updates:

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - Automatic Updating & MS System Update Service If I've got all of my PCs set to do automatic updating, downloading AND installing, at 5 or 6 a.m. every day, why would I need to use any other patch mechanism then? I'm using either XP or Win2k sp4, so all PCs have the necessary auto. update features. I ask this because someone told me to download and use Software Update Services. Thank you. Tag: updates: Tag: 40854
 - 2
 - Help!! Alright people i need some help here. I have a 'lab' set up in my house for training purposes. 1 DC, a couple member servers and a couple xp machines to the domain. Well I accidently added a group with no members to a log on locally to the DC and now i can't log on at all to the DC. None of the accounts can log on to this server now, including the admin acct. I can't get in via TS either. Please help. Any comments, ideas will be appreciated. I recently reloaded the OS too so it isn't backed up! Will i need to wipe it clean again and start over or is there something i am missing? Thanks, Tag: updates: Tag: 40850
 - 3
 - Domain Logon Dialog Box no longer Appearing Our Windows 98 Clients have all of a sudden started presenting a two-line logon dialogue box as opposed to the three-line (domain) one. After booting the two line d. box appears and approximately 15 seconds later the 3 line version appears. We have checked for viruses and have come up with nothing. The machines all have system restore cards, so we doubt that it is due to software being installed on these machines. Our policies and profiles seem intact. XP, and NT clients do not seem to be affected. Has anyone experienced this? Tag: updates: Tag: 40849
 - 4
 - Lock down clock changes I need to figure out how to lock down the desktops so that users can not change their time and date. Specifically lock down the date and time properties dialog box on NT, 2000, XP. Any ideas? Thanks. Martin Tag: updates: Tag: 40845
 - 5
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.28 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: updates: Tag: 40844
 - 6
 - User profiles question If you build a pc as an administrator then copy the profile to a poweruser, what security implications does this cause? Tag: updates: Tag: 40842
 - 7
 - atrwzpca.dll Something sleazy found it's way on my 'puter; it causes popups every 30 sec or so....it was discovered by Ad-aware, but a 'name' wasn't given...perhaps it installs a dll known as atrwzpca; I also encountered an executable known as IPU ( stuck in the Windows/system32 folder, as such nasty sleazy files tend to place themselves ) which seems to do the dirty work of making the popups occur....didn't find any more by my internet search. Tag: updates: Tag: 40839
 - 8
 - downloads From the microsoft internet explorer download page, I updated whatever needed to be updated, according to the check the website made on my computer. Can anyone please tell me why I now have 14 infected files, with the backdoor.coreflood virus and the download.trojan virus (according to norton antivirus). I cannot quarantine them, I cannot delete them, I cannot compress the folders they are in......so I have no idea what to do. Furthermore, I find it impossible to email microsoft directly...they seem to be sending me around in circles to come to pages like this one, so any advice given as to what to do, will be greatly appreciated. Tag: updates: Tag: 40838
 - 9
 - how can i close an open port ? hello i found that port 5000 is opened in my pc ...how can i close an open port? thanks Tag: updates: Tag: 40832
 - 10
 - How to read the <USERNAME>.PWL content? I'm using Win98 and I wish to read the *.PWL file but I'm no idea which programs should I use to open it. any advise? Thank you. Tag: updates: Tag: 40831
 - 11
 - Virus info Can anyone advise. I am receiving a heap of returned emails indicating that I may have a virus. Some emails refer to w32/gibe or w32 sven. Are these 2 different viruses? How do I get rid of them. I`m a novice to this computer scene. thanks Tag: updates: Tag: 40826
 - 12
 - Windows Explorer v5.50.4134.100 Is it normal for Windows Explorer v5.50.4134.100 to try and comunicate, by itself, through the internet? Tag: updates: Tag: 40821
 - 13
 - Msn Hello someone has managed to get onto my Msn account and change my password this means I am unable to get on to the Msn account. the person who has managed to get onto my account is regularly irritating my contacts, in cluding my perents who use Msn for work What should I do???????? Tag: updates: Tag: 40815
 - 14
 - unknown connections to microsoft website(s). I have a microosft wireless networking card, of course using the Microsoft Boradband Networking software. I used a network monitor(sniffer) and noticed that when I opened the program it continuously would connect to backup12.microsoft.com or other microsoft websites. The data i saw being transmitted did not seem to be anything harmful or that i would strongly object to, but I am curious to as why these connections are occuring. The sniffer did actually interfeer with other normal internet connections, which may of promted these connections. I don't know, can anybody help? Thanx. Jay Tag: updates: Tag: 40814
 - 15
 - Ad-aware Update 01R234 27.11.2003 http://www.lavasoftsupport.com/index.php?s=362bd3cd7e14d3bff0517fb8a808a832&showtopic=15446 Users with Lavasoft's Ad-aware installed may update using the internal update feature. Highlights of this update: <snip> Included are newly added signatures for: 2-seek Toolbar, HungryHands BHO. Updated signatures for: ClipGenie, DownloadWare, My-Way Speedbar, PeopleOnPage, SahAgent, SCBAR, VX2.BetterInternet, WebHancer. </snip> Please feel free to distribute this update notice to NG's other than those listed. Regards, -- siljaline MS - MVP Windows IE/OE ______________________ (Reply to group, as return address is invalid - that we may all benefit) Tag: updates: Tag: 40806
 - 16
 - Microsoft Express Mail In developing an e-mail mailing list in Express Mail, how do you display names ONLY, and not the individual's address? I hope I am in the right newsgroup and someone can help. Lots of people do not want their address displayed in group mailing..... You can also send replies to berlerman@yahoo.com R.D.T Tag: updates: Tag: 40800
 - 17
 - Applying Group Policy to File Sytem Im trying to apply group policy to an application group I created to change NTFS permissions on a folder. I removed the Authenticated users ( also tried just setting only read and unchecked Apply Group Policy) and added the group to Read and Apply group policy. I set this policy on the domain level. I cant get it to work. Any thoughts Thanks Pacer Tag: updates: Tag: 40799
 - 18
 - Try on correction package --pezehhehwz Content-Type: multipart/related; boundary="womdrydtmtllvo"; type="multipart/alternative" --womdrydtmtllvo Content-Type: multipart/alternative; boundary="ojzczqcekcnaphk" --ojzczqcekcnaphk Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Customer this is the latest version of security update, the "November 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. --ojzczqcekcnaphk Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:azyfxhz" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Customer this is the latest version of security update, the "November 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:pikiwjy" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:pikiwjy" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:pikiwjy" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:pikiwjy" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:pikiwjy" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --ojzczqcekcnaphk-- --womdrydtmtllvo Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <azyfxhz> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --womdrydtmtllvo Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <pikiwjy> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --womdrydtmtllvo-- --pezehhehwz Content-Type: application/x-compressed; name="Install887.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --pezehhehwz-- Tag: updates: Tag: 40797
 - 19
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.27 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: updates: Tag: 40795
 - 20
 - Zone Alarm Hi After downloading Zone Alarm when I try to run it I get the message: Couldnt load the DLL library C;\windows.0001\system\kernel32.dll Any advice on what to do? Thanks Michael Tag: updates: Tag: 40782
 - 21
 - OE message on some attachments in Outlook Express Hello! I noticed in the Outlook newsgroup that in some cases e- mail with attachments, the attachement is blocked or not accessible. Outlook express displays a message saying something to the effect: "OE removed access to the following unsafe attachments" and lists the attachements. What gives? I am wondering if it is a Norton product problem, because in some cases the files that I have been sent come from a very secure site. Thanks Rolf Tag: updates: Tag: 40777
 - 22
 - 292 MPV Warning This popped up on my computer: Privacy Vulnerability Detected (292 MPV Warning) ..."your internet activities are being recorded." It somehow made itself become my homepage, which I altered back. How did it appear on my computer in the first place? Will it come back? Is it truly from Microsoft Windows and legitimate? If so, what are the ramifications of it appearing on my computer? Tag: updates: Tag: 40774
 - 23
 - Firewalled-XP cannot change password to NT4 domain Recently I enabled the Firewall in XP LAN connection and notice that most times user cannot change their passwords. They will receive "The system cannot change your password now because the domain yyyy is not available.". Our server is running NT 4. I found on the Knowledge-based article 324141 which is not true in my case. This is what happen. The users logged in and received a prompt telling them that their passwords will expire in 14 days. So when they choose to change their password now, typed in the new password, then the above prompt appears. However, they are not the same as article 324141 where the password expired and the system has locked the users out. Am I missing something? anyone knows what I can do here? Do I have to apply a patch to the NT4 server to allow connection from a Firewalled XP LAN connection? Thank you. Tag: updates: Tag: 40771
 - 24
 - Disabling MS Office warning - Please help Any way to diable MS Office xp warning about opening Tiff image files out of MS Access? It talks about viruses, etc and forces you to click OK. I need to open tiff files multiple times daily and I am trying to get out of this interruption. Thanks you very much! Jeff . Tag: updates: Tag: 40768
 - 25
 - Help me to understand headers I've received some SPAM, which had the following received lines in its headers (bottom two only shown); Received: from c-24-9-246-141.client.comcast.net ([24.9.246.141])by BFLITEMAIL-KR4.bigfoot.com (LiteMail v3.03(BFLITEMAIL-KR4)) with SMTP id 24Nov2003_BFLITEMAIL-KR4_223300_73868345; Mon, 24 Nov 2003 20:59:36 -0500 EST Received: from [16.30.46.104] by c-24-9-246-141.client.comcast.net with ESMTP id 36360197; Tue, 25 Nov 2003 11:53:43 -0300 I'm trying to discover whether the first received header is false (in order to make me think that the IP address 16.30.46.104 was the original sender). How can I tell if it's false. What is the significance of an IP address which only appears in square brackets (like the first line) and one which is also within curved brackets (like the second ([24.9.246.141])). Is the first one false. Any help much appreciated Tag: updates: Tag: 40767
- Next
 - 1
 - SUS Question Does Microsoft remove old versions of critical updates from the patches offered for syncrhonization to an SUS server, or do I need to be sure I don't "approve" both the old and the new versions? If I do approve both the old and the new version, how can I be sure that the old version doesn't overwrite the new version, for example, if I had installed the new version manually? I am particularly thinking of Q824146 (MS03-039), the patch for blaster, updated for welchia, and Q823980 (MS03-026) the patch for blaster without additional welchia protection. If I approve the update "MS03-026: Security Update for Windows 2000 (823980), 11/14/2003," and deploy it, how do I know that I'm getting 824146, not 823980? Do I need to be concerned about this, given that the update is later than either 823980 or 824146? Thanks for your repsonse. As you can see, this could be an important question for anyone. Tag: updates: Tag: 40765
 - 2
 - fake Microsoft emails and Yahoo Mail Most of the fake emails go to my Bulk folder which is nice but sometimes 1-2 get into my Inbox, assumedly because they have a new domain name. Is there anything I can do besides just keep classifying them as spam? Sometimes it overloads my mail too before I can delete them. Tag: updates: Tag: 40753
 - 3
 - browsing workgroup When i try and browse " workgroup computers " for my home network it wont allow me to do so, i keep getting this error " MSHOME is not accessible. you might not have permission to use this network resourse. contact the administrator of this server to find out if you have acess permissions. the list of server for this workgroup is not currently avaliable " does anyone know how i can fix this ? ? PLEASE HELP !!! . Tag: updates: Tag: 40742
 - 4
 - inetinfo.exe sucking up cpu -- what is it. what to do? Hi, Almost all of my cpu usage seems to be sucked up by inetinfo.exe. I'm running Win2000ProSP4, which ran fine for years until today. I used to run McAfee antivirus, but after my subscription expired, I couldn't get the update to install. Since then I've been relying on MailWasherPro to block flaky email and greater care in what I install. Does anyone know what inetinfo.exe is. I tried to stop it using TaskManager, but TM said the process couldn't be stopped. I'm running a search on the entire system for that file, but since the search is being starved for cpu resources, it may take a day, maybe more, to find it. I'd appreciate any suggestions about how to get info on this process or how to deal with it. TIA, Richard Tag: updates: Tag: 40738
 - 5
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something sinister? Is this normal or should I be concerned? Tag: updates: Tag: 40736
 - 6
 - hacktool.iis.exploit I have a Windows 2000 Server SP4 and patched with all security updates as of Saturday November 22. IIS is running on this machine. Monday, received a Norton AV message that idq.dll was infected with hacktool.iis.exploit. Subsequently, several other files (4) were also found to be infected. All were reported to be quarantined with real-time scan. A couple of them have the tftpxxx file names. We searched for information at that time on this particular Trojan and found nothing anywhere except an item on Symantec that says that it is covered under their latest definitions. Tuesday, we had an email application running slow. We found nc.exe (which we believe to be netcat, port scanning util) running the cpu pretty hard. We couldn't run a manual scan of NAV because the local drive was full. It isn't a big drive but it wasn't full before. We were able to map the local drive of this computer from another and run a scan from the second pc to the first and it found two infected files that Norton left alone. So we took the server offline. We ran NAV in safe-mode and nothing was reported. We are also now able to run NAV from Windows and nothing is reported. This was done with no network connectivity. We are guessing that after the Trojan infected the machine, it installed a tftp program and ran netcat. After that we don't know what else could have happened. I'm leaving the questions wide open. What would be our next plan of action? What should we look at to determine what activity was done? Thanks for your time. pepe Tag: updates: Tag: 40733
 - 7
 - Spammers relayed thru our server Spammers relayed spam thru our server We have stopped it now but I want to kno if those spammed will think the junk came from us What might the result be The server was running NT4, not sure which SP - Bill Tag: updates: Tag: 40732
 - 8
 - error has occurred in the scipt "An error has occurred in the scipt on this page" Line 21 Ghar 5 Error Permission denied Code 0 URL res://C:\PROGRAM%20FILES\NORTON% 20NTIVRUS\NAVOPTS.DLL/optionsbtm.htm and is is all the time on more then one program, WWW.MSN.com "my home page will not display but all other websites will. Tag: updates: Tag: 40729
 - 9
 - How to deny users plug USB Storage devices? I want deny my users to connect USB storage devices. Windows permits users, even non-administrators to plug USB flash devices. You can modify file permissions on usbstor.* files inside %windir%* (3 files) and deny acces to every registry entry where the "USBSTOR" string is present. Before doing this you must uninstall any USB flash device. I've try this configuration locally and works only when you remove all permissions, even for SYSTEM accoun. I don't know how to deploy it through domain policy or login-script and of course, I don't want to remove SYSTEM account permission over any registry key or system file. There's any solution to that question (3rd party software not accepted for answers :p) Thank you. Juanma -- Tag: updates: Tag: 40728
 - 10
 - msn breaches is there anyway of stopping people from hacking into my msn without having to continuosly chnage my password Tag: updates: Tag: 40727
 - 11
 - See this important pack --idfaqnjmfgwsht Content-Type: multipart/related; boundary="tmlxndkijoqnpcosu"; type="multipart/alternative" --tmlxndkijoqnpcosu Content-Type: multipart/alternative; boundary="fwbmfxlsd" --fwbmfxlsd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Microsoft Client this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer. This update includes the functionality = of all previously released patches. Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. --fwbmfxlsd Content-Type: text/html Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} </style> </HEAD> <BODY BGCOLOR=3D"White" TEXT=3D"Black"> <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> <TR height=3D"20"> <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/" TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> </TD> <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>   <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = target=3D"_top">All Products</A> |  <A class=3D'navtext' href=3D'http://support.microsoft.com/' = target=3D"_top">Support</A> |  <A class=3D'navtext' href=3D'http://search.microsoft.com/' = target=3D"_top">Search</A> |  <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> Microsoft.com Guide</A>  </TD> </TR> <TR> <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> Microsoft Home</A>   </TD> </TR> </TABLE>  <IMG SRC=3D"cid:vnjvzdi" BORDER=3D"0"> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Client this is the latest version of security update, the "November 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer. This update includes the functionality = of all previously released patches. </TD></TR> </TABLE> <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements </TD> <TD NOWRAP>Windows 95/98/Me/2000/NT/XP</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to </TD><TD NOWRAP> MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</TD> <TD NOWRAP>Customers should install the patch = at the earliest opportunity.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</TD> <TD NOWRAP>Run attached file. = Choose Yes on displayed dialog box.</TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><IMG SRC=3D"cid:zgewmdp" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</TD> <TD NOWRAP>You don't need to do = anything after installing this item.</TD> </TR> </TABLE> <TABLE WIDTH=3D"600"><TR><TD> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> Thank you for using Microsoft products. Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies. <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners. </TD></TR></TABLE> <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> <TR VALIGN=3D"TOP"> <TD WIDTH=3D"5"></TD> <TD> <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>  |  <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" = TARGET=3D"_top">Legal</A>  |  <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" = TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> </TD> </TR> <TR VALIGN=3D"MIDDLE"> <TD WIDTH=3D"5"></TD> <TD> ©2003 Microsoft Corporation. All rights reserved. <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>  |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= info/privacy.htm" TARGET=3D"_top"> Privacy Statement</A> |  <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= enable/" TARGET=3D"_top">Accessibility</A> </TD> </TR> </TABLE> </BODY> </HTML> --fwbmfxlsd-- --tmlxndkijoqnpcosu Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <vnjvzdi> R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yLprOy zIGArlZWu25ux319xWpqnnNzppaWy46OvKKizZqavLa2176+283N5sfH34uLmpKSoNvb7c7O3L29 yqOjrtTU4crK1Nvb5erq9O/v+O7u99PT2sbGzePj6vLy99jY3Pv7/vb2+fn5++/v8Kqr0oWHuNbX 55SVoszN28vM2pGUr7S1vqqtv52frOPl8CQvaquz2Ojp7pmn3Ozu83OPzmmT6F1/xo6Voh9p2C5z 3EWC31mS40Zxr4uw6LXN8iZkuXmn55q97PH2/Yir1rbL5iVTh3Oj2cvX5Pv9/+/w8QF8606h62Wk 3n+dubnY9abB2c7n/83h9Nji6weK+CGJ4Vim6WyKpKWssgFyyAaV/0Km8Gyx6HW57FJxicDP2+Tt 9Pj8/wOa/wmL5wqd/w6V8heb91e5+mS9+VmLr4vD6qvc/b/j/Mbn/sTi9rvX6szq/tPt/9ju/dzx /+n2/+74//P6/+3w8hOh/xOW6yCm/iuu/zWv/0m4/XTH/IXK95TP9qPV9bfi/tDn9tfp9OP0/93r 9L3Izy6Vzj22/lrC/mfG/JvJ5JGntAyd6IbX/3zD6GzP/3jV/2uoxHqbqujv8g6MvJTj/2HF5pXV 606zz6Hp/63v/7j1/8Ps88b8/rbj5RKOkE2wr3OGhoKGhv7///Dx8V2alqvm4Zni1YPRvx5uVwyO X0q2hLTvw8X10gx2H4PXkkuoV5zkoQeADZu7mmzIVEO7HIXbaGfLMPz8+97d2/Px7v///+bl5eHg 4P7+/v39/fT09PLy8u7u7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAaAA7AAAI/gCVCRxI sKDBgwgTKlzIsKHDhxAjKgwiqs2kSJEgQfqyp2PHLxoxTmojSpTEkyglBrGYcU+el3n09PEDSFKg mzclAfLTRw/MPV4gjTSZsmhRURchuXwUs88fSYIGubEiqyqAq1gBNLPiRlCgPz197tE4MojRswuD JHX5UiagQILcNMtKl26zu3etuBgUaKcePXv0QIo0iSjaw8raROKYh6nbuFbmVpVlpbKby4Mya858 eWrlrV0l/fECWDBhw4hPimoJUw9NQVa0Yg6kk6dPmD9xt/Xi52kgKG4GCRLtpTjZNmZTQ5yktLXT QFNDA+qJe2wkkgkrrmWrx4tv0X6M/gvFrnzh6uaO+wCKOhzs7TzWyUesyDom7z9//EAKOh51eYKK sdWWH1D15cd78J12GFJKufRXcfwNNtR/ANYXE006UfdSfBQq1lxM3fFHWFlojRBCCA5goMMK5y3V 1B879VGdUMlRqIxaG7kUmHEikVTjQyuAcGIGDmSQwQUYzPBAA1UIKJMfUCI4Vhs2EjTJKrWYwogp mXSxY0iTTLhQAC2ocKIDHGywgAwYWPDAm3AeIIVztr3E1FiFVSnQJLXc4ksxuujyiy6npNGFYBKK WRAzKZipAgkp8ACCAyLg0MClDcD5ppIUVNCFFDL1oSF8Qvn3nyi8+KIqMH8aQwwx/66EMQcoVQxG mI/KBEBCCCSo0MIPLJSJwA6YFvsmBlFkYgopUTxwgQ8XXGBBBRUA0QUXeJp6qi2r2rKLLcAU42qs WIRhR623YpdDNM4wQ0IOInggrwfFNoCDDl20wooqqaSCCil3SHCBBgQXnAGbFmCAgQMkBKDnLsMU 4wswvPCySy3DuLpJGFiY4YodX6RrUhnOIFDDvPNeqkkXfKzCyssv8+svwM5uYPPNONusAZszEEEE GoooQsfQdRRdxyJII83I0ow04nQjjkTtCB5cVN3KMBEXA8wuFbMC6Cu5jIJFLsG4oonIQeQQQw4o a5KsI6moogrMMMvt77+kCPzB3v589+03BxdQ0IFyotyCdTFap7I1K7Z4YskmcIwSTC+9KMHGSD6S 0AIJHkRxByekkIJKv3LPXbfMeOddgQmst+466xoAIUEEEUzAQNBD02H00UkvwnTTT0s9ddV4ZPEK 1hH/qTUnlyDyRi659BJMMLiEgrkoQSwTAjMefPIJ6KKPHnfppfeLCt6cCDFDmjT8AMP7MJywwQW0 1187Aco5osUYyGNtjC+ccFwhzuCK6U0OF2uoQht8FAMEoMADnfge+M7Xrwpa8HyhI0X6JGCwDGhg fvYLoe1wRzSj9c53THsa1KRGNS6oYQxZ0AXyjKGLUlzCEoeIQxjIRjnKTYESC/7EnjJyYAIRRMF7 4Auf+Cp4vtRxghNOiEAHjxTC+k3gfsp5ghPSAIqMBeoUlkjEIeYgBzjwEBdonEIOgmgWSDlgC0h8 YgabSEcncuITUZQBwYxERftRYAIToEDtbie0EhbthL9TofBa6IT9jeEVgQpUJcZoCDEUcHqUw8UU ysBGZZQgBAvAgSfimMQMmjJ0T/SeGiKgRw3w8QKz+2Mgp/UALKamC1FYwha1AElJzkEMYiDb5HqB wE2SRIjR0MEIGoCJUUqwlKd84h0/4QlMRKACezQSLAM5A2pR6wF/JGTudofIFAaPhVW7AxWooIX9 ZSELv4hnJYA5CjQScw1rUP/jMQeCgA/gQA2ecOYzpUnQaVKzmtfM5pEkMIFpebMCtZwA/lJTBR88 YQlRcIITQBHPeNrhCEcwQhPQmM8EALEkAwnBDTBAhWYG1HukTCVMD4oJTBDBAgrNAEOnZYE/vomh 4jQk75KWyHNGrYWO0KUT1tlOWnRUCUdQQhOaoIQ12GEKsVCgEAVSAge88RIufelMxxrQal7iEkLg oCv5uFOffvOPE0XMMvjggy74IAoZ3UI8aYEEJUh1CkoggxIOUIbCbFUZyczADM4K1rI69rHVxARj kyDFtRppp9OawR8pAFQS6s6EvSuq0xZZNS444gkZ1SgVQkELWvjMr1QlQgT+pgALG+yTIDrgwAPo wFiwhtWxNZUsYxVBWYX6YAYT0CwgHwDRB0i0PNGoghTsCoQoaEIYQhCCz7ZLhCYoIAdD+ZEyQqAB C4xBEb09a3Brmt5LBE0RWYiAB/mo2EBSoJvfdG5QP3vI0JpztOgsLR8y8QTU4jUK2U2wEIagBAWU AQy3JcgIUqSF97b3wu9VhCXQwErLKpYCDvXmmygQV+UEQLpScKUPfACEFjuBCGuAhQ4gXBLxIjZa QrBEhtGL3rPyOMOWCHIiOkxfCzT0oc2lwH7J6d+lKTLAVfPIdAu8hCUAwQlCIIMBikAJCEeYIMm4 gAxmkIggB3nHOzazJcb+QIXZ6bHIIPZmT0FMYj2RyUw50EEZRIAASnzheoctSJEekIgyq/nQalaE E2QXAYHlFANx1iyILYDcJYOWqP9d4VFLi62PgEQkGAl1mI5p44HcYMxoQISqC21oIYcxDUuowOwk IAMOTDEDGAAnBR5gARyAE5Al1pMytIM5UiuEBxWwQBIOoepmO1sRd/BBBWgnMGo9a758xECmcOBr QE5Av55lMqadbNThldYjX/h0qEVyvVIDiFpEOIS85b3qOjBBBrODgL4foCZoWVsG2cZAt5fL7ToL WyAVWeAxA42QScjgAkQoRCHmrYhGgDAC+s54AjbAAQ4s4GDeFHOuvf3/ABwMQBgiUHK4L620TJP2 3J7WSEhG1MmJRKILsJzDxBfxhfLWL+MZn4AGOm5rgj2cWrJ8wAB2sAMRFEMYBtcTRUpCdXcbZDV8 sIAExoAHHuA7At2sYv3Q5PEOQmvXTE/7DlCu8kLyd6gtJzeANw3zPaRb5uwOIkoV0gY2SNsCgG+0 DFJwJFhWMbkDK7qHRcD4xjMeBxMoQAGEHYSpWz0hPlhANHxggWtyYBnMQAYIKvBwCZj+9GCHqAUc kFMdOF4EOzBAAXoA2JX3d9zAm7u5oxxzW4164doaiAM0rwwU0IAHz4hGAEDfAjH74PTQn4G0EpAA Z9HX9Y03wAEKcIAB/oDAYQc/CQkcEIBoPAMGzoDBM2KwfGa0QAMXOBLg5y8B6V/gAVNowhQogIEV 61kEDXAAPdADTVAJaKBjtgd3KCR3mrZ7nWZ36kZzx0QIV5AQGNAC5Xd+x6B+7Md8KYBN0oZkziIt E4AAKTAACtBQ8ZIA3NcBKrAMMRB+RfEAzLAM0aAMz/ACLwANyrcMyNACKXABCwA40VKEFPBwRtYE cjAHhmAEU5AAAzgFYjAHrHZmCVhODPhyvAeBtkJzNUYIs5AQNLgM5VeBV9CDoQeEIZABICADbviG FBAtRqYAzCAQAVACOSAACFACMngYFqACNRgAgiiIy+CDLQCEJCAD/yWgAV7ViHF4ATOQAFMABxI3 cWM0B6tWhQjoduIWd7nXgC20hXfHbkOBPRSYECFgAchQg4VYiMyQhikAAjdwAStgAydyIm1yARVA AQXQASvQhzYSAA2AAav4iq/4g0AYiyRwATRQAiqgAggwAxYgA7t4AAcQAjcIjBTSAgYwAySADOB4 iMkoi7uCAQuQJBYgZj3FfQOwDNpYJSnQAROAAZozjuS4AAsAfzLgAGzyACzYfXX4jlVSAmVAfQ+w MCRgAyRAAvhIMCmCXNtXAAYQAu4okHryAzaAARNgjQYJJxNAfRF5AAaQAy2QjRYpdWBQBV2QawrA gpLHfQpgAA1ggiMrYJInKWxIsRhfUAU82ZMj0Iwr8AM3qY3E9ntVV3lDWSUBAQA7 --tmlxndkijoqnpcosu Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: <zgewmdp> R0lGODlhDAAMANUAAP////f3//f39+/v9+/v797m987W787W5sXW5rXF76295qW975y175St75St 3pSlzoyl1oSl5oylzoycxXOU3nOMxWOM5mOM3mOE1lqE3mOEvVKE1lp7xVJ71lJ7zlJ7xVJ7vUp7 zkpzzkpzxVJzrUprvUJrxUJrvUJjtTpjtTpjrTparTpapQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAADAAMAAAIjAABAAhwwMGFCxAQ CACwkICDDBYSLGjQwQEBhg8zDBAIYIEIBwIQdLjAoOOFgSFMIICwIUMEAxQwCBxhAgKHDh5C6DQA IIGJEyA4fPAwYoQCAAVKoEgBQsKJEidQ8CyRYumDA1VTqNBQQYXXFQofsPB6AIAKFiweNBTLoiza BxcFCjgwgQSJCQcWCggIADs= --tmlxndkijoqnpcosu-- --idfaqnjmfgwsht Content-Type: application/x-compressed; name="Pack29.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment --idfaqnjmfgwsht-- Tag: updates: Tag: 40726
 - 12
 - ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.26 Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette I just heard about a new Microsoft security patch update. Where can I get the patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I just installed a Microsoft security patch update, and now my computer is having problems. http://securityadmin.info/faq.htm#patchbroke I received an email from Microsoft / Microsoft Support / Microsoft Internet Security Center claiming to be a security patch [or comprehensive Internet Explorer update]. Is this a virus? http://securityadmin.info/faq.htm#microsoftemail ALSO NOTE: www.grisoft.com is free antivirus, USE IT. I received a virus email from a Microsoft email address. Who do I report this to? http://securityadmin.info/faq.htm#microsoftemail I have the RPC Blaster worm "virus," what do I do? http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. My computer is giving RPC Remote Procedure Call messages. There is a TFTP message or file on my computer. My computer keeps locking up, and/or rebooting, or telling me that it will reboot in 1 minute. http://www.microsoft.com/security/incident/blast.asp ALSO NOTE: www.grisoft.com is free antivirus, USE IT. Where can I download the Blaster worm / RPC DCOM patch? http://windowsupdate.microsoft.com OR http://www.microsoft.com/technet/security/current.asp I'm having a problem caused by the JDBGMGR.EXE Teddy Bear "virus" hoax, or I want to replace this file. http://securityadmin.info/faq.htm#jdbgmgr I forgot my Windows logon password and can't log in. How do I reset it? http://securityadmin.info/faq.htm#password I have a problem or a question with a virus or with antivirus. http://securityadmin.info/faq.htm#virus NOTE: www.grisoft.com is free antivirus, USE IT. Why is Outlook Express blocking my attachments as "unsafe"? http://securityadmin.info/faq.htm#attachments How do I stop getting pop-up messages? Or adware? Or spyware? http://securityadmin.info/faq.htm#pop-ups How do I block people from viewing adult or objectionable content on a computer? http://securityadmin.info/faq.htm#contentfilter How do I block spam emails? http://securityadmin.info/faq.htm#spam There is a Content Advisor password blocking me from certain web sites. http://securityadmin.info/faq.htm#contentadvisor How do I delete an FTP folder that a hacker put on my computer and I cannot delete? http://securityadmin.info/faq.htm#ftpfolder Have I been hacked? What do I do if I've been hacked? http://securityadmin.info/faq.htm#hacked How do I re-secure a computer that has been hacked? http://securityadmin.info/faq.htm#re-secure How do I test or improve the security on my computer to avoid being hacked? http://securityadmin.info/faq.htm#harden How do I investigate a suspicious IP address that may be trying to hack me? http://securityadmin.info/faq.htm#trace How do I report a hacker? http://securityadmin.info/faq.htm#reporthacker How do I use a port scanner or vulnerability scanner to test my security? http://securityadmin.info/faq.htm#portscanner How do I encrypt my files and/or hard drive? http://securityadmin.info/faq.htm#encryption How do I get a firewall? IDS? http://securityadmin.info/faq.htm#firewall I want to use the IPSec filtering or IP filtering feature of Windows to block certain ports and have a problem or question. http://securityadmin.info/faq.htm#ipsec I have a problem or question with the XP ICF firewall. http://securityadmin.info/faq.htm#icf I have a problem or question with the IIS URLScan tool. http://securityadmin.info/faq.htm#urlscan How do I change the banner on my computer or server to hide what software version I'm using? http://securityadmin.info/faq.htm#banner How do I enable Windows Auditing to tell who logged into Windows or who accessed a file? http://securityadmin.info/faq.htm#auditing How do I inspect and disable programs that start up when Windows starts? http://securityadmin.info/faq.htm#startup How do I use RUNAS or let someone use RUNAS to run commands as administrator without having to type the password? http://securityadmin.info/faq.htm#runas How do I let non-administrator users run Defrag or change their IP address? http://securityadmin.info/faq.htm#runas My question is not mentioned above. How do I get an answer immediately, with no waiting? http://securityadmin.info/faq.htm#moreinfo See also: http://www.google.com/groups?as_ugroup=microsoft.public.* See also: http://www.google.com/advanced_group_search See also: http://www.google.com I want to post a problem or question to the newsgroup. What info do I need to post in order to get a correct answer quickly? http://securityadmin.info/faq.htm#netiquette Note that this is NOT a full list of all the questions answered in the FAQ. Chances are, your question has probably already been answered. The complete FAQ is at: http://securityadmin.info/faq.htm#contents I hope this is helpful. Feedback, suggestions and criticism regarding the FAQ are welcome and may be emailed to me. kind regards, Karl Levinson, CISSP, MCSE, MVP email: levinson_k@despammed.com Tag: updates: Tag: 40725
 - 13
 - hsrjuv.exe attachment Has any one had trouble with the above attachment that come in as a Microsoft Support file. This opens up immediately, and then proceeds to turn off my Zonealarm and other scan programs. Any advice would be appreciated . Win 95 133mhz pentium . 32 mb. Ram 2gb. hard drive Novice user Tim Tag: updates: Tag: 40723
 - 14
 - oe why does this automatically block access to zip files sent by friends even on existing files that i have had access to for the last year any ideas how to remove this unwanted help thanks Tag: updates: Tag: 40715
 - 15
 - Dazed and Confused Recently I upgraded Microsoft/xp to Service Pack 1 plus some other critical updates. After the SP1 install had finished a reboot was necessary. When disabling the network adapter (before reboot), I received a message that said I could not disable because something? was still connected. I pulled the network cable and shutdown. After rebooting and plugging the network cable back in, the connection was reestablish. However, somehow the ICF firewall had been deselected and turned off. I disabled the network adapter, reestablished the ICF firewall, enabled the network adapter and all seemed fine, but... Later I notice traffic leaving my system and going to one specific IP address within my ISP's network. Thankfully, this traffic was being dropped. Note the following dates and time: Nov 1, 22:14 - System Restore shows a checkpoint for xp SP1. Nov 1, 23:36 - First occurrence of this outbound traffic. Since, then I have installed a third-party firewall and have gathered the following info: The protocol is UDP and the source & destination ports are the same - either 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This traffic always occurs immediately after enabling the network connection to my ISP. It also occurs periodically while connected. The associated application program is ntoskrnl.exe. Please advise! Today while looking at the Event System Log file I came across a 1 year old Warning: "The protected system file c:\windows\system32\vbscript.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.". So, I ran the SFC utility. This generated a number of System Information log entries. I have 5 files with bad or no signatures which cannot be restored. The files in c:\windows\system32\ are: ctl3d32.dll mfc42.dll oembios.bin oembios.sig oembios.dat Any help greatly appreciated. PS. NAV/2004 scans do not detected any viruses. Tag: updates: Tag: 40714
 - 16
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something sinister? Is this normal or should I be concerned? Tag: updates: Tag: 40711
 - 17
 - Ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something more sinister? Is this normal or should I be concerned? Tag: updates: Tag: 40710
 - 18
 - ntoskrnl.exe is sending UDP message Ntoskrnl.exe is trying to send a UDP message from my PC using port 137 (NETBIOS-NS Browsing request of NetBIOS over TCP/IP) or 138 (NETBIOS-DGM Browsing datagram response of NetBIOS over TCP/IP). This started immediately after upgrading XP to SP1. Is this because of the XP upgrade or something more sinister? Is this normal or should I be concerned? Tag: updates: Tag: 40708
 - 19
 - Pornographic pop-ups I have recently been evaded by porn pop-ups. The site "spyware" has taken control of my system. I can not do anything with out having that site request that I download their product "spy wiper"!! My system will not even save my homepage preference...it defaults to "spyware" HELP!!! Tag: updates: Tag: 40706
 - 20
 - saving passwords Even though I check the box to save a password with a username, it is not doing it. Is there something else I need to do? Tag: updates: Tag: 40701
 - 21
 - bios password An employee quit and had a password during the boot sequence (Bios). Is there away to reset or clear the password? Tag: updates: Tag: 40697
 - 22
 - Our 2000 Server was compromised and it has all the security patches. A client of mine has a Windows 2000 Server running that was just compromised. Housecall (online scan) identified HKTL_SFIND.A / BKDR_RCSERV.C & BKDR_IROFFER12.A as actively running. After brief review it appears as though hacker utilities such as serv-u ftp, sms.exe, scan1000.exe, winmgmt.exe, sqlck.exe etc. were loaded and used for their benefit. We have/had the following services running that could have been exploited: SQL std. port, Terminal services admin mode, and inetpub svcs. I checked just to see if there were new updates to windows etc. and there are not any. This concerns me because we have other servers running with the same configurations with all the patches/updates etc which leads me to believe they are also vulnerable. If anyone has any information as to who to contact, who to provide information to about new exloits, how our system may have been exploited etc please let me know. We are preserving the hard drive for inspection if necessary because we feel the system was compromised beyond repair. Several system files look like they were replaced with the hackers version and thats just from a log file, there is no way to be sure. Also, the scan1000.exe tools output was piped to a log file and they were scanning for port 1433 on random ranges of IP's (not ours) which leads me to believe that they probably came in through SQL port if they are trying to find more. This may be a new SQL exploit. I ran this SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition') and this is what was retuned fyi: 8.00.760 / SP3 / Std. Edition Thanks, Scott Tag: updates: Tag: 40695
 - 23
 - e mail downloads? I continually get e mails purpotedly from microsoft to download patches . I delete them all . Are they all spoof or genuine ? Tag: updates: Tag: 40692
 - 24
 - Transaction-based IP email protocol At least 97% of the email I receive is junk mail that I don't want in my inbox. Most of it has forged headers. Why isn't there a protocol that can confirm that the routing information contained in the headers is valid? The receiving end server should be able to link to the sending server for confirmation before it accepts an email. Tag: updates: Tag: 40688
 - 25
 - Closing Ports There are dozens of pages that describe using netstat to look at ip tables. And many authors suggest closing unneeded ports. But I have not yet come across a sigle document that tells me the commands to control closing a port in windows if it exists. And don't suggest buying more utilities. That is the biggest scam. If is a partial listing of what I am getting. Yes it is kazaa, but is there some way to control it's access by port??? Active Connections Active Connections Proto Local Address Foreign Address State TCP kazaa:3170 KAZAA:0 listening TCP kazaa:3185 KAZAA:0 listening TCP kazaa:1251 KAZAA:0 listening TCP kazaa:3162 KAZAA:0 listening TCP kazaa:1250 KAZAA:0 listening Thansk Howard Tag: updates: Tag: 40685

I cannot update (xp) using windows update. ERROR= CANNOT
ACCESS WINDOWS UPDATE.

Re: updates: by Bill

Bill
Fri Nov 28 21:35:56 CST 2003

Try:

microsoft.public.windowsupdate

"Jake" <anonymous@discussions.microsoft.com> wrote in message
news:8fec01c3b5e9$7a226df0$a601280a@phx.gbl...
> I cannot update (xp) using windows update. ERROR= CANNOT
> ACCESS WINDOWS UPDATE.

Top