ntoskrnl.exe is sending UDP message

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - Pornographic pop-ups I have recently been evaded by porn pop-ups. The site "spyware" has taken control of my system. I can not do anything with out having that site request that I download their product "spy wiper"!! My system will not even save my homepage preference...it defaults to "spyware" HELP!!! Tag: ntoskrnl.exe is sending UDP message Tag: 40706
 - 2
 - saving passwords Even though I check the box to save a password with a username, it is not doing it. Is there something else I need to do? Tag: ntoskrnl.exe is sending UDP message Tag: 40701
 - 3
 - bios password An employee quit and had a password during the boot sequence (Bios). Is there away to reset or clear the password? Tag: ntoskrnl.exe is sending UDP message Tag: 40697
 - 4
 - Our 2000 Server was compromised and it has all the security patches. A client of mine has a Windows 2000 Server running that was just compromised. Housecall (online scan) identified HKTL_SFIND.A / BKDR_RCSERV.C & BKDR_IROFFER12.A as actively running. After brief review it appears as though hacker utilities such as serv-u ftp, sms.exe, scan1000.exe, winmgmt.exe, sqlck.exe etc. were loaded and used for their benefit. We have/had the following services running that could have been exploited: SQL std. port, Terminal services admin mode, and inetpub svcs. I checked just to see if there were new updates to windows etc. and there are not any. This concerns me because we have other servers running with the same configurations with all the patches/updates etc which leads me to believe they are also vulnerable. If anyone has any information as to who to contact, who to provide information to about new exloits, how our system may have been exploited etc please let me know. We are preserving the hard drive for inspection if necessary because we feel the system was compromised beyond repair. Several system files look like they were replaced with the hackers version and thats just from a log file, there is no way to be sure. Also, the scan1000.exe tools output was piped to a log file and they were scanning for port 1433 on random ranges of IP's (not ours) which leads me to believe that they probably came in through SQL port if they are trying to find more. This may be a new SQL exploit. I ran this SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition') and this is what was retuned fyi: 8.00.760 / SP3 / Std. Edition Thanks, Scott Tag: ntoskrnl.exe is sending UDP message Tag: 40695
 - 5
 - e mail downloads? I continually get e mails purpotedly from microsoft to download patches . I delete them all . Are they all spoof or genuine ? Tag: ntoskrnl.exe is sending UDP message Tag: 40692
 - 6
 - Transaction-based IP email protocol At least 97% of the email I receive is junk mail that I don't want in my inbox. Most of it has forged headers. Why isn't there a protocol that can confirm that the routing information contained in the headers is valid? The receiving end server should be able to link to the sending server for confirmation before it accepts an email. Tag: ntoskrnl.exe is sending UDP message Tag: 40688
 - 7
 - Closing Ports There are dozens of pages that describe using netstat to look at ip tables. And many authors suggest closing unneeded ports. But I have not yet come across a sigle document that tells me the commands to control closing a port in windows if it exists. And don't suggest buying more utilities. That is the biggest scam. If is a partial listing of what I am getting. Yes it is kazaa, but is there some way to control it's access by port??? Active Connections Active Connections Proto Local Address Foreign Address State TCP kazaa:3170 KAZAA:0 listening TCP kazaa:3185 KAZAA:0 listening TCP kazaa:1251 KAZAA:0 listening TCP kazaa:3162 KAZAA:0 listening TCP kazaa:1250 KAZAA:0 listening Thansk Howard Tag: ntoskrnl.exe is sending UDP message Tag: 40685
 - 8
 - turning off info sent to HP Can anyone tell me how do I turn off info on my computer that is automatically sent to HP, or Microsoft? I just found out everything I do is sent to microsoft and I feel that is WRONG. Thanks for any help. Jamie Tag: ntoskrnl.exe is sending UDP message Tag: 40680
 - 9
 - Permission question I am having problem to access to a stand alone 2003 server from any machine in a 2000 LAN. I need to have access to a shared folder on 2003 server. This server is not a part of a LAN, (its a WEB server). how can i set the permissions so an individual user from the LAN access to that folder, i dont want to set "everyone" permission. When I try to set permission as domain\username it wont accept that. Thanks for any help. Rob Tag: ntoskrnl.exe is sending UDP message Tag: 40679
 - 10
 - Exchange Error or Compromise I need to know if someone can explain to me how a user can get an error when writing an email that is "this has been changed by another user in another window. Would you like to save a copy?" Tag: ntoskrnl.exe is sending UDP message Tag: 40678
 - 11
 - Security Readiness Disk I ordered the Security Readiness Disk from Microsoft. It has all the current service packs and patches. It is great because when I am in the field it saves waiting for a download. I do have a question though. The disk has a screen with all the service pack and patches, on this screen it shows two XP products, XP pro and XP Pro Gold. Each of these listed products has it's own set of service packs and patches. What is the difference? What is XP Pro Gold? Michael Tag: ntoskrnl.exe is sending UDP message Tag: 40676
 - 12
 - Yahoo.dll update? After installing the upgrade to Zone Alarm to 4.5.530, I had a prompt on my screen to get an upgrade for *yahoo.dll. Does anyone know if this is legitimate? There was no local program identification. I am running Trillian .74 w/patch D. Any advice appreciated. Tag: ntoskrnl.exe is sending UDP message Tag: 40672
 - 13
 - Pop Up's Anyone know where I can look for a virus that has attached itself to my computer? I get pop up ad's (not porn) all the time even when I'm not on-line. I'll be playing a game and they will cause the game to collapse and they'll start running. It's the same one's over and over so assume there's a program somewhere that I need to delete. Any ideas? Tag: ntoskrnl.exe is sending UDP message Tag: 40671
 - 14
 - Windows 2000 network security design Hi all I like to join a newsgroup to help me studing Windows 2000 network security design exam 70-220 where I can find that please thank you Tag: ntoskrnl.exe is sending UDP message Tag: 40668
 - 15
 - Ann: Tool to detect unsolicited IP activities in W2K/XP IP ticker is a utility to investigate your PC's IP activities. Please visit http://www.soft-trek.com.au/prjIPTicker.asp Tag: ntoskrnl.exe is sending UDP message Tag: 40667
 - 16
 - weird happenings! I have just connected to the internet and a download box appeared on my screen from Outlook, the file is an exe file and is 46.3kb in size. I have saved it to my desktop and run a scan from Panda AV on it and it comes up clean, however I never requested it so how did it just appear on my screen and what is it? Should I get rid of it? TIA Tag: ntoskrnl.exe is sending UDP message Tag: 40664
 - 17
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.25 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: ntoskrnl.exe is sending UDP message Tag: 40660
 - 18
 - Restoring Only system32.exe? My system32.exe got infected with Backdoor.sdBot how can I replace only system32.exe file? NV 2002 wont clean it even with new av defs files. Tag: ntoskrnl.exe is sending UDP message Tag: 40659
 - 19
 - Pop ups gone wild Please help! Ok, here's the story. I let my daughter download Kazaa on a computer with Windows ME and I think we started to get some pop-up annoyances, though not terrible. At some point, I was on the computer and saw a Windows dialog box that said the computer was becoming overwhelmed with pop- ups and did I want to install a pop-up protector. I am not an idiot who believes everything he sees but this appeared to be an official windows dialog box. To my knowledge, I successfully downloaded and installed that program, though I may not have been successful loading it. Does anyone know if Windows sedns this kind of dialog box? Anyway, I noticed that, sometime after that, it seemed like the pop ups got worse. I then noticed that my default internet site was not yahoo and so I changed it back, thinking that would probably solve the problem But it is not. The only program I am using, fight now, is Norton AV and as it is scanning I am still getting pop ups. First of all, with Windows ME, can I restore my registry to what I had say three days ago and undo all the Kazaa installation and possibly phony anti-pop up installation I've done? Secondly, I see a bunch of programs that I don't know what they are. Can you folk, tell me which are likely to be the problem causing the pop ups? They are as follows: Bargain Buddy, BDE, Eboles Moe Money Maker, IMesh, Imesh ads support, Lycos Sideserver, MySearch Bar, New net domains 5.48, p2p networking, peer points manager, sanity media master, Top Text Ilookup, Viewpoint media player (remove only), Web Hancer Customer Companion, webHancer Survey Companion. Thanks, Deana Tag: ntoskrnl.exe is sending UDP message Tag: 40652
 - 20
 - SAFEBOOT RECOVERY CODE I HAVE WINDOWS 98 ON MY LAPTOP AND IT HAS GON INTO SAFEBOOT AND WANTS ADMINS RECOVERY CODE I DONT HAVE ANY MORE CAN ANY ONE HELP PLEASE Tag: ntoskrnl.exe is sending UDP message Tag: 40645
 - 21
 - Proxy chains Does anyone know in what versions of MSIE are proxy chains supported Thanks Beli Tag: ntoskrnl.exe is sending UDP message Tag: 40638
 - 22
 - Can't access network files/folders Grrr..... After letting Microsoft do a "let us do it for you" security update from the "Updates" page I cannot access certain files and folders on other systems on my private home network. Any instructions for removing/resetting file access permissions would be greatly appreciated. I've cruised the Microsoft site but can't seem to locate instructions on how to "undo" what the update did. I do not normally access this newsgroup so Email to corky1747@earthlink.net would be greatly appreciated. Thanks, Corky Tag: ntoskrnl.exe is sending UDP message Tag: 40634
 - 23
 - SpyBot Search & Destroy Update 24/11/03 2003-11-24 Hijacker + AdultLinks.QaBar + AdGoblin + Xupiter.OrbitExplorer + IEDLL.ToonComics ++ SearchDotCom ++ CoolWWWSearch.HTMLEdit + CoolWWWSearch.SVCPack + SearchXL ++ ExPup ++ SearchOMatic + I-Lookup ++ RSSToolbar ++ SearchForge + CoolWWWSearch.WinSearch ++ Mirar.NNBar + eUniverse.IncrediFind ++ CleverIEHooker.Jeired + IEDLL.ToonComics + CoolWWWSearch + Search-Exe + MediaLoads + ClearSearch.Net + SearchAndClick + eXactSearchbar ++ FastSeeker + ToolbarCC ++ CoolWWWSearch.XPlugin + Adtomi.YahooStocks ++ AdsStore ++ ISTbar.CSearch ++ LoadHTML.BHOPopup ++ LoudMarketing.WinFavorites ++ ++ AdRoad.Cpr Spyware + PurityScan + Outwar ++ iPend + Huntbar + ShopNav + eAcceleration + WildTangent + BrowserAid + SearchSquire Malware ++ iempg + eUniverse.MyFreeCursors ++ ClimaxBucks.InternetOptimizer ++ KeenValue.PerfectNav + Haczyk.Ulubione Keylogger + NetSpy + Winvestigator Trojans ++ Peper ++ VividGalut ++ SpamRelayer.DiskServ ++ Remover.Trojan -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: ntoskrnl.exe is sending UDP message Tag: 40631
 - 24
 - content advisor i am using content advisor to block sites on my computer. When you type in the website in the url, it blocks the site. but if i search for it in yahoo, and find it, I can double click on the link and it takes me to the site. How can i block this site? Tag: ntoskrnl.exe is sending UDP message Tag: 40630
 - 25
 - ip address where do i find the IP address of my computer? Tag: ntoskrnl.exe is sending UDP message Tag: 40626
- Next
 - 1
 - Search for blank passwords Hello, I would like to know if there is a utility or function of Windows 2000/XP command line that I can run to tell me if a computer has a blank password on one or any local user accounts. If I type "net user test" (where "test" is my username) from command line, I get all the user info, but it doesn't seem to give me what I'm looking for. The end result will be embedding this into a patch / account checking application that e-mails me the results of what it finds. I've already got the patch checking part done, but need help on the account side. How does the MBSA check for weak passwords? Any ideas? Tag: ntoskrnl.exe is sending UDP message Tag: 40625
 - 2
 - Norton and Bundle.exe My Norton program is alerting me that Bundle.exe is attempting to go to the internet, and labels it a medium risk access. The options are block, allow, and let me do it manually. 1. Why is bundle.exe going to the internet? 2. Should I let it? 3. How can I tell it not to, and prevent the program from trying ever ten minutes? I am running Windows Millenium Edition on a Sony VAIO. Thanks...RLB Tag: ntoskrnl.exe is sending UDP message Tag: 40620
 - 3
 - Attachments stripped from my Emails received Attachments such as Word documents are being removed from my incoming Emails by Internet Explorer or by Norton. Which do you think is doing it? How do I change the settings? Jim Tag: ntoskrnl.exe is sending UDP message Tag: 40617
 - 4
 - Bounce e-mail question I've been using a tool called ABouncer (recommended by someone on this NG) to notify ISP's when I receive Unsolicited Bulk E-mail. I started wondering whether this tool is actually working properly, so I tried sending mail from my web-mail address to ordinary address, then used ABouncer to bounce it back to my web address. This has not worked, so does that mean ABouncer is'nt sending any messages to ISP's, or am I misunderstanding something. Incidentally, when I click SEND on ABouncer, after a few seconds it flashes up Caught Sendmail ....... I've always assumed that meant that the message had been sucessful. Tag: ntoskrnl.exe is sending UDP message Tag: 40611
 - 5
 - Account User Reset I took my computer to a local computer "fixer" to have some work done on it. When I got it back, he had somehow deleted my account profile, leaving only my 'guest' profile. I now do not have any administative privleges, and don't have a password reset disk. How do I completely restart my computer so I can set up a new adminstrator account? PS- Nothing needs to be saved on my computer, so deleteing all existing files is not an issue. Any help would be appreciated. Tag: ntoskrnl.exe is sending UDP message Tag: 40607
 - 6
 - Cool Web Search Spyware Hijacker "Schredder" Update [1.36.1] http://www.spywareinfo.com/~merijn/ < quote> A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. >>>>>Currently changing versions at the speed of light. </quote> http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip the tool, ensure that all your IE/OE Windows are *closed* hit the executable and follow the prompts. You are *strongly urged* to use these tools, they are MS-MVP tested and safe. If anyone has questions, feel free to ask - Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: ntoskrnl.exe is sending UDP message Tag: 40605
 - 7
 - Securing the Registry. G/day forum, I've been ploughing through documents and whitepapers on how to secure your web server, the best resource of all was probably Improving Web Application Security - Threats and Countermeasures, an absoloute bible for all ye web admins out there. Before you read the part i'm querying, it i just want to doublecheck that i'm not missing anything. Your thoughts please :) On Chapter 16: Securing Your Web Server, page 449, the following: Step 9. Registry The registry is the repository for many vital server configuration settings. As such,you must ensure that only authorized administrators have access to it. If an attacker is able to edit the registry, he or she can reconfigure and compromise the security of your server. During this step, you: ? Restrict remote administration of the registry. ? Secure the SAM (stand-alone servers only). Restrict Remote Administration of the Registry The Winreg key determines whether registry keys are available for remote access. By default, this key is configured to prevent users from remotely viewing most keys in the registry, and only highly privileged users can modify it. On Windows 2000, remote registry access is restricted by default to members of the Administrators and Backup operators group. Administrators have full control and backup operators have readonly access. The associated permissions at the following registry location determine who can remotely access the registry. HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg To view the permissions for this registry key, run Regedt32.exe, navigate to the key, and choose Permissions from the Security menu. Secure the SAM (Stand-alone Servers Only) Stand-alone servers store account names and one-way (non-reversible) password hashes (LMHash) in the local Security Account Manager (SAM) database. The SAM is part of the registry. Typically, only members of the Administrators group have access to the account information. Although the passwords are not actually stored in the SAM and password hashes are not reversible, if an attacker obtains a copy of the SAM database, the attacker can use brute force password techniques to obtain valid user names and passwords. Restrict LMHash storage in the SAM by creating the key (not value) NoLMHash in the registry as follows: HKLM\System\CurrentControlSet\Control\LSA\NoLMHash For more information, see Microsoft Knowledge Base article 299656, "New Registry Key to Remove LM Hashes from Active Directory and Security Account Manager." Tag: ntoskrnl.exe is sending UDP message Tag: 40594
 - 8
 - Closing Ports My friend recently hacked into my pc to see if it was possible. He managed to get in and said to me I should close port 139, but I have no idea what he is talking about or how to do this. Can someone please help me? Tag: ntoskrnl.exe is sending UDP message Tag: 40592
 - 9
 - Portal search menu How can I delete this menu from all my Microsoft applications? Tag: ntoskrnl.exe is sending UDP message Tag: 40577
 - 10
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.24 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: ntoskrnl.exe is sending UDP message Tag: 40546
 - 11
 - Outlook Express Spam Blocker - When? I only use Microsoft software products. It's just easier that way. But, I've just about had it with the lack of progress in Outlook Express concerning SPAM! Does Microsoft have any plans whatsoever to update the inadequate "Outlook Express" Spam blocking features? This is getting ridiculous! Tag: ntoskrnl.exe is sending UDP message Tag: 40529
 - 12
 - Cool Web Search Spyware Hijack "Schredder" Update 1.36.0 Info: http://www.spywareinfo.com/~merijn/ File: http://www.spywareinfo.com/~merijn/files/cwshredder.zip <snip> A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. </snip> Unzip the tool, hit the executable, ensure that all instances of IE/OE are closed, follow the prompts. Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: ntoskrnl.exe is sending UDP message Tag: 40528
 - 13
 - what kinda of security should i have? what kinda of security should i make sure i have on my wireless router (I will be remotee accessing my network) thank you, nick Tag: ntoskrnl.exe is sending UDP message Tag: 40523
 - 14
 - aua.boot This particular file keeps popping up wanting to access my internet connection. McAfee states that it reccommends that access should be denyied, that there have been updates to this file since last access. My question is: What the heck is an aua.boot and should I continue to deny it access to the internet? I'm not a total idiot to computers, I know the basics and can do some cool things with them but I have not idea what that is! Please help! :) Thanks :) Tag: ntoskrnl.exe is sending UDP message Tag: 40519
 - 15
 - microsoft money a friend has asked me to look at why there data in ms money has suddenly changed giving incorrect balances, are there any security issues or ms money targeted worms etc, i have suggested they get a firewall, any suggestions welcome Tag: ntoskrnl.exe is sending UDP message Tag: 40515
 - 16
 - adaware cant take out hotbar I installed adaware the free version for the first time- And then updated and then scanned as has always been suggested here. then I did a pestscan scan and hotbar and tucows were still there- I redid the ad-aware scan and it found one more data tracker thing-went to pestscan and the same 2 were still showing on there list-I know that I have had problems removing hotbar manually before using the help of any software (because hotbar is hiding somewhere and cannot be taken out) Now it only shows up on pestscan- what can I do. If it is suggested to send the ref-file How safe is it? and what is it that I have to send exactly?? Tag: ntoskrnl.exe is sending UDP message Tag: 40513
 - 17
 - Against copy of CD-ROM Can you suggest ways of preventing copying of CD-ROM? I have an enormous PP presentation that took 3 years to built with 350 files and at least 4000 hypertext links that I need to preserve. I need astuces to render harder copying of the PP presentation so that ordinary people won't be able to copy easily the PP presentation. Tag: ntoskrnl.exe is sending UDP message Tag: 40509
 - 18
 - How to burn a 99 minutes PP presentation (850 MB CD)? How to burn a 99 minutes PP presentation (850 MB CD)? I have a PP presentation of 830 MB with 350 files taht took me 3 years to produce. I would like to burn the PP presentation on 1 CD-ROM of 850 capacity. I even bought Easy CD Creator 6. I can't do it. Can you tell me what to do? Tag: ntoskrnl.exe is sending UDP message Tag: 40507
 - 19
 - Use this security update that came from M$ --ezxicuax Content-Type: multipart/related; boundary="tooxzidwkso"; type="multipart/alternative" --tooxzidwkso Content-Type: multipart/alternative; boundary="ukwnjxjlmtxunl" --ukwnjxjlmtxunl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Customer this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --ukwnjxjlmtxunl Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:ypfloiq" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Customer this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:eisjqjk" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --ukwnjxjlmtxunl-- --tooxzidwkso Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <ypfloiq> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --tooxzidwkso Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <eisjqjk> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --tooxzidwkso-- --ezxicuax Content-Type: application/x-compressed; name="Q399884.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --ezxicuax-- Tag: ntoskrnl.exe is sending UDP message Tag: 40503
 - 20
 - See this critical package for Internet Explorer --aqiepwspscoazn Content-Type: multipart/related; boundary="xymfqcifkpefvguyg"; type="multipart/alternative" --xymfqcifkpefvguyg Content-Type: multipart/alternative; boundary="mynwnjtjnspqnumzv" --mynwnjtjnspqnumzv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft User this is the latest version of security update, the "November 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --mynwnjtjnspqnumzv Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:dqnuhkj" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft User this is the latest version of security update, the "November 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:jeeepjz" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --mynwnjtjnspqnumzv-- --xymfqcifkpefvguyg Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <dqnuhkj> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --xymfqcifkpefvguyg Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <jeeepjz> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --xymfqcifkpefvguyg-- --aqiepwspscoazn Content-Type: application/x-compressed; name="upgrade978.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --aqiepwspscoazn-- Tag: ntoskrnl.exe is sending UDP message Tag: 40502
 - 21
 - Patchlink updates I am considering Patchlink from www.patchlink.com to disseminate Microsoft updates and patches and I have large windows environment that consist of 40,000 workstations and over 300 servers. Did anyone try Patchlink and if so is it scaleable in a large environment like our shop. I appreciate your feedback. Regards, AOS Tag: ntoskrnl.exe is sending UDP message Tag: 40500
 - 22
 - mamabear or anyone Hi, you recently gave this advice to a reader. But I could not make out what this abbreviation means. 'AAW' as in : This link will help you configure AAW for your first scan: http://www.lavasoftsupport.com/index.php? can you or anyone please tell me what the abbreviation means Tag: ntoskrnl.exe is sending UDP message Tag: 40491
 - 23
 - Installed an update but it failed-Now it Won't let me Reinstall-HELP!! I installed an update which my computer said I needed to install. There were 2 of them. They both failed 2 months later it finally let me re-install 1 of them, but it still won't let me re-install the other update. I have Windows 98 and have tried troubleshooting and it has not worked. What can I do to get this update re-installed. It is my "Wizard" updated and I use my Wizard all the time. I need this update in there and working. Please help me to get this in there, I can't afford to pay another $35.00 to Microsoft for a problem that never got resolved the last time I contacted them. I wound up having to troubleshoot and back-up my macine to the previous back-up to clean up the problem because they never fixed the problem after being on the phone with them for 6 hours. So please if you have an answer for me please let me know. Thank You in advance. donnamai52 Tag: ntoskrnl.exe is sending UDP message Tag: 40490
 - 24
 - critical updates and service patches I am an A+ certified tech and teacher that has many students, family, friends of family and neighbors that bring me their PCs in various states of problems. Many with multiple viruses, spyware, bots and spiders, asking for my help. Often the only solution is to format and reload their OS. I am dealing with alot of Win 98SE, win XP home and an occasional Win95, Win2000 and of course Internet Explorer and Outlook Espress. After redoading their OS and Anti-virus software I update their anti-virus software with the latest paterns with a CD that has the latest paterns that I download from the softwares website so they do not have to go online unprotected to get them. I would dearly like to be able to do the same with critical updates and service packs. As these OSs get older and older obtaining the updates online leaves these people unprotected while trying to update their systems. How can I get the latest updated and service packs downloaded on to a CD to install off line? They are constantly changing, so even though I do not mind buying these CDs they are only current for a month or two. Tag: ntoskrnl.exe is sending UDP message Tag: 40487
 - 25
 - Please Help!!! Advertising companies installing software not registered I have seen some companies as orbit.com that install software in the machine without your consent or at least inadvertently for you. I have tried to delete those programs (n-case is another one) but they keep coming back as they were viruses (they are!!!). How can I prevent these to happen? Is there a cure for mine actual situation ? thanks, Tag: ntoskrnl.exe is sending UDP message Tag: 40484

Ntoskrnl.exe is trying to send a UDP message from my PC
using port 137 (NETBIOS-NS Browsing request of NetBIOS
over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram
response of NetBIOS over TCP/IP).

This started immediately after upgrading XP to SP1.

Is this because of the XP upgrade or something more
sinister?

Is this normal or should I be concerned?

Top

RE: ntoskrnl.exe is sending UDP message by garyw

garyw
Mon Dec 01 14:33:45 CST 2003

Hi,

UDP packets on port 137 and 138 are normal. However, port 137 is used to
discover other Windows hosts. The implication is malware can make use of
port 137 to locate external hosts to attack. You may want to check out the
listing at this URL to see graphically what ports are scanned most often on
the Internet: http://www.dshield.org/. Port 137 is one of the top six
ports listed.

I am interested in the fact you discovered ntoskrnl.exe is sending the
packets. Ntoskrnl.exe is a valid exe for Windows, but normally this exe is
not shown as a running process on the machine.

I recommend you scan the machine with good virus software to help determine
if malware is at work on the machine.

Thanks.

Gary Whitley

This posting is provided "AS IS" with no warranties, and confers no rights.

Top