Posted on 04/06/2005 3:35:31 PM PDT by Eagle9
Bump for later
Burn everything of value to a CD, then restore and totally re-format your hard drive.
I had to do this several times on one of my computers.
For some reason, since I've been running spyware program and keeping my cookies and Temp files clean ALL the time ( with High Speed internet I don't need Temp files) I haven't been hijacked for several months.
Out of curiosity, what is "rollback" what is its function, and how is it turned on or off?
the sick part is that every new pc from the box is already missing the very things it needs to protect it from it's first access to the internet - if a cd with all the SP2 updates and basic antivirus were provided WITH the machine, it would stop a lot of problems.
So, the big question is, why can't DELL or MICROSOFT provide a cd with the essentials at the POS? For their "POS"? lol...
The card that says "before you turn the POS on, make sure you remove the wrap"? could also have a cd dangling from it, saying "after you turn the POS on, load this".
"Rollback" is a colloquial expression for the "system restore" feature. The feature was intended to allow you to undo damage you caused your computer, such as a corrupted or incompatible software install. Unfortunately, the feature is used against WinME and XP users by the malware writers, who tell it to RETURN THE SYSTEM TO THE STATE IT WAS IN BEFORE YOU CLEANED IT UP!! I won't use XP or Me (at least for now), so I cannot tell you exactly where it, but hitting F1 will allow you to look for it. Most likely it resides in the control panel.
I think I will get an Apple. I hear that one can use their current monitor and keyboard (save me money)and buy the Apple CPU (if it is still called that).
I am getting tired of dealing with PC viruses and spyware.
Thanks
That Major Geeks link has the best step-by-step instructions that I've seen on running HijackThis.
The Internet Storm Center Thursday clarified details of the ongoing DNS cache poisoning attack, and how hackers are infecting Windows servers.
After consultations with Microsoft and after receiving additional reports from users on tested methods of protecting Windows servers, the ISC posted a document that outlines its recommendations. Microsoft also revised a Knowledgebase article on its support site.
The design flaw ISC mentioned Wednesday relates to when Windows servers have forwarding enabled. Apparently, Windows DNS servers expect the upstream server -- the one sending data to a second server -- to scrub any cache poisoning attacks, and so accepts all data, regardless of its current setting to protect against cache poisoning.
ICS is asking for help in pinning down under which circumstances this forwarding can create a vulnerability. So far, said ISC analyst Kyle Haugsness, it appears that upstream servers running BIND4 and BIND8 do not clean the poisoned cache before sending to down to the Windows DNS server, while BIND9 does.
Specific recommendations for various BIND configurations have been posted by Haugsness on the Thursday's front page of the ISC Web site.
____________________________________________________________
We have received more technical details on the software configurations that are vulnerable. Thanks to Microsoft for clarifying details on Windows DNS and thanks to numerous others for reporting. We try to get all the technical details right before publishing information on attacks like this, but if we waited until we were 100% sure all the time, we would never be able to notify the community when the attacks are actually happening.
On Windows 2000 SP3 and above, the DNS server DOES protect against DNS cache pollution by default. The registry key to protect against the poisoning is not necessary: the value is TRUE if the registry key does not exist. Microsoft has now corrected the KB article that we published earlier with this information.
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352 http://support.microsoft.com/kb/316786
On Windows 2000, you should manage the DNS cache protection security setting through the DNS Management Console. On Windows 2000 below SP3, the "Secure cache against pollution" is not the default so you should enable it using the DNS Management Console. On Windows 2000 SP3 and above (and Windows 2003), the secure setting is the default (even if the registry key does not exist).
Our recommendation is to only set the registry key (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters) on Windows NT4. Otherwise, use the DNS Management Console. If you are on Windows 2000 and you created the key already, you are safe to leave it in place as long as the value is "1".
There seems to be other possible scenarios where cache poisoning can occur. When forwarding to another server, Windows DNS servers expects the upstream DNS server to scrub out cache poisoning attacks. The Windows DNS server accepts all data that it receives, regardless of the setting for protecting against cache poisoning. So vulnerability of the attack depends upon whether the upstream DNS server is filtering out the attack.
We are currently trying to determine the behavior of DJBDNS, and BIND versions 4, 8, and 9 when acting as a forwarder. We are asking for assistance from the community to determine their behavior so write us if you have details. It appears that BIND4 and BIND8 do not scrub the data, whereas BIND9 does. See the following scenarios:
Windows DNS --> forwarding to BIND4 or BIND8. Windows DNS server assumes that BIND scrubs out the poisoning attempt. BIND4 and BIND8 do NOT appear to scrub the attack. Windows DNS trusts the data and the Windows DNS cache will become poisoned.
Windows DNS --> forwarding to BIND9. This configuration seems to be secure because BIND9 scrubs the poisoning attempt.
Windows DNS (slave) --> forwarding to Windows DNS (master). In this scenario, your vulnerability is based on the vulnerability of the master. If the master is vulnerable, then it will be poisoned and forward the attack to the slave server, which will also be poisoned. However, if the master is secure then both servers should be safe.
The following recommendations are based on the current assumption that BIND4 and BIND8 forwarders will not filter the cache poisoning attack to its downstream clients. If we find out that this is not the case, then the recommendations may not be valid. If you have Windows DNS servers forwarding to BIND4 or BIND8, you should start investigating an upgrade of those BIND servers to BIND9. If upgrading to BIND9 would not be a possibility, a secondary recommendation would be to turn off the forwarding on Windows DNS and allow the server to contact the Internet directly so that it can apply the proper protection against cache poisoning. If you run an ISP and have clients that are using your DNS servers as forwarders, you may want to consider upgrading your resolvers to BIND9 in order to protect your clients.
Alternatively, if you have Windows DNS servers that are functioning as forwarders then you should verify that those machines are protected, which should protect the rest of the DNS servers behind it.
"Now that we have a better handle on the mechanisms, WE WANT TO GET THE ATTENTION OF ISPs AND ANY OTHERS WHO RUN DNS SERVERS THAT MAY ACT AS FORWARDS FOR DOWNSTREAM Microsoft DNS SYSTEMS. If you are running BIND, please consider updating to Version 9. Read on for more information..."
LOLOLOL!!!
The Windows DNS server is pretty lousy, period.
User input validation is a MUST from network listening apps that accept untrusted connections.
bump .... thank God for checkpoint and SMART DEFENSE.
Not that I care (I run FreeBSD), but since this is a DNS poisoning issue shouldn't the host-spec in any HTML link be in ip.dot format?
I have no technical training. I just try to keep my computer up and running smoothly, which I've managed to do fairly well. It was the phishing aspect of this articlw which caught my attention.
A poster named Slyfox (post #5) had his browser hijacked and asked for help, which led to all of the suggestions
The MajorGeeks.com link was posted in response to post #5.
bookmark for later
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.