Like another poster already said - it is *very* likely you have something lurking on your computer (spyware, hostile redirector, etc.) Try using this tool - Spybot Search & Destroy <http://security.kolla.de> . It is free, and the only "pay for" anti-spyware/malware program better than Spybot is Pest Patrol. I'm sure you'll be amazed at what it turns up. Paul Nuernberger -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Friday, August 01, 2003 3:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachm ents http://www.ISAserver.org Hi Folks, What I've seen is really strange. I don't surf with active scripting on at all. However, I've discovered a trick that it seems folks using JAVA have figured out, That I'm trying to track down. What it does is no matter what java page you go, the same popup window opens up. I look at the source of the web page to see if they are using JAVA. I've not been able to find the true cause of all this!! And that is the scary part. So, if anyone has an idea of this and have logged anything of this nature, Plese let me know. Thank you, Joseph -----Original Message----- From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] Sent: Friday, August 01, 2003 12:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachm ents http://www.ISAserver.org Funny enough, none of my setups was affected by these viruses. And I'd bet the new W32/Mimail@MM won't pass my security measures either. I'm more worried about the RPC issue in general, what with the millions of people using dial-up connections and not sitting behing an ISA box. As a result, in firewalled networks the immediate threat is medium if any. Nevertheless the machines leaving the network on a regular basis (i.e. laptops) need immediate attention. -----Original Message----- From: Rogers, Brian [mailto:RogersB@xxxxxxxxxxxxxx] Sent: Friday, August 01, 2003 8:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachm ents http://www.ISAserver.org And if you didn't learn your lesson after Code Red and Nimda...then you deserve what this new virus does to each and every one of your systems :) -----Original Message----- From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] Sent: Friday, August 01, 2003 2:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachments http://www.ISAserver.org Hum, good point :-) But if I remember correctly, Code Red exploited an IIS specific vulnerability which was not addressed by WU, right? > -----Original Message----- > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Friday, August 01, 2003 8:41 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OT URGENT: Possible virus attach in > zip attachments > > > http://www.ISAserver.org > > > > However, according to the information symantec supplies, > the specific > > vulnerability has already been detected in March or May and should > > have been patched by WU by now. > > True. The vulnerability was detected some time ago. This virus came > out this morning. > > The vulnerability that Code Red used was found 9 months before it came > out and not only were there patches for it, but it was also fixed in a > service pack. How many servers was it that was affect by Code Red? > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rogersb@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pen@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')