Guest Account Activity Help!...

[VcDeveloper]

I have been disabling the Guest account serveral times, and I can't figure
out whats enabling it.

I am assuming its Virtual PC 2007, but I can't duplicate the action. Seems
like its random.

I have Clearwire as my ISP. There a wireless ISP company. There wireless
hub is connect to my Dynex Router and I have no ports open (I tested my
ports through GRC with a Stealth rating).

I have a Desktop and Labtop connect to my Router. My Desktop has the NVidia
Active Armor internet card. It's active and set to medium.

Can anyone give me some idea's on what is changing my Guest account. Also,
I changed the Guest name and set a password to it using the Local Security
Policy, and it was still enabled.

Thanks for your help!...

 

[Paul Adare]

On Tue, 25 Dec 2007 11:43:50 -0800, VcDeveloper wrote:

> I have been disabling the Guest account serveral times, and I can't figure
> out whats enabling it.
>
> I am assuming its Virtual PC 2007

Virtual PC does not use the guest account and is definitely not responsible
for enabling it.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
APL is a write-only language. -- Roy Keir

 

[VcDeveloper]

Can I use MS Network Monitor 3.1 to find out how this is being done?

"Paul Adare" <pkadare@gmail.com> wrote in message
news:1bwsiu22metzh.ooyzgjmjyems.dlg@40tude.net...
> On Tue, 25 Dec 2007 11:43:50 -0800, VcDeveloper wrote:
>
>> I have been disabling the Guest account serveral times, and I can't
>> figure
>> out whats enabling it.
>>
>> I am assuming its Virtual PC 2007
>
> Virtual PC does not use the guest account and is definitely not
> responsible
> for enabling it.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> APL is a write-only language. -- Roy Keir

 

[VcDeveloper]

I installed MS Network Monitor and someone sending datagrams through my
virtual pc to my host using the Netbios ports.

My Window Live Messenger activates, and it never done this until today.

"VcDeveloper" <development@biblescholarsoftware.com> wrote in message
news:%23e2v$5yRIHA.5404@TK2MSFTNGP03.phx.gbl...
>I have been disabling the Guest account serveral times, and I can't figure
>out whats enabling it.
>
> I am assuming its Virtual PC 2007, but I can't duplicate the action.
> Seems like its random.
>
> I have Clearwire as my ISP. There a wireless ISP company. There wireless
> hub is connect to my Dynex Router and I have no ports open (I tested my
> ports through GRC with a Stealth rating).
>
> I have a Desktop and Labtop connect to my Router. My Desktop has the
> NVidia Active Armor internet card. It's active and set to medium.
>
> Can anyone give me some idea's on what is changing my Guest account.
> Also, I changed the Guest name and set a password to it using the Local
> Security Policy, and it was still enabled.
>
> Thanks for your help!...
>

 

[VcDeveloper]

This is bizare, when I restart my vpc I get a request like this:

5 0.010742 DMZ 192.168.0.1 DNS DNS: QueryId = 0x9711, QUERY
(Standard query), Query for www.krypt36.com of type Host Addr on class
Internet

Who in the heck is this? And, the website of this address doesn't show in my
browser.


"VcDeveloper" <development@biblescholarsoftware.com> wrote in message
news:%23e2v$5yRIHA.5404@TK2MSFTNGP03.phx.gbl...
>I have been disabling the Guest account serveral times, and I can't figure
>out whats enabling it.
>
> I am assuming its Virtual PC 2007, but I can't duplicate the action.
> Seems like its random.
>
> I have Clearwire as my ISP. There a wireless ISP company. There wireless
> hub is connect to my Dynex Router and I have no ports open (I tested my
> ports through GRC with a Stealth rating).
>
> I have a Desktop and Labtop connect to my Router. My Desktop has the
> NVidia Active Armor internet card. It's active and set to medium.
>
> Can anyone give me some idea's on what is changing my Guest account.
> Also, I changed the Guest name and set a password to it using the Local
> Security Policy, and it was still enabled.
>
> Thanks for your help!...
>

 

[Paul Adare]

On Tue, 25 Dec 2007 14:21:54 -0800, VcDeveloper wrote:

> This is bizare, when I restart my vpc I get a request like this:
>
> 5 0.010742 DMZ 192.168.0.1 DNS DNS: QueryId = 0x9711, QUERY
> (Standard query), Query for www.krypt36.com of type Host Addr on class
> Internet
>
> Who in the heck is this? And, the website of this address doesn't show in my
> browser.

http://www.spywaredata.com/spyware/malware/ipdiscoverer.exe.php

My guess is that you're infected with malware.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Error: Something only humans can commit.

 

[Arkadiusz 'Black Fox' Artyszuk]

VcDeveloper wrote:

> I have been disabling the Guest account serveral times, and I can't figure
> out whats enabling it.
> I am assuming its Virtual PC 2007, but I can't duplicate the action. Seems
> like its random.

Maybe your system is infected by some virus or malware. Stop using
admin's account. When working using standard user account even malware
cannot change user account settings (enable/disable account).

--
Regards
Arkadiusz 'Black Fox' Artyszuk

 

[PA Bear]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

VcDeveloper wrote:
> This is bizare, when I restart my vpc I get a request like this:
>
> 5 0.010742 DMZ 192.168.0.1 DNS DNS: QueryId = 0x9711, QUERY
> (Standard query), Query for www.krypt36.com of type Host Addr on class
> Internet
>
> Who in the heck is this? And, the website of this address doesn't show in
> my
> browser.
>
>
> "VcDeveloper" <development@biblescholarsoftware.com> wrote in message
> news:%23e2v$5yRIHA.5404@TK2MSFTNGP03.phx.gbl...
>> I have been disabling the Guest account serveral times, and I can't
>> figure
>> out whats enabling it.
>>
>> I am assuming its Virtual PC 2007, but I can't duplicate the action.
>> Seems like its random.
>>
>> I have Clearwire as my ISP. There a wireless ISP company. There
>> wireless
>> hub is connect to my Dynex Router and I have no ports open (I tested my
>> ports through GRC with a Stealth rating).
>>
>> I have a Desktop and Labtop connect to my Router. My Desktop has the
>> NVidia Active Armor internet card. It's active and set to medium.
>>
>> Can anyone give me some idea's on what is changing my Guest account.
>> Also, I changed the Guest name and set a password to it using the Local
>> Security Policy, and it was still enabled.
>>
>> Thanks for your help!...