I just want to thank everyone here for all that was done

From: George Hester (hesterloli@hotmail.com)
Date: 12/30/02

• Next message: Karl Levinson [x y] mvp: "Re: I just want to thank everyone here for all that was done"
• Previous message: davE: "Can Anyone Get my Yahoo Password?"
• Next in thread: Karl Levinson [x y] mvp: "Re: I just want to thank everyone here for all that was done"
• Reply: Karl Levinson [x y] mvp: "Re: I just want to thank everyone here for all that was done"
• Reply: Bill Sanderson: "Re: I just want to thank everyone here for all that was done"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "George Hester" <hesterloli@hotmail.com>
Date: Mon, 30 Dec 2002 14:16:35 -0500

For those that may have read about my issue (and those that hadn't), I had a problem that my Guest User kept being inserted in the Administrators Group and enabled.

There was somebody who responded to another post of mine about a file called w32com.exe. It turns out that although the Anti-Virus company, which was provided in the post, gave no clear indication how this trojan was acquired let alone how to remove it other then an attempt to convince me that their retail product could do it, I did get sufficient information from a number of sources that explained why I got it and how it operated.

Another person in a different post suggested I get a firewall (Sygate).

Well I did get the firewall and found it not to my liking. The issues were errors in the Event Viewer labled "dnscache timed out." This is actually misleading. The issue had nothing to do with DNS. What the issue was is that when I accessed programs, they would take quite a long time to materialize. So what this dnscache timeout was WERE Windows messages that were being blocked. And what was blocking the messages? The firewall was and so it's gone.

But I was worried that if I removed the firewall the Guest account would again reenable and get put in the Administrator's Group. Well I fixed that too. It turns out this was a result of a null password for the sa account in MSDE 2000. I made it a password I CAN remember, removed the .js files that went along with w32com.exe (can find them in C:\WINNT\system32), and disabled TCP\IP NetBEUI in the Network adapter.

So far it has been about a week since I did all that and the Guest User has stayed disabled and obviously no loger appears in the Administrative Group.

I wish to thank all here who gave suggestions and all those who made the web pages that helped me zero in on this problem.

Thanks again.

-- 
George Hester
__________________________________

---

• Next message: Karl Levinson [x y] mvp: "Re: I just want to thank everyone here for all that was done"
• Previous message: davE: "Can Anyone Get my Yahoo Password?"
• Next in thread: Karl Levinson [x y] mvp: "Re: I just want to thank everyone here for all that was done"
• Reply: Karl Levinson [x y] mvp: "Re: I just want to thank everyone here for all that was done"
• Reply: Bill Sanderson: "Re: I just want to thank everyone here for all that was done"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2002-12