Lista keskustelualueista
Sinulla ei ole oikeutta kirjoittaa tälle alueelle. Tälle alueelle kirjoittamiseen vaadittu minimi jäsenyystaso on Brain Lähetti.
Exactly, although it does help to bypass the DNS records of your ISP :)) and lets face it there are that many tools and coomands to find IP these days you can easily keep up to date.
Simply open the command prompt and type: tracert www.brainking.com (the ip address will show in square brackets)
DNS simply converts the name BrainKing.Com to 81.31.2.217 so that you dont need to remember lots of numbers like that (which, lets face it, would be a PAIN) :))
Although it sounds just like an ISP problem Bumble, NThell have that problem alot when their servers seem to 'lose' the DNS records. It rights itself after about 9hrs (when the server re-syncs with the global Primary DNS)
IAN i suggest that you configure your firewall to block that port. You should use the Gibson Research Site to check what ports are or are not open and if they are causing a security loop on your machine :))
UDP (User Datagram Protocol) is one of the protocols for data transfer that is part of the TCP/IP suite of protocols. UDP is a “stateless” protocol in that UDP makes no provision for acknowledgement of packets received. UDP enables an application to send a message to one of several applications running in a destination machine. Some problems arise because Internet applications are not exclusively TCP-based. UDP is stateless -- it differentiates sources and destinations within hosts and provides no other services. Often services do not use predefined numbers, so filtering on the basis of "well known ports" will not work.
Port 1029 is often one of the first port used by the operating system for outbound connections, thus it is likely you will see outbound connections from port 1029. If you run netstat you will see something like:
[root@funky web]# netstat -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 1.2.3.4:1029 2.3.4.5:22 ESTABLISHED
The most distressing aspect of this, is that these service ports are wide open to the external Internet. If Microsoft wants to allow DCOM services and clients operating within a single machine to inter-operate, that's fine. But in that case the DCOM service ports should be "locally bound" so that they are not wide open and flapping in the Internet breeze. This is trivial to do, but Microsoft doesn't bother. Or, if there might be some reason to have DCOM used within a local area network, DCOM traffic could be generated with packets having their TTL (time to live) set down to one or two. This would allow DCOM packets complete local freedom, but they would expire immediately after crossing one or two router hops. The point is, there are many things Microsoft could easily do if they had any true concern for, or understanding of, Internet security.
Who knows what known or unknown, discovered or yet to be discovered vulnerabilities already exist those exposed servers and services? This is PRECISELY the situation which hit end users who didn't realize they were running a personal version of Microsoft's IIS web server when the Code Red and Nimda worms hit them and installed backdoor Trojans in their systems. And it's IDENTICAL to the situation when the SQL Slammer worm ripped across the Internet and tens of thousands of innocent end users discovered, to their total surprise, that some other software (Here's an off-site link to SQL-installing applications.) had silently installed Microsoft's insecure and now exploited SQL server into their machines, and that server had silently opened their ports 1433 and 1434 to the entire Internet.
If you are reading this page because our port analysis has revealed that you have open ports lying between 1024 and 1030, it would certainly be in your best interests to configure your personal firewall to block incoming connection requests (TCP SYN packets) to those low-numbered ports.
Unfortunately, since Windows initially initiates outgoing connections from this same low-numbered port range (as the first ports it uses immediately after booting), you may need to be careful with the configuration of your firewall rules. Otherwise you may find that the first several outbound connection attempts made by Windows will fail because returning traffic has been blocked at your firewall. However, any good stateful personal firewall, such as Zone Alarm and probably others, ought to block these low-numbered ports automatically. And, of course, placing any network behind a NAT router provides extremely good hardware firewall protection for your system(s).
It could also be that your CACHE is clearing out out certain images Ian, then when a page loads instead of looking on the site for it it checks the CACHE (thats how they load real quick) however, if it does this and has cleared a few of the image files needed (ie, on the flames for boats, a king in chess etc etc) then they come up as a small square with red X meaning that image file cant be found, if you hit refresh i bet it will come up!!
Radiant: Send me an email (you have the addy) and i will send you a link to a piece of software, that once installed, will rid you of the pop-ups, trojans etc etc and also protect you LIVE while online
<Eh? LOL i presume yor not talking about transcriptional regulators complexed to DNA strings with that n>k represenation so it must be a smiley of sorts LMAO
Try starting in DOS and remove the file manually, I did a quick look and it seems to be a Trojan File (most likely from Germany cos they have most reported hits) but as yet no removal instructions.
I have a link to a program that may be able to detect and remove it, if you want send me a PM and I will give you the link Niki :)
Its a nerds paradise i fink (explains why im going lol). It all about wireless networks etc, and also has some very impressive displays and trials. Like hackers vs security experts etc
*edited* email me for a link (email is on my website)
This one is 6.4mb in size. Although is much better and allows full access to the removal functions. It also disables 80% of web pop-ups when left running while surfing.
Got HotBar? Want shot of it? Or indeed any other annoyance that seems to appear each time you boot or start email / web??
Download and install Spyhunter. It will identify Trojans, Spyware, Addware etc and tell ya how to remove it (sometimes will even give you the opportunity to tick a box and BANG! Its gone.
Who makes your scanner? You need to go to thier site and download specific XP drivers (they are so different from 98 or ME) and the scanner will work fine :o))
If you already have a printer why bother? Just buy a cheap scanner. It is my experience that home users only ever use a scanner about 1% of all PC usage time. So why spend big money on one if your not gonna get the use (like a DTP, or Web Designer would?).
To answer your question though, yes they are good for many reasons. They save space, one unit only.
You get a Printer, Scanner, Photocopier, Fax (providing you have the software) and the quality and price these days is great.
Solution 1
To remove this Trojan, most of the steps are performed in Safe mode. Please follow the instructions in each section.
NOTE: The following procedure instructs you to delete files, file entries, and registry values. In some cases, they may have already been removed by NAV, or they were never added by the Trojan. If you do not find a particular file or entry, make sure that you followed the instructions exactly. If the file or entry does not exist, then proceed to the next step or section.
Enable show all files
Follow these steps to configure Windows to show all files:
Start Windows Explorer.
Click View (Windows 95/98) or Tools (Windows Me), and click Options or Folder Options.
Click the View tab, and uncheck "Hide file extensions for known file types" if it is checked.
Click Show all files, and click OK.
Restart the computer in Safe mode
If you are running Windows 95:
Exit all programs, and then shut down the computer. If the computer will not shut down normally, then proceed to the next step.
Turn off the computer, and wait 30 seconds. You must turn off the computer to remove the virus from memory. Do not use the reset button.
Turn on the computer. When you see the "Starting Windows 95" message, press F8.
Press the number for Safe mode, and then press Enter.
If you are running Windows 98:
Click Start, and click Run.
Type msconfig and click OK. The System Configuration Utility dialog box appears.
Click the General tab, and click Advanced.
Check Enable Startup Menu, click OK, and then click OK again.
Exit all programs, and then shut down the computer. If the computer will not shut down normally, proceed to the next step.
Turn off the computer, and wait 30 seconds. You must turn off the computer to remove the virus from memory. Do not use the reset button.
Turn on the computer, and wait for the menu to appear.
Press the number for Safe mode, and then press Enter.
Find and delete files
Follow these steps to locate and delete the files that were placed on your hard disk by the Trojan:
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
In the Named box, type (or copy and paste) the following file names:
CAUTIONS:
The next step is to delete these files from your computer. Make sure that you delete only the files listed, and if you typed the file names, that they were typed exactly as shown. Deleting the wrong file could prevent your system from starting. (The entry mi*.zip may result in several files being found, such as Mi29.zip, or Mine.zip. All such files should be deleted.)
If you are running Windows Me, the search may find the Winmine.exe file. This is the executable for the Windows Minesweeper game, and it is not necessary to delete this file.
This search will almost certainly find several files named Readme.txt. Each will be in a different location. Make sure that you delete only the one in the C:\Windows\System folder.
Delete each file in the Results pane; click Yes to confirm each deletion.
NOTE: If you see a message saying that the file is in use when you try to delete the Msdos98.exe file, then you cannot remove it at this point. Complete as many of the Solution 1 instructions as possible, and then proceed to Solution 2. Follow the instructions in the first two sections of that solution. You only need to enter the first two commands in the section Remove infected files. When the Msdos98.exe file has been deleted, restart the computer.
Right-click the Recycle Bin icon on your desktop, and click Empty Recycle Bin.
Click New Search, and then go on to the next section.
Find and change a file
Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
Type win.ini in the Named box, and then press Enter.
Right-click the Win.ini file in the results pane, and click Properties.
NOTE: If you find more than one Win.ini file, make all changes to the one that is located in the folder in which Windows is installed; for example, C:\Windows.
Uncheck Read-only, and then click OK.
Double-click the Win.ini file to open it in Notepad.
Locate the entry that begins with run=. It should look similar to this:
run= C:\Windows\uninstallms.exe
NOTE: There is a large space between run= and the C:\Windows\uninstallms.exe entry. If you cannot locate the C:\Windows\uninstallms.exe entry, then click the Search menu and click Find. Type uninstallms.exe and then click Find next.
Place the cursor after run= , and then press Shift+End to select the rest of the line. Repeat this until the entire line is selected. You may have to press Shift+End four or five times.
Press Delete.
NOTE: A new variant of this Trojan has been found that does not add the text C:\Windows\uninstallms.exe.
Underneath run= , look for an entry that begins with RUNRESTORE=. It should look similar to this:
RUNRESTORE=C:\Windows\uninstallms.exe
If you find this entry, move the cursor to the beginning of the line, press Shift+End to select the entire line, and then press Delete.
To make sure that none of these entries remains, click the Search menu and click Find. Type uninstallms.exe and then click Find next. Remove any entries that refer to this file.
Click the File menu, and click Save.
Exit Notepad.
Remove an entry from the registry
CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. See the document How to back up the Windows registry before proceeding.
Click Start, and click Run. The Run dialog box appears.
Type regedit and then click OK. The Registry Editor opens.
Navigate to the following key:
<Try running your scanner while in Safe Mode (press & hold F5 or shift at Windows start-up).
If this fails, jot down the names and locations of all the files that are backdoor programs. (e.g. C:\Windows\system\quicken.exe).
Reboot. Press F8 just after the BIOS screen disappears (you can repeatedly tap F8 to make sure you get it). You'll see the Windows boot menu. Choose "safe mode command prompt only". You will be placed at the C:\> prompt.
Delete each file ("del filename") by navigating to its folder (using "cd foldername" and "cd .." to go up a level). If DOS says it can't find it or it's locked, then you will need to change the file's attributes. Just do "attrib -s -h -r filename" to remove the System, Hidden, and Read Only tags all in one shot. You should then be able to delete the file.
When are all deleted, reboot. Windows may complain that files it's supposed to run at startup are missing. Use msconfig to edit the bootup system and remove the virus files from the "start these when loading" list.
These trojans / viruses try and use filenames that seem likely to be on systems. That way when you scan a PC and see Quicken.exe you would think that it is really the executable for the program. In truth the EXE file will be in Program Files under a directory for Quicken.
It is a coy way for them to hide a virus longer and let it gather info or infect other files, PCs or network resources.
Simple rules for virus protection?
DO NOT OPEN ATTACHMENTS if they are from people you dont know, or people you do know but are not expecting an attachment.
By wary of all .exe / .com / .pif / .zip
A new way they send them is to give a double extension (seemingly) Ie the new Netsky.B virus is sent like this: part2.zip.htm.exe
and when you see the attachement on Outlook it displays as Part2.zip (its not a zip file, it ends with EXE)
I have never used a virus program and never got infected cos im sensible at what i open. Just be careful.
Most XP machines show both installed, make sure the UK one is set as Default INPUT device though. Its in the Control Panel, Regional Settings, Language (then the details or advanced tab at input device)
Ian: you dont get the tab for copy music?? Im pretty sure my mum's PC is 98se and has this function as she made me listen to old Smokie songs she downloaded.
But failing that then there is a program called MusicMatch (v7.0) i think. And if you get a demo i can supply a code for it im sure :)
Also the latest RealPlayer has a superb copy utility and will even fade tracks in and out of each other for you.
MICROSOFT has issued a new security update for its Internet Explorer to close loopholes that could allow a hacker to install unwanted programs or deceive computer users with fake internet addresses.
The update was not related to the MyDoom internet worm, analysts said, but posed additional security woes for computer users at a time of the biggest epidemic of its kind to hit cyberspace.
Microsoft called the update "critical", the highest level of alert.
Jimmy Kuo of McAfee Anti-virus and Vulnerability Emergency Response Team said the security patch, which can be downloaded from Microsoft's website, addressed three vulnerabilities.
But the most significant, he said, was the security flaw that could allow a user to be directed to a fake website even when the address line, also known as a URL, appeared legitimate.
"So a user could see the address www.citibank.com, but could actually be somewhere else," Mr Kuo said. "This vulnerability has already been in use since December, and we've been in great anticipation for an update" to fix the flaw.
The flaw could be used in so-called "phishing" scams in which users are sent emails and asked to click on a link to update financial information or verify passwords.
I use it only when im out and about and need to get emails or check important things on the web (like my games LOL) and I only get charged a local rate call, and as i get 400mins of local free per month it works out reasonable :o)
Well im not sure about linking to your home network?? Most wireless connections I have seen are just like slim-line mobile phones (modems) that use microwave to connect up to the interent (just like a mobile phone call) but like I said im not that positive. I have a NOKIA communicator which has a wireless connection the the net, but really all it does is make a MOBILE PHONE call to an ISP??
Sometimes, the auto load sequence runs in a different order from the Step-by-step sequence (although not always and its hard to find out). it would seem to me that when you load step-by-step yu are loading them in a different order, therefore bypassing the problem that hits the PC during autostart up.
You can however set the order in which the auto start loads the drivers. So if you took notes of the order that the step by step way loads them, then configure the auto-start to load them in the same order it should (in theory) give you the same result (all drivers loaded)
It can take a while to configure the autostart sequence at first, but it is worth it. Im not sure if the version you are using is compliant however, but if you check this link it might help??
Ferjo was it a second Hard-Drive you added? if so and you added it to the secondary slot (slave) on the Primary IDE cable then you need to make sure that the setting for BOTH hard drives are correct.
IE, the Primary Drive has its jumpers set as MASTER, and the secondary (backup) drive is set as slave.
Alternativley make sure both are set to auto, if these setting are in any way off-set they could cause problems??