Re: network request not supported - source virus??

FWIW:
"Crossing your fingers" doesn't seem an adequate response in a
situation where it's perfectly possible that you still have an open
backdoor in a production environment.

The McAfee forum shows that the virus is detected by 9 of the
listed antivirus engines and was missed by 10 of them.
Unfortunately for you, McAfee missed it.

Have you at all investigated where the infection started? How about
your workstations? Why do you believe that you are *not* going to
be re-infected?

And since this infection usually spreads using KaZaA file sharing
and mIRC: either your Administrator is playing around with an
Administrative account on your production servers, or your users
are file sharing and chatting during work hours AND they have way
too high permissions, since the original infection was able to
modify the registry in places where no normal user should go!

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?c2FtZSBwcm9ibGVt?=
<sameproblem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 05 jun 2005 in
microsoft.public.win2000.termserv.apps:

> I posted this problem also on Mcafee and it does seem like a new
> virus http://forums.mcafeehelp.com/viewtopic.php?p=240094#240094
> I've also updated all critical win 2000 server updates and at
> least for the past 12 hours the server has been running like
> normal. I'm crossing my fingers.
>
> Thanks for your help.
>
> "Patrick Rouse" wrote:
>
>> These are some that I like:
>>
>> http://housecall.trendmicro.com
>> http://www.spywareinfo.com/xscan.php
>> Spybot Search & Destroy
>>
>> --
>> Patrick Rouse
>> Microsoft MVP - Terminal Server
>> http://www.workthin.com
>>
>>
>> "Vera Noest [MVP]" wrote:
>>
>> > Sounds like one of those SpyBot backdoors to me.
>> > It probably loads in
>> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
>> > Run] and related registry keys, which explains why you can
>> > log in for a minute or 2 after rebooting. Once the service is
>> > started, you're locked out again.
>> >
>> > Why don't you run another anti-virus program or an online
>> > virus check?
>> >
>> > _________________________________________________________
>> > Vera Noest
>> > MCSE, CCEA, Microsoft MVP - Terminal Server
>> > http://hem.fyristorg.com/vera/IT
>> > ___ please respond in newsgroup, NOT by private email ___
>> >
>> > =?Utf-8?B?c2FtZSBwcm9ibGVt?=
>> > <sameproblem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 04 jun 2005
>> > in microsoft.public.win2000.termserv.apps:
>> >
>> > > On 6/2/05 all of my licensed Windows 2000 Servers w/SP4
>> > > would not allow anyone to login via remote or at the
>> > > console. Then have been running for 5+ months without
>> > > change. If I were to reset the server I could login within
>> > > approx 2 minutes but after that I would be locked out. This
>> > > and a few other forums have others with the same problem
>> > > starting on 6/2/05. Therefore, I felt/feel this is either a
>> > > Microsoft bug or a virus.
>> > >
>> > > In review of my system32 folder I found a file that looked
>> > > like it did not belong 'msupdtm.exe' since a clean install
>> > > I have of windows 2000 server w/sp4 did not have the file.
>> > > However, I ran Managed McAfee and no viruses were found.
>> > > Has anyone found a solution to the BIG PROBLEM yet??
>> > >
>> > > HELP!!!
.

Relevant Pages

  • Re: Trust Issues
    ... about to put my production environment at risk if I can recreate so ... I could load it on VirtualPC or Virtual Server too. ... >>able to sccuessfullly add win2k3 domain account to the win2k domain? ... >>validate this trust; or the trust has not been succussfully established at ...
    (microsoft.public.windows.server.general)
  • Re: network request not supported - source virus??
    ... The crossing my fingers part was that I removed the ... current virus successfully since Norton and MacAfee could not detect it. ... After looking at the file on each server I noticed it attached my one web ...
    (microsoft.public.win2000.termserv.apps)
  • Re: ssh and ids
    ... Don't assume the backdoor is going to be listening ... makes an outbound connection to a central server that lets the ... attacker issue commands on the compromised host. ... looking at a connection as a whole versus the ...
    (Focus-IDS)
  • Re: network request not supported - source virus??
    ... If a server is working perfect in a production environment would you update ... may get a virus and if I do my software may stop working because of some ... term solution and suggest for the short term to rollback the windows update. ...
    (microsoft.public.win2000.termserv.apps)
  • Re: network request not supported - source virus??
    ... security updates from Microsoft, and all other updates. ... The special case with security vulnerabilities is that your server ... > Not a good feeling for a production environment at all. ... why should I apply Windows Updates blindly ...
    (microsoft.public.win2000.termserv.apps)