Unrequested configuration changes and popup - twilight zone

  • Thread starter Thread starter Tiger
  • Start date Start date
T

Tiger

On boot as the desktop comes up, I get a message that says roughly, 'user
not authorized to install requested configuration changes'. Fortunately so,
as I don't recall installing anything. Is there an ini file or something
else I can look into to see what changes are queued up to be made? ... I
also got a popup that said 'message from SYSTEM to unsafe user...' and then
something about a website that kills popups. Now I had not booted the w2k
side of my machine for at least several weeks, and this popup appeared a
minute or two after boot and before I had even tried accessing the internet.
Does anyone recognize it? Will spyware likely remove this?
 
Tiger wrote in
On boot as the desktop comes up, I get a message that says
roughly, 'user not authorized to install requested configuration
changes'. Fortunately so, as I don't recall installing anything.
Is there an ini file or something else I can look into to see what
changes are queued up to be made? ... I also got a popup that
said 'message from SYSTEM to unsafe user...' and then something
about a website that kills popups. Now I had not booted the w2k
side of my machine for at least several weeks, and this popup
appeared a minute or two after boot and before I had even tried
accessing the internet. Does anyone recognize it? Will spyware
likely remove this?
Click to expand...

Sound perhaps like the system is not up to date on patches. Possibly
you are being hit via the RPC vulnerability (MS03-026) by
Welchia/Nachi.

It also sounds like your firewall is not configured correctly (you do
run a personal firewall right?) and allowing Internet ingress on a
bunch of ports including the RPC and Messenger service ports. And/or
your NAT router is mis-configured.

Update MS patches. Update (lock down) the firewall rules. Update
the A-V. Read this group for tons of additional information on all
these topics as well.

Both MS and your A-V vendor will also have write-ups you should
likely read.
 
Mark, thanks... I wonder though if someone can simply answer where the file
would be that is sitting there ready to install stuff so that I can get rid
of it.
 
Back
Top