New spyware/hijacker - Sodhell

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Locked out I have been locked out of my computer. I can not seem to remember my password. What process would I have to take for me to get the original password on my personal home computer. Thanks, Rolando Martinez Tag: New spyware/hijacker - Sodhell Tag: 58386
  - 2
    - Failed login attempts We have been receiving many failed login attempts by unknown users, recorded in our security event logs on our web server. We only allow traffic to flow through ports 80 and 443 inbound on our perimeter firewall. Outbound traffic is restricted to DNS queries. The servers have been hardened and patches applied. We are wondering what is allowing somebody to actually enter login credentials. Any ideas are gratefully welcomed. Tag: New spyware/hijacker - Sodhell Tag: 58383
  - 3
    - lost control of browser I was surfing the net and I went to a unsecure site that downloaded my computer a pop up virus that has taken over my browser. everytime iopen my broser as i start to surf it will take me to other websites and inturupts my surfing gaing etc. i cant seem to find the files to delete. itried adware i tried deleting some odd files but they come back automatically. Is there any support or any suggestions anyone can help me with. thank you. Tag: New spyware/hijacker - Sodhell Tag: 58370
  - 4
    - Email attachments Recently bought tickets on line from ticketmaster. Tickets sent via email as an attachment. Unable to print tickets due to message: "OE removed access to the following unsafe attachments in your mail". Any advice on how to remove this security problem? Tag: New spyware/hijacker - Sodhell Tag: 58368
  - 5
    - virus can anybody please help.... just turned on my computer with xp...however all the words are now symbols ...web pages seem to be ok but outlook programs etc just have symbols any ideas cheers Tag: New spyware/hijacker - Sodhell Tag: 58362
  - 6
    - SpywareNuker Sues Symantec http://www.netrn.net/spywareblog/ July 28, 2004 Right now this is a Spyware Warrior exclusive as far as I know. I was notified that Trekeight, the company responsible for SpywareNuker, filed a lawsuit against Symantec, the makers of PC security products including Norton Anti-Virus. Since September 2003, Symantec has targeted SpywareNuker as adware. http://sarc.com/avcenter/venc/data/adware.spywarenuker.html Trekeight has filed the complaint, which can be viewed here: http://www.spywarewarrior.com/files/Trekeight_v_Symantec.pd f (PDF), with the US District Court in southern California. Many people have claimed that SpywareNuker, a spyware removal program, actually installed spyware, but I have never seen any proof of that claim. Eric L. Howes tested SpywareNuker and sent me the results, which I blogged about previously. SpywareNuker is listed on the Suspect/Rogue Anti-spyware Programs page with notes documenting his findings and recommendations. Stay tuned for more on this story. Tag: New spyware/hijacker - Sodhell Tag: 58361
  - 7
    - Software Company to End Pop-Up Ad Deluge (AP) - A San Diego company has agreed to stop bombarding computer users with Internet pop-up ads to advertise its ad-blocking software, avoiding a court battle with the Federal Trade Commission. D Squared Solutions LLC, which was created by two college students, reached a settlement Wednesday with the FTC, which had filed a civil suit against the company last year. D Squared agreed not to send pop-up ads using the Messenger function enabled on many Windows operating systems; such ads do not require an open Web browser to display. The company also won't sell ad-blocking software any longer, and it is barred from sending other ads unless users can choose not to receive them. The company's founders, Anish Dhingra and Jeffrey Davis, do not admit wrongdoing and do not face any penalties. The FTC's legal case against D Squared, one of the first to address pop-up ads that have become a common Internet marketing technique, was seen as an attempt to limit an often-intrusive form of advertising that exploits technology built into Microsoft Corp. (MSFT)'s Windows software. The government alleged that using Messenger, D Squared was able to send pop up ads every ten seconds in the form of small dialogue boxes that usually appeared in the middle of the computer screen. This function was initially designed for network operators to send systemwide messages to employees. The FTC said the practice was a hassle to consumers and misled them into thinking there was nothing they could do to stop the ads. Attorneys for Dhingra and Davis claimed the pair were not trying to extort consumers with their ads and only intended to send one a day to computer users. Lawyer Anthony J. Dain has said the ads are "annoyances you have to deal with in a free society." Tag: New spyware/hijacker - Sodhell Tag: 58360
  - 8
    - Get a LEG UP on spyware! Are you sick and tired of coming home from a long day at work, turning on your computer, and finding MORE spyware and adware? Now, you CAN be notified of new spyware/adware, whenever, wherever, you go... Pull the plug on adware and spyware and stay NOTIFIED with the latest version of this free tool...introducing Quad- aware! It's simple! A small incision is made into your quadriceps, where a small beeper-like device is inserted.* When Quad-aware scans your system--including removable drives--for the most common types of advertising spyware and safely removes offending software, you get a tingling feeling in your leg that TELLS YOU that your computer has just been cleaned of offensive spyware/adware! The convenience of having the program notify you regardless if you are at work or on vacation is phenomenal! Currently, the utility detects small ad programs from Komet-Kursor, Sighdoor, Doubleclit, EverAfterAd, and others. Quad-aware features an interface as well as safeguards for users who may not be comfortable with the tingling notifications in the leg. Because many ad-supported programs won't function if you remove their ad modules, you may occasionally want to overrule a tingling alert to remove one of these components. One other neat feature: it lets you search for new reference files automatically by hitting your thigh three times! Quad-aware STAYS updated when YOU want it to, from the comfort of your office or car. As many of us know, "spyware" refers to programs that are embedded in applications to report information to advertisers. These programs are included in shareware and freeware because that's the only way some cheap developers can pay their bills! If you don't want any part of this-- and feel that staying home just to run an app to see if you have spyware--you should definitely consider downloading Quad-aware! Quad-aware is free for noncommercial use only (you only pay for the quadriceps operation of inserting the device that notifies you of Quad-aware's actions). Convenience, value, dependibility...what are YOU waiting for? Download Quad-aware NOW! http://www.QUAd-aware.net *Not recommended for weightlifters, track runners, or any sport requiring excessive leg work. Tag: New spyware/hijacker - Sodhell Tag: 58359
  - 9
    - security newsletter pgp how to check (or verify) with pgp (desktop version 8.1) the PGP signed newsletter. I have already downloaded msrc.asc and imported this key. thanx Peter Tag: New spyware/hijacker - Sodhell Tag: 58356
  - 10
    - hyjacked computer We also have downloaded hyjackthis1977, and don't know where to send the log. Our home page will not stay changed to what we want and we keep getting kicked off the internet. what do we need to do? Tag: New spyware/hijacker - Sodhell Tag: 58355
  - 11
    - new hotmail spam control if i sign up for the new spam control can i see the blocked messages? what if i want to send them to my inbox? thanks, 2dozen Tag: New spyware/hijacker - Sodhell Tag: 58352
  - 12
    - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.08.01 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.asp#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.asp#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.asp#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.asp#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.asp#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.asp#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.asp#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.asp#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.asp#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.asp#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.asp#contentfilter How do I block spam emails? http://securityadmin.info/faq.asp#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.asp#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.asp#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.asp#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.asp#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.asp#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.asp#trace How do I report a hacker? http://securityadmin.info/faq.asp#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.asp#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.asp#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.asp#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.asp#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.asp#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.asp#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.asp#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.asp#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.asp#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.asp#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.asp#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.asp#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.asp#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.asp#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: New spyware/hijacker - Sodhell Tag: 58349
  - 13
    - autoenrollment for user certificates Does anybody have experience of setting up autoenrollment for user certificates on Windows Server 2003 DC? Thanks. Ian Tag: New spyware/hijacker - Sodhell Tag: 58348
  - 14
    - search for I can't get my e-mail because the search for page keeps popping up, and it has invaded my homepage. Tag: New spyware/hijacker - Sodhell Tag: 58347
  - 15
    - unwanted looky lours I have gone to sign into my account several times and it has told me htat there is a hold on my account because someone has tried too many times to log into my account with the wrong password! Is there anyway that The person(s) can be tracked down, or is that not at all possible? Tag: New spyware/hijacker - Sodhell Tag: 58343
  - 16
    - Active x How do I enable my Active X controllers? Tag: New spyware/hijacker - Sodhell Tag: 58336
  - 17
    - where to send Hijack this hello i have ran Hijackthis as recommended, on my computer and would like to know where to send the log file to get it analysed please so i know what to get rid of. i cannot find where to send the log ( newbee) scanned my computer and keyloggerpro keeps showing up /cannot delete it.. any help greatly appreciated. thankyou Alan Tag: New spyware/hijacker - Sodhell Tag: 58335
  - 18
    - Norton System Works After installing Norton System Works software on my computer, of which is running on Windows Millenium, I learned that System Works will cause Outlook Express to run slow. It gives a Microsoft web address where you can get a fix for it, however, if I do that, then the cost is $35.00 which is a little ridiculous since the software was only $47.00. Have I been ripped off by Norton or is there some simple fix to the problem without me having to pay an arm and leg for it? Hilton Tag: New spyware/hijacker - Sodhell Tag: 58326
  - 19
    - Norton Firewall Settings w/ XP Home Running XP Home (ICF disabled) on an E-Machines T1742 to a DSL connection. Cleanly installed NPF 2004 and the only way the firewall functions is by turning off the firewall part of the application, including the Trojan blocker! Deleting all of the pre-set rules under Personal Firewall -> Advanced -> General plus putting on "low" all slider controls makes no difference. Symantec want a thieving $40 US per technical help call on top of the purchase price. Am I doing something wrong or have I just wasted my money on NPF 2004? Any clues anybody? Thanks in advance. Tag: New spyware/hijacker - Sodhell Tag: 58318
  - 20
    - hotmail trouble! When opening my hotmail it opens on the home page for a few seconds then disappears and in its place is a microsoft index page, then very alarmingly porn sites begin to appear. I can close them before they actually open thankfully, but this is now happening on my 13yr old daughters hotmail account too. Ive emailed MSN hotmail but had no reply. I have run the spyblocs I have loaded on my pc but still has not made any difference. Can anyone HELP please!!!???? Tag: New spyware/hijacker - Sodhell Tag: 58315
  - 21
    - Bridge vs Routermode/DSL? I am new to dsl after having dialup for so long! I have a question..The tech who installed my dsl set it up in bridge mode(there is an icon where I can cinnect on the desktop)So,Would I be safer to be in router mode,or keep this in bridge mode,& get a Linkys router? I am using a Speedstream 5200 modem,& I use Norton Internet Secuity ,& keep my Windows patches applied. Tag: New spyware/hijacker - Sodhell Tag: 58313
  - 22
    - Spy-were what are some of the best combo saftware that work grate together Tag: New spyware/hijacker - Sodhell Tag: 58312
  - 23
    - wsrevmon.exe -> is this a threat to my pc? Lateley, my pc has been doing some intense number crunching with the wsrevmon executable that seems to pop up randomly in my system processes. Basically when it's running, it uses in the average 90-100% of the cpu's processing power unless I manually kill it. My updated AV software says that it isn't a virus nor does it contain malicious code. The file is located in my C:\WINDOWS\system32 folder. I did a google search and nothing came up. So I'm debating on whether or not to delete it and be done with it. Please help! Tag: New spyware/hijacker - Sodhell Tag: 58310
  - 24
    - Changing administrators password in server 2003 Are there any major issues with changing the administrators password in Server 2003 running terminal services? If so can anyone please advise. -- Much appreciated Darren Tag: New spyware/hijacker - Sodhell Tag: 58309
  - 25
    - Neutering Administrator I want to continue using Local\Administrator for day to day activities, and I know that this is evil. Can I get away with the following? 1. Create a new account that is hard to guess, something like Admin293. 2. Give Admin293 a strong password and Administrator rights. 3. Save this login and password in a secure location. 4. Take away the Administrator rights from the Local\Administrator account. 5. Continue working as Local\Administrator. Can anyone think of a reason why this might not work? I realize that any services or scheduled jobs which ran as Local\Administrator will have to run instead as Admin293. Thanks, -G gerardvignes.com Tag: New spyware/hijacker - Sodhell Tag: 58303
- Next
  - 1
    - dissallowed applications where will i find my servers dissallowed applications list in group policies? As i can not use things such as msconfig on my pc even thought i am in the admin group. Thanks Jo Tag: New spyware/hijacker - Sodhell Tag: 58302
  - 2
    - is wcmdmgr something to be concerned about Hi, Zonealarm says its ok to grant permission to this wcmdmgr.exe (wild tangent) that is requesting permission on my firewall.I did a google and got mixed reactions. SOme say it is spyware, some say its not and is safe. My daughter uses AIM and I read that it uses it for games and stuff. and I learned how to keep it from asking for automatic updates. But I would like to hear the opinions of you all & to see how u feel about this. thanks Tag: New spyware/hijacker - Sodhell Tag: 58300
  - 3
    - AC MRu's and spyware? In Registry: HKU/Software/Microsoft/S-1-5-21-(blabla)/Search assistant/ACMRu/5603, I see entries like 000 *.ject, 008 Gigex speed delivery, 024 gator. Norton, Ad-Aware, and RegSeeker show no identifiable problems, and HiJack This shows nothing out of the ordinary. I there anything to be concerned about? I run with Norton & Zonealarm, and use PestPatrol about weekly. Tag: New spyware/hijacker - Sodhell Tag: 58297
  - 4
    - heavy traffic on port 1025 Many people seem to have noticed heavy traffic on port 1025. This traffic is caused by the task scheduler service hosted by svchost.exe. This service opens port 1025 by default. There are two ways to block this traffic: 1) disable task scheduler service and reboot; be aware it is possible that prefetch, system restore and bootvis won't work properly anymore; 2) deny inbound traffic for svchost.exe using TCP on the local ports 1024-65535; you can use a firewall like Agnitum Outpost 1.0 (freeware) to configure your system this way ( http://www.agnitum.com/download/outpost1.html ). To exploit task scheduler listening on port 1025, you can even download a tool from the net: remoxec from http://www.securityfriday.com/tools/Remoxec.html . This explains probably the amount of scans of port 1025. Tag: New spyware/hijacker - Sodhell Tag: 58295
  - 5
    - Get a LEG UP on spyware! Are you sick and tired of coming home from a long day at work, turning on your computer, and finding MORE spyware and adware? Now, you CAN be notified of new spyware/adware, whenever, wherever, you go... Pull the plug on adware and spyware and stay NOTIFIED with the latest version of this free tool...introducing Quad- aware! It's simple! A small incision is made into your quadriceps, where a small beeper-like device is inserted.* When Quad-aware scans your system--including removable drives--for the most common types of advertising spyware and safely removes offending software, you get a tingling feeling in your leg that TELLS YOU that your computer has just been cleaned of offensive spyware/adware! The convenience of having the program notify you regardless if you are at work or on vacation is phenomenal! Currently, the utility detects small ad programs from Komet-Kursor, Sighdoor, Doubleclit, EverAfterAd, and others. Quad-aware features an interface as well as safeguards for users who may not be comfortable with the tingling notifications in the leg. Because many ad-supported programs won't function if you remove their ad modules, you may occasionally want to overrule a tingling alert to remove one of these components. One other neat feature: it lets you search for new reference files automatically by hitting your thigh three times! Quad-aware STAYS updated when YOU want it to, from the comfort of your office or car. As many of us know, "spyware" refers to programs that are embedded in applications to report information to advertisers. These programs are included in shareware and freeware because that's the only way some cheap developers can pay their bills! If you don't want any part of this-- and feel that staying home just to run an app to see if you have spyware--you should definitely consider downloading Quad-aware! Quad-aware is free for noncommercial use only (you only pay for the quadriceps operation of inserting the device that notifies you of Quad-aware's actions). Convenience, value, dependibility...what are YOU waiting for? Download Quad-aware NOW! http://www.QUAd-aware.net *Not recommended for weightlifters, track runners, or any sport requiring excessive leg work. Tag: New spyware/hijacker - Sodhell Tag: 58294
  - 6
    - digital dashboard and IE security I am looking into implementing a user portal that requires the use of Digital Dashboard. The lastest version of Digital Dashboard will only install properly under an older version of Internet Explorer. My question is that the IE wil probably not be used on this server. Is it still a compromise to security if IE is not up to the latest version with SP and patches? The server also only can go up to windows SP3. Thanks. Tag: New spyware/hijacker - Sodhell Tag: 58293
  - 7
    - Unwanted downloads I keep getting downloads in my add or remove programs file. Locksmart is one of them and they will not delete. Anyone have any idea how to get rid of them. Thanks Tag: New spyware/hijacker - Sodhell Tag: 58286
  - 8
    - Problem!! My Internet Explorer evevry time i try to acces a page it goes to another site "http://eebaeb.outhost.info/" and i can't get ride of it. If tried every. From a full system scan to spyware removal but still nothing. Pls help me out cause im lost. Tag: New spyware/hijacker - Sodhell Tag: 58285
  - 9
    - New MSSecure.XML Version 2004.07.30.0 Now Available MSSECURE.XML Data Version 2004.07.30.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, July 30, 2004, and is now available for all supported languages (English, French, German and Japanese). Please allow time for each language to be replicated across all worldwide servers, and consider flushing local IE and proxy caches to ensure quick receipt of the XML file. Once replicated, MBSA will automatically download files from the following locations: ENU (1033): http://go.microsoft.com/fwlink/?LinkId=18922 DEU (1031) : http://go.microsoft.com/fwlink/?LinkId=18121 FRN (1036) : http://go.microsoft.com/fwlink/?LinkId=18122 JPN (1041): http://go.microsoft.com/fwlink/?LinkId=18120 This release includes detection for the MSRC bulletin released today, 7/30/2004, available from the TechNet Security web site here: http://www.microsoft.com/technet/security/current.aspx This release also includes a number of improvements to further reduce unnecessary 'greater than expected' warnings, missing registry key warnings and corrected links to download locations for use by SMS. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: New spyware/hijacker - Sodhell Tag: 58283
  - 10
    - Outlook express removing attachments Over the past few weeks my outlook has automatically removed attachments because it thinks they have a virus. Problem is its preventing me from viewing every single attachment, even ones I know to be clean (sent form my office). I have my own virus software (norton) and don't want outlook express to action its own, not least because it is clearly not doing it correctly. How does one de-activate outlook express removing attachments thanks Tag: New spyware/hijacker - Sodhell Tag: 58279
  - 11
    - suspect download can anyone tell me if this is legitimate. I keep getting this pop up telling me to download. this started after windows update. http://www.windowspatch.org Tag: New spyware/hijacker - Sodhell Tag: 58278
  - 12
    - Microsoft Security Bulletin for July 30, 2004 Follow up set to microsoft.public.security Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summaries: Windows : http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx Critical Bulletins: MS04-025 - Cumulative Cumulative Security Update for Internet Explorer (867801) http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx This DOES NOT represent our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: New spyware/hijacker - Sodhell Tag: 58277
  - 13
    - "MSN" Account Email I have recieved this email twice. When I try to do the=20 link, it is not found. Is this for real? If so, where do I=20 go to fix this? I do not like being threatened by msn,=20 especially since I have been a member for a loooonnnggg=20 time.=20 Dear MSN Member, During our regularly scheduled account maintenance and=20 verification procedures, we have detected a slight error=20 in your information. This might be due to either of the following reasons: 1. A recent change in your personal information (=20 i.e.change of address). 2. Submiting invalid information during the initial sign=20 up process. 3. An inability to accurately verify your selected option=20 of subscription due to an internal error within our=20 processors. Please update and verify your information by clicking the=20 link below:=20 https://www.msn.com/acconfile.srf?id=3D6528 If your account information is not updated within 48 hours=20 then your ability to use your MSN account will become=20 restricted. Sincerely, Please do not reply to this e-mail, as this is an=20 unmonitored alias. If you have general questions regarding=20 your account, please click Help in the upper right corner=20 for the MSN Hotmail comprehensive online help. Click here to read the MSN privacy statement. =A9 2004 Microsoft Corporation. All rights reserved Tag: New spyware/hijacker - Sodhell Tag: 58273
  - 14
    - Keylogpro..how to get rid of this hi i recently downloaded and started using Webroot spy sweeper.3.o.o it has detected a KeyLogPro,which apparently is a a monitoring program that records your keystrokes.trouble is i cannot seem to delete/rid this program .even though spysweeper says it has detected/deleted it ,it is always there when i scan. also get this message where it supposedly is : Spyware name:KeyLogPro Location:HKEY_CURRENT_USER\software\iconizer. Fingerprint type:Exact Match Category:System Monitor. ive looked in above Location but found nothing .any ideas? any help very much appreciated. thankyou Alan Tag: New spyware/hijacker - Sodhell Tag: 58268
  - 15
    - adware threats does anyone have any type of info of how to rid adware threats? I looked them up at symanecresponse and it says they are low threat and low removal. Is there a way or place I can go for help? ME Tag: New spyware/hijacker - Sodhell Tag: 58267
  - 16
    - unwanted 'favourites' About half a dozen or so urls keep appearing in my favourites folder for sites like 'casino', 'viagra' 'best search', and these spring into action at random intervals by opening themselves. Every time I delete them they just re-appear next time I boot up. Most of them have a url that begins www.thebestsearch.net or easysearch.cc My virus scanner doesn't pick up anything - is this is virus? Any suggestions welcome. Thanks Gary Tag: New spyware/hijacker - Sodhell Tag: 58263
  - 17
    - MS Security Patchs Hi, Does anyone know an easy way to determine if a hotfix has been superseded by another? Is there a matrix or something that Microsoft provides that can show you this without going through every security bulletin... Thanks, John Tag: New spyware/hijacker - Sodhell Tag: 58256
  - 18
    - IadHide4.dll IadHide4.dll What is it? How do I get rid of it? Resides in Temp folder, I am not sure where it came from I have demo versions of Adaware,spy hunter,pc bug doctor they do nothing. Ihave tried booting into safemode and deleting there with no sucesses. I have tried going into DOS and finding it using a command prompt. Seems this thing an old prob. from the threads that I have looked at. All help appreciated! Thanks GTW Tag: New spyware/hijacker - Sodhell Tag: 58242
  - 19
    - how to get CSP signature? Dear Sir: I have developed our CSP for our product. It's a CSP dll with USB Memory Stick. But I see CSP DLL must have CSP signature. Can you help me how to get CSP signature? Thanks. With Best Regards. Tag: New spyware/hijacker - Sodhell Tag: 58238
  - 20
    - HELP Making Folder Private I am running Windows XP Pro. I followed the instructions below on how to make a folder private. When I got to: "On the Sharing tab, select the 'Make this folder private so that only I have access to it' check box." That line and checkbox are grayed out. The folder I am trying to make private is in MY DOCUMENTS which is one of the folder areas that this option should be available per the instructions below. The only thing I don't know is if my hard drive formatting conforms to this instruction: "You cannot make your folders private if your drive is not formatted as NTFS." Can anyone help? Is there a way to tell if my drive is NTFS formatted? Any other suggestions? Thanks. ======================================================= INSTRUCTIONs FROM MS HELP AND SUPPORT CENTER: To make your folders private Open My Computer. Double-click the drive where Windows is installed (usually drive (C:), unless you have more than one drive on your computer). If the contents of the drive are hidden, under System Tasks, click Show the contents of this drive. Double-click the Documents and Settings folder. Double-click your user folder. Right-click any folder in your user profile, and then click Properties. On the Sharing tab, select the Make this folder private so that only I have access to it check box. Notes To open My Computer, click Start, and then click My Computer. This option is only available for folders included in your user profile. Folders in your user profile include My Documents and its subfolders, Desktop, Start Menu, Cookies, and Favorites. If you do not make these folders private, they are available to everyone who uses your computer. When you make a folder private, all of its subfolders are private as well. For example, when you make My Documents private, you also make My Music and My Pictures private. When you share a folder, you also share all of its subfolders unless you make them private. You cannot make your folders private if your drive is not formatted as NTFS. For information about converting your drive to NTFS, click Related Topics. Tag: New spyware/hijacker - Sodhell Tag: 58234
  - 21
    - IE6 not logging me in as Administrator 99% of IE6 works like it should but for some reason I can't directly access [Tools] \ Internt options, some kind of error: " Restrictions The operation has been cancled due to restrictions in effect on this computer. Please contact your system Administrator" DUH! I AM the computer's Administrator, I am the only one who uses this computer and is not networked with any other system (aside from the internet) and lastly probably because of this 'glitch' I can't change my home page if I wanted to. Any quick fix soultions? like [regedit] Tag: New spyware/hijacker - Sodhell Tag: 58230
  - 22
    - Setting the proper userid and password credentials for printing How do I set the userid and password to a default printer? I can select the printer through Visual Basic that I want to print to, but in order to be able to print to it I need to supply the correct credentials. I haven't found anything that specific how to do this. Once I set the credentials then I can use the printer properties to print my document. Tag: New spyware/hijacker - Sodhell Tag: 58223
  - 23
    - Reporting on MBSA scan output I've a question that I know someone has the answer too. I trying to create a report based on the Bulletin ID from my XML output from my MBSA scan. I am running the following command cscript.exe /nologo rollup.js -b MS01-055 MS01-056 MS01-058 MS01-059 MS02-005 MS02-008 MS02-009 MS02-010 MS02-013 MS02-015 MS02-018 MS02-019 MS02-022 MS02-023 MS02-024 MS02-025 MS02-027 MS02-028 MS02-029 MS02-032 MS02-033 MS02-039 MS02-040 MS02-041 MS02-042 MS02-044 MS02-047 MS02-048 MS02-052 MS02-053 MS02-055 MS02-056 MS02-058 MS02-061 MS02-063 MS02-065 MS02-066 MS02-068 MS02-069 MS02-072 MS03-001 MS03-004 MS03-006 MS03-007 MS03-008 MS03-011 MS03-014 MS03-015 MS03-017 MS03-020 MS03-023 MS03-026 MS03-030 MS03-032 MS03-037 MS03-039 MS03-040 MS03-041 MS03-042 MS03-043 MS03-044 MS03-046 MS03-048 MS03-049 MS03-051 MS04-001 MS04-004 MS04-007>Report.xml My question is there another switch that will check all the bulletins with out me listing all of them. This way every time a new bulletin is added I don't have to go into my reporting script and make sure I added it there too. Any help is appreciated. Thanks Ryan Tag: New spyware/hijacker - Sodhell Tag: 58218
  - 24
    - Big (for most) AVG 6.0 Update Available - 29 Jul-04 See: http://free.grisoft.com/freeweb.php/doc/4 If OE Plug-in is enabled (email scanning), you will be prompted to end OE before installing update. Current version: 6.0.732 dated: 29 Jul 2004 FILE MinVersion Size u617mhvw.bin 6.0.731 1343kb u617mav4.bin 6.0.640 2.7mb u617m1ao.bin 6.0.516 3.5 mb -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Tag: New spyware/hijacker - Sodhell Tag: 58205
  - 25
    - security certificates No longer am able to sign in to .Net PP am able to sign into msn.messenger ONLY am blocked by "sas.zone.msn.com/ +++ invalid. out of date, previously marked distrusted.... it worked flawlessly until a couple days ago. OS windows 98 I am desperate - any help out there for me? please please Tag: New spyware/hijacker - Sodhell Tag: 58202

August 01, 2004 (from http://www.netrn.net/spywareblog/):

There have been a lot of search engine hits to
[http://www.netrn.net/spywareblog/] for "sodhell", so
[Suzy of netrn.net] decided to do some checking to find
out what sodhell is.

This forum post describes pop-up windows to sodhell.com
and trying to entice you to click an OK button on an
activeX Download ([Suzy of netrn.net has] since cranked IE
up to HIGH in all zones).

Another forum post says: My aunt just called and said
she's having trouble with her computer because
http://www.sodhell.com/ keep popping up talking about some
survey crap and she said that since it starting she can't
surf the net anymore...

Another forum post: A computer opens Internet Explorer on
login and goes to www.sodhell.com. This is not the default
page for IE and IE is not in the Startup folder anyway. It
happens every login. When it first happened McAfee
detected the virus JS/keylog-briss.ldr each time but this
no longer happens. I have scanned the system with AdAware
and SpyBot and fixed the problems but the "sodhell"
problem continues. Ater running HijackThis and removing
the recommended offending files, the problem was solved in
that case.

[Suzy of netrn.net] got brave and went to the sodhell site
to see what was up. The main index page has a line of text
on it, "mimo u smell" (strange I know) and [Suzy of
netrn.net] got screenshots of everything. Apparently the
offending page is the sodhell/survey.html page, which
tries to install two plug-ins, which [Suzy of netrn.net]
refused. [Suzy of netrn.net] did get screenhots of all the
pages' source code which is very interesting. There's a
line with freecash.xxxcashbar.com. Since [Suzy of
netrn.net doesn't] know javascript, [she's] not sure if
it's an installer or exactly what. [She'll] have some code-
wise folks check it. [She'll] make another post about it
when [she has] more info.

If you arrived at this page seeking help because of
sodhell, please go to [Suzy's] forum at
http://spywarewarrior.com. DO NOT post help requests or
HijackThis logs in the blog comments. They will not be
answered here.