Re: My Doom Updates

anonymous_at_discussions.microsoft.com
Date: 08/10/04 

Date: Tue, 10 Aug 2004 16:36:27 -0700

I kmow that Chuck,but I went to start,windows
update,click the button for scan updates,it was critical
(KB936528)It's even in my installation history.Google
search didn't show up for anything,and it's not in MS
Knowledge Base,Just wondered if anybody else had that
update from Microsoft update page.If you can Chuck,check
your computer for updates and see if it shows up.
>-----Original Message-----
>On Tue, 10 Aug 2004 15:56:50 -0700, "kelly"
><anonymous@discussions.microsoft.com> wrote:
>
>>Just got an update saying I may have mydoom,download
now
>>to remove it.My AV comes up clean,I'm I being
bamboozled
>>by MS again?Anybody else getting the same updates for
XP?
>
>Kelly,
>
>This may not be MS telling you anything. Most likely,
it is a popup intended to
>sell you the product that you are to download. The
product being pushed will
>not necessarily protect you from anything but further
messages.
>
>No legitimate software product advertises thru popups.
>
>There are at least three varieties of pop-ups, and the
solutions to block /
>eliminate them vary accordingly. Which specific type(s)
are you seeing?
>
>I. "Messenger Service" Pop-Ups
>
>This will be a text only message, and will only hit you
when you're online. A
>Messenger Service pop-up can't contain a clickable
link. The window will be
>titled "Messenger Service".
>
>This type of spam has become quite common over the past
year or so, and
>unintentionally serves as a valid security alert. It
demonstrates that you
>haven't been taking sufficient precautions while
connected to the Internet.
>Your data probably hasn't been compromised by these
specific advertisements, but
>if you're open to this exploit, you most definitely open
to other threats, such
>as the Blaster Worm that still haunts the Internet.
Install and use a decent,
>properly configured firewall.
>
>Messenger Service of Windows
><http://support.microsoft.com/default.aspx?scid=KB;en-
us;168893>
>
>Messenger Service Window That Contains an Internet
Advertisement
>Appears
><http://support.microsoft.com/?id=330904>
>
>Stopping Advertisements with Messenger Service Titles
><http://www.microsoft.com/windowsxp/pro/using/howto/commu
nicate/stopspam.asp>
>
>Whichever firewall you decide upon, be sure to ensure
UDP ports 135, 137, and
>138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable
>Inbound NetBIOS (NetBIOS over TCP/IP). You'll have to
follow the instructions
>from the firewall's manufacturer for the specific steps.
>
>You can test your firewall at:
>
>Gibson Research <http://grc.com/default.htm> (ShieldsUp!)
>SecurityMetrics
<http://www.securitymetrics.com/portscan.adp>
>Sygate Security Scan <http://www.sygatetech.com/>
>Symantec Security Check
<http://security.symantec.com/ssc/vr_main.asp>
>
>Be especially wary of people who advise you to do
nothing more than disable the
>messenger service. Disabling the messenger service, by
itself, is a "head in
>the sand" approach to computer security. The real
problem is not the messenger
>service pop-ups; they're actually providing a useful, if
annoying, service by
>acting as a security alert.
>
>
>II. Regular Browser Based Pop-Ups
>
>This will be an HTML message, and will only hit you when
you're online. A
>browser based popup will probably contain clickable
links. The window title
>will vary.
>
>Get the free Google Toolbar from
<http://toolbar.google.com/>. Hosts file
>blocking works on this problem also.
>
>Blocking Ads, Parasites, and Hijackers with a Hosts File
><http://www.mvps.org/winhelp2002/hosts.htm>
>
>
>III. Adware / Spyware
>
>This will be an HTML message, and can hit you when
you're online, or offline.
>An adware based popup will probably contain clickable
links. The window title
>will vary.
>
>This is where you need a thorough adware / spyware scan,
including CWShredder,
>AdAware, Spybot S&D, and HijackThis, with expert advice
to interpret the
>HijackThis log.
>
>Start by downloading each of the following free tools:
>AdAware <http://www.lavasoftusa.com/>
>CWShredder <http://www.majorgeeks.com/download4086.html>
>CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
><http://www.majorgeeks.com/download4113.html>
>HijackThis <http://www.majorgeeks.com/download.php?
det=3155>
>LSP-Fix and WinsockLSPFix
<http://www.cexx.org/lspfix.htm>
>Spybot S&D <http://www.safer-networking.org/index.php?
page=download>
>Stinger <http://us.mcafee.com/virusInfo/default.asp?
id=stinger>
>
>Install and run Stinger.
><http://us.mcafee.com/virusInfo/default.asp?id=stinger>
>
>Create a separate folder for HijackThis, such as
C:\HijackThis - copy the
>downloaded file there. AdAware and Spybot S&D have
install routines - run them.
>The other downloaded programs can be copied into, and
run from, any convenient
>folder.
>
>Start by closing all Internet Explorer and Outlook
windows, and running
>CoolWebSearchSmartKillerMiniRemoval, then CWShredder.
Have the latter fix all.
>
>Next, run AdAware. First update it ("Check for updates
now"), configure for
>full scan (<http://www.lavahelp.com/howto/fullscan/>),
then scan ("Start" - "Use
>custom scanning options" - "Next"). When scanning
finishes, select everything,
>and hit Next again.
>
>Next, run Spybot S&D. First update it ("Search for
updates"), then run a scan
>("Check for problems"). Trust Spybot, and delete
everything ("Fix Problems")
>that is displayed in Red.
>
>Then, run HijackThis ("Scan"). Do NOT make any changes
immediately. Save the
>HJT Log.
><http://forums.spywareinfo.com/index.php?showtopic=227>
>
>Finally, have your HJT log interpreted by experts at one
or more of the
>following security forums (and post it, or a link to
your forum posts, here):
>Aumha: <http://forum.aumha.org/index.php>
>Net-Integration: <http://forums.net-integration.net/>
>Spyware Info: <http://forums.spywareinfo.com/>
>Spyware Warrior: <http://spywarewarrior.com/index.php>
>Tom Coyote: <http://forums.tomcoyote.org/>
>
>If removal of any spyware affects your ability to access
the internet (some
>spyware builds itself into the network software, and its
removal may damage your
>network), run LSP-Fix and / or WinsockXPFIx.
>
>Cheers,
>Chuck
>Paranoia comes from experience - and is not necessarily
a bad thing.
>.
>

Quantcast