Search Results

Search found 18805 results on 753 pages for 'security center'.

Page 468/753 | < Previous Page | 464 465 466 467 468 469 470 471 472 473 474 475  | Next Page >

• How to Use 3 Monitors

  - by The.Anti.9

  Right now my setup has a nice big 24" flatscreen in the center, and a 19" flatscreen to the left. And a big gaping hole on the right. I have a 3rd monitor to put there, but I'm not sure how to get the computer to recognize it. Do I need a graphics card with 3 ports? Or can I span the monitors over non SLI-Linked graphics cards? Is it possible to plug my 3rd monitor into the on-board VGA port and have it work?

  Read the article

• IIS 6 windows 2003 help installing SSL cert

  - by ADAM

  I requested a new ssl cert from godaddy which has been issued. When try to install it in iis through the website directory security tab i get a "the pending certificate request for this response file was not found. this request may be cancelled. you cannot install selected response certificate using this wizard" error. I may have run the wizard and deleted the pending request. Is there any way i can install the certificate without getting a new one? (i hope so) I have the original certrequest.txt file

  Read the article

• Windows 7 trying to turn off UAC every time Windows starts

  - by Mehper C. Palavuzlar

  I have strange problem on my HP laptop. This began to happen recently. Whenever I start my machine, Windows 7 Action Center displays the following warning: You need to restart your computer for UAC to be turned off. I never disable UAC, but obviously some process or virus (I'm not sure, only guessing) causes this. As soon as I get this warning, I head for the UAC settings, and re-enable UAC to dismiss this warning. This is a bothersome situation as I really don't know what causes the problem. I have run a full scan on the computer for any probable virus activity, but TrendMicro OfficeScan said that no viruses have been found. There are no other strange incidents on the machine. Everthing works fine except this bizarre incident. How can I learn what process is trying to turn off UAC? What way should I follow to overcome this problem?

  Read the article

• Linux Bridge, Samba netbios name/hostname access

  - by Christopher Wilson

  I am currently running a linux bridge in the following configuration ADSL Modem: 192.168.1.1 Linux Bridge: eth0: 192.168.1.2 eth1: no address Wireless Router: 192.168.0.1 My issue is that i cannot access the "Linux Bridge" shares using the WINS name of the server via client systems (yes i understand it is a transparent bridge but i can access it via the 192.168.1.2 address this is not on the same subnet as the client systems). This is the global section of my SMB.CONF [global] unix extensions = off os level = 20 netbios name = server guest account = nobody server string = 447 Server security = share #unix extensions = no #wins support = yes #wins server = 192.168.0.1 name resolve order = wins lmhosts hosts bcast interfaces bridge1 eth0 eth1 lo bind interfaces only = yes Can i access a bridged server using it's WINS name to access samba shares? Cheers Chris

  Read the article

• WS2008R2 / W7PRO: Cannot rename folder - folder redirection

  - by castor

  After few months from migrating one of my networks on Active Directory this issue started. A few users are encountering an issue from time to time - they cannot rename folders and files on desktop. The system throws an error saying the folder or file is already in use. Folder redirection takes place in this scenario (Desktop and My Documents) Subnet with user PCs is different from subnet with servers (Cisco ASA5505 Security Plus between - all inspection policies disabled on these interfaces) Users are running Windows 7 Professional x86 Server is running Windows Server 2008 R2 Standard Any ideas?

  Read the article

• How do I make solr/jetty find the installed slf4j jars in Ubuntu 12.04?

  - by J. Pablo Fernández

  I'm running Ubuntu 12.04's packaged Jetty in which I installed solr 4.3.1 (by copying the war file to /var/lib/jetty/webapps. When I start Jetty, I get this error: failed SolrRequestFilter: org.apache.solr.common.SolrException: Could not find necessary SLF4j logging jars. If using Jetty, the SLF4j logging jars need to go in the jetty lib/ext directory. The package libslf4j-java is installed, and the jars are in /usr/share/java: /usr/share/java/log4j-over-slf4j.jar /usr/share/java/slf4j-api.jar /usr/share/java/slf4j-jcl.jar /usr/share/java/slf4j-jdk14.jar /usr/share/java/slf4j-log4j12.jar /usr/share/java/slf4j-migrator.jar /usr/share/java/slf4j-nop.jar /usr/share/java/slf4j-simple.jar but somehow, Jetty and/or Solr are not finding them. How do I make them find them? or how do I install some other jars where jetty/solr would find them? The full error is: 88 [main] INFO org.mortbay.log - jetty-6.1.24 443 [main] INFO org.mortbay.log - Deploy /etc/jetty/contexts/javadoc.xml -> org.mortbay.jetty.handler.ContextHandler@cec0c5{/javadoc,file:/usr/share/jetty/javadoc} 522 [main] INFO org.mortbay.log - Extract file:/var/lib/jetty/webapps/solr.war to /var/cache/jetty/data/Jetty__8080_solr.war__solr__zdafkg/webapp 1501 [main] WARN org.mortbay.log - failed SolrRequestFilter: org.apache.solr.common.SolrException: Could not find necessary SLF4j logging jars. If using Jetty, the SLF4j logging jars need to go in the jetty lib/ext directory. For other containers, the corresponding directory should be used. For more information, see: http://wiki.apache.org/solr/SolrLogging 1501 [main] ERROR org.mortbay.log - Failed startup of context org.mortbay.jetty.webapp.WebAppContext@5329c5{/solr,file:/var/lib/jetty/webapps/solr.war} org.apache.solr.common.SolrException: Could not find necessary SLF4j logging jars. If using Jetty, the SLF4j logging jars need to go in the jetty lib/ext directory. For other containers, the corresponding directory should be used. For more information, see: http://wiki.apache.org/solr/SolrLogging at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:105) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:532) at java.lang.Class.newInstance0(Class.java:374) at java.lang.Class.newInstance(Class.java:327) at org.mortbay.jetty.servlet.Holder.newInstance(Holder.java:153) at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:92) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:662) at org.mortbay.jetty.servlet.Context.startContext(Context.java:140) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152) at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130) at org.mortbay.jetty.Server.doStart(Server.java:224) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:985) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.mortbay.start.Main.invokeMain(Main.java:194) at org.mortbay.start.Main.start(Main.java:534) at org.mortbay.jetty.start.daemon.Bootstrap.start(Bootstrap.java:30) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243) Caused by: java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:103) ... 36 more Caused by: java.lang.ClassNotFoundException: org.slf4j.LoggerFactory at java.net.URLClassLoader$1.run(URLClassLoader.java:217) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:392) at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:363) ... 37 more 1505 [main] WARN org.mortbay.log - failed org.mortbay.jetty.webapp.WebAppContext@5329c5{/solr,file:/var/lib/jetty/webapps/solr.war}: java.lang.NoClassDefFoundError: org/slf4j/Logger 1579 [main] WARN org.mortbay.log - failed ContextHandlerCollection@19d0a1: java.lang.NoClassDefFoundError: org/slf4j/Logger 1582 [main] INFO org.mortbay.log - Opened /var/log/jetty/2013_06_27.request.log 1582 [main] WARN org.mortbay.log - failed HandlerCollection@cbf30e: java.lang.NoClassDefFoundError: org/slf4j/Logger 1582 [main] ERROR org.mortbay.log - Error starting handlers java.lang.NoClassDefFoundError: org/slf4j/Logger at java.lang.Class.getDeclaredMethods0(Native Method) at java.lang.Class.privateGetDeclaredMethods(Class.java:2454) at java.lang.Class.getMethod0(Class.java:2697) at java.lang.Class.getMethod(Class.java:1622) at org.mortbay.log.Log.unwind(Log.java:228) at org.mortbay.log.Log.warn(Log.java:197) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:475) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152) at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130) at org.mortbay.jetty.Server.doStart(Server.java:224) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:985) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.mortbay.start.Main.invokeMain(Main.java:194) at org.mortbay.start.Main.start(Main.java:534) at org.mortbay.jetty.start.daemon.Bootstrap.start(Bootstrap.java:30) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243) Caused by: java.lang.ClassNotFoundException: org.slf4j.Logger at java.net.URLClassLoader$1.run(URLClassLoader.java:217) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:392) at org.mortbay.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:363) ... 29 more

  Read the article

• How to convert dvr-ms file in Ubuntu to DVD?

  - by edmicman

  I have a .dvr-ms file of a recorded TV show from my Vista Media Center. I would like to burn this to a DVD that can play on any standalone DVD player. My main PC that I want to use to convert it to a DVD format is running Ubuntu 10.04. I am able to play the file in Ubuntu using VLC (which surprised me) so I'm assuming I have what I need to decode it. I guess my questions are: What format do I need to convert this file to so that I could burn it to a playable DVD? I started to go through VLC's conversion process and chose I think H264 and AAC or something, and it gave a message about not having an AAC encoder. I'll look into that some more tonight, but is that something I could then burn to a DVD? Thanks for any help!

  Read the article

• gcc sandboxing tool - AppArmor / CHROOT jail on Ubuntu 12.04

  - by StuR

  We have a Node application as the front end to a C++ sandboxing tool, which compiles code using gcc and outputs the result to the browser. e.g. exec("gcc -o /tmp/test /tmp/test.cpp", function (error, stdout, stderr) { if(!stderr) { execFile('/tmp/test', function(error, stdout, stderr) {}); } }); This works fine. However, as you can imagine this is a security nightmare if it were to be made public - so I was thinking of two options to protect my stack: 1) A CHROOT jail - but this in itself wouldn't be enough to prevent directory traversal / file access. 2) AppArmor ? So my question is really, how could I protect my stack from any nasties that could come from: A) Compiling unknown code using gcc B) Executing the compiled code

  Read the article

• Host not visible in ECC after pushing master agent on server

  - by wildchild

  Hi all!! ECC master Agent has been pushed to one of the servers.. Once a Master Agent installed the host should appear within ECC.However, I am unable to see the host. I asked the Server team to stop and start the master agent ,and to check whether required port is enabled, so that server can talk with ECC server. After restarting the service I get an error.I even checked if the port is used by any other service ,it is not.. Somebody plz help what should done here..it’s a Windows server. Here's the error:- "The EMC control Center Master agent service on local computer atrted and the stopped.Some services stopped automatically if they 've no work to do,for example prformance logs and alert services" Thanks in advance!!

  Read the article

• kvm -net only passing broadcast, multicast, and guest destination traffic

  - by user52874

  Figured this out just last week, but I can't find it now. Even printed it out. Can't find that either. Frustrating...so...help! Configured a 'monitoring' nic on a kvm guest (running 'Security Onion, if it matters). I read (somewhere) that the default nic configuration for a kvm guest is to only pass broadcast traffic, multicast traffic, and traffic with the guest's mac as a destination. There is an option to override this behaviour, and pass all traffic. It's something like --mac-filtering=no, or --mac-restriction=no, or something like that. Worked beautifully. Does this look at all familiar to anyone who can clue me in to the exact option syntax? thx.

  Read the article

• EC2 server in VPC stops responding joining domain

  - by Geoff

  We have a EC2 Windows Server set up and running in our VPC, connected to our network via a Juniper 5GT. This is working well, with the tunnel up and stable. If I then join the server to our local domain, it appears to work - I can then log on using domain credentials, and use domain accounts when applying security to folders etc. After I log out, if I give it around an hour, the box becomes unresponsive. I can't ping it, although a tracert goes all the way barring the last hop - so the tunnel is ok. I can't RDP into it. If I reboot it, then it works for a while before doing the same thing. Un-joining it from the domain fixes the problem, and it stays up and stable. The event logs don't show anything obvious, at least to me. Any ideas?

  Read the article

• Rotate monitor to portrait on Windows Server 2003 with ATI card

  - by user10179

  Does anyone know if it is possible to rotate a monitor from landscape to portrait mode on Windows Server 2003 32-bit with an ATI video card? According to Dell's site, I should be able to rotate my Dell P2310H monitor by installing drivers from their website, but they don't have drivers for Windows Server 2003. I let Windows Update search for the driver (with the driver CD that came with the monitor in my drive) and it did install drivers, but I still don't see any options for rotating. Some people say that the ATI Catalyst Control Center allows for monitor rotation, but I've never been able to run that software on Windows Server 2003. A google search reports that others have the same problem. Has anyone successfully figured out how to rotate a monitor on Windows Server 2003 with an ATI card?

  Read the article

• Network trials and tribulations

  - by MauiWowie

  Hi, I am in the process of setting up a small (two PC's, both running Windows 7) network using a D-link DI-604 router (which acts only as hub, it's not set up in any way). In the Network and 'Sharing Center' in 'Control Panel' I clicked 'Set up a New (Connection or) Network'. All went well up until the moment I attempted to connect one PC with the other (in the 'Connect' dialog I entered the other PC's IP, no pwd). I can use both PC's to connect to and browse the net though, so the router/hub does not seem to be the problem. And I must have done something right, because the other computer shows up in the 'Network Map'. Any and all help is much appreciated!

  Read the article

• my sweet old VHS collection

  - by microspino

  Which is the best procedure and digital format to resurrect my old VHS library i a way I can see It on my LCD TV? I have a not so big collection 100 VHS I have plenty of storage I have a network media tank (A110 popcorn Hour but I can also purchase a new media center if needed) I have an old working VCR (but again I can pick a specific one new if you think It's better to save quality) The VHS cassette collection seems to have retained a good quality over the years. Of course I have some computer (either mac and pc) to do the process. Which software do I need/miss? Please give me some advice.

  Read the article

• One quarter of screen corrupted on MacBook Pro

  - by danyal

  I have a problem with my MacBook Pro's screen - here's a video: http://yfrog.com/4wm63z For those who prefer words, if you divide the screen vertically into 4 columns, the second column is corrupted (flickering, and discoloured, usually with yellow). I took it to an Apple store and they said it could be the screen or the logic board, neither of which will be cheap to replace. However, occasionally this problem will completely go away. So before I part with my cash, or decide to turn this into an overpriced media center for my TV... could the problem be a loose cable, or something else cheaper to fix?

  Read the article

• LinkSys WRT54GL + AM200 in half-bridge mode - Setup guide recommendations?

  - by Peter Mounce

  I am basically looking for a good guide on how to set up my home network with this set of hardware. I need: Dynamic DNS Firewall + port-forwarding VPN Wake-on-LAN from outside firewall VOIP would be nice QoS would be nice (make torrents take lower priority to other services when those other services are happening) DHCP Wireless + WPA2 security Ability to play multiplayer computer games I am not a networking or computing neophyte, but the last time I messed with network gear was a few years ago, so am needing to dust off knowledge I kinda half have. I have read that I should be wanting to set up the AM200 in half-bridge mode, so that the WRT54GL gets the WAN IP - this sounds like a good idea, but I'd still like to be advised. I have read that the dd-wrt firmware will meet my needs (though I gather I'll need the vpn-specific build, which appears to preclude supporting VOIP), but I'm not wedded to using it. My ISP supplies me with: a block of 8 static IPs, of which 5 are usable to me a PPPoA ADSL2+ connection

  Read the article

• Windows 2003 Server on a domain, XP client PCs on a workgroup - file share without authentication?

  - by Zach

  I have a windows 2003 server on a domain and client PCs running XP on a workgroup. I have created a file share on the server that should be accessible by the client PCs. I even set the security and sharing to 'Everyone' just to test. When I try to access the file share from any of the XP machines, I get an authentication prompt that displays asking for credentials, even though 'Everyone' has full control currently (just for testing purposes). Why is it asking to authenticate? I need it to where it doesn't ask to authenticate. I also made sure passwords were set on all XP machines since I found this could be one possible issue and they all were. Any ideas? Thanks!

  Read the article

• Location Services are always disabled in Mac OS X Lion

  - by rplusg

  A simple location services program was working fine on my machine and suddenly stopped working. Upon further exploring the problem, I realized that some process has disabled location services in System Preferences » Security & Privacy » Privacy. I checked Enable Location Services, but again it got disabled automatically. After some research I found that it's not just my program, even built-in system functions are also failing because of this problem for example System Preferences » Date & Time » Time Zone failed to get the current location. Every time I check Enable Location Services, I see the following error in the console logs: 16/10/12 11:23:15.636 AM [0x0-0x42042].com.apple.systempreferences: ERROR,Time,372059595.636,Function,"CLInternalSetLocationServicesEnabled",CLInternalSetLocationServicesEnabled failed 16/10/12 11:23:15.638 AM [0x0-0x42042].com.apple.systempreferences: STACK,Time,372059595.636,1 CoreLocation 0x00007fff8f9957be CLInternalSetLocationServicesEnabled + 110 Notes: WiFi is on I didn't install iOS Simulator I use Xcode Version 4.5 (4G182) I use Boot Camp and made my MacBook Pro dual boot (Mac OS X Lion and Windows 7) I do only Mac development but not iOS

  Read the article

• MySQL Windows vs. Linux: performance, caveats, pros and cons?

  - by gravyface

  Looking for (preferrably) some hard data or at least some experienced anecdotal responses with regards to hosting a MySQL database (roughly 5k transactions a day, 60-70% more reads than writes, < 100k of data per transaction i.e. no large binary objects like images, etc.) on Windows 2003/2008 vs. a Debian-based derivative (Ubuntu/Debian, etc.). This server will function only as a database server with a separate Web server on another physical box; this server will require remote access for management (SSH for Linux, RDP for Windows). I suspect that the Linux kernel/OS will compete less than the Windows Server for resources, but for this I can't be certain. There's also security footprint: even with Windows 2008, I'm thinking that the Linux box can be locked down more easily than the Windows Server. Anyone have any experience with both configurations?

  Read the article

• How to authenticate users in nested groups in Apache LDAP?

  - by mark

  I've working LDAP authentication with the following setup AuthName "whatever" AuthType Basic AuthBasicProvider ldap AuthLDAPUrl "ldap://server/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,DC=local?sAMAccountName?sub?(objectClass=*)" Require ldap-group CN=MySpecificGroup,OU=Security Groups,OU=MyBusiness,DC=company,DC=local This works, however I've to put all users I want to authenticate into MySpecificGroup. But on LDAP server I've configured that MySpecificGroup also contains the group MyOtherGroup with another list of users. But those users in MyOtherGroup are not authenticated, I've to manually add them all to MySpecificGroup and basically can't use the nested grouping. I'm using Windows SBS 2003. Is there a way to configure Apache LDAP to do this? Or is there a problem with possible infinite recursion and thus not allowed?

  Read the article

• Remembering sharepoint password in Internet Explorer 8

  - by enableDeepak

  I am using IE8 to open a sharepoint portal on local network. Initially, I clicked on remember password after passing domain credentials. However, now I want sharepoint to ask credentials again. I've tried many options - Deleted all cookies, IE Security Tab Form Autocomplete Deleted everything. Restarted my machine. And all I could do. Still, when I open portal, sharepoint logs me in automatically. What should I do to make IE ask for credentials again?

  Read the article

• Public DNS Server fails on Windows Amazon EC2

  - by Adroidist

  I have started a new Windows server instance on Amazon EC2. The security group has the following rules: Ports Protocol Source 22 tcp 0.0.0.0/0 80 tcp 0.0.0.0/0 443 tcp 0.0.0.0/0 3389 tcp 0.0.0.0/0 53 udp 0.0.0.0/0 -1 icmp 0.0.0.0/0 I am able to ping the public DNS server of the machine and i can connect to it using Windows Remote Desktop connection. However, when i put in my web browser the public DNS server, it fails to connect. Morever, I used filezilla and putty (and in both I loaded the private key .pem) but i receive connection timed out. I disabled the firewall on both my pc and the instance (which I entered using Remote desktop connection). Can you please tell me what I am missing?

  Read the article

• Need help identiying a nasty rootkit in Windows

  - by goofrider

  I have a nasty rootkit that not tools seem to be able to idenity. I know for sure it's a rootkit, but I can figure out which rootkit it is. Here's what I gathered so far: It creates multiple copies of itself in %HOME%\Local Settings\Temp with names like Q.EXE, IAJARZ.exe, etc., and install them as hidden services. These EXE have SysInternals identifiers in them so they're definitely rootkits. It hooked very deep in the system, including file read/write, security policies, registry read/write, and possibly WinSock/TCP/IP. When going to Sophos.com to download their software, the rootkit inject something called Microsoft Ajax Tootkit into the page, which injects code into the email submission form in order to redirect it. (EDIT: I might have panicked. Looks like Sophos does use an AJAZ email form, their form is just broken on Chrome so it looked like a mail form injection attack, the link is http://www.sophos.com/en-us/products/free-tools/virus-removal-tool/download.aspx ) Super-Antispyware found a lot of spyware cookies, in the name of .kaspersky.2o7.net, etc. (just chedk 2o7.net, looks like it's a legit ad company) I tried comparing DNS lookup from the infected systems and from system in other physical locations, no DNS redirections it seems. I used dd to copy the MBR and compared it with the MBR provided by ms-sys package, no differences so it's not infecting MBR. No antivirus or rootkit scanner be able to identify it. Most of them can't even find it. I tried scanning, in-situ (normal mode), in safe mode, and boot to linux live CD. Scanners used: Avast, Sophos anti rootkit, Kasersky TDSSKiller, GMER, RootkitRevealer, and many others. Kaspersky reported some unsigned system files that ought to be signed (e.g. tcpip.sys), and reported a number of MD5 mismatches. But otherwise couldn't identify anything based on signature. When running Sysinternal RootkitRevealer and Sophos AntiRootkit, CPU usage goes up to 100% and gets stucked. The Rootkit is blocking them. When trying running/installing HiJackThis, RootkitRevealer and some other scanners, it tells me system security policy prevent running/installing it. The list of malicious acitivities go on and on. here's a sample of logs from all my scans. In particular, aswSnx.SYS, apnenfno.sys and PROCMON20.SYS has a huge number of hooks. It's hard to tell if the rootkit replaced legit program files like aswSnx.SYS (from Avast) and PROCMON20.SYS (from Sysinternal Process Monitor). I can't find whether apnenfno.sys is from a legit program. Help to identify it is appreciated. Trend Micro RootkitBuster ------ [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg Root : 586bfc0 SubKey : Cfg ValueName : g0 Data : 38 23 E8 D0 BF F2 2D 6F ... ValueType : 3 AccessType: 0 FullLength: 61 DataSize : 32 [HOOKED_SERVICE_API]: Service API : ZwCreateMutant Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8061758e CurrentHandler : 0xaa66cce8 ServiceNumber : 0x2b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateThread Image Path : c:\windows\system32\drivers\apnenfno.sys OriginalHandler : 0x805d1038 CurrentHandler : 0xaa5f118c ServiceNumber : 0x35 ModuleName : apnenfno.sys SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteKey Image Path : C:\WINDOWS\system32\Drivers\PROCMON20.SYS OriginalHandler : 0x80624472 CurrentHandler : 0xa709b0f8 ServiceNumber : 0x3f ModuleName : PROCMON20.SYS SDTType : 0x0 HiJackThis ------ O23 - Service: JWAHQAGZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\JWAHQAGZ.exe O23 - Service: LHIJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\LHIJ.exe Kaspersky TDSSKiller ------ 21:05:58.0375 3936 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine 21:05:59.0217 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0342 3936 C:\WINDOWS\system32\BUFADPT.SYS - copied to quarantine 21:05:59.0856 3936 BUFADPT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0965 3936 C:\Program Files\CrashPlan\CrashPlanService.exe - copied to quarantine 21:06:00.0152 3936 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0246 3936 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine 21:06:00.0433 3936 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0464 3936 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine 21:06:00.0526 3936 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0604 3936 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine 21:06:01.0181 3936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0321 3936 C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe - copied to quarantine 21:06:01.0430 3936 OTFSDMS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0492 3936 C:\WINDOWS\system32\DRIVERS\tcpip.sys - copied to quarantine 21:06:01.0539 3936 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0601 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - copied to quarantine 21:06:01.0664 3936 HKLM\SYSTEM\ControlSet003\services\TULPUWOX - will be deleted on reboot 21:06:01.0664 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - will be deleted on reboot 21:06:01.0664 3936 TULPUWOX ( UnsignedFile.Multi.Generic ) - User select action: Delete 21:06:01.0757 3936 C:\WINDOWS\system32\Drivers\usbaapl.sys - copied to quarantine 21:06:01.0866 3936 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0913 3936 C:\Program Files\VMware\VMware Player\vmware-authd.exe - copied to quarantine 21:06:02.0443 3936 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

  Read the article

• Can you have a WMI query for GPO Filter based on user's OU?

  - by Jordan Weinstein

  I'm wondering if there is a way to have a WMI query check the OU of the user logging on. I'd like a GPO (linked to Citrix servers OU) to apply only to users if the user is in a certain OU - this is for Citrix so the overly obvious answer of - well just link it to the OU the user is in does not apply. This also cannot be done using security groups because a long time ago those started to get used as Distribution Groups also and now too many are widely inaccurate. Lastly I need to apply this to the entire GPO as there are more than just group policy preferences included so I can't use the item-level targeting feature either. But my OUs are accurate so I'd like to use those if I can. I'd like a WMI query filter to say, apply GPO if user is member of OU 'x' that doable?

  Read the article

• How can I keep websites from knowing where I live?

  - by D Connors

  This questions is related to issues and practicality, not security. I live in Brazil and, apparently, every single website I visit knows about it. Usually that's ok, but there are quite a few sites that don't make use of that information adequately. For instance: Bing keeps thinking that brazilian pages are way more relevant to me than american ones (which they're not). Google.com always redirects me to google.com.br. Microsoft automatically sends me to horribly translated support pages in portuguese (which would just be easier to read in english). These are just a few examples. Usually it's stuff I can live with (or work around), but some of them are just plain irritating. I have geolocation disabled in firefox, so I guess they're either getting this information from my IP or from windows itself (which I bought here). Is there a way to avoid this? Either tell them nothing or make them think I live somewhere else? Thanks

  Read the article

< Previous Page | 464 465 466 467 468 469 470 471 472 473 474 475  | Next Page >