Re: I just want to thank everyone here for all that was done
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/30/02
- Next message: George Hester: "Re: w32com.exe"
- Previous message: George Hester: "I just want to thank everyone here for all that was done"
- In reply to: George Hester: "I just want to thank everyone here for all that was done"
- Next in thread: Bill Sanderson: "Re: I just want to thank everyone here for all that was done"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Mon, 30 Dec 2002 15:13:13 -0500
I'm glad your problem is solved.
However, if I understand from your post that you are running neither
antivirus nor firewall, then I feel obligated to say that your system is
probably not safe from being reinfected or re-hacked.
The antivirus company's advice to use an antivirus product to remove the
trojan was IMHO good advice. Manual removal of a virus is possible in some
cases, but does nothing to prevent reinfection.
And if you need a good reason to run a firewall of some sort, there are
plenty of messages here from people with computer problems who are sorry
they weren't running one sooner. Every firewall is different, a problem
with one will not necessarily happen when you try another. Anyhow, the
choice is up to you.
kind regards,
Karl
"George Hester" <hesterloli@hotmail.com> wrote in message
news:uvxzxfDsCHA.2496@TK2MSFTNGP10...
For those that may have read about my issue (and those that hadn't), I had a
problem that my Guest User kept being inserted in the Administrators Group
and enabled.
There was somebody who responded to another post of mine about a file called
w32com.exe. It turns out that although the Anti-Virus company, which was
provided in the post, gave no clear indication how this trojan was acquired
let alone how to remove it other then an attempt to convince me that their
retail product could do it, I did get sufficient information from a number
of sources that explained why I got it and how it operated.
Another person in a different post suggested I get a firewall (Sygate).
Well I did get the firewall and found it not to my liking. The issues were
errors in the Event Viewer labled "dnscache timed out." This is actually
misleading. The issue had nothing to do with DNS. What the issue was is
that when I accessed programs, they would take quite a long time to
materialize. So what this dnscache timeout was WERE Windows messages that
were being blocked. And what was blocking the messages? The firewall was
and so it's gone.
But I was worried that if I removed the firewall the Guest account would
again reenable and get put in the Administrator's Group. Well I fixed that
too. It turns out this was a result of a null password for the sa account
in MSDE 2000. I made it a password I CAN remember, removed the .js files
that went along with w32com.exe (can find them in C:\WINNT\system32), and
disabled TCP\IP NetBEUI in the Network adapter.
So far it has been about a week since I did all that and the Guest User has
stayed disabled and obviously no loger appears in the Administrative Group.
I wish to thank all here who gave suggestions and all those who made the web
pages that helped me zero in on this problem.
Thanks again.
-- George Hester __________________________________
- Next message: George Hester: "Re: w32com.exe"
- Previous message: George Hester: "I just want to thank everyone here for all that was done"
- In reply to: George Hester: "I just want to thank everyone here for all that was done"
- Next in thread: Bill Sanderson: "Re: I just want to thank everyone here for all that was done"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
