Over 1 million tech questions and answers.

Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service

Q: Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service

Hiya

======
There is a flaw in the Winsock Proxy service in Microsoft Proxy
Server 2.0, and the Microsoft Firewall service in ISA Server 2000,
that would allow an attacker on the internal network to send a
specially crafted packet that would cause the server to stop
responding to internal and external requests. Receipt of such a
packet would cause CPU utilization on the server to reach 100%, and
thus make the server unresponsive. The Winsock Proxy service and
Microsoft Firewall service work with FTP, telnet, mail, news,
Internet Relay Chat (IRC), or other client applications that are
compatible with Windows Sockets (Winsock). These services allow
these applications to perform as if they were directly connected to
the Internet. These services redirect the necessary communications
functions to a Proxy Server 2.0 or ISA Server computer, thus
establishing a communication path from the internal application to
the Internet through it.
Maximum Severity Rating: Important
Affected Software:

Microsoft Proxy Server 2.0
Microsoft ISA Server
Download locations for this patch
Proxy Server 2.0:

http://microsoft.com/downloads/deta...B7-20FB-45EB-BAFD-031A0D2923E6&displaylang=en

ISA Server:

English:

http://microsoft.com/downloads/deta...D2-A888-4603-84B7-1053C8663436&displaylang=en

French:

http://microsoft.com/downloads/deta...D2-A888-4603-84B7-1053C8663436&displaylang=fr

German:

http://microsoft.com/downloads/deta...D2-A888-4603-84B7-1053C8663436&displaylang=de

Spanish:

http://microsoft.com/downloads/deta...D2-A888-4603-84B7-1053C8663436&displaylang=es

Japanese:

http://microsoft.com/downloads/deta...D2-A888-4603-84B7-1053C8663436&displaylang=ja

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-012.asp

Regards

eddie

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 136.8

Hiya

A flaw exists in a Windows NT 4.0 Server file management function
that can cause a denial of service vulnerability. The flaw results
because the affected function can cause memory that it does not own
to be freed when a specially crafted request is passed to it. If
the application making the request to the function does not carry
out any user input validation and allows the specially crafted
request to be passed to the function, the function may free memory
that it does not own. As a result, the application passing the
request could fail.

By default, the affected function is not accessible remotely,
however applications installed on the operating system that are
available remotely may make use of the affected function.
Application servers or Web servers are two such applications that
may access the function. Note that Internet Information Server 4.0
(IIS 4.0) does not, by default, make use of the affected function.
Maximum Severity Rating: Moderate

Affected Software:

Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Terminal Server Edition
Download locations for this patch

Microsoft Windows NT 4.0 Server

Microsoft Windows NT 4.0 Terminal Server Edition

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-029.asp
Regards

eddie
 

A:Flaw in Windows Function Could Allow Denial of Service: NT only. 23 July

V2.0 (August 13, 2003): Updated to reflect the release of updated patches to correct problems on computers running RAS.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-029.asp

eddie
 

Read other 1 answers
RELEVANCY SCORE 136.8

Hiya

Remote Procedure Call (RPC) is a protocol used by the Windows
operating system. RPC provides an inter-process communication
mechanism that allows a program running on one computer to
seamlessly execute code on a remote system. The protocol itself
is derived from the OSF (Open Software Foundation) RPC protocol,
but with the addition of some Microsoft specific extensions.

There is a vulnerability in the part of RPC that deals with
message exchange over TCP/IP. The failure results because of
incorrect handling of malformed messages. This particular
vulnerabilty affects the RPC Endpoint Mapper process, which
listens on TCP/IP port 135. The RPC endpoint mapper allows RPC
clients to determine the port number currently assigned to a
particular RPC service.

To exploit this vulnerability, an attacker would need to
establish a TCP/IP connection to the Endpoint Mapper process on
a remote machine. Once the connection was established, the
attacker would begin the RPC connection negotiation before
transmitting a malformed message. At this point, the process on
the remote machine would fail. The RPC Endpoint Mapper process
is responsible for maintaining the connection information for
all of the processes on that machine using RPC. Because the
Endpoint Mapper runs within the RPC service itself, exploiting
this vulnerability would cause the RPC service to fail, with the
attendant loss of any RPC-based services the server offers, as
well as potential loss of som... Read more

Read other answers
RELEVANCY SCORE 135.6

Hiya

Microsoft Internet Security and Acceleration (ISA) Server 2000
contains the ability to apply application filters to incoming
traffic. Application filters allow ISA Server to analyze a data
stream for a particular application and provide application-
specific processing including inspecting, screening or blocking,
redirecting, or modifying the data as it passes through the
firewall. This mechanism is used to protect against invalid URLs
which may indicate attempted attacks as well as attacks against
internal Domain Name Service (DNS) Servers.

A flaw exists in the ISA Server DNS intrusion detection application
filter, and results because the filter does not properly handle a
specific type of request when scanning incoming DNS requests.

An attacker could exploit the vulnerability by sending a specially
formed request to an ISA Server computer that is publishing a DNS
server, which could then result in a denial of service to the
published DNS server. DNS requests arriving at the ISA Server would
be stopped at the firewall, and not passed through to the internal
DNS server. All other ISA Server functionality would be unaffected

Maximum Severity Rating: Moderate

Affected Software:

Microsoft ISA Server

Download locations for this patch Microsoft ISA Server:
English:

http://microsoft.com/downloads/deta...C5-51E3-4B34-A6D3-B9CF840358BD&displaylang=en

French:

http://microsoft.com/downloads/deta...C5-51E3-4B34-A6D3-B9CF840358BD&displaylang=fr

G... Read more

Read other answers
RELEVANCY SCORE 124

I found this today and figured I'd post it.

"Two Denial of Service Conditions in Tiny Personal Firewall 3.0 for Windows..."

Link below...

http://www.secadministrator.com/articles/index.cfm?articleid=26348
 

Read other answers
RELEVANCY SCORE 114.4

Hi,

As title, lately in the event logs, it shows my Win XP Home Edition desktop is experiencing McAfee services terminating unexpectedly and then restarted.

1) I am using McaFee Internet Security 2010 and has it patched to the latest definition files.

2) The following six McAfee services are terminated and event logs shows the following:

"
Event ID 7031

The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
"

"
Event ID 7031

The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
"

"
Event ID 7031

The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
"

"
Event ID 7031

The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help... Read more

A:The McAfee Personal Firewall Service service terminated unexpectedly

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419171 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 106

I collect my hotmail via outlook express, suddenly it will not let me send messages and all the folders shown on left of screen dissapear.
If I go into internet explorer and enter www.hotmail.com it is changed by a letter being inserted in front of hotmail... and obviously the web site is not accessed
how can i find the virus? (using symantec a/v with definitions as at 31st January - running windows xp
 

Read other answers
RELEVANCY SCORE 106

How do you know if you have had a denial of service attack? I have received two email daemons from emails I didn't send. Also how can you prevent this?
Thanks
Jerry
 

Read other answers
RELEVANCY SCORE 106

Dear Friend

Can you pepole late me know How to make Denial of Service attack or DDOS attack. This i am doing just for Knowldge purpose.

Regard

Arun

A:Denial of Service Attack

Hi..

unfortunately we cannot advise people how to carry out DoS attacks.

Closing thread.

Read other 1 answers
RELEVANCY SCORE 106

Hello, I'm a first time poster, short time viewer, so please forgive my noobiness & blundering blunderbuss approach to problem solving...My mother's computer recently developed a problem when connecting to the internet. The internet connection to the wireless router is fine (other computers are connected to the same router w/out any problems), however any applications or browsers that use an internet connection either will not connect or load so slowly that they are virtually inoperable (denial of service?). I noticed that when the internet connection is enabled, the CPU usage jumps through the roof and then hovers around 45-50% but it is less then 10% before enabling/after disableing the wireless connection. I've lost many hours over the last couple of days trying to diagnose the problem, but to no avail. We've tried running defrag, disk clean up, clearing caches, plus several spyware checkers (Ad Aware, Spybot & AVG) & antivirus scans (Norton & AVG), some of which have been unable to update due to the internet issue. I've tried system restore (going back about 3 weeks), and the HP Restore as the "nuclear option", sending Windows back several years(!) in time (doh!), neither restores have made a difference. I even tried unloading the driver for the wireless card, switching it with a card from another computer (same make & model), plugging it into a different slot after reloading the driver... Different card, same problem (so its not... Read more

A:Denial Of Service Possible Trojan

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
I apologise for the delay you have experienced, but as you may have noticed our HijackThis Team is very busy at the moment.
If you still require assistance, please reply with a new HijackThis log, then we'll get started.
Thanks,
Charles

Read other 2 answers
RELEVANCY SCORE 106

OK ...

I have this weird issue (well I think it's weird) concerning my router (a 108 Mb wireless) which I set up to send me reports of any DoS attacks made against my IP (which is static). Initially I'd get maybe 10 or 20 or these things a day but more recently I am getting much higher numbers, a couple of nights ago I got over 700 of the things in my e-mail.

Here is an example:

ROUTER *Security Alert* [C1:08:09] Inbox
[email protected]
TCP Packet - Source:85.89.73.166,3273 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:80.177.169.246,37325 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:85.89.73.166,3273 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:70.185.133.95,2070 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:142.177.210.177,61311 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:80.177.169.246,37325 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:202.72.100.156,61745 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:85.89.73.166,3273 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:85.124.175.75,10683 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:62.241.236.187,1868 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:60.224.44.20,3823 Destination:<MyIPAddress>,10000 - [DOS]
TCP Packet - Source:87.194.31.206,54011 Destination:<MyIPAddress>,10000 - [DOS]
TCP Pack... Read more

A:Denial Of Service Attacks

Looking at the ports, some may be traceroute requests.
For "Source:83.180.13.157,3371 ", SamSpade returns:

08/20/06 13:48:18 IP block 83.180.13.157
Trying 83.180.13.157 at ARIN
Trying 83.180.13 at ARIN

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 83.0.0.0 - 83.255.255.255
CIDR: 83.0.0.0/8
NetName: 83-RIPE
NetHandle: NET-83-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS3.NIC.FR
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
Comment:
RegDate: 2003-11-17
Updated: 2004-03-16

# ARIN WHOIS database, last updated 2006-08-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 

Read other 2 answers
RELEVANCY SCORE 106

I know someone who is threatening to use DoS attacks on me. I have a firewall, but I don't think that it can protect me if he tries to mass ping me. Is there some sort of program that I can download to prevent these types of attacks, as well as some others hopefully??
 

A:Denial of Service (DoS) attacks!!

Read other 10 answers
RELEVANCY SCORE 106

Hey
I just came on the net and my sygate firewall said
"Denial of Service Attack is Logged" source ip 203.235.222.234

Sygate said this about it:

Denial of Service "Code Red" attack detected.
Description:
A Code Red attack from outside is detected, it is a very dangerous virus that will deface your webpages, perform a denial-of-service attack, and even crash your system.

what does it exactly mean?
 

A:Denial of Service Attack

Hi,

For some background info read here :

http://www.ciac.org/ciac/bulletins/l-117.shtml

Is the IP address you quoted your own - or the source ? I use Sygate as well but have found that the 'look up' function is not very useful when trying to trace the source of an intrusion. However I understand this to be because it is so easy for hackers to 'spoof' an IP address to avoid detection - not a fault of the firewall.

If you want to make sure you pc is as secure as possible then read more here :

http://www.cexx.org

http://www.wilders.org

http://www.pcflank.com

The first two have info / downloads for better protecting your system. The last has tests to run so you can ensure your system is safe on the net.
 

Read other 2 answers
RELEVANCY SCORE 104.8

I have seen people complaining in chat rooms about having their internet frozen out or crashed from DDoS attacks.  I was told they can get your ip address from skype?  Do you have any suggestions for protecting myself and others from such an attack?  Thank you so much.

A:DDoS: Denial of Service Attacks

I have seen people complaining in chat rooms about having their internet frozen out or crashed from DDoS attacks.  I was told they can get your ip address from skype?  Do you have any suggestions for protecting myself and others from such an attack?  Thank you so much.Surfing the Internet in general, and your IP can be identified - not just Skype. Click on this link http://www.ip-adress.com and it will show your Wide Area Network (WAN) IP. LAN stands for Local Area Network and WAN stands for Wide Area Network.
Your PC==(LAN)==[Home Router/ISP]==(Internet WWW)=={www.ip-adress.com}
LAN address is your home network. Eg. 192.x.x.x or 10.x.x.x
WAN address is your broadband ISP connection, and is called the router's WAN IP address.
To hide your WAN IP, you need an Anonymous proxy or VPN.
Your PC==(LAN)==[Home Router/ISP]==(Anonymous Proxy or VPN)==(Internet WWW)=={www.ip-adress.com}

Read other 11 answers
RELEVANCY SCORE 104.8

Hiya
Gaim is an instant messenger application for Microsoft Windows and Linux-based operating systems. Gaim versions prior to 1.1.3 are vulnerable to a denial of service attack, caused by a vulnerability in the parsing of HTML. By sending specially-crafted HTML, a remote attacker could cause Gaim to crash.
Platforms Affected:

Gaim Project: Gaim prior to 1.1.3
Linux: Linux Any version
Microsoft Corporation: Windows 95
Microsoft Corporation: Windows 98
Microsoft Corporation: Windows 98 Second Edition
Microsoft Corporation: Windows Me
Microsoft Corporation: Windows XP
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0
http://xforce.iss.net/xforce/xfdb/19381

Regards

eddie
 

A:Gaim HTML denial of service

Hiya

Gaim is an instant messenger application for Microsoft Windows and Linux-based operating systems. Gaim versions prior to 1.1.3 are vulnerable to a denial of service attack, caused by a vulnerability in the parsing of SNAC packets. By sending a specially-crafted SNAC packet, a remote attacker could cause Gaim to enter into an infinite loop, resulting in a denial of service.

Platforms Affected:

Gaim Project: Gaim prior to 1.1.3
Linux: Linux Any version
Microsoft Corporation: Windows 95
Microsoft Corporation: Windows 98
Microsoft Corporation: Windows 98 Second Edition
Microsoft Corporation: Windows Me
Microsoft Corporation: Windows XP
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0
http://xforce.iss.net/xforce/xfdb/19380

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 104.8

Apparent distrust of Adobe PDF Reader has increased the popularity of my preferred alternate PDF application, Sumatra PDF. It appears that the popularity has also attracted additional attention. From Security Focus:






Quote:
Sumatra PDF is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, resulting in a denial-of-service condition.

Sumatra PDF 1.1 is vulnerable; other versions may also be affected.


From the exploit information at Security Focus:






Quote:
Vulnerability Detection Time : 21st June 2010, 1:13 AM
Tested on version 1.1 of Sumara PDF Reader
Nature : Accidental Discovery
Description : Sumatra PDF Reader crashed while testing recovered PDF
Files from a HardDisk. PDF Files recovered using Forensic
Tools were large in size. DoS code has been optimised to
implement the crash with reduced file-size.

Notes : This source can be modified after analyzing the crash appcompat
files to write shell bind / other payloaded exploits.
Sumatra PDR Reader crashed when PDF Files were already
associated to launch it.

A:Sumatra PDF Denial Of Service Vulnerability

THANKS !

perhaps it?s time to try another PDF-reader...

Read other 5 answers
RELEVANCY SCORE 104.8

Hi there,
So since last night I have been unable to load pages on Safari and IE. Mozilla works, though. My internet connection is fine. My laptop is running fine...Maybe a little slower?

Before I found this forum, I ran Symantec, CCleaner and Spybot S&D. They all cleaned out some malware, but I still can't connect to my other browsers. Forgive me for my ignorance, but I don't know if I have access to a boot CD or Windows Install disc. Thank you!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jessica at 16:50:03.04 on Sun 06/06/2010
Internet Explorer: 8.0.6001.18904
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2037.940 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows... Read more

A:Denial of service attack contd.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

See if this restores your IE:

For IE, go Tools > Internet Options > Connections > LAN settings, and uncheck 'Use a proxy server for your LAN' or restore your previous settings and click OK.

Let me know if that didn't work.

------------------------------------------------------

Please go to: VirusTotalClick the Browse button.
Please copy/paste the following bolded text into the 'File name:' box:

c:\users\jessica\appdata\roaming\a2c32d6f.exe

Click Open then click the Send File button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now
Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 104.8

Microsoft sites (including Hotmail) were down for periods of time on Thrusday and Friday due to Denial Of Service attacks.

You can read up on it here and here
 

Read other answers
RELEVANCY SCORE 104.8

I seem to be having trouble with both of my PC's (dell dim 2400's with XP home) accessing the Windows Update site. I can never get on and get the usual page suggesting to try later or try downloading manually, which I can't do either.

None of my System Restore points work (on either one)! Also, our DSL connection is working fine, as for as IE6 goes. (I can get Google, Yahoo, Bestbuy.com, ect.)

I can't access the msn web-site either and Outlook Express 2003 hangs during the receiving part.

I've tried Trend-Micro's Housecall and it cleaned several trojans, but I still have the same problems. I've never experienced this "Denial of Service" attacks. I'm hoping we can work and fix one; then later, I can address the other. PLease help me.
 

A:Solved: Denial of service attack?

Read other 14 answers
RELEVANCY SCORE 104.8

using a netgear router and when i try to connect to mozilla or ie, it gives me a denial of service page (noaccess.verizon.net) here is my logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:54:13 PM, on 6/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\Ati2evxx.exec:\windows\system32\opnsqr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared ... Read more

A:Hjt Log For A Verizon Denial Of Service Through Router

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 2 answers
RELEVANCY SCORE 104.8

How a denial-of-service attack works.

Some details about denial-of-service attacks, like the one Thursday against Twitter.

-- Tom
 

Read other answers
RELEVANCY SCORE 103.6

My OS is Win8.1. I installed a software and instructed it to run as a window service. I uninstalled the SW. The service lingers. I ran the dos cmd box as administrator and typed in "sc delete XYZ". Where XYZ is the name of the service which I cut & paste from the property box. There is no spacing in XYZ.
The dos cmd returned this:
[SC] OpenService FAILED 5: Access is denied.

How do I resolve this issue in order to remove this windows service?
When I googled, I came across some random posts saying the above command "backfire" in Win7 (I assumed it may be the same for Win8). I don't want to go to the route of removing the service via registry.

Any suggestions?

Thanks in advance.

Read other answers
RELEVANCY SCORE 103.6

I have tried several times to install XP SP3 on my DELL Inspiron 6000, XP SP2 and get and “Access Denied” error. I understand that this occurs if one or more registry keys are restricted so that the software cannot alter them. I have retired installing SP3 after disabling both Zone Alarm and AVG antivirus programs w/o success. (do they need to be uninstalled?) I also understand that there is a way to reset registry and file permissions, but I am afraid that this would be beyond my comfort level.

From the installation log, the first major logged failure is:
846.266: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2 --- does this have any meaning.

So far, these attempts have not changed the computers functionality, however, I am not able to make the restore function work.

Can you help me to complete this installation? What are the consequences of not installing SP3?
 

A:Solved: Service Pack 3 Denial of Access

Read other 13 answers
RELEVANCY SCORE 103.6

BIND 9 denial of service being actively exploited.

Internet Systems Consortium, the developers of the BIND DNS server, is reporting a denial of service vulnerability that is being actively exploited. "Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert. [...] This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround." ISC is urgently suggesting that everyone upgrade BIND to 9.4.3-P3, 9.5.1-P3, or 9.6.1-P1Click to expand...

-- Tom
 

Read other answers
RELEVANCY SCORE 103.6

Security researchers have published details of a denial-of-service vulnerability that could enable hackers to attack Microsoft Windows and spin computers into senseless processing loops.

http://news.com.com/Denial-of-servi...Windows/2100-1002_3-5604579.html?tag=nefd.top
 

Read other answers
RELEVANCY SCORE 103.6

Hiya

Oracle with Windows NT so I think this is the correct place. Its not a crossposting as it a different issue to the one I posted in Linux.

Internet Security Systems (ISS) X-Force has identified a vulnerability
with redirected Oracle connections. This vulnerability allows an
unauthenticated user to consume all the memory on an Oracle server. It
is also possible for remote users to deny access to all other users and
cause the operating system to crash.

http://xforce.iss.net/alerts/advise81.php

Regards

eddie
 

Read other answers
RELEVANCY SCORE 103.6

Hello and thanks in advance for the great site!My friend has a badly infected machine. It seemed to be mostly Adware.180 and purity.scan that were infesting it. Have run Ewido, spybot, trendmicro scans. All windows security updates current.Between these three, I cleaned out about 250 infected items. There was a slight improvement but the primary problem is still that the system is incredibly slow, both to boot and to open programs. IE 7.0 is almost impossible to use. I cannot get Adaware to install due to the system having resource limitations. I was able to get a HijackThis log out of it onto a disk which I brought home, and posted here. Would you be able to provide some help?There are a couple of entries here that I find suspicious but I will defer to your expertise to analyze.Logfile of HijackThis v1.99.1Scan saved at 6:20:46 PM, on 12/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\HPZipm12.... Read more

A:Persistent Denial Of Service / Many Infections Removed

Add remove programs - remove GIANT AntiSpywareThey were bought by MS and it has been replaced by Windows Defender which you have.Log looks fine==================DownLoad EasyCleaner http://www.majorgeeks.com/download414.htmlUse the clear files and Unnecessary files buttons – I do not recommend using the Duplicates files button as many dupes are there on purpose.Not all files will delete – that is normal.In the unnecessary button I check the top 4 entries

Read other 1 answers
RELEVANCY SCORE 103.6

Hi, I have win8 Enterprise. when i connection to internet two service with names service host: Network service and service host: local system download automatically, i thought that it relate to windows update but automatic update is off and my windows is up to date. what is the problem? what can i do that stop them's download?

Read other answers
RELEVANCY SCORE 102.4

Hi today i found DoS Trojan and Remotely controlled Trojan on my Desktop, I dont know what to do they were in my Second Life settings folder and i used to crash a lot playing on Second Life, Is it possible that my system was taken over? Should i doubt the Downloads i made to play on SL. I use a 3rd party viewer. Also i didn't have AV earlier, now i just downloaded Security essentials from MSFT and that triggered the alert. I use Win 7 on a dell N series Laptop which is about 5-6 years old. Also advice me on what would be a better AV if possible a Firewall too. TY
Regards,
Goldy
 

Read other answers
RELEVANCY SCORE 102.4

Hiya

Stickying this for just a week, in case others have it

Macromedia ColdFusion MX is an application suite for the development and deployment of Web applications for Microsoft Windows, Linux, and Unix-based operating systems. ColdFusion MX version 6.1 is vulnerable to a denial of service attack. A remote authenticated attacker could use an HTML form to repeatedly upload a file and then terminate the upload process prior to completion, which would result in a denial of service.

Platforms Affected:

Macromedia, Inc.: ColdFusion MX 6.1
Various: Any operating system Any version

http://xforce.iss.net/xforce/xfdb/15895

Regards

eddie
 

Read other answers
RELEVANCY SCORE 102.4

This is a 'weird' one. Am checking a system out that had its email service temporarily shut down because it was sending out 3000+ emails in one night. Have scanned for viruses with, Norton, AVG, HouseCall, Panda and even had it taken back to the place that built the system (in town) and they scanned it (I don't think it was anything more than NAV Pro). I used AVG to clean up the viruses and all other virus scans came clean. Also scanned with Ad-Aware and Spybot until clean. In all cases there were no huge numbers of either viruses or spyware/adware. There were about 6 viruses and I thought removing/healing them was the solution. The system is a 1 year old Win XP Home (professionally built and good quality). Well, the very next night - same'o, same'o; 3000+ emails sent through the IPs email server so his email service was shut down again. Have had many conversations with the IP techs (Shaw cable in Calgary, Alberta) and they couldn't really shed any more light than I have already (Shaw's techs are very competent and have a good reputation). Also the 3000+ sent emails are NOT listed on the Outlook Express Sent fold on his system. I have not deleted the Restore Point Archive but wouldn't think I should have to. The last resort would be to completely reinstall a complete Win XP Home (really don't want to). Any thoughts, ideas, comments, etc.??? My head is sore from scratching it!
 

A:Resolved: email service denial - 3000+ sent in one night

Read other 8 answers
RELEVANCY SCORE 101.2

h07 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service)...secunia.com

A:Microsoft Windows Print Spooler Denial Of Service Vulnerability

Hi,and thanks for posting all these tips. I was just wondering who or what is h07. Sounds like James Bond...

Read other 1 answers
RELEVANCY SCORE 101.2

Hiya

Oracle Listener redirected connections denial of service

For Oracle on Windows NT, the Oracle listener process redirects connection requests to a new port and the Oracle Database server creates a new thread for this port. If a connection to the port is not made, the thread and consumed memory is lost until the Oracle Database server is restarted. By repeatedly requesting to be redirected and not connecting to the waiting port, an Oracle server can be forced into consuming all memory on the server. Once all memory has been consumed on the server, any attempt to log in to the console results in crashing the operating system.

http://xforce.iss.net/static/6717.php

Regards

eddie
 

Read other answers
RELEVANCY SCORE 101.2

About 15 weeks ago I found that I had the Flash pop-up update malware and redirect in my computer.
I got help from a local firm whose specialist came and spent more than 2 hours trying to clean the machine. He used several of the programs available on the BC site, including ComboFix. It seemed that he was successful at the time.
More recently, after being away for 3 weeks, I find that browsing is still badly affected by this same malware/virus.
I have a home network with TP-Link 8817 ADSL2+ modem router connected through an Ethernet link to another TP-Link Wireless N Router (to provide WiFi for a tablet) which is in turn connected through TP powerline adaptors to the computer. The tablet also appears to be somewhat affected by the browser infection. I wonder if the routers could be infected in some way.
While reading the BC website in Chrome popups occur that I can delete.
Are you able to help me solve my problem?
 
If I try the following in my default Mozilla Firefox browser
 
https://login.yahoo.com/config/mail?&.src=ym&.intl=uk
 
I get the following alert:
 
Secure Connection Failed
 
An error occurred during a connection to login.yahoo.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
 
    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owne... Read more

A:Renewed Flash update popup and browser service denial

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539279 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 5 answers
RELEVANCY SCORE 100.4

 
Attackers have figured out a new way to get Amazon's cloud service to wage potent denial-of-service attacks on third-party websites—by exploiting security vulnerabilities in an open source search and analytics application known as Elasticsearch.
The power of Backdoor.Linux.Ganiw.a was documented earlier this month by researchers from antivirus provider Kaspersky Lab. Among other things, the trojan employs DNS amplification, a technique that vastly increases the volume of junk traffic being directed at a victim by abusing poorly secured domain name system servers. By sending DNS queries that are malformed to appear as if they came from the victim domain, DNS amplification can boost attack volume by 10-fold or more. The technique can be especially hard to block when distributed among thousands or hundreds of thousands of compromised computers.

Hackers seed Amazon cloud with potent denial-of-service bots
 

Read other answers
RELEVANCY SCORE 99.2

Hi Team,

Is there any patch released for vulnerability related to "Microsoft Windows NTFS 3.1 Master File Table Denial of Service Vulnerability - Zero Day". Or any workaround for it.

Regards,
Dharmveer

Read other answers
RELEVANCY SCORE 99.2

For Service Request: 7023989024Product Line: CONSUMER NOTEBOOK 59-445754S/N: CB36498504Service Date: 20160902 I am Mohamed Suhail, I feel very disappointed by the service outcome of Lenovo, where My computer has been downgraded by a different processor and graphics card which are lower in configuration. When contacted the support on call, there is no response from them for more than 48 hours.I am writing to this post to demand to set right my laptop configuration as it was before I sent my machine to service.

A:Service Flaw - Sent a downgraded machine

Keep calling them.Few Lenovo people visit this forum as its for users. You'll be waiting a long time.




T520 Model 4239 Intel(R) Core(TM) i7-2860QMbr>; Nvidia NVS 4200M Windows 7 Home Prem - 64bit w/8GBZ70-80 I7 - 5500U 16GB GB - 1TB HD Window 8.1 64bit FHD 17.3 inch Display, Nvidia G840 w/2GB memory

Read other 1 answers
RELEVANCY SCORE 99.2

Hello Everyone,I am from India and i am working as a network admin in a company and i am having some problem regarding Some Windows Services.From 25th Of Nov there is some problem in windows Sharing Service.I mean the Pc's Having Printer Or File Sharing Enabled They are unable to Share that shared Resources.The Server , Workstation, Theme And Computer Browser Service Is Automatically Stops On those Pc's(Which Having Some Kind Of Data Sharing Is Enabled).All My pc's are in Domain Environment And Some Having Windows Xp With SP3 And Some Having Sp2 Also.All Pc's Are Fully Patched And Having Anti virus.When i Login Through Admin And Start These Service Manually.The Services Work For Some Minutes And Shuts Down.At Starting I thought that Pc's Having Some Kind Of Virus But I checked Every thing It is ok..I formated one pc but not this not resolved my problem..Please Help Me To solve this problem.......RegardsShivesh Kumar

Read other answers
RELEVANCY SCORE 98.8

After owning a couple of used dell laptops, both were good machines, I decided to take the plunge and buy myself a new Dell 17R N7110.So i was none-to-happy when after 3 months (eminent hd failure) popped up on the screen, and a few more times until it died just after warranty expired and so its been collecting dust for a couple of years till i got over it.ok sorry for the ramble,  I just ordered a 1tb firecuda and i can install it (more $} so how do i go about getting the drivers and os back on the bare hd? 

A:Support for Inspiron 17R N7110 Service Tag: <Service tag removed> Express Service Code: <Express service code removed>

What OS? www.dell.com/.../factory-reset--restore--or-reinstall-microsoft-windows-on-a-dell-computer
Edit your post and remove the tag & code  from the title. That is not permitted in this public forum.

Read other 1 answers
RELEVANCY SCORE 98.8

I have a service running on WinNT 4 that serves the wireless connection for hand-held devices in retail stores. Recently, I changed the service to handle all communications for the client itself rather than spawining child processes to do the work. When a client connects on the socket, I use DuplicateHandle( ) to create a new handle to the same socket and pass it to a child thread that does the database work and returns the reply to the client. When CreateThread( ) succeeds, the parent (service) thread closes the handle that it has. Intermittenly (less that 5% of the time) the server send( ) returns errror 10038 (socket operation on non-socket). The handle to the socket is lost and the client which is blocking on the recv( ) appears to be hung.

Any suggestions?

Thanks in advance.
 

A:Problem with Winsock C++ Service on NT4

Read other 13 answers
RELEVANCY SCORE 98

Hiya

As Whitesnake once said 'here we go again on my own...'

Microsoft has released a patch that eliminates a security vulnerability in NetMeeting, an application that ships with Microsoft® Windows 2000 and is also available as a separate download for Windows NT 4.0. The vulnerability could allow a malicious user to temporarily prevent an affected machine from providing any NetMeeting services and possibly consume 100% CPU utilization during an attack

http://www.microsoft.com/Downloads/release.asp?ReleaseID=30963

Also:

Microsoft has developed an improved version of the Cipher.exe tool, offering an important new option – the ability to permanently overwrite (or "wipe") all of the deleted data on a hard disk

http://www.microsoft.com/Downloads/release.asp?ReleaseID=30925

Regards

eddie
 

Read other answers
RELEVANCY SCORE 95.6

Hello, I have been having problems with Windows 7 explorer constantly crashing and restarting whenever I right-click on or open any files and folders, search in the Start Menu search box, opening My Computer, Control Panel, etc. In essence, it is limiting most of the interface. I was able to pinpoint the problem using Safe Mode and msconfig to the 'Power' service (C:\windows\system32\svchost.exe ?k DcomLaunch). And once I disabled the 'Power' service, everything seems to be fixed.

However, disabling the 'Power' service will disable audio service for the system. To fix the audio service, I tried changing the Power management, reverting back to previous restore points, updating the audio device drivers, trying to enable the Windows services in services.msc for 'Remote Procedure Call (RPC)', 'Plug and Play', 'Multimedia Class Scheduler', 'Windows Audio Endpoint Builder' and 'Windows Audio' to activate sound again, but 'Window Audio' depends on 'Windows Audio Endpoint Builder', but 'Windows Audio Endpoint Builder' seems to depends on the 'Power' service. And I can?t activate the ?Power? service again without crashing Windows explorer. How do I go about fixing this issue? Can I replace the ?Power? service files? Or update them? And help is much appreciated. Thanks in advance!

A:Please Help!--Right-click crashing Windows 7 explorer, 'Power' service, audio service problems!

What led your problem to this crashing windows explorer window? Try using this software ShellExViewFor tutorials and guide http://www.top-windows-tutorials.com/shellexview.html

Read other 1 answers
RELEVANCY SCORE 95.6

I have been getting the following errors when I try to log into my account.

The system event notification service service failed the logon an attempt was made to reference a token that does not exist

I created a built-in-administrator and I am able to get into safe mode though not able to run many programs on it such as control panel and start up repair. I looked at my registry and both of my accounts look fine neither of them had a .bak on the end and so I'm not sure how to fix this if my only option is to delete my user account. I've already done a system restore to a couple days before this happened but, I'm still locked out of everything.

Is there anything else I can do that might help?

A:The system event notification service service failed logon ... token does not exist

Google led me to this post as I was researching the problem myself. I encountered the same issue. In this case on a vista32 ultimate box (although I do own an x64 box in case somebody thinks I'm blasphemous posting here ).

I haven't completely fixed the issue yet but I've gotten a bit further so in hopes of helping the next person here are the steps I've taken.

I was able to log in successfully in safe mode (hit F8 while starting up, select safe mode). Once there I went to command prompt (click the start button, type "cmd" [without the quotes] in the search bar and hit enter. From command prompt type services.msc to launch the services control panel. Find the System Event Notification Service, right click, select properties, change it from automatic startup to disabled, apply the change and "OK" out of the dialog box. You can now restart the computer and log in normally.

This isn't really a fix, it's a temporary work-around. SENS is needed for COM+ to respond to things like login and startup events. I've also noticed that my system is very slow right now. My next step is to find a way to generate a new token for SENS and then hopefully I'll be back at 100%. I currently have Dell researching that for me (this happens to be a Dell laptop). If I get a solution short of a reinstall to that one I'll post it too.

Hope this is helpful for someone. Good luck.

Read other 1 answers
RELEVANCY SCORE 95.6

Hoping to get some help/answers.
Just purchased the above laptop in the subject line, believing it to have a 'backlit keyboard', when what I was reading actually said 'backlit Display'.
We really want a laptop with the backlit keyboard.  Can I purchase and install a Dell backlit keyboard for this laptop, and actually have it work once installed?
Our only other option is to return the laptop and purchase a different one with that feature, but we got a great price on this one, and I have researched keyboard prices and they are not that expensive.
ANY and ALL help is appreciated.  Thank You...

Read other answers
RELEVANCY SCORE 95.6

I have had my Inspiron 15 3000 series since the end of August and was liking it until is started beeping a few weeks ago - sounds like a truck backing up.  It does it 5 times and repeats 3 times when starting up.    I tried online support but you cannot get anywhere until you enter your service tag number or express service code neither are recognized.  I tried calling support but they could not identify my computer with the numbers either (I took pictures of them on my tablet and made them larger so I know they are right).   I purchased my laptop on line. Initially there was a message about the power source, but I have popped my battery out and  back in and the error message no longer pops up but is still beeps.   I am at a complete loss as to what to do at this point and am incredibly frustrated.

Read other answers