No problem. I figured I’d re-post my message to the group, maybe someone can glean some useful information off it if they are in a similar situation. Let me know if you need some info on silent installs of office, etc. >Hi Elaine, >Perhaps it might be a good idea to block all outbound ports at your router >except the necessary ones 80, 21, 3389 for ts etc. > >If it’s not a production server, you might just want to backup the data, >format the drive and reinstall windows, who knows what other “goodies” are >on that box. It would probably be faster to just backup user files, etc is >on that box and setup an unattended install of 2k or whatever you are using >than trying to find what else is on there and remove it. Of course, if you’ >re running that box as a DC, it’s a bit more complicated, but you should be >able to take care of it. (backup first!!!!) > >Quick directions (w/o AD) >(extract [windowscd]\SUPPORT\TOOLS\DEPLOY.CAB and run through setupmgr.exe >to setup a install file, >edit unattend.txt >change “AutoPartition=1” to “AutoPartition=0” >copy unattend.txt to a floppy, boot from the cd, select the install partion >and come back in 20-30 minutes to a fresh windows install. > >Most installers have an unattended feature, and if you spend an hour or >two, >you can setup your most comon apps to set themselves up while you do other >things like put the fire out in the server room ;) . Throw them on a DVD >and >you will have a general install disk that you can use on computers with >different hw configurations. > >There are hosts files that block a lot of spyware etc sites + ads. >http://www.accs-net.com/hosts/get_hosts.html I’d throw the hosts file on my >servers as a precaution. >Ad-mucher is a great program too. > >Good luck >Karol > > > >-----Original Message----- >From: owner-crime@private [mailto:owner-crime@private]On Behalf Of >Elaine Scheller >Sent: Sunday, August 10, 2003 2:51 PM >To: crime@private >Subject: CRIME Spyware help needed > > >Ok, guys. Serious help needed here, please. >We found and removed eBlaster from our system. However, we have something >else still reporting information back from our pc. I have searched for all >related files for eSpecter, eBlaster, WinWhatWhere, and Insight. I have >used >NetCop, SpyBot, Spyware Blaster, Spy Remover and several other programs to >flush it out and can't find a thing. It still appears to be a Spectersoft >product based on the return address noreply@private which reports >back on specific words typed or referenced on web pages..There is a yahoo >id >sending information to us regarding this activity. Lillith00001@private >Can't trace this back either. >This is starting to get really spooky. Any suggestions? >Thanks, >Elaine
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 00:48:32 PDT