endads.com
can't figure out how to ask MS about this. My ATT panic
ware pop-up stopper works fine, but I keep getting
endads.com popping up when I'm composing e-mail and even
in the middle of an MS update download. I told them to
stop but nothing has happened. Any fixes or suggestions?
I am a user, not a techie. Tag: patch.exe Tag: 30538
suspicious Microsoft patch e-mail
Over the last few days I've been receiving the same e-
mail, attaching an Internet Explorer patch, purporting to
come from Microsoft.
I did download it, and my Grisoft AVS anti-virus program
promptly came up red and quarantined the patch.
The subject shown reads "Use this patch immediately!"
From reads "Microsoft <security@microsoft.com>"
Text reads "Dear friend, use this Internet Explorer patch
now! There are dangerous virus(sic) in the Internet now!
More than 500,000 already infected!"
Patch attached is "patch.exe" and file attached is "part
1.3"
I am troubled by the poor composition, excessive emphasis
and inaccurate plural (should be vires), and the whole
thing smells.
Anyone else seen this message? If someone asks for it, I
will attach and forward at their risk, but I don't want to
infect anyone's system if it's a worm.
John Hooper Tag: patch.exe Tag: 30534
syscf32.exe
Can anyone tell me what this app is? I found it running
on an NT server using 98% CPU. I can not find it
referenced on the internet. I suspect it is some type of
virus after affect. Killed the app and all programs
started working again. Thanks. Tag: patch.exe Tag: 30530
Exchange servers, access to the "Internet"
I have a question on applying hotfixes and MS patches on Exchange servers:
If I need to connect to the MS website to download the patches (Windows
Update), do I need to have other port open other than 80 ? Tag: patch.exe Tag: 30523
MS03-033 vs MS02-040
We have applieed MS02-040 on some servers (W2K Server SP2)
a while ago. Included in this patch (for MDAC 2.5) was 1)
odbc32.dll (3.520.8721.0) and odbccp32.dll (3.520.8721.0).
Then we installed Windows 2000 SP3. We have now an issue
installing MS03-033 (which supersedes MS02-040) on those
machines already patched with MS02-040. Because the
version-number of odbc32.dll and odbccp32.dll is higher in
MS02-040 than in MS03-033: odbc32.dll 3.520.6300.40,
odbccp32.dll 3.520.6300.40, the MS03-033 patch failes to
install. Tag: patch.exe Tag: 30518
Question on microsoft cd's and piracy
A person that I know works on computer part time and sells
used computer systems. I know for a fact that he is using
one version of windows 98 se for many used computers he is
selling. When he gets a computer in that needs the hard
drive formatted he will put the same version of windows
that is on it, back on but he will not use the persons
windows disk or there product key if they do not have one.
Say a person gets a computer at a yard sale for 15$ and he
needs windows 98 re-installed are you telling me that I
have to charge 50-100$ for a new windwos cd? It is no0t
hurting anyone by him using his windows cd and key for re-
install use. If they want to upgrade then they need to buy
a cd. Please e-mail me with a reply. Thank you for reading
my questions.
David Tag: patch.exe Tag: 30509
MS03-032 not setting proper security controls as advertised
Running the patch on 98, 2000 and XP wkstns and only a few
of the security settings are changed. For example,
Internet security option should be changed to "high" after
the patch is installed, but does NOT change
from "medium." This is just the biggest issue of a few
that don't change. Whats the deal? Tag: patch.exe Tag: 30504
** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.08.27
Before you post a question to a Microsoft.public.*.security newsgroup, note
that your question may already be answered below:
Answers to Top Frequently Asked Questions:
http://securityadmin.info
My question is not mentioned below. How do I get an answer immediately,
with no waiting?
http://securityadmin.info/faq.htm#moreinfo
See also: http://www.google.com/groups?as_ugroup=microsoft.public.*
See also: http://www.google.com/advanced_group_search
See also: http://www.google.com
I want to post a problem or question to the newsgroup. What info do I need
to post in order to get a correct answer quickly?
http://securityadmin.info/faq.htm#netiquette
I have the RPC Blaster worm "virus," what do I do?
http://www.microsoft.com/security/incident/blast.asp
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
My computer is giving RPC Remote Procedure Call messages.
There is a TFTP message or file on my computer.
My computer keeps locking up, and/or rebooting, or telling me that it will
reboot in 1 minute.
http://www.microsoft.com/security/incident/blast.asp
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
Where can I download the Blaster worm / RPC DCOM patch?
http://windowsupdate.microsoft.com OR
http://www.microsoft.com/technet/security/current.asp
I just heard about a new Microsoft security patch update. Where can I get
the patch?
http://windowsupdate.microsoft.com OR
http://www.microsoft.com/technet/security/current.asp
I just installed a Microsoft security patch update, and now my computer is
having problems.
http://securityadmin.info/faq.htm#patchbroke
I received an email from Microsoft / Microsoft Support / Microsoft Internet
Security Center claiming to be a security patch [or comprehensive Internet
Explorer update]. Is this a virus?
http://securityadmin.info/faq.htm#microsoftemail
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
I received a virus email from a Microsoft email address. Who do I report
this to?
http://securityadmin.info/faq.htm#microsoftemail
I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I
want to replace this file.
http://securityadmin.info/faq.htm#jdbgmgr
I forgot my Windows logon password and can't log in. How do I reset it?
http://securityadmin.info/faq.htm#password
I have a problem or a question with a virus or with antivirus.
http://securityadmin.info/faq.htm#virus
NOTE: www.grisoft.com is free antivirus, USE IT.
Why is Outlook Express blocking my attachments as "unsafe"?
http://securityadmin.info/faq.htm#attachments
How do I stop getting pop-up messages? Or adware? Or spyware?
http://securityadmin.info/faq.htm#pop-ups
How do I block people from viewing adult or objectionable content on a
computer?
http://securityadmin.info/faq.htm#contentfilter
How do I block spam emails?
http://securityadmin.info/faq.htm#spam
There is a Content Advisor password blocking me from certain web sites.
http://securityadmin.info/faq.htm#contentadvisor
How do I delete an FTP folder that a hacker put on my computer and I cannot
delete?
http://securityadmin.info/faq.htm#ftpfolder
Have I been hacked? What do I do if I've been hacked?
http://securityadmin.info/faq.htm#hacked
How do I re-secure a computer that has been hacked?
http://securityadmin.info/faq.htm#re-secure
How do I test or improve the security on my computer to avoid being hacked?
http://securityadmin.info/faq.htm#harden
How do I investigate a suspicious IP address that may be trying to hack me?
http://securityadmin.info/faq.htm#trace
How do I report a hacker?
http://securityadmin.info/faq.htm#reporthacker
How do I use a port scanner or vulnerability scanner to test my security?
http://securityadmin.info/faq.htm#portscanner
How do I encrypt my files and/or hard drive?
http://securityadmin.info/faq.htm#encryption
How do I get a firewall? IDS?
http://securityadmin.info/faq.htm#firewall
I want to use the IPSec filtering or IP filtering feature of Windows to
block certain ports and have a problem or question.
http://securityadmin.info/faq.htm#ipsec
I have a problem or question with the XP ICF firewall.
http://securityadmin.info/faq.htm#icf
I have a problem or question with the IIS URLScan tool.
http://securityadmin.info/faq.htm#urlscan
How do I change the banner on my computer or server to hide what software
version I'm using?
http://securityadmin.info/faq.htm#banner
How do I enable Windows Auditing to tell who logged into Windows or who
accessed a file?
http://securityadmin.info/faq.htm#auditing
How do I inspect and disable programs that start up when Windows starts?
http://securityadmin.info/faq.htm#startup
How do I use RUNAS or let someone use RUNAS to run commands as administrator
without having to type the password?
http://securityadmin.info/faq.htm#runas
How do I let non-administrator users run Defrag or change their IP address?
http://securityadmin.info/faq.htm#runas
My question is not mentioned above. How do I get an answer immediately,
with no waiting?
http://securityadmin.info/faq.htm#moreinfo
See also: http://www.google.com/groups?as_ugroup=microsoft.public.*
See also: http://www.google.com/advanced_group_search
See also: http://www.google.com
I want to post a problem or question to the newsgroup. What info do I need
to post in order to get a correct answer quickly?
http://securityadmin.info/faq.htm#netiquette
Note that this is NOT a full list of all the questions answered in the FAQ.
Chances are, your question has probably already been answered. The complete
FAQ is at:
http://securityadmin.info/faq.htm#contents
I hope this is helpful. Feedback, suggestions and criticism regarding the
FAQ are welcome and may be emailed to me.
kind regards,
Karl Levinson, CISSP, MCSE, MVP
email: levinson_k@despammed.com Tag: patch.exe Tag: 30502
MS CA and Oracle 8i
Has anybody any expirience of integrating Microsoft Certificate Authority
and Oracle 8i?
Could we operate with certificates from PL/SQL? Tag: patch.exe Tag: 30501
MS03-032 & IE6 (822925)
We have Win2K & NT pc's with IE6 (not sp1). Which patch
should be run??? Micosoft has posted 2 (ie6 & ie6sp1). The
one for IE6 only lists WinXP clients. Tag: patch.exe Tag: 30494
IAS Server
Hey all,
I am currently using IAS to authenticate our VPN connections from our PIX.
I added another client (my backbone switch) to the IAS and another Access
Policy. When I try and authenticate myself from the switch, it does not let
me pass unless I change the order of the 2nd policy specifically for the
switches and put it first, then it lets me logon.
Is there any way I can use more than one client and multiple access policies
to isolate each client to a specific policy.
thanks all,
Michael Tag: patch.exe Tag: 30492
moving files on same volume - how to inherit the acl from new parent folder?
in technet id 310316 microsoft describes a registry-hack to
preserve the original acl of copied files.
i'm searching for the opposite: is there a way, to manage
that moved files on the same volume inherits the
permissions of the new parent directory (similar to copied
files?)
thanks for your help,
renke Tag: patch.exe Tag: 30487
C2 Lop Toolbar
Back in July, my XP Home Edition system got hit by C2 Lop
hijackware.
I've managed to rid my system of everything but the
toolbar which has been added to my desktop. I'm looking
for suggestions to rid myself of this.
Please note:
1.The version of the hijackware that hit me DID NOT place
an icon in my systray or appear in Add/Remove. I got the
really insidious version.
2. By using SpyBot S&D and eliminating all Windows
Registry keys which matched a random string the
hijackware had added to my "Tools" in IE, I've managed to
eliminate everything but the toolbar, which appears on
every startup.
3. I've tried every piece of advice about this I've found
on the internet (doxdesk.com, drivingwithdawn.com, etc.)
EXCEPT downloading an uninstaller from C2. I REFUSE to do
this (A. SCREW them, B. I'm supposed to trust these
guys?).
Any advice?
P.S. I'm not a computer expert. I would really need step,
by step, by step, by step instructions. Believe me, it
was scary enough screwing with the registry (which I
didn't even know existed before this). Tag: patch.exe Tag: 30484
McAfee XP Alert
I keep getting this message:
C:program files\support.com\client\|server\server.vbs
Is this a bad script, or an update from Microsoft.
Thanks. Tag: patch.exe Tag: 30483
Need help on my security files
Hi all;
I'm using windows XP which I used it to encrypt the files. When I encrypt
it, the files and folder turns to green. I really amazed with it. But when
my computer have problems which I had to format it, I cannot access again
the files and it says you don't have access priviledge on it.
I cannot do it. I need some advice on it.
Please respond to me as soon as possible.
thanks
Regards
Jefrisalas Tag: patch.exe Tag: 30479
Outlook Express
We had a breach of security at work where someone is
getting into others outlook express and reading e-mails,
journal notes etc. The problem is being fixed, but is
there a way to set the system up to catch the person doing
this? Thanks Tag: patch.exe Tag: 30474
Hijacked!
Please read carefully as it may or may not apply to your situation - ask
questions first - you may not get answers *right away* someone will =
help.=20
If you suspect that "something" has Hijacked your Browser and it causing =
it to behave erratically, please read on.=20
Spyware Removal Tool, your choice, novice users, Lavasoft's Ad-aware,
Direct download -=20
http://ftp.pcworld.com/pub/new/privacy___security/aaw6181.exe
Lavasoft/Ad-aware home: http://www.lavasoftusa.com=20
Mirror site: http://www.lavasoft.de/=20
You may post queries regarding Ad-aware at Lavasoft Support,
http://www.lavasoftsupport.com =20
Advanced users, SpyBot Search & Destroy,
Direct download - =20
http://spybot.eon.net.au/files/spybotsd_mainapp.exe
(It is a large file, if you are on dial-up, you should reserve some time =
to download the entire application without interruption).
SpyBot home: http://security.kolla.de/
SpyBot How-To: http://www.tomcoyote.org/SPYBOT/
More detailed help: http://tomcoyote.org/~mosaic1/spybot/
Support Forum, http://net-integration.net/cgi-bin/forum/ikonboard.cgi
Navigate to the SpyBot S&D section.=20
Install *both*, reboot, read FAQ and overview, use online update
feature to obtain the latest reference files, scan for Spyware
much like you would with your pre-installed anti-virus scanner.
Run Ad-aware and SpyBot on a regular basis, again like you would you A-V =
scanner.
Rid your machine of unwanted Spyware pests.
For normal Browser popups, install a regular popup stopper, Panicware =
has a freeware version available and works as well as any: =
http://www.panicware.com/product_psfree.html
Install a HOSTS file, a simple Browser tweak that disables ads and =
prevent many malicious sites from loading in your Browser at all: =
http://www.mvps.org/winhelp2002/hosts.htm
Adding sites\servers to the IE Restricted Zone: =
http://www.mvps.org/winhelp2002/restricted.htm
__Recommended Minimal Security Settings__
http://mvps.org/winhelp2002/restricted.htm#Setting
For the even more adventuresome, there's JavaCool's spywareblaster,
http://www.javacoolsoftware.com/spywareblaster.html
HTH
--=20
siljaline
"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable =
from
-- self-righteous sixteen-year-olds possessing infinite amounts of free =
time."
- Neil Stephenson, _Cryptonomicon_ Tag: patch.exe Tag: 30466
patch
Today I have received 11 emails
from "security@microsoft.com" telling me to download a
patch. I know that it is not legit and not from microsoft
but can't something be done to whom ever is sending
these. It is most annoying. Tag: patch.exe Tag: 30462
System/Security Error?
I recently, installed Windows Xp Pro Edition on my
friends computer. Set up dial-up connection, and
activated her copy. Now, i think i might have used the
cd myself, for my computers, but im not sure. But, when
we were connected, an error came up, with a note
like "System/Security" "Computer will be shutdown in 50
seconds, all information will be lost"
I have no idea what is causing this, and i have never
seen it before. I know that if the cd was activated too
many times, it would say it. So can please someone help
me solve this problem. Thnx Tag: patch.exe Tag: 30461
Windows XP built in firewall
I'm trying to make sure the built in firewall for Windows
XP is enabled but am running into a snag.
1. Start then Control Panel
2. Network and Internet Connections then click Network
Connections
3. Click Dial Up
Here is where I hit the snag....
4. Right click and select properties
At this point the computer does nothing.
Under the dial up icon it says "AOL disconnected
Conexant Smart HSFI V92 56K DF PCI Modem
Anyone out there willing to help me out?
Thanks Tag: patch.exe Tag: 30451
Sniffing submitted webpage form
I am trying to find out what a web browser sends in a post request to a web
site. I have used a few packet sniffers but all the packets that display
comprehensible text are packets coming from the website. If I search in the
packets just before the one showing 'HTTP/1.0 200 OK...', I can't find out
what the url and post arguments the browser used. Is this info encoded? The
connection is not using SSL.
Anyone can recommend a sniffer that shows packets from my computer to a web
server in *text*. Or my basic question is how to sniff the contents of a
web page form submitted to a web server?
--
Karim
Recommended host: http://www.cheapesthosting.com - Affordable hosting since
1998 Tag: patch.exe Tag: 30446
SHUTDOWN
THIS IS FOR ALL YOU FOLKS OUT THERE WITH WINDOWS 98 AND ME
AS WELL AS XP, 2000 ETC.
mY FRIEND AND I USE MESSANGER ON YAHOO. WE HAVE BOTH
EXPERIENCED SHUT DOWNS IN THE LAST TWO DAYS FOR NO
APPEARENT REASON. BOTH HE AND I WERE SHUT DOWN AT THE SAME
TIME USING DIFFERENT SYSTEMS AND DIFFERENT INTERNET
PROVIDERS.
THE PROVIDERS AND MICROSOFT NEED TO TAKE ANOTHER LOOK AT
WHO AND WHAT IS GOING ON. THIS IS THE PITS AS FAR AS USING
THE NET IS CONCERNED! Tag: patch.exe Tag: 30443
new installation and security issue
I just installed office ex standard foe students and a
security notice poped up it said that i should install
updated security by downloanding windows 2000 but i tried
and it said that it could not install it gave me other
download sites i tried them all and none could be
downloaded successfuly. Tag: patch.exe Tag: 30436
General Tab Disappeared
I had my general tap under my Internet Options disappeared
today and I have a web page that took over as my Home page.
Any suggestions? Tag: patch.exe Tag: 30435
Re: Unwanted pop up windows
How do I get rid of those annoying pop up windows that
say "click to remove these pop up windows" and then you
discover they want to charge you $39 or more to quit
sending you these messages. Thanks. Tag: patch.exe Tag: 30433
Software Update Server Problems
My SUS server can no longer resolve
www.msus.windowsupdate.com. Those anyone know if there is
a fix for this? It has been like this since Microsoft
modify their DNS for Windows Update. Tag: patch.exe Tag: 30431
searching for hackers
Is there a way to tell if my PC has been or is being
accessed by a hacker? Is there any FREE (or to buy)
software powerful enough to alert me of hackers? Tag: patch.exe Tag: 30426
E-Mail Received
Hi!,
I recently received an e-mail which said "use this patch
immediately".
Would Microsoft send out such a message?
Thank You,
Richard Tag: patch.exe Tag: 30425
porn site on drop down
I have notice when I right click my mouse when i am on a
web browser that an internet site is now located on the
drop down menu. How do I remove that from the right click
drop down menu? Tag: patch.exe Tag: 30417
pop-ups
As of three weeks ago began getting pop-ups from vendors
of anti-popup software. Boxes similar in appearance to
messenger boxes. These are the ONLY popups I receive
during off-line operation. Doesn't matter if I'm on-line
or not -- they just come regardless of what I'm doing.
Norton, SpybotS&D, adaware, normal maintenance have no
effect. Vendors claim they are coming in through hole in
MS Messenger. How to prevent/disable? Damned if I'll
buy preventative from the perpetrators. Tag: patch.exe Tag: 30413
mouse/right click
I have notice when I right click my mouse when i am on a
web browser that an internet site is now located on the
drop down menu. How do I remove that from the right click
drop down menu? Tag: patch.exe Tag: 30412
Help: Windows XP Pro certificate store has a strange cert that may be bad or damanged
I have been working on getting activesync to Exchange 2003 working and was
therefore verifying certificates when I noticed that my XP client to which I
had a partnership had 3 very odd certificate folders.
The three folders are after "Certificate Enrollment Request/Certificates"
and have ASCII characters and Kanji (spelling?) characters intermixed.
This made me start looking through all my certificate folders and I noticed
some odd ones.
In the Certificate Enrollment Request/Certificates there is one named
"FZkC37K9xRLk8364" which reports that is either tampered with or corrupted.
I have attached just the public key to this cert (although I have both the
public and private in the request).
Is my cert-store damaged, or is there something malicious going on?
My machine is Windows XP and is in it's own workgroup, although it often
communicates to a Win2003 DC.
Any advice or investigative suggestions would be most welcome!
-Neil
neilgo(_r#mov3)@xcelar.com
begin 666 Bad or Damaged Cert.p7b
M,((!8 8)*H9(AO<-`0<"H((!43""`4T"`0$Q`# +!@DJADB&]PT!!P&@@@$U
M,((!,3""`1Z@`P(!`@(0^I"N127#AII*`9=_\N:+9S )!@4K#@,"'04`,!LQ
M&3 7!@-5! ,3$$9::T,S-TLY>%),:S@S-C0P'A<-,#(Q,3(P,3 R-# W6A<-
M,#,Q,3(P,38R-# W6C ;,1DP%P8#500#$Q!&6FM#,S=+.7A23&LX,S8T,(&?
M, T&"2J&2(;W#0$!`04``X&-`#"!B0*!@0"S5N-FPP!F<83)A#Y@R3FSM3#X
MP!8H-XA/3"]'K)?EYRX+J(QK1I -Z&D*6_DBM,3'"V&1\PU9B5@#_F][(.XV
M)7J&*I;)(+A8TM=RL9#<Z<Q(@'-&$1FCVUV80*H@98IN/AGXNO_6DI&!H-66
I'1R>8Q+RJZCV<F,@K_X[&FNXFP(#`0`!, D&!2L.`P(=!0`#`@`B,0``
`
end Tag: patch.exe Tag: 30411
email security
How secure is my email? At my place of work, I send and
receive email very often. What are the chances that my
boss is reading my mail? Is it legal? I have a password
protected mailbox, can my boss still get to my mail?
Thank you in advance for your help. Tag: patch.exe Tag: 30408
Basic computer security
I have a 15 year old son who knows that if you reboot the
computer you can get past the security passwords on the
screen saver or standby and the user passwords. I have
Windows 98. Is there a way I can password my computer
before windows comes on?
In other words, can a password be set up in MS Dos before
Windows comes on? Tag: patch.exe Tag: 30378
Buggy WinXP Patch 821557 ???
When I installed Windows Update 821557, I lost function of my right
click drop down menus, couldn't rename files or folders and several
other bugs.
System would lock and had to force quit what ever was involved. I
uninstalled the patch and everything returned to normal. To play it
safe, I restored my Win XP SP1 (home edition) to a previous state
(before patch). I'm afraid to install this patch again and have been
trying to gather info on this buggy patch. Anyone else having problems
with this patch ?? I'd like to know-----Thanks !!
--
Posted via http://dbforums.com Tag: patch.exe Tag: 30374
Unexpected System Shutdown
Recently the W2K server -well patched- had two unexpected
system shutdowns. The only trace is the entry in the
System event log with Event ID:6008.
It could not be power related; the other machines sharing
from the same power source did not reboot.
Could it be a hidden worm, or a new attack? I know you
could shutdown local area network machines remotely. Maybe
the command can be sent over IP to any unauthorized
network?
Thanks. Tag: patch.exe Tag: 30369
Microsoft Passport problem
Hello,
Windows 98 / IE 6.0 SP1
I'm having a problem logging with Microsoft's Passport
service. The signin page has no field/box whatsoever
beside the email field and a normal input box beside the
password. If I simply type in my password it says it's
incorrect.
If I click on the "Sign in with a different email address"
link I get a screen full of garbage; I've cut&pasted that
screen at the bottom of this message.
I know my password is correct because when I goto member
services, I'm able to enter in my email and password and
it says the password is changed correctly.
Can someone help me with microsoft passport?
Alex
!HTTP/1.0 302 Found Date: Tue, 26 Aug 2003 13:55:36 GMT
Content-Type: text/html Expires: Tue, 26 Aug 2003 13:55:36
GMT Cache-Control: no-cache Server: Microsoft-IIS/5.0
PPServer: H: LAWPPLOG4C003 cachecontrol: no-store Pragma:
no-cache P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Set-
Cookie: MSPAuth= ; expires=Thu, 30-Oct-1980 16:00:00
GMT;domain=.passport.com;path=/;HTTPOnly= ;version=1 Set-
Cookie: MSPProf= ; expires=Thu, 30-Oct-1980 16:00:00
GMT;domain=.passport.com;path=/;HTTPOnly= ;version=1 Set-
Cookie: MSPSec= ; expires=Thu, 30-Oct-1980 16:00:00
GMT;domain=.passport.com;path=/;HTTPOnly= ;version=1 Set-
Cookie: MSPSec1= ; expires=Thu, 30-Oct-1980 16:00:00
GMT;domain=.passport.com;path=/;HTTPOnly= ;version=1 Set-
Cookie: MSPSec= ; expires=Thu, 30-Oct-1980 16:00:00
GMT;domain=.passport.com;path=/ppsecure;HTTPOnly= ;version=
1 Set-Cookie: MSPDom= ; expires=Thu, 30-Oct-1980 16:00:00
GMT;domain=.passport.com;path=/;HTTPOnly= ;version=1
Authentication-Info: Passport1.4 da-status=logout
Authentication-Info: Passport1.4 da-status=logout
Location: http://login.passport.net/uilogout.srf?
lc=1033&sf=1&id=41332&ru=https://partnering.one.microsoft.c
om/mcp/Default.aspx&tw=3600&fs=1&kv=2&cb=&cbid=41332&ts=-
7&sec=&mspp_shared=1&lm=I&seclog=10&ver=2.1.6000.1&tpf=421d
d1337ced726e952f41b60e71ebfe Via: 1.1 px4wh (NetCache
NetApp/5.5D1) Tag: patch.exe Tag: 30365
** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.08.26
Before you post a question to a Microsoft.public.*.security newsgroup, note
that your question may already be answered below:
Answers to Top Frequently Asked Questions:
http://securityadmin.info
My question is not mentioned below. How do I get an answer immediately,
with no waiting?
http://securityadmin.info/faq.htm#moreinfo
See also: http://www.google.com/groups?as_ugroup=microsoft.public.*
See also: http://www.google.com/advanced_group_search
See also: http://www.google.com
I want to post a problem or question to the newsgroup. What info do I need
to post in order to get a correct answer quickly?
http://securityadmin.info/faq.htm#netiquette
I have the RPC Blaster worm "virus," what do I do?
http://www.microsoft.com/security/incident/blast.asp
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
My computer is giving RPC Remote Procedure Call messages.
There is a TFTP message or file on my computer.
My computer keeps locking up, and/or rebooting, or telling me that it will
reboot in 1 minute.
http://www.microsoft.com/security/incident/blast.asp
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
Where can I download the Blaster worm / RPC DCOM patch?
http://windowsupdate.microsoft.com OR
http://www.microsoft.com/technet/security/current.asp
I just heard about a new Microsoft security patch update. Where can I get
the patch?
http://windowsupdate.microsoft.com OR
http://www.microsoft.com/technet/security/current.asp
I just installed a Microsoft security patch update, and now my computer is
having problems.
http://securityadmin.info/faq.htm#patchbroke
I received an email from Microsoft / Microsoft Support / Microsoft Internet
Security Center claiming to be a security patch [or comprehensive Internet
Explorer update]. Is this a virus?
http://securityadmin.info/faq.htm#microsoftemail
ALSO NOTE: www.grisoft.com is free antivirus, USE IT.
I received a virus email from a Microsoft email address. Who do I report
this to?
http://securityadmin.info/faq.htm#microsoftemail
I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I
want to replace this file.
http://securityadmin.info/faq.htm#jdbgmgr
I forgot my Windows logon password and can't log in. How do I reset it?
http://securityadmin.info/faq.htm#password
I have a problem or a question with a virus or with antivirus.
http://securityadmin.info/faq.htm#virus
NOTE: www.grisoft.com is free antivirus, USE IT.
Why is Outlook Express blocking my attachments as "unsafe"?
http://securityadmin.info/faq.htm#attachments
How do I stop getting pop-up messages? Or adware? Or spyware?
http://securityadmin.info/faq.htm#pop-ups
How do I block people from viewing adult or objectionable content on a
computer?
http://securityadmin.info/faq.htm#contentfilter
How do I block spam emails?
http://securityadmin.info/faq.htm#spam
There is a Content Advisor password blocking me from certain web sites.
http://securityadmin.info/faq.htm#contentadvisor
How do I delete an FTP folder that a hacker put on my computer and I cannot
delete?
http://securityadmin.info/faq.htm#ftpfolder
Have I been hacked? What do I do if I've been hacked?
http://securityadmin.info/faq.htm#hacked
How do I re-secure a computer that has been hacked?
http://securityadmin.info/faq.htm#re-secure
How do I test or improve the security on my computer to avoid being hacked?
http://securityadmin.info/faq.htm#harden
How do I investigate a suspicious IP address that may be trying to hack me?
http://securityadmin.info/faq.htm#trace
How do I report a hacker?
http://securityadmin.info/faq.htm#reporthacker
How do I use a port scanner or vulnerability scanner to test my security?
http://securityadmin.info/faq.htm#portscanner
How do I encrypt my files and/or hard drive?
http://securityadmin.info/faq.htm#encryption
How do I get a firewall? IDS?
http://securityadmin.info/faq.htm#firewall
I want to use the IPSec filtering or IP filtering feature of Windows to
block certain ports and have a problem or question.
http://securityadmin.info/faq.htm#ipsec
I have a problem or question with the XP ICF firewall.
http://securityadmin.info/faq.htm#icf
I have a problem or question with the IIS URLScan tool.
http://securityadmin.info/faq.htm#urlscan
How do I change the banner on my computer or server to hide what software
version I'm using?
http://securityadmin.info/faq.htm#banner
How do I enable Windows Auditing to tell who logged into Windows or who
accessed a file?
http://securityadmin.info/faq.htm#auditing
How do I inspect and disable programs that start up when Windows starts?
http://securityadmin.info/faq.htm#startup
How do I use RUNAS or let someone use RUNAS to run commands as administrator
without having to type the password?
http://securityadmin.info/faq.htm#runas
How do I let non-administrator users run Defrag or change their IP address?
http://securityadmin.info/faq.htm#runas
My question is not mentioned above. How do I get an answer immediately,
with no waiting?
http://securityadmin.info/faq.htm#moreinfo
See also: http://www.google.com/groups?as_ugroup=microsoft.public.*
See also: http://www.google.com/advanced_group_search
See also: http://www.google.com
I want to post a problem or question to the newsgroup. What info do I need
to post in order to get a correct answer quickly?
http://securityadmin.info/faq.htm#netiquette
Note that this is NOT a full list of all the questions answered in the FAQ.
Chances are, your question has probably already been answered. The complete
FAQ is at:
http://securityadmin.info/faq.htm#contents
I hope this is helpful. Feedback, suggestions and criticism regarding the
FAQ are welcome and may be emailed to me.
kind regards,
Karl Levinson, CISSP, MCSE, MVP
email: levinson_k@despammed.com Tag: patch.exe Tag: 30362
"Messenger" popups
re: popups "Messenger" Endads and byebyeads see
Microsoft Knowledge Base Article - 330904
Hope this helps
Ben Tag: patch.exe Tag: 30361
Patch from microsoft.com
I couldn't attach the patch to send to send you but I'm
assuming this is a hoax so you may be able to trace this
back to the sender and stop this nonsense.
thanks for your time and have a nice day.
Aline Dunkin
from: <security@microsoft.com>
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
X-Apparently-To: poolba@swbell.net via
web80312.mail.yahoo.com; 25 Aug 2003 19:53:46 -0700 (PDT)
X-YahooFilteredBulk: 170.215.94.11
Return-Path: <admin@duma.gov.ru>
Received: from mta1-ext.prodigy.net (EHLO mta1-
int.prodigy.net) (207.115.63.55)
by mta805.mail.yahoo.com with SMTP; 25 Aug 2003
19:53:46 -0700 (PDT)
X-Originating-IP: [170.215.94.11]
Received: from localhost (170-215-94-
11.nas3.eko.nv.frontiernet.net [170.215.94.11])
by mta1-int.prodigy.net (8.12.3 patch/8.12.9) with
SMTP id h7Q2rLQx254906
for <poolba@swbell.net>; Mon, 25 Aug 2003
22:53:22 -0400
Date: Mon, 25 Aug 2003 22:53:21 -0400
Message-Id: <200308260253.h7Q2rLQx254906@mta1-
int.prodigy.net>
From: "Microsoft" <security@microsoft.com>
To: <poolba@swbell.net>
Subject: Use this patch immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx" Tag: patch.exe Tag: 30359
is this a hoax
"Microsoft" <security@microsoft.com> i keep getting
security patches from this addy and when i scan it it
shows to contain a virus so of course i do not open it.
Is this for real or the hackers Tag: patch.exe Tag: 30355
Patch Test Procedures?
I couldn't find this somewhat obvious question in my searches so I'll just
ask:
I'm looking for a patch test methodology to follow for my Microsoft patches.
Everyone says to test patches before deploying them to my 100+ Microsoft
servers - how do I do that?
How do I make sure (for example) that every part of my branch Win2K server's
DHCP service works correctly? Is there a list of functions to test?
TIA for your help! Tag: patch.exe Tag: 30354
Hacking/illegal use of e-mail account
Several months ago I was reviewing the list of blocked
users in Outlook Express. I was surprised to see my own
address among them, and removed it from the list. The next
time mail was received there was a very disturbing porn
related email sent. The sender, according to the address
shown, was me! At the time it appeared that somehow my
account or address had been hijacked or pirated, but there
was nothing I had read to support the idea. Recently,
however, an article appeared in our paper supporting this
possibility. Unfortunately the article didn't explain how
to detect or remove the problem. The easy solution would
be to simply remove the e-mail account and set up a new
one, but I want to know conclusively if my account was
used illegally to forward crap to other people. Thanks to
anyone taking the time to read this and respond. Tag: patch.exe Tag: 30348
pop ups
I constantly get popups, even when I'm not logged onto
Internet Explorer. It's gotten so bad I never use it and
would like to take it out altogether. Any suggestions out
there? Tag: patch.exe Tag: 30342
login failure
Hello everybody.
I cannot login into my machine which is actually connected
to a LAN due the fact that the dial-up connection in the
login box is selected and disabled.Therefore everytime
that i'm trying to login im getting the following
notification, "there are no connections available to all
users.You must logon before dialing". How i can bypass
this and login normally?
PS: reply to misge@intracom.gr Tag: patch.exe Tag: 30339
MBSA and Windows NT 4.0 Workstation
I am using Microsoft Baseline Security Analyzer 1.1.1.
When I am checking security update of Windows NT 4.0
Workstation nothing about very important critical
security patch MS03-026 (Q823980) is displayed. I have
found out that in mssecure.xml file that contain
information about all updates there is information that
MS03-026 is applicable only on Windows NT 4.0 Server and
not on Windows NT 4.0 Workstation.
Is there any possibility how to force MBSA to display all
needed patches for Windows NT 4.0 Workstation? I mean to
get correct MSSECURE.XML file. Does anybody use MBSA for
scaning Windows NT 4.0 Workstation?
Thanks Tag: patch.exe Tag: 30337
Disappearing website access
Starting Friday pm I began having problems accessing
various websites -- for example, I could get to Hotmail
but could not access mail -- could get to ebay opening
page but could not access my accounts -- etc... -- now I
can't get to Microsoft directly (came thru a link) or
Symantec -- page keeps timing-out with a "page not
available" type message. It seems to be getting worse the
last 24 hrs. This is my idea how a worm/virus would work
but have a firewall & Norton Antivirus -- nothing shows up
on scans. Any ideas where to look or what to do? This
forum seems to have some very good information & hopefully
someone can help. Thanks Tag: patch.exe Tag: 30335
Only the Best Pop Up
I keep getting a pop up which has a title "Only the Best"
every time I open a new window in Internet Explorer.
Hope someone could solve the problem. Tag: patch.exe Tag: 30333
Is this email for real or is it spam or worse? Can
someone (preferably from Microsoft confirm or deny?
Thanks in advance!
MS NEVER sends patches as email attachments.
scroll dow to ** READ THIS BEFORE POSTING
>-----Original Message-----
>Is this email for real or is it spam or worse? Can
>someone (preferably from Microsoft confirm or deny?
>Thanks in advance!
>.
>
ken davis wrote:
> Hi,
> I have received the same mail and attachment is it for
> real ?
> Ken
>
>> -----Original Message-----
>> Is this email for real or is it spam or worse? Can
>> someone (preferably from Microsoft confirm or deny?
>> Thanks in advance!