event manager security URGENT PLEASE HELP HELP HELP

From: sgopus (fredd_at_hotmail.com)
Date: 06/27/03 

Date: Thu, 26 Jun 2003 21:38:01 -0700

I found an interesting article about WMI that maybe you
should read.

http://support.microsoft.com/?kbid=295292
it speaks of remote access and security levels, and how to
control this access. This wouldn't be a solution to your
problem, just a bit more knowledge on your part!

>-----Original Message-----
>oh my god do you really think so.what exactly could
>someone do if they have got in my pc.?i have xp firewall
>plus i got zone alarm yesterday aswell.but one more bad
>thing i noticed was norton antivirus has vanished!!the
>icon is not in the task bar,its not in add and remove
>programs or nothing.so some sods got in and done
>something!i know how to restore it but i was really
>hoping there would be another way around it,as i have a
>hell of alot of files and i wont be able to back em all
>up.any ideas on what the progs are the site installs?i
>didnt download anything though.i clicked the xp link and
>my download manager poped up but i pressed cancel.can
>they take total control of my pc remotely?ie.do more or
>less what i can?
>>-----Original Message-----
>>Do you have the owners manual, it should tell you how to
>>perform a system restore or reinstall .
>>Who did you purchase the pc from!
>>You should be able to go back to them and get
>instructions
>>how to perform this! I'm not that familar with XP
>>
>>
>>
>>
>>>-----Original Message-----
>>>hi thankyou for your help i really am grateful.i posted
>>>somewhere here yesterday but received a rather abusive
>>>email from someone saying it had been removed for seom
>>>reason but anyway atleast your helping.i run the klez
>>>tool i got from symantec before reading what you said
>>>about searching for double ending files,and it said
>there
>>>was no klez virus detected on my system.iv run norton
>>>again and still nothing,iv also run spybot
>>>(search&destroy) and it found alot more stuff than
>>>adaware but theres still no improvement on my
>system.the
>>>mystery icon is still there iv tryed dragging it on
>>>desktop to see if i can get any properties but no
>good.iv
>>>right clicked it but it just says "chris's homepage"
>this
>>>is the ad of the page it takes me to when i click it
>>>http://kickme.to/chrissnook its just a plain page
>really
>>>with a couple of links but nothing that gives anything
>>>away.my pc seems to crash every half hour.and now i
>keep
>>>getting microsoft runtime errors popping up and closing
>>>my programs.its driving me mad.someone said i might be
>>>able to do a repair by using an xp setup disk but it
>was
>>>preinstalled on my pc so all i have is the 4master
>disks
>>>and cant seem to find the cab file for winxp setup.i do
>>>hope you can help.thanks again
>>>>-----Original Message-----
>>>>before you use the cleaner, do a search on your system
>>>for
>>>>any files that have more then one ending on them.
>>>>For example if you have a file that ends like this
>>>>..exe.scr or .jpg.scr then you have the klez for
>>>>certain.
>>>>
>>>>run msconfig and send back whats running at startup!
>>>>see if you can detail the properties of that icon that
>>>says
>>>>Chris's home page, just right click on it and view
>>>>properties, post back with that info!
>>>> visit here for a free online virus scan, highly
>>>>recommended. http://housecall.trendmicro.com/
>>>>
>>>>visit here for a free trojan scan (in case the virus
>>>scan
>>>>doesn't see it)
>>>>
>>>>http://webzila.com/virusscan.html
>>>>
>>>>
>>>>I suggest that you also check to see if someone has
>>>>installed a key logger onto your system, visit here
>and
>>>>page down a bit for the trial version
>>>>http://www.networkdecisions.com/freestuff.html
>>>>
>>>>Not sure just what is going on, but gathering data
>never
>>>>hurts! if someone else has a clue feel free to pitch
>in!
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>HI I HAVE ADAWARE.PLUS WINXP FIREWALL.ANOTHER STRANGE
>>>>>THING IS I WAS USING MSN MESSENGER JUST NOW TALKING
>TO
>>>2
>>>>>SEPERATE PEOPLE AND ONE OF THEM SAID THERE WAS A
>>>MESSAGE
>>>>>ON TOP OF HIS WINDOW SAYING THE PERSON YOU ARE
>TALKING
>>>TO
>>>>>HAS A VIRUS SEND THEM THE KLEZ.EXE REMOVAL TOOL.THE
>>>OTHER
>>>>>PERSON HAD NO SUCH MESSAGE.I DONT KNOW WHERE HE GOT
>IT
>>>>>FROM I THINK THE MESSAGE DISPLAYED A LINK TO IT,HE
>SENT
>>>>>IT TO ME,I WENT TO OPEN IT IN MY MAIL AND IT SAID IT
>>>WAS
>>>>>A VIRUS AND MSN CANNOT REPAIR IT.SO NOW IM
>DOWNLOADING
>>>>>THE REAL REMOVER.I WISH SOMEONE COULD TELL ME WHAT IS
>>>>>HAPPENING TO MYPC!!!
>>>>>
>>>>>
>>>>>>Not sure if this is the case, but do this!
>>>>>>Get adaware and spybot. also do a search on google
>for
>>>>>>Trojans, enable your firewall.
>>>>>>
>>>>>>looks like this is coming from norton Antivirus
>>>updating
>>>>>>it's files, not sure though!
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>hi i was checking the event manager today looking
>at
>>>>>>>errors etc.and under the security section there are
>>>>>alot
>>>>>>>of warnings that say the following:Event Type:
>>>>> Warning
>>>>>>>Event Source: WinMgmt
>>>>>>>Event Category: None
>>>>>>>Event ID: 63
>>>>>>>Date: 23/06/2003
>>>>>>>Time: 10:37:12
>>>>>>>A provider, OffProv10, has been registered in the
>WMI
>>>>>>>namespace, Root\MSAPPS10, to use the LocalSystem
>>>>>>>account. This account is privileged and the
>provider
>>>>>may
>>>>>>>cause a security violation if it does not correctly
>>>>>>>impersonate user requests.
>>>>>>>
>>>>>>>what does this mean???there are several of the same
>>>>>>>warning.and another odd thing is that there is an
>>>icon
>>>>>>>that has appeared on the right side of my start
>menu
>>>>>that
>>>>>>>i never put their and i cannot delete.its
>>>>>named "chris's
>>>>>>>home page".has someone accessed my pc??please can
>>>>>someone
>>>>>>>advise me what i should do.im running windows xp.
>>>>>>>.
>>>>>>>
>>>>>>.
>>>>>>
>>>>>.
>>>>>
>>>>.
>>>>
>>>.
>>>
>>.
>>
>.
>

Relevant Pages

  • Re: lighting---hacked!
    ... > I figure that if I turn off all remote access to my firewall, ... > running a private subnet with masquerading and ... > source routed packets are rejected everywhere. ... more control over things - it's a question of balancing the control ...
    (comp.os.linux.security)
  • Re: lighting---hacked!
    ... > I figure that if I turn off all remote access to my firewall, ... > running a private subnet with masquerading and ... > source routed packets are rejected everywhere. ... more control over things - it's a question of balancing the control ...
    (comp.os.linux.security)
  • Re: missing taskbar and start menu
    ... This will get you to the Run box and into the Control Panel... ... Open Task Manager... ... MS-MVP Windows Shell/User ... > message stating "System Restore is not able to protect your computer. ...
    (microsoft.public.windowsxp.general)
  • Re: System Restore Saved Me Today
    ... went into safe mode and ran system restore. ... If I download a program to try it out, then decide I don't like it, I habitually run System Restore rather than uninstalling it. ... To completely remove the files installed by a program, you must remove the program using Add or Remove Programs in Control Panel or the program's own uninstall program. ...
    (soc.retirement)
  • Re: Volume
    ... a system restore using a restore cd, but since doing this, I have lost my volume. ... When I open start, accessories then volume control, it doesn't come up saying, " There are no active mixer devices available. ... Look for an utility cdrom or an utility folder that might contain ... the auxiliary drivers for the notebook. ...
    (microsoft.public.windowsxp.hardware)