Re: Please Help! Network Hijacked!
From: Sir_George (Sir_George_at_mailinator.com)
Date: 03/31/04
- Next message: Jim Macklin: "Re: Please Help! Network Hijacked!"
- Previous message: Lanwench [MVP - Exchange]: "Re: Please Help! Network Hijacked!"
- In reply to: Phil Weldon: "Re: Please Help! Network Hijacked!"
- Next in thread: Phil Weldon: "Re: Please Help! Network Hijacked!"
- Reply: Phil Weldon: "Re: Please Help! Network Hijacked!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 16:42:20 -0700
Phil,
You state "Multiple posting creates fewer problems than cross posting." What
problems? And why would it be appropriate in this case?
-- Sir_George For better access to newsgroups; http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp "Phil Weldon" <notdisclosed@example.com> wrote in message news:Knnac.8703$lt2.8444@newsread1.news.pas.earthlink.net... > Multiple posting creates a fewer problems than crossposting! And in this > case, probably appropriate! > > -- > Phil Weldon, pweldonatmindjumpdotcom > For communication, > replace "at" with the 'at sign' > replace "mindjump" with "mindspring." > replace "dot" with "." > > > > "Lanwench [MVP - Exchange]" > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message > news:O4NICjqFEHA.3456@tk2msftngp13.phx.gbl... > > I think you have replies to this post in another group - pls. don't > > multipost. > > > > PLD wrote: > > > I'm having a serious problem with SBS2003. Within days > > > after installing and configuring ISA2000, performance > > > degraded substantially. Event Viewer revealed numerous IP > > > Spoof and NDR errors. Anti-virus software was strangely > > > disabled. Re-installed NAV Corp Edition and detected > > > several mass-mailer worms on the box (W32.Netsky.K@mm, > > > W32.Netsky.D@mm, W32.Beagle.M@mm, W32.Mydoom.A@mm). > > > > > > I blocked outgoing email but noticed the Exchange mailroot > > > Queue and BadMail folders were growing rapidly (gobbling > > > up GBs of HD space). I immediately stopped and disabled > > > all MS Exchange services and locked down the hardware > > > firewall to deny all SMTP/POP3 traffic. This slowed down > > > the queue growth, but did not stop it. Subsequent virus > > > scans came up clean (couldn't check in Safe Mode though - > > > NAV won't initialize). I downloaded Symantec virus > > > removal tools for each virus type and ran/re-ran in > > > regular and Safe Mode. The tools found nothing. > > > > > > This led me to suspect the problem may no longer be a > > > virus, but some rogue hidden program on the box that > > > initializes at startup. I scanned the Registry with > > > AdAware (which caught minor stuff) but nothing related. I > > > manually inspected the Registry key: > > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio > > > n\Run - to check for rogue programs launching at startup. > > > Only found one suspect item (C:\WINDOWS\System32 > > > \83744448.exe) - but subsequent searches of the directory > > > (set to show hidden and OS files) can't locate the file. > > > I suspect it's just a key left over from one of the old > > > viruses?? I looked up and validated all running processes > > > showing in Task Manager. I also searched the Add/Remove > > > Programs control panel for anything out of the ordinary. > > > Only found one suspect file called "NPO.exe" which I > > > uninstalled (supposedly). Couldn't find much about it on > > > the Internet. > > > > > > The good news is that Safe Mode prevents the queues from > > > growing. Bad news is I can't run the network in Safe > > > Mode. I suspect some rogue program has tweaked the > > > Registry and renamed itself as a system file. Every time > > > the box boots up in normal mode, it launches itself and > > > takes over. Can anyone suggest a way to stop this thing? > > > I'm afraid I've run out of moves at this point. :[ > > > > > > ...Paul > > > > > >
- Next message: Jim Macklin: "Re: Please Help! Network Hijacked!"
- Previous message: Lanwench [MVP - Exchange]: "Re: Please Help! Network Hijacked!"
- In reply to: Phil Weldon: "Re: Please Help! Network Hijacked!"
- Next in thread: Phil Weldon: "Re: Please Help! Network Hijacked!"
- Reply: Phil Weldon: "Re: Please Help! Network Hijacked!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
