RE: [Declude.Virus] Exploit-ObjectData trojan
Title: Message http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100715 HTH, ~Patrick
[Declude.Virus] Exploit-ObjectData trojan
Title: Exploit-ObjectData trojan Forgive me , I've been out of the loop, working on other things. What is this Exploit-ObjectData trojan? I can't seem to find mention of it on McAfee's website and Declude is nabbing them like crazy. Thanks in advance, Sharyn
RE: [Declude.Virus] Exploit-ObjectData trojan
Title: Message http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100715 Got it, thanks. I'm apparantly a bit brain dead this morning. :) Sharyn
[Declude.Virus] [OT] Possible Virus that has arrived
Just writing the list to let Declude know that I've forwarded a suspicious file (report.zip). It was a zip file that contains a PIF file. Neither F-Prot on mail server nor NAV2k4 on client machine hit on this file. BANFILE EZIP is enabled within Declude. Attached to this e-mail is a hex dump html page of the PIF file in question. Running Declude Standard so I'm unable to ban file names within ZIP files. Thanks.. report.pif: 1/1 002d 005a 0087 00b4 00e1 010e 013b 0168 0195 01c2 01ef 021c 0249 0276 02a3 02d0 02fd 032a 0357 0384 03b1 03de 040b 0438 0465 0492 04bf 04ec 0519 0546 0573 05a0 05cd 05fa 4d 5a 90 00 03 00 00 00 04 00 00 00 50 45 00 00 4c 01 02 00 46 53 47 21 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 00 00 00 04 00 00 00 0a 02 00 00 00 00 00 03 43 02 00 00 10 00 00 0c 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 50 02 00 00 02 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 43 02 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 00 00 00 00 30 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 c0 00 00 00 00 74 61 00 00 00 10 00 00 00 40 02 00 1c 04 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 c0 4b 45 52 4e 45 4c 33 32 2e 64 6c 6c 00 00 00 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 47 65 74 50 72 6f 63 41 64 64 72 65 73 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be 43 42 00 b2 43 42 00 b4 43 42 00 98 01 40 00 00 10 40 00 00 40 42 00 01 30 40 00 00 00 00 00 30 21 40 00 01 00 00 00 f0 43 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 e2 55 00 8b ec 83 c4 f8 68 04 01 e1 c3 a9 e6 b3 ff 83 6a 80 e8 87 02 ca 19 2c 11 c8 05 85 e8 79 02 72 0f 33 24 88 45 8d 05 1f 10 81 d2 80 38 5c 75 fc 8b d0 f7 b8 10 78 19 f3 42 c6 34 68 e5 30 58 37 5a 89 6a 47 02 8c 09 03 6e 68 1a 0a c0 19 44 17 43 89 45 fc d1 74 57 4a 56 42 05 2a 11 3d fe 41 81 e7 54 83 0a 9c 14 0d 46 22 63 54 50 0b ff 3f 75 fc 72 d1 36 08 22 ca 33 33 c0 b8 50 8d 23 47 0c 7c 7b a8 1e c9 c3 a8 da 81 c4 1c 68 fb ff 7a 18 7e 04 20 54 e8 63 c2 2d 60 bf 38 84 42 0c 81 3f 77 02 2e 00 75 03 83 c7 04 8b f7 57 76 e8 de 33 00 c8 b0 2f f2 ae 0b 0c c9 0f 84 1a 1d 4f fe df 00 2b fe 47 57 56 8d 85 6b d9 81 a2 9f 11 c6 03 c0 43 68 a1 3e 53 d9 3e b1 cd 36 97 fc 08 42 a6 a5 09 10 68 58 32 2f 3c 90 6e 1f ed 06 12 07 f1 b5 9a 0a 57 d8 43 c4 7a 46 0b c0 be 70 bb c7 2d 48 0c 36 09 04 01 89 4d f4 66 c7 45 f0 46 d9 0d 50 f2 b7 6a 37 10 8d 1a 61 53 e8 4a 90 55 85 11 8c 91 54 36 3b a6 6a c8 32 43 62 7e 7c 45 51 42 60 30 26 c6 17 ef 81 c2 74 5e 48 8b f0 f0 45 ef db 47 3a 6f 61 7a 68 fe 6e 11 82 39 8d bd 83 11 80 7d b0 01 74 23 02 33 c9 36 81 bc 29 83 10 0d 0a 00 04 74 07 41 3b c8 72 ed 30 eb c5 7f 01 83 c1 07 04 8d 3c 39 2b 64 50 81 05 e8 8f 8c b7 eb af 10 5d 89 61 21 58 8e b0 44 42 12 31 0a e8 81 bf 25 b4 f4 b5 62 84 5a 2d 3c a1 14 0f a0 30 ea 76 d0 bd b1 d0 15 94 a2 d2 4a 64 59 1c 08 80 fd 3d 33 13 15 cc c0 25 3c 20 d9 30 0c 04 0c 08 86 43 0c 21 10 90 14 c8 18 64 1c 37 b8 64 24 32 28 1b 84 32 2c 19 34 0c 58 86 43 44 21 48 90 4c c8 50 64 54 18 00 5c 01 74 6d 70 66 6c 65 2e c9 78 d3 83 6f d7 87 6e 07 3a d1 0d 0a 64 fb a8 20 25 73 c7 10 69 66 7d 30 d7 cb 74 79 1b 3b 67 6f f2 fd 5d 1c c0 61 2e 73 62 70 74 1f 47 45 54 59 2f 3b 48 df c3 50 c0 31 2e 30 de 3e 99 6f 5e 3a 46 3c 04 c0 00 01 1c 3c 20 40 00 55 53 45 52 33 32 1c 2e 64 6c 78 00 79 73 70 72 69 6e 74 38 66 41 38 01 66 35 4b 32 73 4e 53 4c 1c 00 6e 73 74 72 63 70 79 ef 03 45 f3 6f e0 65 48 61 f5 bb 2c 67 18 72 af 2f 74 a6 46 69 16 c7 30 47 78 7f 61 50 72 6f 63 fd 73 c7 83 49 af b7 4d a1 64 75 6c 50 1b 4e 61 6d d0 3e 13 06 53 68 6f 72 46 dd 62 e9 12 4d e6 be 7e 19 44 69 8e 63 f3 7d 38 cf 28 54 e7 6c 5a cc 8a 4d db 2a 1f 83 61 ea 77 8d 91 42 09 7d 94 70 41 86 a4 26 09 b4 88 8e 01 34 a8 aa 53 48 a2 a8 14 a9 1b 55 68 65 0c fb 78 18 a2 75 74 c9 01 44 c1 3f 57 53 32 5f 4d 1e c1 04 c2 85 01 34 48 06 10 64 13 32 17 19 73 08 02 c0 00 be a4 01 40 00 ad 93 ad 97 ad 56 96 b2 80 a4 b6 80 ff 13 73 f9 33 c9 ff 13 73 16 33 c0 ff 13 73 1f b6 80 41 b0 10
Re: [Declude.Virus] [OT] Possible Virus that has arrived
At 07:51 AM 5/20/2004, Jeff Maze wrote: Just writing the list to let Declude know that I've forwarded a suspicious file (report.zip). It was a zip file that contains a PIF file. Neither F-Prot on mail server nor NAV2k4 on client machine hit on this file. BANFILE EZIP is enabled within Declude. Attached to this e-mail is a hex dump html page of the PIF file in question. Running Declude Standard so I'm unable to ban file names within ZIP files. Thanks.. I think this may be what McAfee is calling the Downloader-IU!zip trojan. Started noticing these come early this morning. Looks very similar. -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Correct me if I am wrong
You can use recip.eml to send a note that says "you were sent a virus", but none of the the current active viruses and only about half of the older ones have a valid sender. So, sending "an unknown person", who is claiming to be somebody else, is infected and knows your e-mail address is worse than useless. It generates questions and confusion. In our business (a newspaper) we have lots of different people sending us info, that we need. For example a school coach sending scores and stats from a game. While we try to have them sent "plain text", we still recieve a lot of info in Word, Excel, etc. IF (and it's getting rare) a Word Macro virus or signature virus like KAK is found, then sending both sender and reciever a notice, allows the users to know about the problem and work out a solution. I identify about 20 virus families as forging, then if check at the top of recip, sender and sender Postmaster for a forged sender. Also Scott recently added an automated way to block these and not have to update the configs with every new pest manually. (We can get you syntax and examples, if needed) Greg Goran Jovanovic wrote: If a virus in an attachment is detected then the whole message will be held and the recip.eml notification will be sent out. Is there a way to allow the e-mail to go through to the user with a notification that the attachment was stripped? --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Correct me if I am wrong
Another example of why that idea is bad is demonstrated by one of McAfee's mail server virus engines. I have seen messages forwarded my way that say our email server detected a virus you sent, please see attachment for details. The problem is the virus is a forging one the mail server sent the notification to the wrong recipient and to actually see the information on the virus you have to open the attachment which has the same name as the original virus but with an .htm extension added on ie virusfile.pif.html. Initially the message looks like a virus that somehow made it past all the scanners, but the attachment is actually a html file from McAfee Antivirus saying it has removed the original attachment. This is a fine example of why A. You should not send out notifications for forging viruses and B. Don't send notifications that look just like the original virus. Jim Matuska Jr.Computer Tech IICCNANez Perce TribeInformation Systems[EMAIL PROTECTED] - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 5:09 PM Subject: RE: [Declude.Virus] Correct me if I am wrong 99.99% of virus infected e-mails are bogus anyways, so why would you want to let it through? Oh, the answer to your question is no. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran JovanovicSent: Wednesday, May 19, 2004 2:58 PMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] Correct me if I am wrong I believe this is correct. If a virus in an attachment is detected then the whole message will be held and the recip.eml notification will be sent out. Is there a way to allow the e-mail to go through to the user with a notification that the attachment was stripped? Goran Jovanovic The LAN Shoppe image001.gif
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
I did manage to fix the problem. Here's what I did in-case you get a similar problem: In safe mode you can set services to start manually/automatically/disable - but you can not start services while in safe mode. Norton Internet Security must grab the NIC at quite a low level, as after I disabled the Norton services, the machine still hung on normal boot. So what I wanted to do is uninstall NSI. To do this the Windows Installer needs to be running - which in Safe Mode it does not. To be able to start a service in Safe Mode, you have to edit the registry- HKLM\System\CCS\Control\SafeBoot\Minimal and add a new key by the name of the services registry reference. In my case the Windows Installer Service is MSIServer, so I added a key called MSIServer, and changed the default value to 'Service'. After adding this key in the registry, the next time you boot in SafeMode you are able to start that particular service manually - in my case the Windows Installer. In Add/Remove Programs I could then uninstall NSI, and my system them booted fine! Regards, Lyndon. -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 18:09 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service While in safe mode, you can disable services and view the event log. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Wednesday, May 19, 2004 5:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service This is totally off topic but hope you can help! Client has W2K server, with modem ADSL. The ADSL connection has been down for a few days so I was going to setup the modem for internet access. Before doing so I installed Norton Internet Security so that the modem connection would be protected. After the restart the machine sits on 'Preparing Network Connections' screen. I booted in safe mode so that I may un-install Norton Internet Security, but because the Windows Installer service does not run in Safe mode I can not uninstall the software. The event viewer also shows a lot of services failing to start because the TCP/IP protocol driver has failed to start. I presume some network driver file has been overwritten or a registry entry changed. Does anybody know what I can do to revive the TCP/IP protocol driver? Many thanks!!! Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
www.winternals.com ERD commander is an awesome tool, helps change service/device startup values, registry, connect through the network to other machines, chkdsk, etc etc... Might take a look at that, helps me a TON. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Thursday, May 20, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service I did manage to fix the problem. Here's what I did in-case you get a similar problem: In safe mode you can set services to start manually/automatically/disable - but you can not start services while in safe mode. Norton Internet Security must grab the NIC at quite a low level, as after I disabled the Norton services, the machine still hung on normal boot. So what I wanted to do is uninstall NSI. To do this the Windows Installer needs to be running - which in Safe Mode it does not. To be able to start a service in Safe Mode, you have to edit the registry- HKLM\System\CCS\Control\SafeBoot\Minimal and add a new key by the name of the services registry reference. In my case the Windows Installer Service is MSIServer, so I added a key called MSIServer, and changed the default value to 'Service'. After adding this key in the registry, the next time you boot in SafeMode you are able to start that particular service manually - in my case the Windows Installer. In Add/Remove Programs I could then uninstall NSI, and my system them booted fine! Regards, Lyndon. -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 18:09 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service While in safe mode, you can disable services and view the event log. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Wednesday, May 19, 2004 5:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service This is totally off topic but hope you can help! Client has W2K server, with modem ADSL. The ADSL connection has been down for a few days so I was going to setup the modem for internet access. Before doing so I installed Norton Internet Security so that the modem connection would be protected. After the restart the machine sits on 'Preparing Network Connections' screen. I booted in safe mode so that I may un-install Norton Internet Security, but because the Windows Installer service does not run in Safe mode I can not uninstall the software. The event viewer also shows a lot of services failing to start because the TCP/IP protocol driver has failed to start. I presume some network driver file has been overwritten or a registry entry changed. Does anybody know what I can do to revive the TCP/IP protocol driver? Many thanks!!! Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
Glad it worked for you. However, word of caution. I would change that registry back. The reason Windows Installer is not usable in Safe Mode is some programs being installed or uninstalled in safe mode can cause problems. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Thursday, May 20, 2004 8:34 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service I did manage to fix the problem. Here's what I did in-case you get a similar problem: In safe mode you can set services to start manually/automatically/disable - but you can not start services while in safe mode. Norton Internet Security must grab the NIC at quite a low level, as after I disabled the Norton services, the machine still hung on normal boot. So what I wanted to do is uninstall NSI. To do this the Windows Installer needs to be running - which in Safe Mode it does not. To be able to start a service in Safe Mode, you have to edit the registry- HKLM\System\CCS\Control\SafeBoot\Minimal and add a new key by the name of the services registry reference. In my case the Windows Installer Service is MSIServer, so I added a key called MSIServer, and changed the default value to 'Service'. After adding this key in the registry, the next time you boot in SafeMode you are able to start that particular service manually - in my case the Windows Installer. In Add/Remove Programs I could then uninstall NSI, and my system them booted fine! Regards, Lyndon. -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 18:09 To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service While in safe mode, you can disable services and view the event log. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lyndon Eaton Sent: Wednesday, May 19, 2004 5:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service This is totally off topic but hope you can help! Client has W2K server, with modem ADSL. The ADSL connection has been down for a few days so I was going to setup the modem for internet access. Before doing so I installed Norton Internet Security so that the modem connection would be protected. After the restart the machine sits on 'Preparing Network Connections' screen. I booted in safe mode so that I may un-install Norton Internet Security, but because the Windows Installer service does not run in Safe mode I can not uninstall the software. The event viewer also shows a lot of services failing to start because the TCP/IP protocol driver has failed to start. I presume some network driver file has been overwritten or a registry entry changed. Does anybody know what I can do to revive the TCP/IP protocol driver? Many thanks!!! Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
ERD commander is an awesome tool, helps change service/device startup values, registry, connect through the network to other machines, chkdsk, etc etc... Might take a look at that, helps me a TON. I was going to recommend that, as I have the 2002 version, but their new licensing terms has priced the newer version completely out of reach for the average small business. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Recent unpatched Windows hole
Scott, If I read this right, a *.BMP can be used in an e-mail (or website) to run attack code. But MS has not yet released a patch. Also, it's not hitting English versions of Windows yet. Just calling attention to it so that it can be investigated for a invalid BMP test like the recently added SCR and Com tests. http://msmvps.com/trafton/archive/05182004.aspx http://www.kaspersky.com/news.html?id=148515536 http://xforce.iss.net/xforce/xfdb/15210 It looks like that the major AV vendors have added this to their DAT files, but an extra layer of protection would be helpful. http://vil.nai.com/vil/content/v_125302.htm http://vil.nai.com/vil/content/v_125303.htm http://vil.nai.com/vil/content/v_100992.htm -- Greg Little --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] TOT TCP/IP Protocol driver service
I also have the 2002 Admin pack. Back then we paid $999 for it. I have saved several shared servers with it more than covering the $999 but now it is closer to $5000 I believe. It may be worth it as well. All their products are great. Go to the freeware site sysinternals.com and get all their tools. Even the simple Bginfo screen background is the handiest utility. It builds a very simply BMP that has all your system info and becoms the desktop background. Nothing fancy just the info. You can run it on boot up or schedule it to update every few hours if needed. Great on desktops and servers. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, May 20, 2004 12:14 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] TOT TCP/IP Protocol driver service ERD commander is an awesome tool, helps change service/device startup values, registry, connect through the network to other machines, chkdsk, etc etc... Might take a look at that, helps me a TON. I was going to recommend that, as I have the 2002 version, but their new licensing terms has priced the newer version completely out of reach for the average small business. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
