I just installed sp2. The firewall asks whether I want to block certain
programs or parts of programs from running. Initially, I blocked all the
programs but I'm noticing some problems when connecting to the internet so I
unblocked them. Should any of these programs be blocked? I'm thinking
msg32.exe and svchost.exe should not be blocked but the rest I don't know
about.

dirote.exe
msg32.exe
svchost.exe
cywyukrx.exe
kcnlmdkg.exe

I do not have any of these programs in my exception list. You my be running
some that may need them.

"kb" > wrote in message
...
>I just installed sp2. The firewall asks whether I want to block certain
> programs or parts of programs from running. Initially, I blocked all the
> programs but I'm noticing some problems when connecting to the internet so
> I
> unblocked them. Should any of these programs be blocked? I'm thinking
> msg32.exe and svchost.exe should not be blocked but the rest I don't know
> about.
>
> dirote.exe
> msg32.exe
> svchost.exe
> cywyukrx.exe
> kcnlmdkg.exe

dirote.exe:



File dirote.exe is related to a trojan horse named f0r0r. The file is
located at the directory "%SystemDir%\f0ror\", where %SystemDir% is a
variable, by default this is 'C:\Windows\System' ( Windows 98/Me ) or
'C:\Winodws\System32' (Windows Xp) or 'C:\Winnt\system32' (Windows 2000).
the folder is hidden in the system directory. The file is automatically run
at Windows startup. If your computer is infected by this trojan, you may
also find the process ppi.exe running from the process list.



msg32.exe:



msg32.exe is a process associated with the GigaStudio and GigaSampler music
sampling software.



svchost.exe:



svchost.exe is a system process belonging to the Microsoft Windows Operating
System which handles processes executed from DLLs. This program is important
for the stable and secure running of your computer and should not be
terminated. Note: svchost.exe is a process which is registered as the
W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability,
which creates a buffer overflow and instigates your computer to shut down.
To see more information about this vulnerability please look at the
following Microsoft bulletin:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx This is a
registered security risk and should be removed immediately.



cywyukrx.exe and kcnlmdkg.exe:



No information to these execution files. I think they are virus infections
and/or spyware.



Go to www.download.com and search and download Spybot Search & Destroy and
Adaware. Update them, and then run them. In the meantime keep them
blocked.



Anthony



"kb" > wrote in message
...
>I just installed sp2. The firewall asks whether I want to block certain
> programs or parts of programs from running. Initially, I blocked all the
> programs but I'm noticing some problems when connecting to the internet so
> I
> unblocked them. Should any of these programs be blocked? I'm thinking
> msg32.exe and svchost.exe should not be blocked but the rest I don't know
> about.
>
> dirote.exe
> msg32.exe
> svchost.exe
> cywyukrx.exe
> kcnlmdkg.exe

Can I just delete the f0r0r directory and contents and any reference in the
registry or do I need to let anti-virus software do it? My anti-virus
(McAfee) didn't catch this.

"Anthony J. Dellarte Jr." wrote:

> dirote.exe:
>
>
>
> File dirote.exe is related to a trojan horse named f0r0r. The file is
> located at the directory "%SystemDir%\f0ror\", where %SystemDir% is a
> variable, by default this is 'C:\Windows\System' ( Windows 98/Me ) or
> 'C:\Winodws\System32' (Windows Xp) or 'C:\Winnt\system32' (Windows 2000).
> the folder is hidden in the system directory. The file is automatically run
> at Windows startup. If your computer is infected by this trojan, you may
> also find the process ppi.exe running from the process list.
>
>
>
> msg32.exe:
>
>
>
> msg32.exe is a process associated with the GigaStudio and GigaSampler music
> sampling software.
>
>
>
> svchost.exe:
>
>
>
> svchost.exe is a system process belonging to the Microsoft Windows Operating
> System which handles processes executed from DLLs. This program is important
> for the stable and secure running of your computer and should not be
> terminated. Note: svchost.exe is a process which is registered as the
> W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability,
> which creates a buffer overflow and instigates your computer to shut down.
> To see more information about this vulnerability please look at the
> following Microsoft bulletin:
> http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx This is a
> registered security risk and should be removed immediately.
>
>
>
> cywyukrx.exe and kcnlmdkg.exe:
>
>
>
> No information to these execution files. I think they are virus infections
> and/or spyware.
>
>
>
> Go to www.download.com and search and download Spybot Search & Destroy and
> Adaware. Update them, and then run them. In the meantime keep them
> blocked.
>
>
>
> Anthony
>
>
>
> "kb" > wrote in message
> ...
> >I just installed sp2. The firewall asks whether I want to block certain
> > programs or parts of programs from running. Initially, I blocked all the
> > programs but I'm noticing some problems when connecting to the internet so
> > I
> > unblocked them. Should any of these programs be blocked? I'm thinking
> > msg32.exe and svchost.exe should not be blocked but the rest I don't know
> > about.
> >
> > dirote.exe
> > msg32.exe
> > svchost.exe
> > cywyukrx.exe
> > kcnlmdkg.exe
>
>
>