Re: Persistant attacks
From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 10/23/03
- Next message: N. Miller: "Re: What's the Latest from Earthlink's Blocker?"
- Previous message: Rich Benack [MS]: "Re: USE THIS PATCH IMMEDIATELY!"
- In reply to: Sarah: "Re: Persistant attacks"
- Next in thread: Sarah: "Re: Persistant attacks"
- Reply: Sarah: "Re: Persistant attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 12:46:43 -0700
In article <094a01c39946$069a45c0$a301280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
> Thanks Norman, I'm about willing to try anything at this
> point, and removing MSN 8.0 entirely had crossed my mind -
> that and reformatting, and upgrading to XP. I apologize
> that I haven't given folks a complete picture of events
> (because I thought my original post was already way too
> long to impose on the kindness of strangers) but I can see
> from the gracious responses that omitting detail hasn't
> been helpful, so here goes:
<snipped the explanation>
Ah, so you did get a Swen infection. Hmmm. Now I need to search that
damnable KB database, to see if I can find that arcane bit of knowledge. I'd
like to have it for reference. When I was in the Army, I learned that there
were three ways to complete a task; the right way, the wrong way, and the
Army way. In searching the MSKB database in the past, I think I can safely
modify that to something like: "in computers there are three ways to do
something; the right way, the wrong way, and the Microsoft way. And about
1/3rd of the time, the wrong way will be both more effective, and more
efficient than the Microsoft way"! ;)
Anyway, with three AV vendors reporting that you are clean of Swen, I
wouldn't worry about Swen. Well, maybe I'd check connections with nstat -an
a couple of times, to see if something was calling out that shouldn't be
calling out. But if I could account for every outbound connection, I'd stop
worrying. About Swen, that is.
For the Exploit-CodeBase only-while-connected-to-MSN-8.0, maybe a simpler
way to experiment would be to remove McAfee (no need to deep clean the
registry, since we aren't concerned with corruption of McAfee files just
yet), and install another AV product. A 30-day trial version, say, or
Grisoft's free AVG. Something with on-access scanning like McAfee, but free
for evaluation, or just free (like AVG). Install it, configure it, update
the definitions, then head to MSN and see if you get virus alerts with a
different product. If so, then explore the MSN removal/reinstallation
experiment. If, however, you show no alerts with a different AV vendor,
maybe start a dialogue with McAfee about possible false positives.
And it is hard for me to get testy with somebody who is clearly a level
better informed than the average MS user, and has obviously done her
homework. This is one of those odd computer puzzles that defy a simple,
rational explanation.
{"Dave. Close the door, Dave. You can't go into that compartment, Dave."}
Um, your computer hasn't locked you out of the 'fridge, yet, has it? (A
tribute to UPnP connections between computers, bathroom scales, and
refrigerators.)
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Next message: N. Miller: "Re: What's the Latest from Earthlink's Blocker?"
- Previous message: Rich Benack [MS]: "Re: USE THIS PATCH IMMEDIATELY!"
- In reply to: Sarah: "Re: Persistant attacks"
- Next in thread: Sarah: "Re: Persistant attacks"
- Reply: Sarah: "Re: Persistant attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
