Mark Walmsley 2003
link is at the bottom of this page, click here.
Sponsor - Check out www.tipsdr.com
for great Tips and Tricks
This newsletter is now available in the member area.
here for more information
Welcome to issue 4. This issue has been rushed through
due to the 2 weeks break I had during the month. But hopefully you
will enjoy it as much as the others. Please note the security warning
if you are using Windows NT, 2000, 2003 or XP. You must patch before
The newsletter has now been extended covering more
subjects, but this edition is for the www.windowsreinstall.com
members area, located at http://member.windowsreinstall.com.
If you are already a member then go to that link. If you wish to
become a member then Click
here for more information.
signups for the newsletter have now exceeded over 3500. The growth rate of
the newsletter has been remarkable since our launch on the 14th May
If this is your first newsletter then feel free to
read previous issues. Click here to go to the main
Remember at anytime you can unsubscribe. The
link is at the bottom of this page, click here.
Anyway, we hope you enjoy this issue, if you wish to have a subject covered, wish to send feedback
or have an article of your own you want featured then mail firstname.lastname@example.org.
The members area for WindowsReinstall.com the mother of this Newsletter
be previewed from the following page.
The members area has troubleshooting guides, install
guides, free downloads, 3rd party e-books, games, etc plus now an
extended version of this newsletter.
Access to the area is only $35 for first year then $5
a year afterwards, you can signup from
the below link The area is continually being updated, with many new
plans in the pipeline.
2 Useful Links
Due to time constraints I was unable to do a site of the
month review this issue, but shall return next month. Instead some
Learn How to remove a virus from the following link
Learn about CD-Rom support from the following link
Download a CD-Rom boot disk from this link
Get free software from this link
Site of the month will return next issue
3 Important Security Warning
Over a week ago MS released a critical patch
for a security issue in RPC, All NT based Windows editions are
affected Windows NT4, Windows 2000, Windows XP and Windows Server
This worm is setting up all computers infected to start a denial
of service attack on www.WindowsUpdate.com
starting August 15th. All computers infected will start sending
requests to that site at once on August 15th clogging the server and
flooding the internet with useless requests.
DOWNLOAD THE PATCH BELOW TO PROTECT YOUR SYSTEM:
Windows XP Users - Click
Windows 2000 Users - Click
Windows NT Users - Click
Other Versions of this patch and more info - Click
Download this patch to remove the worm - Click
Below is a copy of the Security Bulletin:
PSS Security Response Team Alert - New Virus: W32.Blaster.worm
SEVERITY: CRITICAL DATE: August 11, 2003
PRODUCTS AFFECTED: Windows XP, Windows 2000, Windows Server 2003,
Windows NT 4.0, NT 4.0 Terminal Services Edition
WHAT IS IT?
The Microsoft Product Support Services Security Team is issuing this
alert to inform customers about a new worm named W32.Blaster.Worm
which is spreading in the wild. This virus is also known as: W32/Lovsan.worm
(McAfee), WORM_MSBLAST.A (Trendmicro), Win32.Posa.Worm (Computer
Associates). Best practices, such as applying security patch MS03-026
should prevent infection from this worm.
Customers that have previously applied the security patch MS03-026
before today are protected and no further action is required.
IMPACT OF ATTACK: Spread through open RPC ports. Customer's machine
gets re-booted or has mblast.exe exists on customer's system.
TECHNICAL DETAILS: This worm scans a random IP range to look for
vulnerable systems on TCP port 135. The worm attempts to exploit the
DCOM RPC vulnerability patched by MS03-026.
Once the Exploit code is sent to a system, it downloads and executes
the file MSBLAST.EXE from a remote system via TFTP. Once run, the worm
creates the registry key:
"windows auto update" = msblast.exe I just want to say LOVE
YOU SAN!! bill
Symptoms of the virus: Some customer may not notice any symptoms at
all. A typical symptom is the system is rebooting every few minutes
without user input. Customers may also see:
- Presence of unusual TFTP* files
- Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory
To detect this virus, search for msblast.exe in the WINDOWS SYSTEM32
directory or download the latest anti-virus software signature from
your anti-virus vendor and scan your machine.
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:
Network Associates: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547
Trend Micro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A
Computer Associates: http://www3.ca.com/virusinfo/virus.aspx?ID=36265
For more information on Microsoft’s Virus Information Alliance
please visit this link: http://www.microsoft.com/technet/security/virus/via.asp
PREVENTION: Turn on Internet Connection Firewall (Windows XP or
Windows Server 2003) or use a third party firewall to block TCP ports
135, 139, 445 and 593; TCP ports 135, 139, 445 and 593; also UDP 69 (TFTP)
for zombie bits download and TCP 4444 for remote command shell. To
enable the Internet Connection Firewall in Windows: http://support.microsoft.com/?id=283673
1. In Control Panel, double-click Networking and Internet
Connections, and then click Network Connections.
2. Right-click the connection on which you would like to enable ICF,
and then click Properties.
3. On the Advanced tab, click the box to select the option to Protect
my computer or network.
This worm utilizes a previously-announced vulnerability as part of its
infection method. Because of this, customers must ensure that their
computers are patched for the vulnerability that is identified in
Microsoft Security Bulletin MS03-026. http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.
Install the patch MS03-026 from Windows Update http://windowsupdate.microsoft.com
As always, please make sure to use the latest Anti-Virus detection
from your Anti-Virus vendor to detect new viruses and their variants.
RECOVERY: Security best practices suggest that previously compromised
machine be wiped and rebuilt to eliminate any undiscovered exploits
that can lead to a future compromise. See Cert Advisory:
Steps for Recovering from a UNIX or NT System Compromise. http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
For additional information on recovering from this attack please
contact your preferred anti-virus vendor.
RELATED MICROSOFT SECURITY BULLETINS: http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
RELATED KB ARTICLES: http://support.microsoft.com/?kbid=826955
RELATED LINKS: http://www.microsoft.com/security/incident/blast.asp
As always please make sure to use the latest Anti-Virus detection
from your Anti-Virus vendor to detect new viruses and their variants
4 Virus Alert
Courtesy of Symantics Norton Antivirus (click on the
VIRUS ALERT **
Tip : From www.sarc.com,
click on "Check for Security Risks" and you can do an online
virus check. This will not remove any viruses but it will alert you to
their presence and then you can go about removing them. Always check out
how to do it. A virus checker is a prevention, not a cure. By simply
deleting an infected file can cause a lot of problems. You may need to
replace files, and/or delete registry settings. If there is a removal
tool, then download it and use it, as it will remove your registry
setting and the virus for you.
5 Making the Most of Internet
Explorer Part 3
Security on the internet is very important, also covering your
tracks on a computer that you may share is also important. So this
month we are going to show you some useful ways to keep your computer
and what you do away from prying eyes.
The first section is about AutoComplete. This part of IE remembers
previous searches, forms you filled in, web addresses and username and
passwords that you have used. A very useful little tool, but as you
can already guess potentially very dangerous. By default this option
is active, but luckily enough you can clear the settings, passwords
and forms, you can also tell IE to stop recording settings of your
To access the settings simply open Internet Explorer
and click on "TOOLS" then "INTERNET OPTIONS", next
select "CONTENT" then click on "AUTOCOMPLETE", the
above menu will appear. Clear and configure as necessary. So if you
put a password in by mistake, or don't want your husband or wife to
see that you bought something online for them, then use this to clear
Next to cover your tracks even more you will wish to get rid of the
history, cookies left by sites and your temporary internet files. All
these can be used to track your steps. Luckily enough this is quite
easy to do as well.
To access the settings simply open Internet Explorer
and click on "TOOLS" then "INTERNET OPTIONS". From
here you can Delete Cookies by clicking on the button of the same
name. Clear your temporary files by clicking on "DELETE
FILES" and guess which one you click to clear your history, yep
But people may get suspicious of you when they notice
that the History is being completely erased all the time. For example
you don't want your other half knowing that you have been reading this
newsletter, simple, click the "HISTORY" button from
or "CTRL" and "H" keys on your keyboard to bring
up the History Pane.
Now find the website (In our example the newsletter
website Winrag), right click on the site and left click on the Delete
option that appears. Problem solved. History is still there just minus
the site that your other half or boss may not want you to visit.
More Next Month.....
6 Fixes and Tips of the Month
Windows 2000 Converting FAT disks/partitions to NTFS
Windows 2000 prefers NTFS. If you have a
Windows 2000 system with FAT drives, and have decided you'd rather
be on NTFS, here's how you change it.
Click on "Start/Run"
Type "convert c: /fs:ntfs"
If it is the "d:" drive type "convert
etc etc for different drives
Windows XP How to Change Screen Saver
1. From your Desktop, right in the center
of the screen and select properties.
2. From display properties select
3. Now under "SCREEN SAVER"
select the down arrow and select your preferred Screen Saver, you can
also add a password to the screen saver and also increase the length
of time you have to wait for it to appear.
4. Click apply and then OK to exit.
More Next Month
7 Online Gaming Part 3
So what is online gaming ? Online gaming is playing a
game on your computer with one or more real people using the internet
to share the experience. The biggest problem with online gaming is its
addictiveness, in today's busy lifestyle we find it hard to go out and
enjoy an evening of socializing, so we now indulge in online gaming,
sometimes fulfilling our fantasies, and our need to meet people at the
same time. Below is a another game we have tried and reviewed.
If you have not been to http://games.yahoo.com
then we would advise you to go now. The service is completely free and
has a large selection of games for you to play, with others.
You have personal game stats on how you play and game
areas for beginners. This site is highly addictive, which is shown by
the 147,000 people that are logged in at the time of writing this
So if you like arcade games, pool games, word games,
fantasy, sports, or tile and board games, then go to http://games.yahoo.com
where you can sign up for free and playing within a few minutes.
Warning !!!! Don't blame me if you become addicted to
this site, if you don't want to waste time playing games then avoid
like the plague, once you start it will be hard to stop.
More in the next issue.....
8 Guide to the Underground -
hopes to show you, why to avoid the underground
the Internet. You may have heard of serialz (serials or serial numbers),
crackz (cracks or software crackz), warez (wares or war-ez (illegal
software)), hackz (hacks), viruses and other
key words used by these places. People involved in such trades call themselves
pirates or hackers.
The temptation of getting something for free
can be great, but remember it is theft, and most of the time you are leaving
yourself open to attack by those who participate in the trade.
form of file sharing used mainly to distribute large files, like movies, TV
shows, full albums, and software.
client is an application used for downloading torrents -- specific files or
directories shared by Internet users. This client alone cannot be used for
sharing your own files. It's intended for opening and downloading so called
form of file sharing is used widely, yet still remains underground, unlike the
likes of kazza and bearshare.
of using this as it will steal your bandwidth, as you download people will
upload from you at the same time. You may also find that the files are
infected with viruses or hacks to allow ruthless individuals access to your
to round up, remember you are stealing if you download commercial programs,
movies, music or software. You may also find yourself getting stole from if
you install a backdoor virus, or with serious infections on your computer. So
avoid, and a big thumbs down from us....
More in the next issue.....
Well hope you have enjoyed our fourth issue of this
newsletter as much as I have enjoyed writing it. The newsletter
has now been officially named WinRag, and a direct link to the site is
Remember you can view issue 1 from here :
issue 2 from here :
and issue 3 from here :
this website and you could win $10,000
Fill in the form below and click "GO".
You will then receive the www.WindowsReinstall.com
newsletter which will be published on a monthly basis, featuring Windows
tips, tricks, and how to's, plus much much more. Sign up now, its FREE,
and you will receive the next newsletter. Remember you can CANCEL
Your email address will NOT be passed on to
anyone or anything else.