HELP : how to protect my system folder????

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Dear all,

We are running windows 2000 professional office PC and the WINNT folder and
child folder have full rights for administrator only.
I mean that only administrators can write and delete files in there..

Recently we have been infected by a virus call wowex32[1].exe, which is
generated random exe file inside %SYSTEM% variable

Is there a secure way to protect my system files agains that kind of viruses?
How was it possible that a file was created in SYSTEM folder as only
administrators have access and password is not blank ????

Thanks for your answer

Regards
serge

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

My guess is that this file was download (usually not by choice) while one of
administrators was browsing the internet.

Scan every user's Temporary Internet files on this computer, you might find
infected files.

Mike

"serge calderara" <sergecalderara@discussions.microsoft.com> wrote in
message news:6C2D01B9-8364-416E-BEC9-8D7A2F2F6AA2@microsoft.com...
> Dear all,
>
> We are running windows 2000 professional office PC and the WINNT folder
and
> child folder have full rights for administrator only.
> I mean that only administrators can write and delete files in there..
>
> Recently we have been infected by a virus call wowex32[1].exe, which is
> generated random exe file inside %SYSTEM% variable
>
> Is there a secure way to protect my system files agains that kind of
viruses?
> How was it possible that a file was created in SYSTEM folder as only
> administrators have access and password is not blank ????
>
> Thanks for your answer
>
> Regards
> serge

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

It is possible that it happened when an administrator was logged on. Email
attachments are a huge problem and must be scanned for viruses no matter who they
appear to come from. Some viruses and worms take advantage of operating system
vulnerabilities to gain system access even if an administrator is not logged on. You
will often hear the term "buffer overflow" associated with such attacks.

The best thing to do to prevent this from happening again is to make sure that your
virus scan program is kept current and that all emails are scanned, keep current with
critical updates from Windows Updates, be careful what files you open, have a
properly configured firewall protecting your network, disable uneeded services, and
use Group Policy to enforce minimum security configurations for Internet Explorer.
The links below explain in more detail. --- Steve

http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://mvps.org/winhelp2002/unwanted.htm

"serge calderara" <sergecalderara@discussions.microsoft.com> wrote in message
news:6C2D01B9-8364-416E-BEC9-8D7A2F2F6AA2@microsoft.com...
> Dear all,
>
> We are running windows 2000 professional office PC and the WINNT folder and
> child folder have full rights for administrator only.
> I mean that only administrators can write and delete files in there..
>
> Recently we have been infected by a virus call wowex32[1].exe, which is
> generated random exe file inside %SYSTEM% variable
>
> Is there a secure way to protect my system files agains that kind of viruses?
> How was it possible that a file was created in SYSTEM folder as only
> administrators have access and password is not blank ????
>
> Thanks for your answer
>
> Regards
> serge