Re: strange notepad on desktop
From: karl [x y] (jamescagney90210@excite.com)
Date: 08/21/02
- Next message: karl [x y]: "Re: Strange File"
- Previous message: S. Pidgorny [MVP]: "Re: Service releases"
- In reply to: j venaas: "Re: strange notepad on desktop"
- Next in thread: j venaas: "Re: strange notepad on desktop"
- Reply: j venaas: "Re: strange notepad on desktop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "karl [x y]" <jamescagney90210@excite.com> Date: Wed, 21 Aug 2002 08:35:04 -0400
Running a firewall is only part of a complete security plan. Patches and
configuration and third party software such as antivirus like Norton that is
set to download updates every single day are some of the other things you
really need to be sure you've done.
Download and run HFNETCHK from www.microsoft.com/security to see what
critical patches if any you are missing, apply the security checklists for
Windows and IIS from the same location, and download and run a virus scan to
see if you do indeed have a virus. This message makes me suspect the
"virus" could be Code Red and/or Nimda. If you have IIS web services
running on your computer, check your IIS web logs, you might be able to see
exactly how this was done.
You might also find the following tools useful: fport from
www.foundstone.com, pstools from www.sysinternals.com , trojan scanners such
as www.pestpatrol.com or www.sunbelt-software.com, a file change checker
such as the free Languard File Integrity Checker from www.gfi.com and the
books Hacking Exposed 3rd edition and/or Incident Response.
Note however that once you've had an intrusion, the only way to be 100%
certain that you've removed any and all back doors that a hacker might have
installed on your system is to format and reinstall everything including
security settings and patches before putting it on the internet again.
Patching the holes that let the intruder in does not necessarily block the
other holes the intruder may have added afterwards.
"j venaas" <jvenaas@carolina.rr.com> wrote in message
news:1bb301c24909$7c2c3340$9be62ecf@tkmsftngxa03...
I do run winxp firewall on the xp partition. I cannot
figure out how he got into it, especially since it only
popped up after being on the win2000 partition all day. It
is actually in my startup folder, it came up again after
rebooting and when checking my startup folder, there it
was.
>-----Original Message-----
>
>If your system is NOT running afirewall, you may be the
(lucky?) recipient
>of a hacker's message that your system is infected and
needs some kind of
>update.
>
>
>
>
>--
>
>Mark Strelecki, ACP BE6.XP1097.020817
>Computing and Programming Since 1975
>http://www.strelecki.com/links.html
>I MAKE IT GO! ©
>
>
>
>"j venaas" <jvenaas@carolina.rr.com> wrote in message
>news:550301c248ad$aa7631d0$35ef2ecf@TKMSFTNGXA11...
>> I have a wierd situation. I have a dual boot
>> winxp/win2000 server. I had just finished loading sql
>> evaluation software on my win 2000 and left the house.
>> When I returned, there was a message that my os had a
>> problem and i clicked close thinking there was just
>> something changed by the download. I then rebooted into
>> xp and a notepad appeared on my xp desktop explaining
how
>> i had rudely infected them with a virus, pointing me to
>> microsoft to update my software. This has me truely
>> baffled. Any possible explanations out there?
>
>
>.
>
- Next message: karl [x y]: "Re: Strange File"
- Previous message: S. Pidgorny [MVP]: "Re: Service releases"
- In reply to: j venaas: "Re: strange notepad on desktop"
- Next in thread: j venaas: "Re: strange notepad on desktop"
- Reply: j venaas: "Re: strange notepad on desktop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
