Re: Please Help! Network Hijacked!
From: Phil Weldon (notdisclosed_at_example.com)
Date: 03/31/04
- Next message: Roger: "New virus found"
- Previous message: Phil Weldon: "Re: Please Help! Network Hijacked!"
- In reply to: Sir_George: "Re: Please Help! Network Hijacked!"
- Next in thread: Lanwench [MVP - Exchange]: "Re: Please Help! Network Hijacked!"
- Reply: Lanwench [MVP - Exchange]: "Re: Please Help! Network Hijacked!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 01:16:56 GMT
|Cross-posting has the bad effect of raising the noise level, the more
disparate the newsgroup, the more noise is added. Threads tend to be longer
because reaching steady state is more difficult when disparate groups see
posters for the first time. Also, cross-posting is used in one type of
attack on newsgroups because it is easier to start a flame war with
cross-posted messages (with a few no-so-obvious troll posts thrown in from
time to time. This can't happen with with multi-posting. So, which would
you rather have? A few people duplicating effort (which you already see in
THIS newsgroup, or more noise that will afflict EVERYONE? Should you need
date, use
http://netscan.research.microsoft.com/
and check the number of messages that a cross-posted thread can generate.
Multiple posting is appropriate in the case of this thread because the
original question has both OS aspects, installation aspects. ISA2000
aspects, and virus infection aspects.
-- Phil Weldon, pweldonatmindjumpdotcom For communication, replace "at" with the 'at sign' replace "mindjump" with "mindspring." replace "dot" with "." "Sir_George" <Sir_George@mailinator.com> wrote in message news:c4d0l9$2hnv4a$1@ID-149646.news.uni-berlin.de... > Phil, > > You state "Multiple posting creates fewer problems than cross posting." What > problems? And why would it be appropriate in this case? > > -- > Sir_George > For better access to newsgroups; > http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp > > > "Phil Weldon" <notdisclosed@example.com> wrote in message > news:Knnac.8703$lt2.8444@newsread1.news.pas.earthlink.net... > > Multiple posting creates a fewer problems than crossposting! And in this > > case, probably appropriate! > > > > -- > > Phil Weldon, pweldonatmindjumpdotcom > > For communication, > > replace "at" with the 'at sign' > > replace "mindjump" with "mindspring." > > replace "dot" with "." > > > > > > > > "Lanwench [MVP - Exchange]" > > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in > message > > news:O4NICjqFEHA.3456@tk2msftngp13.phx.gbl... > > > I think you have replies to this post in another group - pls. don't > > > multipost. > > > > > > PLD wrote: > > > > I'm having a serious problem with SBS2003. Within days > > > > after installing and configuring ISA2000, performance > > > > degraded substantially. Event Viewer revealed numerous IP > > > > Spoof and NDR errors. Anti-virus software was strangely > > > > disabled. Re-installed NAV Corp Edition and detected > > > > several mass-mailer worms on the box (W32.Netsky.K@mm, > > > > W32.Netsky.D@mm, W32.Beagle.M@mm, W32.Mydoom.A@mm). > > > > > > > > I blocked outgoing email but noticed the Exchange mailroot > > > > Queue and BadMail folders were growing rapidly (gobbling > > > > up GBs of HD space). I immediately stopped and disabled > > > > all MS Exchange services and locked down the hardware > > > > firewall to deny all SMTP/POP3 traffic. This slowed down > > > > the queue growth, but did not stop it. Subsequent virus > > > > scans came up clean (couldn't check in Safe Mode though - > > > > NAV won't initialize). I downloaded Symantec virus > > > > removal tools for each virus type and ran/re-ran in > > > > regular and Safe Mode. The tools found nothing. > > > > > > > > This led me to suspect the problem may no longer be a > > > > virus, but some rogue hidden program on the box that > > > > initializes at startup. I scanned the Registry with > > > > AdAware (which caught minor stuff) but nothing related. I > > > > manually inspected the Registry key: > > > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio > > > > n\Run - to check for rogue programs launching at startup. > > > > Only found one suspect item (C:\WINDOWS\System32 > > > > \83744448.exe) - but subsequent searches of the directory > > > > (set to show hidden and OS files) can't locate the file. > > > > I suspect it's just a key left over from one of the old > > > > viruses?? I looked up and validated all running processes > > > > showing in Task Manager. I also searched the Add/Remove > > > > Programs control panel for anything out of the ordinary. > > > > Only found one suspect file called "NPO.exe" which I > > > > uninstalled (supposedly). Couldn't find much about it on > > > > the Internet. > > > > > > > > The good news is that Safe Mode prevents the queues from > > > > growing. Bad news is I can't run the network in Safe > > > > Mode. I suspect some rogue program has tweaked the > > > > Registry and renamed itself as a system file. Every time > > > > the box boots up in normal mode, it launches itself and > > > > takes over. Can anyone suggest a way to stop this thing? > > > > I'm afraid I've run out of moves at this point. :[ > > > > > > > > ...Paul > > > > > > > > > > > >
- Next message: Roger: "New virus found"
- Previous message: Phil Weldon: "Re: Please Help! Network Hijacked!"
- In reply to: Sir_George: "Re: Please Help! Network Hijacked!"
- Next in thread: Lanwench [MVP - Exchange]: "Re: Please Help! Network Hijacked!"
- Reply: Lanwench [MVP - Exchange]: "Re: Please Help! Network Hijacked!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
