporting them to my ISP abuse, but who knows what
they are doing with my complaints?
>.
>

Top