Search Results

Search found 13563 results on 543 pages for 'email headers'.

Page 393/543 | < Previous Page | 389 390 391 392 393 394 395 396 397 398 399 400  | Next Page >

• Need help identiying a nasty rootkit in Windows

  - by goofrider

  I have a nasty rootkit that not tools seem to be able to idenity. I know for sure it's a rootkit, but I can figure out which rootkit it is. Here's what I gathered so far: It creates multiple copies of itself in %HOME%\Local Settings\Temp with names like Q.EXE, IAJARZ.exe, etc., and install them as hidden services. These EXE have SysInternals identifiers in them so they're definitely rootkits. It hooked very deep in the system, including file read/write, security policies, registry read/write, and possibly WinSock/TCP/IP. When going to Sophos.com to download their software, the rootkit inject something called Microsoft Ajax Tootkit into the page, which injects code into the email submission form in order to redirect it. (EDIT: I might have panicked. Looks like Sophos does use an AJAZ email form, their form is just broken on Chrome so it looked like a mail form injection attack, the link is http://www.sophos.com/en-us/products/free-tools/virus-removal-tool/download.aspx ) Super-Antispyware found a lot of spyware cookies, in the name of .kaspersky.2o7.net, etc. (just chedk 2o7.net, looks like it's a legit ad company) I tried comparing DNS lookup from the infected systems and from system in other physical locations, no DNS redirections it seems. I used dd to copy the MBR and compared it with the MBR provided by ms-sys package, no differences so it's not infecting MBR. No antivirus or rootkit scanner be able to identify it. Most of them can't even find it. I tried scanning, in-situ (normal mode), in safe mode, and boot to linux live CD. Scanners used: Avast, Sophos anti rootkit, Kasersky TDSSKiller, GMER, RootkitRevealer, and many others. Kaspersky reported some unsigned system files that ought to be signed (e.g. tcpip.sys), and reported a number of MD5 mismatches. But otherwise couldn't identify anything based on signature. When running Sysinternal RootkitRevealer and Sophos AntiRootkit, CPU usage goes up to 100% and gets stucked. The Rootkit is blocking them. When trying running/installing HiJackThis, RootkitRevealer and some other scanners, it tells me system security policy prevent running/installing it. The list of malicious acitivities go on and on. here's a sample of logs from all my scans. In particular, aswSnx.SYS, apnenfno.sys and PROCMON20.SYS has a huge number of hooks. It's hard to tell if the rootkit replaced legit program files like aswSnx.SYS (from Avast) and PROCMON20.SYS (from Sysinternal Process Monitor). I can't find whether apnenfno.sys is from a legit program. Help to identify it is appreciated. Trend Micro RootkitBuster ------ [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg Root : 586bfc0 SubKey : Cfg ValueName : g0 Data : 38 23 E8 D0 BF F2 2D 6F ... ValueType : 3 AccessType: 0 FullLength: 61 DataSize : 32 [HOOKED_SERVICE_API]: Service API : ZwCreateMutant Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8061758e CurrentHandler : 0xaa66cce8 ServiceNumber : 0x2b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateThread Image Path : c:\windows\system32\drivers\apnenfno.sys OriginalHandler : 0x805d1038 CurrentHandler : 0xaa5f118c ServiceNumber : 0x35 ModuleName : apnenfno.sys SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteKey Image Path : C:\WINDOWS\system32\Drivers\PROCMON20.SYS OriginalHandler : 0x80624472 CurrentHandler : 0xa709b0f8 ServiceNumber : 0x3f ModuleName : PROCMON20.SYS SDTType : 0x0 HiJackThis ------ O23 - Service: JWAHQAGZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\JWAHQAGZ.exe O23 - Service: LHIJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\LHIJ.exe Kaspersky TDSSKiller ------ 21:05:58.0375 3936 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine 21:05:59.0217 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0342 3936 C:\WINDOWS\system32\BUFADPT.SYS - copied to quarantine 21:05:59.0856 3936 BUFADPT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0965 3936 C:\Program Files\CrashPlan\CrashPlanService.exe - copied to quarantine 21:06:00.0152 3936 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0246 3936 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine 21:06:00.0433 3936 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0464 3936 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine 21:06:00.0526 3936 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0604 3936 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine 21:06:01.0181 3936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0321 3936 C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe - copied to quarantine 21:06:01.0430 3936 OTFSDMS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0492 3936 C:\WINDOWS\system32\DRIVERS\tcpip.sys - copied to quarantine 21:06:01.0539 3936 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0601 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - copied to quarantine 21:06:01.0664 3936 HKLM\SYSTEM\ControlSet003\services\TULPUWOX - will be deleted on reboot 21:06:01.0664 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - will be deleted on reboot 21:06:01.0664 3936 TULPUWOX ( UnsignedFile.Multi.Generic ) - User select action: Delete 21:06:01.0757 3936 C:\WINDOWS\system32\Drivers\usbaapl.sys - copied to quarantine 21:06:01.0866 3936 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0913 3936 C:\Program Files\VMware\VMware Player\vmware-authd.exe - copied to quarantine 21:06:02.0443 3936 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

  Read the article

• Creating multiple profiles in Windows Mobile

  - by Saif Bechan

  I have a HTC HD2 which runs Windows Mobile 6.5. The way you can integrate different accounts is just amazing. You can integrate facebook,twitter,youtube. You can also sync your mail, and calendar from Hotmail or Gmail. It all works just great. Now my problem is that I have different profiles. I have my personal profile, and on the other side I have work profile. My work email is on Gmail Apps, so I have a mail and calendar there also. I also have a personal facebook account, and one I use for work. So my question is if there is a way of switching between these profiles quickly.

  Read the article

• What's the best way to monitor a large number of application pools in IIS7?

  - by Kev

  Some background first - We're running IIS 7 on Windows 2008. We're running around 250 websites per server with each site in it's own application pool. I need a way to monitor each application pool for crashes and hangs and to send an email alert if an application pool is unresponsive for more than say 2 minutes. I thought about having a virtual directory mapped into each site with an ASP.NET page that we could poll via our existing monitoring system (HostMonitor). Does anyone else have experience in this area?

  Read the article

• Google App Engine says "Must authenticate first." while trying to deploy any app

  - by Oleksandr Bolotov

  Google App Engine says "Must authenticate first." while trying to deploy any app: me@myhost /opt/google_appengine $ python appcfg.py update ~/sda2/workspace/lyapapam/ Application: lyapapam; version: 1. Server: appengine.google.com. Scanning files on local disk. Scanned 500 files. Scanned 1000 files. Initiating update. Email: <my_email_was_here>@gmail.com Password for <my_email_was_here>@gmail.com: Error 401: --- begin server output --- Must authenticate first. --- end server output --- We are getting this message with any appliation and under any developer account avialable to us That's what we have installed: App Engine SDK - 1.3.2 PIL - 1.1.7 Python - 2.5.5 pip - 0.6.3 ssl - 1.15 wsgiref - 0.1.2 So, what can it be? Is it well known problem?

  Read the article

• Why won't Mail sync To Do/Tasks with Exchange?

  - by cebjyre

  I'm using Apple Mail (Snow Leopard, everything is fully up-to-date), and am happily using an Exchange 2007 server for email needs, but I can't get it to synchronise the To Do notes from Mail with the Tasks from Exchange. I've tried creating a task in each and neither of them went to the other side. Bizarrely I have a single task from before I actually upgraded to Snow Leopard that did get into Mail from Exchange. Right-clicking on the Inbox and hitting 'Get Account Info' in Mail reports the correct number of entries in the 'To Do' folder for 'Messages on Server'.

  Read the article

• Getting Pango-WARNING: Invalid UTF-8 string passed to pango_layout_set_text()

  - by geerlingguy

  About three days ago, I noticed the exim mailqueue started filling up on one of my servers, and upon inspecting some of the emails using # exim -Mvb $ID, I noticed they were being sent to some system email address (which is not a real address), and the body of the messages were as follows: (process:8259): Pango-WARNING **: Invalid UTF-8 string passed to pango_layout_set_text() I'm wondering what could be causing this strange issue, as I've never heard of 'pango' at all... I've never seen that function used in my lifetime! It seems the process id (PID) is for an apache process, though, as the pids are always gone by the time I use # ps -aux to look them up. Edit: Whoops! Forgot to include the subject - looks like it's actually munin-cron that's bringing up the issue: Subject: Cron /usr/bin/munin-cron --force-root

  Read the article

• What tools can be used to monitor a web application? Beyond "doesn't 404"

  - by Freiheit

  I have an internal web application that has recently gone through a major version upgrade. I would like to monitor this application over the weekend and look for 'soft' errors. I will still need to spot check things by hand, but there are some common failure patterns that I think I can automate. Examples include data with bad formatting, blank rows in tables (indicates missing non-critical data), patterns for identifiers ("TEST" means one of my devs left a testing feed on), etc. I think there are applications out there that can be scripted to do things like: 1. log in 2. Go to $URL 3. select 3rd link in $LIST or $PATTERN 4. Check HTML from that link for $PATTERNS 5. Email report Are these goals sane? What applications/tools can help with this?

  Read the article

• Experiences with Google TiSP?

  - by Zypher

  i got an email from google a couple of hours ago (around 12AM EST today) that Google's TiSP service is now available in my area. this seems like a great deal compared to my cUrrent 16Mbps cable coNction at work, however i'm a lIttle nervous about the fact that linux support is "Coming soon". i was wOndering if anyone had successfully installed this system and gotten it woRking with their linux infrastructure? I'm assuming that there shouldn't be any issues siNce we have an ASA in front of our internet. TiSP Shouldn't care what is behind that. Any insight would be greatly appreciated!

  Read the article

• Microsoft Outlook tips and tricks for improving user experience?

  - by Roee Adler

  I'm one of those heavy Microsoft Outlook users, currently working on the 2007 version. God knows this tool is heavy and may impose problems. I wondered what the Super User crowd has to suggest in order to improve the usage experience. Several suggestions of my own: Always work in cached mode (Tools--Account Settings--Change--Use Cached Exchange Mode) Use Outlook's local archiving capabilities Use Outlook's RSS reader - it's simple and allows offline access to your feeds If you have e-mail subscriptions to magazines, blogs, etc. - create a subdirectory to keep them, and a rule to automatically move them there when they arrive (one rule per subscription, based on the sender e-mail.) You can also share suggestions that require configuration of Exchange Server, for those of us who can make bring them to their IT managers. What are your suggestions? PS: "Use Gmail" is not an accepted answer, some of us don't control what email system we use...

  Read the article

• Solaris syslog.conf. What are root and operator?

  - by cjavapro

  In /etc/syslog.conf #ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * ) I googled some and it seems that root and operator mean email to root and to operator. Is this correct?

  Read the article

• Ubuntu server: Delete first folder in directory

  - by Martin

  How can I grab the first subfolder in a directory and delete it? I found a script to monitor the free diskspace. It sends an alert email if space runs low, but I want to also delete some unneeded stuff. I have a backup folder where I save daily and monthly backups. I want to delete the first folder since this always the oldest, but I don't know the name of the oldest backup. My folders without Jan-May and Dec: 06-01 07-01 08-01 09-01 10-01 11-01 Friday Monday Saturday Sunday Thursday Tuesday Wednesday How can I delete the first folder "06-01" without knowing its name?

  Read the article

• What are the necessary periodic checks for server?

  - by Edmund

  Hi all, I have some server which my team use for hosting internal applications for development purpose. I thinking of setting up some periodic checks but do now know how to go about it. Can advise on the following? Preferably windows bat file or linux script How to write a script that will check the content of a webpage to verify if it is down. How to write a script that will check if the website is down by pinging it How to write a script that will check the diskspace of the server is running out of diskspace. How to write a script that will email back to system administrator if either of the above tasks are not fulfilled?

  Read the article

• How to close the logon process named NtLmSsp ?

  - by Aristos

  I have a windows 2003 server and time to time I am getting many login failures like this one. Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: xx.xx.xx.xx Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: XLHOST Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 173.45.70.100 <- hacker Source Port: 4722 AND Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: user Source Workstation: XLHOST Error Code: 0xC0000064 The question is, how can I close this process of login ?, what I have left open and some one can try to login ? Some notes: I login to the server using tunneling, nothing is open except dns, email, and web ports, not even ftp, and all default ports are change and hidden. I also monitor port scan and capture any one that try to find the hidden ports. Probably it is something open... Thank you in advanced.

  Read the article

• Ebook stamper for ePub and/or Kindle formats?

  - by Nick Martin

  I've published an ebook in Adobe Acrobat PDF format. I sell this ebook DRM free and take what I consider a friendlier/less obtrusive approach of using a service to "stamp" the customer's name and email address onto each page of the ebook as a way to discourage piracy. I would like to take this same approach for selling the ebook in ePub and/or Kindle formats. Unfortunately, I haven't been able to find any stamping services for ePub or Kindle. Is DRM my only anti-piracy option when using ePub and Kindle? For a reference point, ebookstamper.com stamps ebooks in PDF format. No, they don't do anything other than PDF.

  Read the article

• Using e-mail address as user name for SMTP and POP3

  - by PeterMmm

  I have a exim4 setup as SMTP. My user naming schema is to name all mail users for this server as m001, m002, m003, ... and then redirect to a real e-mail address with virtual domains. How can I allow my users to authenticate with exim to send mail using either their system user name (m001) or the email address ([email protected])? User login information for m001 are stored in linux system files (passwd, shadow). They are linked thru entries in a virtual address table for each domain that this server can serve: # /etc/exim4/virtual/example.com m001: [email protected] m002: [email protected] m003: [email protected] The same can be applied to qpopper ?

  Read the article

• Google Apps for Business on a separate infrastructure?

  - by dustin

  Does anyone know if Google Apps for Business edition hosts the apps (gmail, calendar, etc.) on a physically separate infrastructure than the Standard (free) infrastructure? We've been growing increasingly annoyed with the lost/severely delayed email messages, downtime, etc. of Google Apps (standard) over time, and we are wondering if moving to the paid version would bring any benefits. Specifically, if the Business edition is not in some way on a different physical infrastructure, and we are in essence paying for a few small perks but still run on the usual standard/free setup, then we would probably have the same (or just as many) issues with the Business version. I've emailed Google's sales team responsible for GApps, but haven't heard anything back in 4 days, which already doesn't speak well for the service. So, anyone have any insight into this? Thanks in advance for any and all help :)

  Read the article

• Connection string during installation

  - by anon2009

  Hi, I've been convinced to use windows setup files(msi) for the installation of my new windows forms application after I asked a question here and got some excellent answers (thank you all): http://serverfault.com/questions/97039/net-application-deployment Now i have a different question: My application will need to access a SQL Server to provide users with data, which means that the connection string must be stored in the client's app.config file. How should I handle this? During installation, the user enters the connection string to that database? How they get the connection string? In an email from the admin? What if the admin wants to use SQL authentication and need to put the user info at the connection string? So you know, the app will be sold via the internet, so I don't have any access to the admins or the network. Any suggestions? Thanks in advanced.

  Read the article

• Outlook pst problem

  - by tking

  I've used outlook pst files in the past with great success. a few weeks ago I exported about 2 years worth of email into a pst file. size is around 1.5 gb. when i try ti import that pst back into my outlook it says its not a pst file. I've tried to repair it using pstscan and it repairs errors and will even mount it in Outlook but Outlook cant see any emails, like its an empty pst file. Is there any other way to recover my emails besides loading up backupexec and recovering my mailbox before i made the pst?

  Read the article

• Removing emails from all mailboxes with certain text in subject

  - by Doug Luxem

  So, we had an errant program kick off about 15,000 emails to our users. I have our spam filters now blocking these on the edge until that gets resolved, but now I would like to clean our our users' mailboxes for them. Is there anyway with Exchange 2007 to remove all emails with certain text in the subject line? It would need to be a partial match because the subject changes slightly for each email. I am trying to do this with Forefront's manual scan job + content filter, but it does not seem to like partial matches on the subject.

  Read the article

• Exchange Public Folders in Snow Leopard Mail.app

  - by W_P

  I am using Mail.app (running snow leopard) to connect to my email account on my school's Exchange 2007 server. I get my Inbox just fine, and iCal connects to my Outlook Calendar just fine, but I cannot seem to get any of the Exchange Public Folders that I can automatically see when I am using Outlook on a Windows box. The Account Type is shown as "Exchange 2007" I did not have any luck Googling this problem, in fact most of the results I saw were dealing with the opposite problem: Remove MS Exchange Public Folders I am aware that my question is a duplicate of this: http://superuser.com/questions/103115/apple-mail-app-all-exchange-folders-not-visible but since that question did not get any responses, I am reposting.

  Read the article

• Exim redirect all unexisting accounts for local domains to a specific account

  - by tntu

  I want to route all incoming emails for local domains only to a single account if an account is not setup for that user. I would also like each email to be written in it's own file in user folder. I have a catchall user with /home/catchall/ path where I have a mail folder made for this but so far emails wither fail to deliver (thus my rule did not work) or they do deliver to /etc/mail/catchall file. I have been trying to put something together from the Exim configuration but so far nothing seem to work. http://exim.org/exim-html-current/doc/html/spec_html/ch20.html

  Read the article

• How do I perform an action if the upstart respawn limit is hit?

  - by Daniel Huckstep

  I have an upstart job: description "foreman" start on runlevel [2345] stop on runlevel [06] respawn respawn limit 3 60 chdir /home/deploy/app/current env RAILS_ENV=production exec sudo -u deploy bundle exec foreman start We ran into a case where a rogue character in an app file caused one of the background workers to fail but the app ran normally (weird). The app worked fine, but the workers were never working. I'd like upstart to do something (send an email) if it can't start this job, since it's not entirely obvious if everything went alright. Is there something built into upstart to handle this, or do I have to get creative?

  Read the article

• Host wildcard subdomains using postfix.

  - by Jack M.

  I'm trying to work out how I can get postfix to accept email for any sub-domain of my main site. I don't have virtual domains, just a long list of sub-domains for local delivery. In specific, I'm feeding python@*.mydomain.com into a Python using the alias file: python: |/www/proc_email.py The Python can handle delivery from there. I envision this looking something along the lines of: mydestination = encendio, localhost.localdomain, localhost, *.mydomain.com I'm running the latest version of postfix on Ubuntu (not rightly sure how to check the version). Thanks in advance.

  Read the article

• Backup strategies for linux based file servers

  - by iceman

  I want to know some enterprise-wide backup strategies used for linux based file servers. What are the tools and techniques used when making a backup. for e.g when a backup fails on a machine, it should email the admin about the failure and also a log file. This won't happen incase the HDD fails and the system is completely out of work, but in other cases where a backup didn't take place, the admin should be able to know. What tool/scripts can be used for this particular scenarios?

  Read the article

• Installing Collective Access

  - by Michele

  I am VERY new to installing any type of server program and to running any opensource type software in general. I am running Windows Server 2008R2. I want to install Collective Access to run locally only on my Intranet at home. So my host is localhost I sucessfully installed PHP and MYSQL. I installed CA in this directory C:/inetpub/wwwroot/collectiveaccess. 1st. I do not want to send mail through collective access. Will it install without all the email information? Can I comment those requirements out in the global config and setup.php file? 2nd I am getting the error. Configuration file is missing for hostname 'localhost' this is what I have in the set up file: define("CA_WEB_ROOT_DIR", "c:inetpub/wwwroot"); define("CA_URL_ROOT", "/collectiveaccess"); define("CA_SITE_HOSTNAME", "localhost"); define("CA_DB_HOST", 'localhost');

  Read the article

< Previous Page | 389 390 391 392 393 394 395 396 397 398 399 400  | Next Page >