Re: I just want to thank everyone here for all that was done
From: Bill Sanderson (Bill_Sanderson@msn.com.plugh.org)
Date: 12/31/02
- Next message: Patrick: "Security Update Q328310"
- Previous message: Bill Sanderson: "Re: WinXP and IP"
- In reply to: George Hester: "I just want to thank everyone here for all that was done"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> Date: Mon, 30 Dec 2002 20:03:15 -0500
Glad you found the root of your problem.
If you've got a SQL server install (and MSDE2000 is close enough!) exposed
to the Internet, you are a prime target. You really do need a firewall--try
a different one if the first suggestion didn't work well.
Alternatively, subscribe to Microsoft's Security Bulletins:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/notify.asp
In addition, use tools such as:
MBSA 1.1
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp
and HFNETCHK
to check as automatically as possible whether you've done at least the
simple, automated things you can do to secure your machine.
"George Hester" <hesterloli@hotmail.com> wrote in message
news:uvxzxfDsCHA.2496@TK2MSFTNGP10...
For those that may have read about my issue (and those that hadn't), I had a
problem that my Guest User kept being inserted in the Administrators Group
and enabled.
There was somebody who responded to another post of mine about a file called
w32com.exe. It turns out that although the Anti-Virus company, which was
provided in the post, gave no clear indication how this trojan was acquired
let alone how to remove it other then an attempt to convince me that their
retail product could do it, I did get sufficient information from a number
of sources that explained why I got it and how it operated.
Another person in a different post suggested I get a firewall (Sygate).
Well I did get the firewall and found it not to my liking. The issues were
errors in the Event Viewer labled "dnscache timed out." This is actually
misleading. The issue had nothing to do with DNS. What the issue was is
that when I accessed programs, they would take quite a long time to
materialize. So what this dnscache timeout was WERE Windows messages that
were being blocked. And what was blocking the messages? The firewall was
and so it's gone.
But I was worried that if I removed the firewall the Guest account would
again reenable and get put in the Administrator's Group. Well I fixed that
too. It turns out this was a result of a null password for the sa account
in MSDE 2000. I made it a password I CAN remember, removed the .js files
that went along with w32com.exe (can find them in C:\WINNT\system32), and
disabled TCP\IP NetBEUI in the Network adapter.
So far it has been about a week since I did all that and the Guest User has
stayed disabled and obviously no loger appears in the Administrative Group.
I wish to thank all here who gave suggestions and all those who made the web
pages that helped me zero in on this problem.
Thanks again.
-- George Hester __________________________________
- Next message: Patrick: "Security Update Q328310"
- Previous message: Bill Sanderson: "Re: WinXP and IP"
- In reply to: George Hester: "I just want to thank everyone here for all that was done"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
