May 18 2009

Patched Windows 2000 Installations

Category: WindowsTeknovis @ 8:19 am

I had to install Windows 2000 on some computers over the weekend. The last time that I installed this operating system was several years ago! My main concern was figuring out what service packs and hot fixes needed to be installed. This is what I installed:

  1. Windows 2000 (from original CD)
  2. Service Pack 4 (W2KSP4_EN.EXE – 129MB)
  3. Rollup 1 for Windows 2000 SP4 (KB891861) (Windows2000-KB891861-v2-x86-ENU.EXE – 31MB)
  4. Conficker Protection MS08-067 (KB958644) (Windows2000-KB958644-x86-ENU.EXE – 1MB)

These computers are operating on an isolated network that does not have Internet access. However, other laptops are regularly attached to the network.

Tags: ,


Jan 19 2009

a.exe

Category: SecurityTeknovis @ 10:08 pm

Today is supposed to be the most depressing day of the year. This is supposed to be due to a combination of credit card bills relating to Christmas shopping, pay-day still more than a week away, and bad weather :o

I am not sure how true this is, but the last few days were a bit depressing for me :o I think that one of my Windows 2000 computers might have become infected with a virus, and I cannot figure out how!

It all started when I noticed a file called a.exe that suddenly appeared in one of my folders. The creation time of this file was a few minutes before I noticed it. So my first reaction was to upload the file to VirusTotal. This is a really great web site that allows you to email or upload a file for free, and this file is then scanned by the most up-to-date versions of 39 different virus scanners. VirusTotal reported that 21 of the 39 virus scanners found a virus in my file :( You can read the full report.

VirusTotal most frequently identifies the worm as Pinit or Spamuzle. The best information I can find about these is from ThreatExpert and Symantec.

However, based on these descriptions my computer is not infected. This does not surprise me because only my administrator account has the privileges to make those changes. Furthermore, my hardware firewall would prevent the virus from communicating with the outside world. Blacknight also correctly identifies the file as a virus, and prevents it from passing through the email system.

So everything looks great, and it appears that I was not infected. However, the fact still remains that a.exe came from somewhere! This is really annoying me that I cannot find its source :|

The other aspect of this that is adding to my unease is the current rampage of the worm known as Conficker, Downadup, or Kido. See Windows worm numbers ‘skyrocket’ for more details about this worm. Is this a coincidence, or is my problem somehow related to this?

I would really appreciate if anybody can provide me with any insight in relation to any of this!

Tags: , , , , , , , , , ,