What got snuck past my firewall???

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Suddenly, the "you must restart your computer for system
changes to take affect" screen pops up, and I have not
accepted any requests to permit downloads. There have also
been no messages from symantic or ms concerning waiting
updates, and the firewall is on. So I use the search
feature limited to today, and discover that besides the
two live update activities, a dll file in c/program
files/comet has been accessed, and without my permission.
And i cannot delete dmserver.exe (in comet) because it
is "in use." (I closed everything to free this file, and
am now afraid to restart my machine for fear i cannot stop
what happens next!!!)
would ms or symantic use their permissions to pass my
firewall and insert programming without telling me??
How can i find out what is "pending" on my machine??
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

You should have firewall logs that tell you where you got it.
I have several little utilities that I downloaded from www.sysinternals.com
processexplorer shows ALL active processess and allows you to kill them.
tcpview shows all network connections.
autoruns shows all programs that are started automatically...

You will be able to delete the new program after you stop it.


"system changes" <anonymous@discussions.microsoft.com> wrote in message news:2a81301c465cd$ffb130c0$a301280a@phx.gbl...
> Suddenly, the "you must restart your computer for system
> changes to take affect" screen pops up, and I have not
> accepted any requests to permit downloads. There have also
> been no messages from symantic or ms concerning waiting
> updates, and the firewall is on. So I use the search
> feature limited to today, and discover that besides the
> two live update activities, a dll file in c/program
> files/comet has been accessed, and without my permission.
> And i cannot delete dmserver.exe (in comet) because it
> is "in use." (I closed everything to free this file, and
> am now afraid to restart my machine for fear i cannot stop
> what happens next!!!)
> would ms or symantic use their permissions to pass my
> firewall and insert programming without telling me??
> How can i find out what is "pending" on my machine??
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Sounds like spyware/parasite. AdAware should be able to take care of it. Be sure to
update it before running it. The link below has some information on it including
manual removal. Be careful what you open as far as email attachments and what you hit
OK for when on the internet when asked to install a add on, etc. --- Steve

http://www.pestpatrol.com/PestInfo/c/comet_dmserver.asp


"system changes" <anonymous@discussions.microsoft.com> wrote in message
news:2a81301c465cd$ffb130c0$a301280a@phx.gbl...
> Suddenly, the "you must restart your computer for system
> changes to take affect" screen pops up, and I have not
> accepted any requests to permit downloads. There have also
> been no messages from symantic or ms concerning waiting
> updates, and the firewall is on. So I use the search
> feature limited to today, and discover that besides the
> two live update activities, a dll file in c/program
> files/comet has been accessed, and without my permission.
> And i cannot delete dmserver.exe (in comet) because it
> is "in use." (I closed everything to free this file, and
> am now afraid to restart my machine for fear i cannot stop
> what happens next!!!)
> would ms or symantic use their permissions to pass my
> firewall and insert programming without telling me??
> How can i find out what is "pending" on my machine??
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

You can examine HKLM\System\CurrentControlSet\Control\Session
Manager\PendingFileRenameOperations to see what pending file copies are
waiting.

You must use regedt32, not regedit, on Win2K and earlier, to examine this
value.

The value is not designed to be human-readable, but you'll see both the
existing file to be replaced and the current temp file that will be copied
over the existing file.

And no, Microsoft won't "use their permissions" (we really have none) to
put software on your machine without your consent. I doubt Symantec would
either.

-Matt

===
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Content-Class: urn:content-classes:message
>From: "system changes" <anonymous@discussions.microsoft.com>
>Sender: "system changes" <anonymous@discussions.microsoft.com>
>Subject: What got snuck past my firewall???
>Date: Fri, 9 Jul 2004 09:01:30 -0700
>Lines: 16
>Message-ID: <2a81301c465cd$ffb130c0$a301280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Thread-Index: AcRlzf+xqmSSQylLQYeUgxw24QMGpw==
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Newsgroups: microsoft.public.win2000.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:29279
>NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
>X-Tomcat-NG: microsoft.public.win2000.security
>
>Suddenly, the "you must restart your computer for system
>changes to take affect" screen pops up, and I have not
>accepted any requests to permit downloads. There have also
>been no messages from symantic or ms concerning waiting
>updates, and the firewall is on. So I use the search
>feature limited to today, and discover that besides the
>two live update activities, a dll file in c/program
>files/comet has been accessed, and without my permission.
>And i cannot delete dmserver.exe (in comet) because it
>is "in use." (I closed everything to free this file, and
>am now afraid to restart my machine for fear i cannot stop
>what happens next!!!)
> would ms or symantic use their permissions to pass my
>firewall and insert programming without telling me??
> How can i find out what is "pending" on my machine??
>
>