none

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Microsoft Windows Update Site Broken in IE6 I am the admin for several NT4 workstations. The Windows Update site (which had previously been working, and only works in IE) seems to have been broken with the new method of releasing patches (the October patches). The website shows "No updates of this type are available at this time." under the section "critical updates and service packs." Because the workstation had not been patched with the latest updates it should have shown: KB824141 KB828035 KB823182 KB825119 Good job, you guys at Microsoft. Keep up the good work -- breaking two things for every one you fix! --Douglas Mayne Tag: none Tag: 37566
  - 2
    - Digital ID without email address Hi! Sorry aboy cross posting, but I just saw this group so... If I want to use Digital ID which does not contain email address to sign emails how can I do that in Outlook 2003. I know it should be possible, but what I should do excatly? Cheers, Mikko Tag: none Tag: 37557
  - 3
    - WINS ADMIN delegation Can someone tell me the best approach to delegating WINS admin to my network team. We recently migrated our WINS from UNIX servers to our AD DC's. We do not want to add them to any unnecessary high level groups (e. g. server operator or DA) to do this delegation. Please advise. Thank you Tag: none Tag: 37556
  - 4
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.17 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: none Tag: 37554
  - 5
    - Malicious Hacker Activity OK malicious hackers you have pissed ,me off. deal with it. This babe is going to expose your hacking activites, and I'm going to hit ya hard, Tracker Tag: none Tag: 37548
  - 6
    - pop ups I continue to get more pop ups and it makes my newer computer non-function when I am on the web....any idea how I can stop all pop ups...bought and downloaded software to stop it and it does not seem to help...is there some ways on my computer control panel that I can stop these disturbances Thanks Tag: none Tag: 37544
  - 7
    - Security Hotfix blue screened my duel proc. NT box Last weekend, during an upgrade, I took advantage of the downtime to upgrade some member servers, get those security patches all up to date. One box, which I recently added a 2nd processor too, NT 4 SP6a, IIS 4 blue screened after one of the updates (no, I don't remember which, and didn't write it down - within a few months though). I was able to fix the box by booting into another NT config (the one created when I added the processor) and copy back the system files the patch backed up. Here is my question, it would appear security hotfix was not for a second processor, and replaced system files incorrectly. I scoured MS site tonight, and found no mention of different patches for different kernels. Am I on the right track or did I just have a blowup after a patch? Tag: none Tag: 37534
  - 8
    - New security bulletin format: Where's the 'will be included in...' information? Always appreciate new-and-improved-ness, but there is one very important piece of information left out of the new security bulletins that would be most helpful to have back in. Previous bulletins would tell you explicitly in what future service pack the hotfix would be included (if it was going to be included in a service pack). If we know a hotfix was to be included in a future service pack, we may hold off for the service pack; we would only deploy the hotfix if necessary. This lets us be a bit more deliberate about which hotfixes we deploy. We also keep track of which service pack the hotfix was included, so we can do periodic audits of our security bulletin database. Many times we find that a critical hotfix is now moot as a subsequent service pack has 'fixed' the issue. Microsoft, can you please add this 'feature' back in? Or at least give us a quick way to determine which service packs (or security roll-ups) take care of which security issues besides having to sift through service pack release notes? Tag: none Tag: 37532
  - 9
    - mssecure.xml does not check for latest patches Hfnetchk and mbsa (with the latest mssecure.xml) do not scan for the Oct 15th patches on NT 4SP6a workstation even though the bulletins say they are required. Same thing with windowsupdate.com. Is this a mistake or is MS no longer supporting scanning for hotfixes on NT workstation? Thanks Matt _______________________________________________________________________________ Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com <><><><><><><> The Worlds Uncensored News Source <><><><><><><><> Tag: none Tag: 37529
  - 10
    - Newest Security Bulletins MS03-041/047 Hi, If I open the latest security bulletins MS03-041/047 by clicking one from http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp I can see the Print icon in the top right hand corner. If I click on it to print I get a box that says The attempt to print failed. Please use your browsers default print services. This is not the case with previous bulletins. Why is this failing now? Thanks Chris Wood Alberta Department of Energy CANADA Tag: none Tag: 37522
  - 11
    - Patching according to KB828489 when Exchange and OWA are not on the same server??? Hi All From what I understand the patch for OWA 5.5 described in KB 828489 affects both Exchange Server and IIS.... now in my case the OWA 5.5 service is not on the same server where Exchange 5.5 is. Question 1) Should I apply the same patch on both servers or only on the one where OWA is? 2) Is patch going to do its job or was it conceived to work on a single box (Exchange and OWA on the same box). Thank you for your help!!! Theo Tag: none Tag: 37521
  - 12
    - jig.ms.smv virus Gotz to be wack when it ain't all dat. I be sayin' like yo foo, cool chill like no otha, criznap. Tag: none Tag: 37518
  - 13
    - Respond To Review Four Remember, we?re talking about Windows 95,98 and ME Platforms and my book was written for basic home computer users only. It?s has since grown into a book which will help three levels of computer Windows users. The following is from a reviewer with the nick name of "Jack" Part 1: Throughout the document, there area number of sentences that make absolutely no sense whatsoever. An few examples: "The time seemed like forever, with no end; On the technical side, there is no mention of the time between the request to close the account(s) and the time it was discovered that the logins had not been disabled. This may indeed display poor housekeeping on the part of the ISP but does not provide evidence that this method is being used by "hackers" to access others systems. ME: I?m not going to be honest about how long the ISP dial-up access was truly used, but a guideline could be two months. Read Review 3 for the response provided. The three separate ISP e-mail accounts were closed months prior, but I was still able to access them through dial-up. Even if it was poor housekeeping on an ISP?s part, the point is, hackers are using your canceled account Cable/DSL dial-up access and this should tell the world how hackers are accessing the Internet for free. AT&T and Qwest provided 20 free hours of dial-up at the time of writing my book, but we used the same 20 hours, plus, each month. Hackers can then set-up a Dial-up Server on a victims computer and use pre-paid phone time. Or the hacker can set-up an ISPs Primary and Secondary DNS IP addresses and just connect using their own modem and your canceled Cable/DSL dial-up accounts. The method used to calculate the potential loss to the ISP(s) was " Estimated the above by the amount of attacks our compromised computers were receiving on a daily, weekly and monthly basis." According to the text, these attacks numbered 50,000 in a month. This equates out to roughly one "attack" per minute just on the compromised machines. There is no mention of what constituted an attack nor how it was determined that all of these attacks came from closed or hacked accounts. ME: There were two different computers online at any given time. Zone Alarm and Blackice Defender logs listed a number of attacks and we also calculated the Blackice firewall logs which was owned by the hackers, hidden in a Folder. You have to remember, "The Trackers" were a six member crew and we had at least one computer up almost 24/7. We never could understand how the ferret owners never figured out how one person, "ME", could be online 24/7 and not notice this. They would go to bed and the computer would be online, they would wake up and the computer was still online and someone was actively using the Internet. DAMN! "Malicious hackers aren?t going to use their own computers to scan any system, network or server for open ports". I know some secrets around this, but they won?t ever be shared with any one. About 90% or so of firewall log evidence will come from innocent victims computers and some of these computers are only misconfigured. How does this babe know this, it?s because I?ve contacted nearly a thousand of the owners of these IP addresses listed in my firewall logs and either they had no idea what the fuck I was talking about, they didn?t know their computer had open ports or they didn?t even know what an open port was. Their IP address was port scanned and it revealed to me their computers with either open ports, Trojan Horses or Backdoors. The discussion in the paragraph revolves around potential lost revenue and does not address the methods used to gain the access to the accounts nor does it indicate methods to minimize the risk (i.e.strong passwords). ME: Will assume your talking about the two million dollar articles. I?m not totally sure how to address this, but will try. Most individuals on a Windows Platform don?t know they need to disable any services, especially file and print sharing. If a Windows Platform owner doesn?t disable these services then any one in the world can view what is on their hard drive, install a Backdoor, Trojan Horse or Virtual Private Network. (an elite hackers secret) Passwords don?t mean shit because many applications expose clear text passwords directly on your hard drive. I have a listing of the applications which expose clear text passwords, but if you want to know, purchase my e-book. This topic could go on and on forever and it?s not worth my time to address this issue. Purchase my book and the rest of your question shall be answered. Moving on to paragraph B, the paragraph mentions that the "hackers" are "Previous owners are unaware that the general public, or malicious hackers, are using their old account information, and all vital information that only the customer should know and have." The discussion now moves from free access to an account to access to the ISP's database of customer information. This would involve compromising more than just a logon into a dial-up account. ME: I?m not totally understanding your remarks here. See above remarks. We move on the the statement that previous customer would be liable for any wrongdoing on a closed account. A previous customer would have no liability whatsoever for what happens with a closed account. When an account is closed, the ISP would become the responsible party. ME: Many ISP?s don?t give you a confirmation number when they close your accounts besides AOL that I know of. My point is, the malicious hackers, some working for the 1%er Clubbers continue to use these canceled dial-up accounts and it?s not limited to the time limit an ISP provides. Some ISP?s don?t close the dial-up access and these accounts are being abused, revenue given away for free. Just as I did when testing "my" Cable/DSL dial-up accounts which were still accessible to me for as long as my heart desired. But when the law checks the source of an ISPs communications IP and it links to a specific computer, yours, sorry you?re misinformed. The law will knock on the source not the ISP. Since the hacker is using your computer for abusive purposes, the owner of the computer is responsible. Paragraph C indicates that everyone is vulnerable to the dial-up access since the "hackers" already have the email ID and password. Finally a true statement, If your account has been compromised then you are indeed vulnerable to someone using your account without permission. Hence the need to utilize strong passwords and to change them often. ME: Read earlier remarks and I?m only concerned with canceled Cable/DSL dial-up access which is accessible after a person cancels their account. Paragraph D shows a complete misunderstanding of what a MITM attack is and how it operates. In the scenario shown, the MITM attack would have had to compromise the ISP's server and not the computer of the user to block information from the user to the ISP relating to their network. A MITM attack forces a redirect the connection from one computer to the next by re-routing information to the MITM system. MITM attacks, while possible are also very fragile and typically would not be used in an attempt to block email from a user to an ISP. ME: Read in a few hacker books about a MITM and Loky Servers and how they work. God gave me a gift and when I realized my abuse complaints were coming back "mainly" from many "Loky Servers", this expressed that a MITM was involved. Another sign was not receiving responses from Internet Service Providers with a ticket number. This "told me" the hackers had installed a MITM Server and only the hackers were receiving our mail. DUH! Even e-mails to my friends went unnoticed until I called them on the phone and asked them why they didn?t respond to me and their response was, I never received any mail from you. Many ISP?s I contacted didn?t even realize that when you send in an abuse complaint with a MITM that the complaint would go to the hacker first. They advised us to e-mail them any complaint and we advised them of their ignorance. I decided to give up on either Earthlink or Qwest Security Personal and what a shame. Being a basic computer user, they should know a hell of a lot more about MITM then me. The hacker directs my mail to their server, they read what they want and then forward only what they want to. In the paragraph following D (E??), There is a direct contradiction of the statement in paragraph A that number of ISP's were contacted and all held the same policy of allowing unlimited access to closed accounts via dial-up. The un-lettered paragraph states that only AT&T was contacted but all of the other companies provide dial-up access. ME: At the time only AT&T, Earthlink and Qwest were contacted. Earthlink and Qwest were separate companies, then they merged. At some point during the writing of my book, AT&T discontinued their free dial-up access. The remaining ISPs listed were contacted on the phone pertaining to their dial-up access. Three TOP well known ISPs couldn?t or wouldn?t cancel their dial-up access, so how could you expect small ISPs to do the same. "THE SECOND MILLION DOLLAR EXPOSURE" Once again we find nonsensical sentences like: "On unlimited occasions then you could count, while the system was online, it would freeze or lock-up." A system freezing or locking up can be caused by a number of factors including but not limited to OS issues, software or hardware conflicts, hardware problems etc. Making a correlation between a computer locking up and that same computer being compromised is ludicrous to say the least. Other than being an annoyance, locking up a compromised computer does very little for the "hacker" since a locked up computer is useless while it is in that state. ME: I believe the computer freezing up had to do with us changing between DCHP, PPP and dial-up connections and the settings between the different Internet Service Providers. Most basic computer users wouldn?t be changing their set-ups as often as we did. The Second Million Dollar Exposure wasn?t exposed to me until about a year after I discovered my systems were compromised. The test mentioned here merely shows what MS already told her, that is no charge for connections to multiple email addresses. Interestingly, the "test" mentions access to email accounts only. There is no mention if the "other Tracker" was using their ISP to attach to the MS mail server or if they were connecting via a login. Also, I noticed that there were not simultaneous connections to the SAME email account. Either way, if this is how MS wants to bill their customers, it is not evidence of a "hacker" doing anything to the account. It is merely a benefit of an MSN account and nothing more. Currently Compuserve, AOL and a number of other ISP's allow concurrent acess to member accounts in the same household. This is an indicator that more households have multiple computers that need to be online simultaneously and nothing else. ME: The other Tracker had their own MSN account. An ISP account can only track e-mail addresses, the phone number which the account is accessed from. A Tracker was connecting through their own MSN set-up using my main e-mail account e-mail address. Concurrent doesn?t mean the same as simultaneously at the same time. We both used my main email address and one other e-mail address of the nine addresses MSN provides. We connected at the same time one after the other using both my main e-mail address and one of the other eight e-mail addresses MSN provided. We both live in different states and we still were able to use the same e-mail addresses, simultaneously. No extra bill was sent my way, of which I would have paid. Just because "The Trackers" are friends doesn?t mean any one that is given any of my nine e-mail addresses should be able to connect at the same time. This is allowing hackers and 1%er Clubbers to also use these addresses to log onto Microsoft Networks or Servers which is providing free access to eight other people whom I may or may not know. And don?t forget them Dial-up Servers and pre-paid phone cards the criminals are using. DAMN! The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and different types of Servers can be found at: http://geocities.com/secure2003flop Tracker Tag: none Tag: 37517
  - 14
    - Asp.Net.Vulnerability: Asp.Net buffer overflows (potential security problems) Have anybody tested if the latest RPC vulnerabilities can be executed from an Asp.Net page running in an un-patched server? Since it is possible to make direct Win32 API calls from Asp.Net there is a high change that these vulnerabilities will work. If that is possible, please provide the test code in order for me to add it to our ANSA (Asp.Net Security Analyser, see http://www.gotdotnet.com/Community/Workspaces/Workspace.aspx?id=36ae9a2c-8740-4b52-924e-320edf64fba5) so that system administrators can quickly identify the vulnerable servers and patch them. Note that at the moment there is no 'real' solution to disabling Win32 API calls in IIS 5.0 and IIS 6.0. Which means that if these vulnerabilities exist, then it would be a critical problem, because everybody that hosts .Net websites in shared hosting environments would be affected. Best regards Dinis Cruz .Net Security Consultant DDPlus (www.ddplus.net) Tag: none Tag: 37511
  - 15
    - Asp.Net.Vulnerability: Win32 API calls (potential security problems) Asp.Net.Vulnerability: Win32 API calls (potential security problems) Since win32 calls are supported in Asp.Net and cannot be disabled when the website is running with 'Full trust', it is imperative to identify all potentially dangerous Win32 DLLs. Here is a short list of the ones we have identified whose risk needs to validated and (if required) write test scripts for: - New: CopyMemory, GetCurrentProcess, GetCurrentThread, GetTokenInformation, GetWindowsInformation, isNTAdmin, OpenProcessToken, OpenTheadToken, SendMessage - Compress: CopyLZFile, LZCopy - Crypto: CryptGetUserKey, CryptDestroyKey - Drives: GetLogicalDrives, GetVolumeInformation - EnvironmentVariables: GetEnvironmentString, GetEnvironmentVariable - Error: RaiseExeption, ReportFault, SetLastError - EventLog: OpenEventLog, ClearEventLog, ReportEvent - Exit: ExitWindowsEx, FatalAppExit, InitiateSystemShutdown, LockWorkstation - Files: CopyFile, CreateFile, GetFileAttributes, MoveFile, OpenFile, ReadFile, SetFileAttributes, SetFilePointer, SHGetFileInfo, TouchFileTimes, Writefile, FindFile: FindClose, FindFirstFile, FindNextFile - Heap: GetProcessHeap, HeapAlloc, HeapFree - Hook: CallNextHookEx, SetWindowsHookEx - ICMP: IcmpCreateFile, IcmpSendEcho - INI-Files: GetPrivateProfileSection , GetPrivateProfileString - Internet: FtpGetFile, InternetAttemptConnect, InternetConnect, InternetOpen, InternetOpenURL, InternetaReadFile, IsDestinationReachable, IsNetworkAlive, IsValidURL, URLdownloadtoFile - {List Not completed} Since we are not Win32 API experts (although we did manage to write a test script for the Kernel32 'WinExec' - see bellow) we would like ask for help to the more serious win32 developers which will be able to provide us with much more detailed and accurate information regarding the 'security risk' posed by each API call. The following is the code that we use in ANSA to test if a server is vulnerable. '**************************************************************** ' ANSA:W32_execute_cmd - This test checks if it is possible to execute ' commands on the server using a direct Win32 API call to the ' kernel32 'winExec'function . For this test to work a copy of 'cmd.exe' must ' be copied to the same directory containing this script '**************************************************************** <script runat=server> Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long public Function Run_test(mode) try Dim winObj, objProcessInfo, item, local_dir, local_copy_of_cmd, Target_copy_of_cmd Dim objStartup, objConfig, objProcess, errReturn, intProcessID, temp_name Dim FailIfExists Dim Cmd_to_execute = "dir" local_dir = left(request.servervariables("PATH_TRANSLATED"), _ inStrRev(request.servervariables("PATH_TRANSLATED"),"\")) local_copy_of_cmd = Local_dir+"cmd.exe" Target_copy_of_cmd = Environment.GetEnvironmentVariable("Temp")+"\_test.exe" ' Copy CMD.EXE to temp directory CopyFile(local_copy_of_cmd, Target_copy_of_cmd,FailIfExists) ' Execute Command and save results in temp file errReturn = WinExec(Target_copy_of_cmd + " /c " + cmd_to_execute, 10) Run_test = OK + Critical +" The server allows the remote execution of commands using a direct call to WinExec API!" catch Run_test = OK + low + "It was not possible to execute commands using cmd.exe" end try end function </script> '**************************************************************** Thanks for the help Best regards Tag: none Tag: 37509
  - 16
    - i get this on my desktop Hi every week or so..i get a file called ~ on my desktop... i only get it when i have been surfing the net... it is small.84Kb.no signature..no properties. what is it?????? Tag: none Tag: 37507
  - 17
    - how to install IE security patches remotely i want to remotely install ie security patches and hotfixes to all my users. we have sms, and want to know if there is a way to update all out pcs remotely. we have no budget for this so it has to bee with sms or something that MS offers for free. Tag: none Tag: 37506
  - 18
    - Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions) At the moment the only method available to disable direct Win32 calls from Asp.Net pages (using for example: " Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long") is to reduce the website's trust level from 'Full trust' to 'Medium trust'. Although in some scenarios this is a valid solution, for ISPs this is not acceptable because in the current (V1.1) release of the .Net Framework the following objects don't support partially trusted code (i.e. only work with 'Full trust') - UI - OleDb - EventLog - ODBC - Oracle - MessageQueue - ServiceController - DirectoryService - Performance Counter - Win32 calls required for User Impersonation Although some of this restrictions would even be welcomed (for example MessageQueue or EventLog), today it is unthinkable to offer .Net web hosting services without support for ODBC or OleDB . Most database accesses are programmed using ODBC calls and one of the main reasons for the use the .Net (and previously the .asp) platform was the ease of use and rapid development features of Access and SQL server databases. So, until Microsoft releases the next version of .Net (V2.0) or a patch for this problem, the ISPs and anybody responsible for .Net shared hosting environments, will have to execute their client's website code with 'Full trust'. Given the dangers and risks created by situation (remote command execution, disclosure of usernames and system information, etc... ), the only solution is prevention and detection. After some online research we couldn't find any relevant discussions about this issues, so we would like to propose the following ideas and see if one of them does produce a valid and acceptable solution for this problem: 1) Code Validation - a) Create a tool that executes after all compilation is done (i.e. when IL code is created) but before the IL code is converted to machine code and executed by the OS. This toll would validate the DLLs / EXEs and approve or disapprove its execution based on the calls that are made. For example if a DLL contains a call to the Win32's "winExec" function then (unless the DLL has a special permission) its execution will be denied. b) This tool could be used on 'live' websites or could be used offline (some of this might have to be developed by Microsoft). The offline mode could be part of an 'Approval Mechanism' c) This concept is the same as the one applied by the Anti-Virus software that check for 'dangerous code' (i.e. virus signatures) on files (downloaded from the web, attached to an email or copied to disk) before they are executed by the system. The AV companies should develop such products because they already have the core system, the automatic updates, the report engine, the 24/7 security response teams and the brands. 2) Improved security infrastructure: a) Full daily backups on all data stores b) Monthly re-Builds of all servers (automated procedure) c) ability to rebuild a server in 1h: i) Install OS and applications ii) Install security policies and settings iii) Import databases from backup (or live servers) iv) Add users (if required) v) Assign IPs vi) decommission old server (if still live) and publish rebuilt server without any loss of service d) the ideal situation would be to have the servers in a cluster environment where when one server is rebuilt (due to normal rebuild practices or it was compromised), it can be removed from the network without any loss of service 3) Have one website per virtual server (both running in a main server) a) the idea would be to have the equivalent of VMware where a server would host each website in its own 'virtual' server (like mainframes). This would require a much lighter version of windows 2003 which would have to be designed for such scenario. Another possibility would be to use Linux which will be possible once the porting of the .Net platform is fully completed. 4) Audit Website Folders and Files: a) monitor and audit at OS level (using NTFS) all files that belong to each user by analysing the logs stored in the Event Viewer b) create custom reports per site / per user with details of whom (from the inside) accessed those files 5) Only execute signed and approved code - a) Two server scenario: i) Development server (insecure) ii) Live server (secure) 6) Reduce customer anonymousity - a) Require authorized IPs to edit site b) Require IPSec key to edit site c) Validate identity using Credit Card system and other identity schemes 7) Improve protection of important information (Such as usernames, passwords, database connection strings, database data, etc...) a) Never strore these information in clear text (always stored them encrypted) b) Etc.... Although Asp.Net is a giant leap forward on the technological frameworks required to build more robust and secure web services, unless these applications can be securely hosted, they will never gain public acceptance and wide usage. And unless a solution is found for this 'Full Trust' issue, nobody will be able to provide secure hosting of Asp.Net code. We believe in shared knowledge and the power of peer-review, that is why we published our Asp.Net Security Analyser (see http://www.gotdotnet.com/Community/Workspaces/Workspace.aspx?id=36ae9a2c-8740-4b52-924e-320edf64fba5) as an open source web application, and why we are posting this information online and asking for your ideas and suggestions. Best regards Dinis Cruz dinis@ddplus.net .Net Security Consultant DDPlus (www.ddplus.net) Tag: none Tag: 37503
  - 19
    - Security patches I have about 20 NT 4.0 boxes w/SP6a that will not install any of the security patches. I have tried going through windows update and receive a message no critial update needed. But I know the OCT 15th patches are not installed Tag: none Tag: 37491
  - 20
    - Checking the record okay foo, I be check'n stuff and it be down. Be wack just like that when the hat tips da nat. Foo be like...damn. Tag: none Tag: 37488
  - 21
    - October 15 Security Updates I'm installing Oct 15 Security updates and it has stalled. It's been running over 40 minutes. Has any one else witnessed a problem? Tag: none Tag: 37487
  - 22
    - SUS 1.0 SP1 & Active Directory Could someone please clarify whether or not Software Update Services 1.0 SP1 can be installed on an Active Directory server? All documentation & discussion groups are vague at best answering this question. Thanks, Roberto Lopez Technology Consultant MMC, Inc. Tag: none Tag: 37485
  - 23
    - Constant Updates Why are we being told that the constant security updates are a feature? The Microsoft is "getting serious about security"? When I paid $200.00 for this software I, like alot of other users, thought they were serious then. I was a beta tester for XP a few years ago, why does it feel like I still am? And why is Microsoft patting themselves on the back for such a great job? This may be the all-time greatest display of incompetence in the business world, and this company is still successful. We should all be ashamed of ourselves for allowing this to go on, and for sitting here like helpless sheep waiting for the next patch. Where are the class action suits for this company selling us a lemon? Tag: none Tag: 37483
  - 24
    - Port 135 I have a firewall. But there are times when I have to bring it down since it gets in the way of some other apps. I have Windows 2000/PRO with the latest security patches (except the one just announced, those will be applied tonight). What I still see at times, not all the time, is a port 135 session either established or some other state. Nothing is going on. It just seems like its stuck or something. Again, I have all the RPC, DCOM related security patches. I have used the Microsoft Testing tool and it reports the machine is patched. What's going on here? Also, how can I effectively block port 135 on my machine without having a 3rd party firewall? I know RPC is important and Microsoft depends on it for other stuff, but it is possible to set it up under network settings to block this port without any degradable or problem with Windows itself? Ed Tag: none Tag: 37482
  - 25
    - KB824105 patch does not install When using updating Windows workstations before deployment the KB824105 patch does not install. Our basic procedure is: 1> install XP 2> make sure all devices are properly setup 3> run XPSP1 setup 4> install any applications 5> patch using windows update 6> then run XPSP1 setup again and deploy. On the fifth step all the critical updates install normally without issue except for the KB824105 patch. We work primarily with refurbished Dell GX100's, GX110's, and GX400's for our XP boxes. Tag: none Tag: 37481
- Next
  - 1
    - Please ,someone help me! My laptop is being hacked daily. I first noticed it yesterday when I attemped to login to Hotmail. First, early one morning I witinessed my screen start o write and different boxex come up and the information was being edited right in front of me. I turned of the computer. Second, I noticed the screens were totally different.. different. At the same time my son was on a different computer (desktop), already logged into Hotmail. What can i do to combat what I precieve to be hackers? I immediately turned off my system . I called my service provider and they told me I was Tag: none Tag: 37480
  - 2
    - Laptop being Hacked What can I do to combat it? Tag: none Tag: 37479
  - 3
    - 03041 thur 03045 Can I run this patches back to back with out a reboot? on all OS' Tag: none Tag: 37467
  - 4
    - Digital Certificate Problem I recently got a new username, old username deleted. Now I can't use a certificate I need for a secure site. I can see the certificate in internet options - content and it appears fine. When I navigate to the site, the popup to choose which certificate to use comes up empty. I am trying to get somebody at the secure site to help on this, but no luck so far so I wanted to see if there might be a way to fix this problem on the client side. Thanks! (OS = Windows XP Pro, browser = IE 6 SP1) Tag: none Tag: 37465
  - 5
    - diabling network password Until recently I had ppl living in my house and we had seperate logons, now I want them all gone so that I don't have to logon to my own computer at home. Any suggestions? Tag: none Tag: 37460
  - 6
    - Question about Kerberos ticket forwarding We are trying to authenticate to an applicaftion behind IIS. The scenario is : Win2k Pro with IE 6 ---> IIS + GSS initiator ---> GSS acceptor We log onto Active Directory at workstation, then using IE Kerberos authentication we are able to authenticate to IIS. This is working. We want to use delegation so that our forwarded credentials on IIS server can be used by a GSS-API application that commuicates with GSS-API application on a UNIX host. Since our GSS-API library does not support RC4-HMAC cipher at the moment we are trying to get the forwarded tgt to be created by AD using DES-CBC-MD5 or DES-CBC-CRC. When we change the flag in the account on AD so that the initial tgt is issued with DES key this works, but for some reason the forwarded tgt that is present on IIS server is not using DES and so our GSS application cannot acquire credentials to setup a security context with the GSS acceptor on UNIX. Any ideas ? Tim. Tag: none Tag: 37458
  - 7
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.16 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: none Tag: 37456
  - 8
    - 823559: Security Update for Microsoft Windows I do not understand why I continue to receive critical update notification for this update. I have included the number of times I have installed this update, but I continue to receive notice. Any suggestions as to why? Thank you for your assistance. Cheryl Successful Thursday, October 16, 2003 823559: Security Update for Microsoft Windows Web site Successful Wednesday, October 15, 2003 823559: Security Update for Microsoft Windows Web site Successful Wednesday, October 15, 2003 823559: Security Update for Microsoft Windows Web site Successful Tuesday, October 14, 2003 823559: Security Update for Microsoft Windows Web site Successful Tuesday, October 14, 2003 823559: Security Update for Microsoft Windows Web site Successful Tuesday, September 09, 2003 823559: Security Update for Microsoft Windows Web site Successful Saturday, September 06, 2003 823559: Security Update for Microsoft Windows Web site Successful Monday, September 01, 2003 823559: Security Update for Microsoft Windows Web site Successful Sunday, August 31, 2003 823559: Security Update for Microsoft Windows Web site Successful Saturday, August 30, 2003 823559: Security Update for Microsoft Windows Web site Successful Friday, August 29, 2003 823559: Security Update for Microsoft Windows Web site Successful Thursday, August 28, 2003 823559: Security Update for Microsoft Windows Web site Successful Thursday, July 10, 2003 823559: Security Update for Microsoft Windows Web site Tag: none Tag: 37455
  - 9
    - Firewall Question (lsass.exe) I am using Symantec Internet Security 2003. A remote computer keeps trying to access lsass.exe on my system. What is lsass.exe for? Should I allow this? Tag: none Tag: 37450
  - 10
    - Automatic Update behind a proxy and firewall Hello! I turned on the Automatic Update utility and set it to notify me. It's been about 7 hours but I haven't seen the icon on my desktop. I also tried to schedule it but it still won't run. No error message. Pls. help! Thanks! Tag: none Tag: 37448
  - 11
    - IDSCoLU.exe This little program keeps wanting to connect to a remote system in washington America. My firewall blocks it, does anyone have any ideas how I got this onto my system? And can I safely remove it? Tag: none Tag: 37447
  - 12
    - question for Bill sanderson Hi-I have been reading these posts in hope of trying to learn a thing or two-It seems that you are well informed about microsoft windows updates- Im so new to the internet world & have a question: How can I check on my pc to see if I have all the needed updates that are automatically downloaded from windows? I went to the add/remove prgrams and saw I had a few hotfix updates installed-then I checked on a link to see if they matched the ones there (I dont know if I went to the right link but it was one that you recommended) Should I go to a link and install all or any patches that are not in my pc to make sure that I am safe-I have only had access to the internet for one year to date. So do I go only to that beginning date-I hope my question is understood-I appreciate your help on these updates.thanks Tag: none Tag: 37441
  - 13
    - Help:Unable to install WinXP ServicePack1(Exp) Critical Update Hi There: I tried to update my WinXP Home Edition with the Serivce Pack 1 (Express) critical Update but unable to install it. The update was successfully downloaded and extracted but when it goes to the installation part, it recommended me to close all anti-virus program which I did and did the Back up system or close all open program which I also did. But still this important Critical Update is not able to install and pop-up a window saying: Service Pack 1 Set up Error - Set Up canceled. In the Web Page Dialog - it is shown that it is not done. I review the download history and "Retry" many times but not able to do it. Any help to give me an idea to let me install this important Critical Update. I have just spent 2 months to remove the viruses I have even though I have the latest McAfee Virus Scan and do the DOS SCAN, turn off the System Restore, Disk Clean etc. It is like hell, believed it. I need to go back and forth to McAfee to online chat with them for 12 times with different technicians and also includes 2 supervisors. Hope helping hands are there this time. Tks. H. Tag: none Tag: 37438
  - 14
    - can I delete hotbar? I recently uninstalled hotbar-But at Pestscan.com it is still showing up on the top of the list. I guess that it is still in my files-Can someone show me how to manually & safely delete ALL that has to do with Hotbar-step by step,please. thanks in advance Tag: none Tag: 37435
  - 15
    - MAKING YOUR COMPUTER SYSTEM SECURE AFTER =?iso-8859-1?Q?IT=92S?= BEEN I highly recommend keeping the hacked hard drive and purchasing a new one. Of course you could mirror the drive, but you still need a replacement drive to perform this task. You can?t produce the same results by replicating files versus viewing the actual hard drive itself. If your system was used to attack and crash a Network, or System, you have proof for the FBI or any Law Enforcement Agency. This would show you were not involved in any illegal activities until you discovered your system was hacked. The proper method is to re-format your hard drive, and install from original CD-ROM. To safe guard against software manufacturer employee malicious activity always virus check your CD-ROM. Not too long ago, I decided to install X Software Application on a computer, media form was a CD-ROM. Immediately, Norton Anti-virus told me a suspicious file named "install.exe" was trying to load into my hard drive boot sector. We all know an application doesn?t need to load in a boot sector of a drive. After telling the computer not to install this application, it still made it?s way and changed the name of my hard drive. The computer access slowed down, while viewing directories the screen started to move back and forth. Virus check all floppy disks because hackers DO install a Backdoor, Trojan Horse, or Virus on disks. They enjoy doing this especially when you?re online using your computer, with a floppy in the drive. My preference is to obtain a replacement CD-ROM if your software applications are on a floppy. What concerned me most is a Backdoor was planted in a .zip file and unopened. Norton?s Anti-virus application couldn?t detect it. Let?s one day you come along and for no reason, you decide to open this .zip file, voila, the Backdoor is unleashed. There will always be evil code applications (to knock your system into becoming a victim) out in this world which anti-virus applications won?t be able to catch. Either the Trojan Horse already installed on your system will eat the floppies alive, or hacker?s will. Hackers will bind or disguise their applications and install them on your floppy disks. Many Trojan Horses "hide" all traces of their applications they run on your system. On your computer perform a search for a file named "backdoor.zip". I will warn you now, if you unleash this baby after a complete application install and go online, you will unleash many of the secrets to the "underground" hackers world. A number of Internet Service Providers allow free dial-up access with DSL and Cable connections. Note: Hackers are taking advantage of your canceled accounts even when they were closed. Until certain Internet Services Providers and Telecommunication Companies correct their major error; telecon your ISP and ask them to change your password since malicious hackers are abusing your canceled account, holding you liable. Disabling all unnecessary Window Services will assist in making your computer system secure. How to accomplish this task is presented under "Windows Services you might want to disable". If running any type of Server, update the latest application patches. Once you are able to view all Hidden Files and Folders, it would be smart to make a backup copy of your registry. To perform this, do the following: A. Select Start, Run, type in Regedit, and press enter. B. Then Select Registry, Export Registry File C. In the box, type a name like "3-21-02.txt" D. Select Save. You can open this file in any text editor. What you want to do first is check the bottom of the file. Hardware/Application/Device Driver information can be setup by hackers at the bottom of the file. What I did was "incorporate" one registry entry at a time. You could see a major difference. Each time you save the registry file it will create a file called RB000.CAB and so forth, depending on how many copies that you have saved. If you perform the backup when the hackers are abusing your system, you might only see 30 lines of text, the next time 100, and so on. This is a clear sign that your computer is compromised. The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking, Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus, Windows and different types of Servers can be found at: http://geocities.com/secure2003flop Tracker Tag: none Tag: 37434
  - 16
    - Ques. for "ghost chip" or qualified Hi- I read your advice from someone that wanted to delete their email address from these posts-I thought it could not be done but was eager to try-Problem is I dont know how to do it (if it can be done)-Im new too to computors- I posted a few messages on this newsgroup (security/virus) if it can be done, can you please show me step by step- what to highlight & how to delete it in the edit button or where ever -thanks for whomever helps Tag: none Tag: 37433
  - 17
    - Protect your privacy from Googlers FYI - Google has implemented a new feature where you can type someone's telephone number into the search bar and hit enter and you will be given a map to their house. Think about it - if a child, single person, or anyone gives out his/her phone number, someone can actually look it up and find out where he/she lives. The safety issues are obvious, and alarming. This is not a hoax; map quest will actually put a star on your house on your street. In order to test whether your phone number is mapped, go to <www.google.com> and type your phone number in the search bar with dashes (i.e.555-555-1212) and hit enter. Note, if your phone number is not public it will not be listed. If you want to BLOCK Google from divulging your private information, simply click on the telephone icon next to your phone number. You will see a link where you are allowed to remove yourself. Tag: none Tag: 37432
  - 18
    - Process ID limit Hi I know this a bit out of topic but does anybody knows on the limit of pid that can be created? Did some test run on a desktop pc here with win 2k pro and found that once the pid reaches 17k the pc hung with this error unable to find psapi.dll. Any clues on this??? Regards, deb -- Posted via http://dbforums.com Tag: none Tag: 37430
  - 19
    - Security chat with Mike Nash - Microsoft Corporate VP Mike Nash is the VP of the Microsoft Security Business Unit (SBU) and he will be hosting a chat tomorrow morning, October 16th, at 9:00 AM PST on security and Trustworthy Computing. Please try to come! Chat room link: http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000015 -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: none Tag: 37424
  - 20
    - jdgmgr.exe Virus ? I received th3e below email and I wondered if there is any truth to it. Thanks Please check your computer. We had the file mentioned below on ours. Thanks....and sorry for any inconvenience. Sally & Mike *********************************************************** ***** Unfortunately, a virus has been passed on to me by a contact. My address book may be infected. Since you are in my address book, there is a good chance you will find it in your computer. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee anti virus systems. The virus sits quietly for 14 days before damaging the system. It is sent automatically by messenger and by the address book, whether or not you sent e-mail to your contacts. Here is how to check for the virus and how to get rid of it. Tag: none Tag: 37420
  - 21
    - 5 patches I tried to install the five patches, but two failed - KB824141 and KB823182. Why? I am running Windows 2000 on an AMD-k6 Athelon processor with plenty of room on my hard drive. Anybody have any idea? Jerry Tag: none Tag: 37417
  - 22
    - 5 Patch update I tried to update the 5 critical patches, but 2 failed to install - KB824141 and KB823182. I am running Windows 2000 on an AMD Compaq Presario. What am I doing wrong here Tag: none Tag: 37414
  - 23
    - VALIDATION PROCEDURE - Microsoft Security Bulletin - BEGIN PGP SIGNED MESSAGE What is the procedure to validate the authenticity of a Microsoft Security Bulletin from xyz@Newsletters.Microsoft.com its embedded PGP signature? PGP 6.5.3 should be able to validate PGP 7.x & 8.x SIGNATURES right? ============ REF: PGP Freeware 6.5.3 returns ... *** PGP Signature Status: bad *** Signer: Microsoft Security Response Center <secure@microsoft.com> (Invalid) *** Signed: 10/15/2003 2:50:08 PM *** Verified: 10/15/2003 5:40:29 PM *** BEGIN PGP VERIFIED MESSAGE *** -------------------------------------------------------------------- Title: Microsoft Windows Security Bulletin Summary for October 2003 Issued: October 15, 2003 Version Number: 1.0 Bulletin: http://www.microsoft.com/technet/security/winoct03.asp -------------------------------------------------------------------- ... -------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ... SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. -------------------------------------------------------------------- *** END PGP VERIFIED MESSAGE *** ******************************************************************* ... To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. ... ============ This is after loading the http://www.microsoft.com/technet/security/MSRC.asc NOTE: Using PGPkeys.exe I even signed and changed the key properties to trusted after confirming: FP: 5E39 0633 D6B3 9788 F776 D980 AB7A 9432 for ID: 0x3103F52B ============ Tag: none Tag: 37411
  - 24
    - delete a post with real email adress? Made the big mistake of putting actual email address on a few posts. I'm now receiving a worm a bazillion times a day. Is there a way to delete the ones with my email address? Tag: none Tag: 37410
  - 25
    - possible virus I keep getting a message from Norton that two files in Windows Media Player are actually Trojan Horses. Both files end with iedll.exe. Norton cannot fix or remove these files, because access is denied. How do I tell if they are actual WMP files or a Trojan Horse? Tag: none Tag: 37408

none

--
Posted via http://dbforums.com

Re: none by qashi1

qashi1
Fri Oct 17 14:43:22 CDT 2003

unexpected win98 shutdown or reboot randomly (I do not change any
hardware previously)

Is this is a virus.

--
Posted via http://dbforums.com

Top