Re: Answers to frequently asked questions - 17SEP03

From: Andrew Z Carpenter [Newsgroup Groupie] (azc_at_FILTERcirencester.ac.uk)
Date: 09/18/03

• Next message: Kerry Liles: "Re: PSS Security Alert - New E-Mail Worm: W32\Swen@MM"
• Previous message: rob: "virus hoax"
• In reply to: Karl Levinson [x y] mvp: "Re: Answers to frequently asked questions - 17SEP03"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 18 Sep 2003 20:29:06 +0100

> "Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in
> message news:eVh3lWgfDHA.2364@TK2MSFTNGP09.phx.gbl...
>
> Also, if someone owns the computer, it's probably an indication that you
> weren't using a firewall. www.kerio.com is a free firewall, use it.
> [Probably won't help you with your current problem though...]
>
> Instructions for restoring group policy to the defaults are listed below.
> However, if this is part of a hacker attack, you may encounter other
> permission problems preventing you from running these tools.
>
> http://securityadmin.info/faq.htm#grouppolicy

Thanks for that link Karl. I googled, but came away with nothing useful.

Good point about the firewall, however the phrase 'shutting the stable
door after the horse has bolted' comes to mind. Still, if they can get
something installed it could help by preventing the attacker connecting
back to their machine, or a firewall with application blocking like
ZoneAlarm could indicate the malicious program on their computer which
is listening for commands.

-- 
AZC
A million monkeys have checked this email for accuracy.
No liability accepted for the monkeys’ mistakes.
*** Three steps to help with Windows security: ***
1.  Patch your system with all updates available from
    WindowsUpdate:  http://windowsupdate.microsoft.com
2.  Install or enable a firewall.  One's included with
    Windows XP, or better, get ZoneAlarm Basic Free from
    http://www.zonelabs.com
3.  Update your antivirus software and do a complete scan
    of your computer.  If you do not have antivirus software,
    AVG 6 is available free from http://www.grisoft.com
---
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 11/09/2003

---

• Next message: Kerry Liles: "Re: PSS Security Alert - New E-Mail Worm: W32\Swen@MM"
• Previous message: rob: "virus hoax"
• In reply to: Karl Levinson [x y] mvp: "Re: Answers to frequently asked questions - 17SEP03"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Nimda E virus ... Research at the leading antivirus software ... As I understand, a firewall is not ... Are you running both an Anti Virus ... >>>| helpful messages from WIndowsUpdate. ... (microsoft.public.windowsxp.security_admin) RV: Firewall recommendations? ... Asunto: RE: Firewall recommendations? ... with their techs, ... Checked by AVG anti-virus system. ... (Security-Basics) Re: Unknown program ... You should also have a firewall, ... > Klez worm. ... >> Using IE6, and Zonealarm, when first booting up, unknown ... Checked by AVG anti-virus system. ... (microsoft.public.security) Re: XP firewall doesnt screen oubound traffic? ... Moois, it is best to err on the safe side. ... > firewall earlier this year, but finally turned it off out of complete ... > an intelligent decision. ... Checked by AVG anti-virus system. ... (microsoft.public.windowsxp.help_and_support) Suspicious 137, 138 Traffic to Broadcast address and Default Gateway. ... They share a cable modem connection via Linksys Router. ... I see an unusally large amount of NetBios traffic hitting the firewall and I ... However the XP Pro sends it's 137, 138 directly at the Default Gateway ... Checked by AVG anti-virus system. ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2003-09