Any ideas as to WTF is going on?

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #172,220 by jb4 9/1/04 1:55:55 PM Reply	Any ideas as to WTF is going on? My home computer is...er, misbehaving. When I connect to the internet (via dialup) several od things occur: 1) Machine starts using lots of processor. Looking in Task Mgr, I see that there are two instances of svchost running, one is beating the machine to death. Cannot kill the process (at least, I haven't figured out how to; using the TMgr results in a terse [is there any other kind] error message stating I do not have privileges to kill the process. I'm the FUCKING ADMINISTRATOR, goddammit!) No network activity displayed by the network icon in the Tray. Sooner or later, I get a message box saying that svchost dies tryin to read location 4. (Sometimes, I get TWO such boxes back to back). After that, Task Mgr only shows 1 svchost instance, and I get my processor back. But cutting and pasting no longer works. 2) My personal firewall (McAfee) sometimes (more often than not) pops up and tells me that the Trivial File Transfer Protocol service, V.blah-blah-blah is trying to make a connection. It won't tell me to whom, and I always tell it to block the attempt (which it appears to do). I've run Ad-Aware on the machine and it found nothing important (somebody trying to redirect IEs default home page somewhere; again, it won't tell me where -- this was quarantined and so is ostensibly inactive) so it doesn't appear to be spyware... All this started after I installed RealPlayer10, which I have since uninstalled, but the symptoms remain. Any ideas? jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #172,262 by altmann 9/1/04 5:28:34 PM Reply	Re: Any ideas as to WTF is going on? Check if you have any copies of svchost.exe in folders other than %SystemRoot%\\System32 (where it should be). If there are, you may have a virus (a couple of viruses use fake svchost.exe files). If not, you might be able to use info from here [link\|http://support.microsoft.com/?kbid=314056\|http://support.micro....com/?kbid=314056] to narrow down which service is hogging the CPU. There is a list of services here for Windows 2000: [link\|http://www.microsoft.com/windows2000/techinfo/howitworks/management/w2kservices.asp\|http://www.microsoft...t/w2kservices.asp] I'd imagine most of them are valid under XP. -- Chris Altmann
Post #172,274 by jb4 9/1/04 5:49:33 PM Reply	Thanx...BTW I'm running W2Ksp2 which is the last version of Windows that I'll ever run so long as BillG(e) continues to integrate his own virus into the OS-surrogate. Phone home THIS.... jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,349 by Silverlock 9/14/04 10:16:32 PM Reply	I've got tons of systems on SP4 with no home-phoning. 2 or 3 hundred users who have to rely on dialup occasionally/constantly. It's benign. Get it. Just make sure you get the network install and you're good to go. I can burn you a copy if you need one. Getting all the post-SP4 security updates is another matter entirely as they occur monthly. You need them anyway. ----------------------------------------- It is much harder to be a liberal than a conservative. Why? Because it is easier to give someone the finger than it is to give them a helping hand. Mike Royko
Post #174,400 by jb4 9/15/04 10:00:04 AM Reply	OK, Now I'm confused... Both you and Another Scott say I should get the "Network Install" version. Not being familiar with Micros~1's latest Redefinition of Standard Words rosetta stone, I assume that the Network Install version is a small app that Downloads a buttload of DLLs and other detritus which is installed serially from places on the net. If this is true, then 1) how is this more secure, and 2) how can you burn me a copy? If it's not true, then what exactly is the Network Install version, and how would it differ from the version I would normally download from the microsoft.com? jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,401 by pwhysall 9/15/04 10:07:43 AM Reply	Sigh. The "network install" version is the exact opposite of what you describe; it's a huge file containing all the updated stuff. It's for deploying across a corporate network. Hence the name. Hence why Silverlock will be able to sling you a copy on CD. ASS U ME rolls eyes Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #174,429 by Silverlock 9/15/04 12:21:27 PM Reply	What he said. 'Network install' as in - get the file from MS, stuff it on your network somewhere, tell users where to find it or send them the network link, and run the install entirely from within your network. ----------------------------------------- It is much harder to be a liberal than a conservative. Why? Because it is easier to give someone the finger than it is to give them a helping hand. Mike Royko
Post #174,441 by jb4 9/15/04 1:33:36 PM Reply	Unroll yer eyes, and use them to read! ASS U ME ASSume yerself! To anyone who can read English (even that quaint, parocial dialect you claim to be expert in), you will see that I was querying, not assuming anything. And clearly laying out where the point of my confusion was. If you can't find it within you to answer a simply question without the snide, holier-than-thou attitude that permeates an increasing number of your posts since assuming your new avitar, then get yerself a warm, steaming bowl of STFU and don't answer the post! jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,444 by deSitter 9/15/04 1:48:26 PM Reply	Wow, approaching Conrattitude! -drl
Post #174,447 by jb4 9/15/04 1:59:09 PM Reply	Conrattitude! /me likes! ;-) jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,448 by pwhysall 9/15/04 2:35:00 PM Reply	Ooh, snippy. Here's your handbag back. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #174,449 by pwhysall 9/15/04 2:36:35 PM Reply	Oh, and I did. I assume that the Network Install version is a small app that Downloads a buttload of DLLs and other detritus which is installed serially from places on the net. So neener :p Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #174,453 by CRConrad 9/15/04 2:49:23 PM Reply	Yerah, but read for context, and you'll hafta admit... ...that his "I assume..." -- especially as it was followed by "Is that so?", or words to that effect! -- was more of a question than an actual ass-u-me assumption. Also, inquiring minds are dying to know, what the fuck were you doing with that handbag? [link\|mailto:MyUserId@MyISP.CountryCode\|Christian R. Conrad] (I live in Finland, and my e-mail in-box is at the Saunalahti company.) Your lies are of Microsoftian Scale and boring to boot. Your 'depression' may be the closest you ever come to recognizing truth: you have no 'inferiority complex', you are inferior - and something inside you recognizes this. - [link\|http://z.iwethey.org/forums/render/content/show?contentid=71575\|Ashton Brown]
Post #174,454 by pwhysall 9/15/04 2:50:40 PM Reply	I know, I know... I do believe that running Windows is its own reward at times (I do it too - Doom 3 demands it!) and I couldn't resist the opportunity to tweak Burnsy's nose. And the handbag? You'll have to haul arse to Philly next year to discover. I'll be there. Will you? Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #174,484 by CRConrad 9/15/04 3:46:36 PM Reply	How the **** could I? Effing bastidge.
Post #174,486 by Steve Lowe 9/15/04 4:00:20 PM Reply	buy ticket, fly over, drink beer, fly home, nurse hangover. -- Steve
Post #174,488 by deSitter 9/15/04 4:02:35 PM Reply	Nurse Hangover? sounds like a chr from MASH -drl
Post #172,280 by deSitter 9/1/04 6:33:56 PM Reply	Yep exactly - he's RPC exploited seems like -drl
Post #172,325 by pwhysall 9/1/04 11:53:28 PM Reply	Antivirus installed? [link\|http://www.grisoft.com/us/us_index.php\|http://www.grisoft.com/us/us_index.php] if not. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #172,333 by deSitter 9/2/04 12:18:57 AM Reply	Tried Avast? Very nice, very free ..for home users. The best and least intrusive AV solution I've seen. -drl
Post #172,337 by pwhysall 9/2/04 12:22:34 AM Reply	Not tried, AVG is adequate. And free. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #172,395 by jb4 9/2/04 10:09:45 AM Reply	Yes...McAfee but my subscription is expired, and the bastards recently changed their Ts & Cs ao that you cannot even download signature files anymore. What I have comes up clean. I will take advantage of your link... Thanx, Trev! jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #172,451 by folkert 9/2/04 3:02:37 PM Reply	AVG seems to be more... Friendly. Avast has missed a few lately. LIke right now they haven't released and update for the Internet Worms: Bagle.AI, Bagle.AF, Zafi.B and Kibuv But that was this morning. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #172,490 by lincoln 9/2/04 5:59:57 PM Reply	What's the oldest Win 9X AVG will run on? I have 2 boxes running Win 95 and Win 98 original, and Norton has been expired on them for years. Will AVG run on wither on? Their website doesn't answer the question. Any other free alternatives? lincoln "Windows XP has so many holes in its security that any reasonable user will conclude it was designed by the same German officer who created the prison compound in "Hogan's Heroes." - Andy Ihnatko, Chicago Sun-Times [link\|mailto:bconnors@ev1.net\|contact me]
Post #172,491 by deSitter 9/2/04 6:01:45 PM Reply	Avast www.avast.com Runs very well on old machines. -drl
Post #172,528 by altmann 9/2/04 8:24:21 PM Reply	Arrr -- Chris Altmann
Post #172,535 by deSitter 9/2/04 9:04:14 PM Reply	scurrrrvay knave :) -drl
Post #172,541 by folkert 9/2/04 9:18:52 PM Reply	Take a look here... [link\|http://free.grisoft.com/freeweb.php/doc/513/lng/us/tpl/v5\|http://free.grisoft....513/lng/us/tpl/v5] AVG Free Edition: Windows 95\tyes\nWindows 98\tyes\nWindows Me\tyes\nWindows NT\tyes\nWindows 2000\tyes\nWindows XP\tyes There you are. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #172,674 by lincoln 9/3/04 4:53:04 PM Reply	Thanks for finding the info! And you didn't even Google for it...:-D lincoln "Windows XP has so many holes in its security that any reasonable user will conclude it was designed by the same German officer who created the prison compound in "Hogan's Heroes." - Andy Ihnatko, Chicago Sun-Times [link\|mailto:bconnors@ev1.net\|contact me]
Post #172,698 by folkert 9/3/04 10:12:35 PM Reply	No probs. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #172,940 by jb4 9/7/04 12:08:56 PM Reply	Got it...didn't help...and its getting worse.... OK- downloaded AVG, got it set up and running. Performed full scan of all local drives...no viruses. Cool, I guess. disable McAfee AV, but leave McAfee firewall running Now dial back up to the Net, and...right off the bat, I get an attempt to TFTP to someplace. I deny it. Then...WHAM! Continuous attempts by SVCHOST to open a port for TCP connection. No sooner do I deny it, than another one appears. Opening The Task Mgr shows that one of my two SVCHOST instances as well as cpd.exe are taking turns hammering the processor each to around 50% of the CPU. Still, the priority of these two is low enough so that I do not notice any real degradation of performance. Task manager will not let me kill either of the two processes, but The Firewall will. So I kill the SVCHOST instance...and the cpd.exe instance goes away too. Wierd. Does anybody know what cpd.exe is? Also, I discovered where McAfee firewall hides the details about what it filters. The IP address for the TFTP happens to be one of the servers of my own ISP (or more accurately, the ISP who bought the ISP who bought my ISP)! I'm going on a business trip, so I can't track it down untill next week :-(, but when I get back, they got some 'splainin to do! jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #172,946 by a6l6e6x 9/7/04 12:40:00 PM Reply	Re: what cpd.exe is? [link\|http://www.liutilities.com/products/wintaskspro/processlibrary/cpd/\|Googling] cpd - cpd.exe - Process Information Process File: cpd or cpd.exe Process Name: CPD Description: Background task from McAfee Personal Firewall. The application implements the firewall security features. In older versions, the task was named CPDCLNT.exe. Company: Network Associates, Inc. System Process: No Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No Alex "If you can control the meaning of words, you can control the people who must use the words." -- Philip K. Dick, US science fiction writer
Post #172,949 by drewk 9/7/04 12:59:03 PM Reply	Caveat Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No Unless you've already got a virus that replaced it. === Implicitly condoning stupidity since 2001.
Post #173,116 by jb4 9/8/04 1:25:49 PM Reply	Thanks. One of these days, I'll finally get it through my thick head that Google is a resource to be mined. Not as usefull as the Omnicient LRPD, but quite useful nonetheless. So all the cpd.exe activity was the firewall rejecting attempts by the renegade svchost to phone home. Nice...just like it's supposed to! jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #172,981 by deSitter 9/7/04 4:11:25 PM Reply	Re: Got it...didn't help...and its getting worse.... You don't understand - you don't have to be infected with ANYTHING. Your machine is scanned and found to be vulnerable. A rogue file is downloaded to your machine - really a tftp server riding on the back of a legitimate Windows file. This happens WITHOUT any beastie being on your machine prior to the scan. Every time you connect to the net you'll be rescanned. Until you fix the root problem you'll never be able to get back on the net. Did you install service pack 1a? Not 1, 1a. You can't install it over the net, you have to DOWNLOAD the entire thing and install it locally with the net cable unplugged. (Can you imagine the numbers of machines with the same problem and their owners completely unaware? The net is a cesspool, and Windows is a scandal.) -drl
Post #173,115 by jb4 9/8/04 1:23:13 PM Reply	Service Pack 1a for what? W2K? No, I only installed W2K, then immediately W2K-SP2 (which, as I said, is the end of the line for Windows, as far as I am concerned.) What is SP1a? Now, as far as the beastie is concerned, what you're talking about, if I read you correctly, is a Trojan. AVG is supposed to identify trojans of this sort. If I am being pinged by someone trying to activate it, I would expect that 1) the firewall would bitch about the incoming ping, and 2) that the trojan infected file would be rooted out by AVG or somebody like that (McAfee might just miss it if it were relatively new). There is a third possibility, of course. That being that Real replaced a Windows DLL with one of its own, and the uninstaller for it "conveniently" declined to replace it when I uninstalled it. Of course, Micros~1 swears up and down that that can't happen in Win2K, but I don't believe it for a minute. So, does anybody have details about Real...I seem to recal some kind of brouhaha over Real's "phoning home" some time back.... thanx- jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #173,118 by deSitter 9/8/04 1:28:07 PM Reply	Sorry, thought you were on XP Install Service Pack 4. D/L the entire thing and install locally. It sounds like you've got the RPC server exploit, see here: [link\|http://z.iwethey.org/forums/render/content/show?contentid=127320\|http://z.iwethey.org...?contentid=127320] You need at least SP3. Installing 4 will fix it. -drl
Post #173,421 by jb4 9/9/04 7:57:20 PM Reply	The trouble w/ SP>2 is That Micros~1 added the "Phone Home" ~~virus~~feature to W2K at that point. While I'd like very much to be rid of that problem, I don't want BillG(e) mucking around in my machine...not sure which is better. Now if there were a way to disable the "Phone Home" ~~virus~~feature.... jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #173,450 by deSitter 9/9/04 11:03:13 PM Reply	Re: The trouble w/ SP>2 is Well you're not going to fix it any other way. There is no 'phone home' feature in W2K. That's hooey. -drl
Post #173,586 by jake123 9/10/04 4:15:44 PM Reply	He's talking about an implementation in the license more than in actual software. --\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca \n [link\|http://consultron.ca\|http://consultron.ca] [link\|irc://irc.ecomstation.ca\|irc://irc.ecomstation.ca] \n Kingston Ontario Canada [link\|news://news.consultron.ca\|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #173,167 by pwhysall 9/8/04 5:08:31 PM Reply	Re: Service Pack 1a for what? [link\|http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx\|http://www.microsoft.../sp1/default.mspx] Just in case anyone was wondering. Install this, then SP2. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #173,190 by deSitter 9/8/04 5:59:49 PM Reply	SP4 on W2K -drl
Post #173,656 by folkert 9/11/04 1:11:34 AM Reply	I found something you might want to do. Reset the TCPIP stack to pristine (just installed state) Actually remove and re-install all the registry for Winsock and Winsock32 (replaces the files too) Click Start, and then click Run. In the Open box, type regedit, and then click OK. In Registry Editor, locate the following keys, right-click each key, and then click Delete: `HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Winsock` `HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Winsock2` When you are prompted to confirm the deletion, click Yes. Restart the computer. Right-click the network connection, and then click Properties. Click Install. Click Protocol, and then click Add. Click Have Disk. Type `C:\\Windows\\inf`, and then click OK. On the list of available protocols, click Microsoft, then click on Internet Protocol (TCP/IP) and then click OK. Restart the computer. This will actually solve 99% of the TCPIP problems with W2K Pro/server, WXP (Home, Pro and Media Center) and W2K3 server. Usually you will be good. A re-install of things like Personal Firewalls and E-Mail Anti-Virus Scaning etc... -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #173,875 by jb4 9/13/04 9:36:30 AM Reply	Oooohh! Nice! Thanks, Greg. I'll give it a whack tonight. jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,035 by jb4 9/13/04 9:59:03 PM Reply	Done! As you suggested, had to re-install McAfee personal Firewall (which brought with it the now-useless AV stuff). We'll see what (if anything) happens.... jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,215 by folkert 9/14/04 1:49:23 PM Reply	How'd it do for you? Just wondering. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #174,261 by jb4 9/14/04 4:21:13 PM Reply	Well.... Seemingly no change. After the install of the Firewall, I updated the firewall and utilities (apparently mcAfee won't allow you to keep your signature files updated after one year, but it will allow you to update the rest of the suite, the Shredder, the Firewall, et. al.) All during the download of the updates (which, at 36.0Kbps, was not fast), the firewall periodically notified me about attemtps to TFTP to someplace, which I continued to manually reject. (I don't want to set the firewall to automatically reject them, because I may actually need to do a TFTP sometime, and un-blocking something you've previously blocked is a pain-inna-arse.) The log gave no indication as to the target of the TFTP attempt -- hell, it wouldn't even log that an attempt took place. After about a half an hour of this, SVCHOST dutifully attempted an illegal access and crashed...taking the clipboard with it -- just as before. However, I saw no evidence of the other problem, of the SVCHOST truing to UDP to someplace. so maybe It helped a bit. Further monitoring is needed to verify. I'm tempted to let the TFTP go through, and then scan the snot out of my system to see if I can find out what is trying to be downloaded. Thanks for asking! jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,262 by deSitter 9/14/04 4:23:36 PM Reply	!!! Why do you think you can magically avoid the solution that everyone else has to suffer with? And you DO know that your contributing to Internet horror, right? FIX IT ALREADY! -drl
Post #174,267 by jb4 9/14/04 4:42:06 PM Reply	Not if it means that I have to go beyond W2K SP2!!! Sorry, BillG(e) doesn't get implicit access to my machine! Sorry, BillG(e) doesn't get an inventory of the hardware and software of my machine! Sorry, BillG(e) doesn't get to deny me access to my machine because he may think I have a pirated version of his precious OS-surrogate! I'll fucking give him the three-finger salute before that's going to happen. And I'm contributing not one thing to the "Internet Horror" you so colorfully refer to (whatever the fuck that is...) jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,268 by inthane-chan 9/14/04 4:52:15 PM Reply	Yes, you are. The "internet horror" is the spread of worms (such as this little TFTP jobbie) that continues to infest computers that could otherwise be patched against it. Migrate to Linux, go back to Win9x, or get the service packs. At least stick yourself behind a hardware firewall, and turn off all port forwarding. I've used this one to some success: [link\|http://www.newegg.com/app/ViewProductDesc.asp?description=33-122-008&depa=1\|http://www.newegg.co...33-122-008&depa=1] Powered by the Hammer of the Gods
Post #174,308 by jb4 9/14/04 7:10:43 PM Reply	Dude...I'm on DIALUP! so how is a hardware firewall or doing anything with port forwarding going to help? And go back to win9x?!? Riiiight...no chance for corruption there, nosiree! Now, Linux...there's a solution. Once I get a distribution together (find a decent admin primer), I'm there. Might not be a bad idea to do all my internet prowling from within Linux.... But in the interim, a Three R's looks like it is in my future. Note that all this started happening when I installed Real's spyware. I now have the "enterprise"/gold version that someone (possibly you) pointed me to, and I will install it once I get rid of this "problem". jb4 shrub\ufffdbish (Am., from shrub* + rubbish, after the derisive name for America's 43 president; 2003) n. 1. a form of nonsensical political doubletalk wherein the speaker attempts to defend the indefensible by lying, obfuscation, or otherwise misstating the facts; GIBBERISH. 2. any of a collection of utterances from America's putative 43rd president. cf.* BULLSHIT
Post #174,318 by Another Scott 9/14/04 8:45:49 PM Reply	I used my D-Link DI-704P on dialup before I got cable... You should have a hardware firewall. And not just to join the l337 who have one. :-) [link\|http://z.iwethey.org/forums/render/content/show?contentid=50525\|#50525]. There may not be a similar cheap firewall/switch box now for modems as external consumer modems are nearly at the Dodo end of the evolutionary stick. But check around. Oh, and you should install SP4 too. MS says nothing about Activation being required and some web sites out there say that Win2k will never require Activation. [link\|http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp\|SP4 home]. You should get the Network install version if you're paranoid, but use a non-infected machine to get it. It's 132 MB so you might want to see if someone at work has it and not try to do it over dial-up. ;-) HTH. Luck! Cheers, Scott.
Post #174,322 by folkert 9/14/04 9:01:20 PM 9/14/04 9:01:39 PM Reply	Yep... If you want I know of someone that has an ISO image of W2K-SP3 that is bootable and installable with no requirement to ever be activated... ever. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows] Edited by folkert Sept. 14, 2004, 09:01:39 PM EDT Expand All History
Post #174,325 by deSitter 9/14/04 9:05:47 PM Reply	What he said. What I said. -drl

Any ideas as to WTF is going on? - (jb4) - (53) - Sept. 1, 2004, 01:55:55 PM EDT

Re: Any ideas as to WTF is going on? - (altmann) - (16) - Sept. 1, 2004, 05:28:34 PM EDT

Thanx...BTW I'm running W2Ksp2 - (jb4) - (14) - Sept. 1, 2004, 05:49:33 PM EDT

I've got tons of systems on SP4 with no home-phoning. - (Silverlock) - (13) - Sept. 14, 2004, 10:16:32 PM EDT

OK, Now I'm confused... - (jb4) - (12) - Sept. 15, 2004, 10:00:04 AM EDT

Sigh. - (pwhysall) - (11) - Sept. 15, 2004, 10:07:43 AM EDT

What he said. - (Silverlock) - Sept. 15, 2004, 12:21:27 PM EDT

Unroll yer eyes, and use them to read! - (jb4) - (9) - Sept. 15, 2004, 01:33:36 PM EDT

Wow, approaching Conrattitude! -NT - (deSitter) - (1) - Sept. 15, 2004, 01:48:26 PM EDT

Conrattitude! /me likes! ;-) -NT - (jb4) - Sept. 15, 2004, 01:59:09 PM EDT

Ooh, snippy. - (pwhysall) - Sept. 15, 2004, 02:35:00 PM EDT

Oh, and I did. - (pwhysall) - (5) - Sept. 15, 2004, 02:36:35 PM EDT

Yerah, but read for *contex*t, and you'll hafta admit... - (CRConrad) - (4) - Sept. 15, 2004, 02:49:23 PM EDT

I know, I know... - (pwhysall) - (3) - Sept. 15, 2004, 02:50:40 PM EDT

How the **** could I? Effing bastidge. -NT - (CRConrad) - (2) - Sept. 15, 2004, 03:46:36 PM EDT

buy ticket, fly over, drink beer, fly home, nurse hangover. -NT - (Steve Lowe) - (1) - Sept. 15, 2004, 04:00:20 PM EDT

Nurse Hangover? sounds like a chr from MASH -NT - (deSitter) - Sept. 15, 2004, 04:02:35 PM EDT

Yep exactly - he's RPC exploited seems like -NT - (deSitter) - Sept. 1, 2004, 06:33:56 PM EDT

Antivirus installed? - (pwhysall) - (23) - Sept. 1, 2004, 11:53:28 PM EDT

Tried Avast? Very nice, very free - (deSitter) - (1) - Sept. 2, 2004, 12:18:57 AM EDT

Not tried, AVG is adequate. And free. -NT - (pwhysall) - Sept. 2, 2004, 12:22:34 AM EDT

Yes...McAfee - (jb4) - (20) - Sept. 2, 2004, 10:09:45 AM EDT

AVG seems to be more... - (folkert) - (19) - Sept. 2, 2004, 03:02:37 PM EDT

What's the oldest Win 9X AVG will run on? - (lincoln) - (18) - Sept. 2, 2004, 05:59:57 PM EDT

Avast www.avast.com - (deSitter) - (2) - Sept. 2, 2004, 06:01:45 PM EDT

Arrr -NT - (altmann) - (1) - Sept. 2, 2004, 08:24:21 PM EDT

scurrrrvay knave :) -NT - (deSitter) - Sept. 2, 2004, 09:04:14 PM EDT

Take a look here... - (folkert) - (14) - Sept. 2, 2004, 09:18:52 PM EDT

Thanks for finding the info! - (lincoln) - (1) - Sept. 3, 2004, 04:53:04 PM EDT

No probs. -NT - (folkert) - Sept. 3, 2004, 10:12:35 PM EDT

Got it...didn't help...and its getting worse.... - (jb4) - (11) - Sept. 7, 2004, 12:08:56 PM EDT

Re: what cpd.exe is? - (a6l6e6x) - (2) - Sept. 7, 2004, 12:40:00 PM EDT

Caveat - (drewk) - Sept. 7, 2004, 12:59:03 PM EDT

Thanks. - (jb4) - Sept. 8, 2004, 01:25:49 PM EDT

Re: Got it...didn't help...and its getting worse.... - (deSitter) - (7) - Sept. 7, 2004, 04:11:25 PM EDT

Service Pack 1a for what? - (jb4) - (6) - Sept. 8, 2004, 01:23:13 PM EDT

Sorry, thought you were on XP - (deSitter) - (3) - Sept. 8, 2004, 01:28:07 PM EDT

The trouble w/ SP>2 is - (jb4) - (2) - Sept. 9, 2004, 07:57:20 PM EDT

Re: The trouble w/ SP>2 is - (deSitter) - (1) - Sept. 9, 2004, 11:03:13 PM EDT

He's talking about an implementation in the license - (jake123) - Sept. 10, 2004, 04:15:44 PM EDT

Re: Service Pack 1a for what? - (pwhysall) - (1) - Sept. 8, 2004, 05:08:31 PM EDT

SP4 on W2K -NT - (deSitter) - Sept. 8, 2004, 05:59:49 PM EDT

I found something you might want to do. - (folkert) - (11) - Sept. 11, 2004, 01:11:34 AM EDT

Oooohh! Nice! - (jb4) - Sept. 13, 2004, 09:36:30 AM EDT

Done! - (jb4) - (9) - Sept. 13, 2004, 09:59:03 PM EDT

How'd it do for you? - (folkert) - (8) - Sept. 14, 2004, 01:49:23 PM EDT

Well.... - (jb4) - (7) - Sept. 14, 2004, 04:21:13 PM EDT

!!! - (deSitter) - (6) - Sept. 14, 2004, 04:23:36 PM EDT

Not if it means that I have to go beyond W2K SP2!!! - (jb4) - (5) - Sept. 14, 2004, 04:42:06 PM EDT

Yes, you are. - (inthane-chan) - (4) - Sept. 14, 2004, 04:52:15 PM EDT

Dude...I'm on DIALUP! - (jb4) - (3) - Sept. 14, 2004, 07:10:43 PM EDT

I used my D-Link DI-704P on dialup before I got cable... - (Another Scott) - (2) - Sept. 14, 2004, 08:45:49 PM EDT

Yep... - (folkert) - Sept. 14, 2004, 09:01:39 PM EDT

What he said. What I said. -NT - (deSitter) - Sept. 14, 2004, 09:05:47 PM EDT

iwethey.org

Shiny buttons are human catnip.
297 ms