wmi namespace ? virus
in [Viruses]
|
Prev: GMER and aujasnkj.sys?
Next: python - confusing advice
From: JClark on 9 Sep 2009 18:41 Hello Group, I posted details about my son's virus worries on August 25: c3l7951gr0vcod4mc414nmvc9asumtcm97(a)4ax.com Without repeating the system details and my efforts to clean up the computer, here's what he's mostly worried about. He sees warnings in the event viewer/application in roughly this form: ************************************************************************ A provider, [various things: RSOP, hi-perf cooker, etc] has been registered in the WMI namespace, [various locations], to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. For more information, see Help and Support Center at http://support.microsoft.com. *************************************************************************** Is this anything to be worried about? How to check into it further? I think he's worried about the use of the term "impersonate". Many thanks for any thoughts or suggestions. Jack
From: FromTheRafters on 9 Sep 2009 22:14 "JClark" <jclark(a)nomail.invalid> wrote in message news:4ebga5p1fpln9k65aq90j9m1kdkvi71nk6(a)4ax.com... > Hello Group, > > I posted details about my son's virus worries on August 25: > c3l7951gr0vcod4mc414nmvc9asumtcm97(a)4ax.com > > Without repeating the system details and my efforts to clean up the > computer, here's what he's mostly worried about. He sees warnings in > the event viewer/application in roughly this form: > ************************************************************************ > > A provider, [various things: RSOP, hi-perf cooker, etc] has been > registered in the WMI namespace, [various locations], to use the > LocalSystem account. This account is privileged and the provider may > cause a security violation if it does not correctly impersonate user > requests. > > For more information, see Help and Support Center at > http://support.microsoft.com. > > *************************************************************************** > > Is this anything to be worried about? How to check into it further? I > think he's worried about the use of the term "impersonate". It is a normal computerese term.
From: JClark on 10 Sep 2009 07:40 On Wed, 9 Sep 2009 22:14:31 -0400, "FromTheRafters" <erratic(a)nomail.afraid.org> wrote: > >"JClark" <jclark(a)nomail.invalid> wrote in message >news:4ebga5p1fpln9k65aq90j9m1kdkvi71nk6(a)4ax.com... >> Hello Group, >> >> I posted details about my son's virus worries on August 25: >> c3l7951gr0vcod4mc414nmvc9asumtcm97(a)4ax.com >> >> Without repeating the system details and my efforts to clean up the >> computer, here's what he's mostly worried about. He sees warnings in >> the event viewer/application in roughly this form: >> ************************************************************************ >> >> A provider, [various things: RSOP, hi-perf cooker, etc] has been >> registered in the WMI namespace, [various locations], to use the >> LocalSystem account. This account is privileged and the provider may >> cause a security violation if it does not correctly impersonate user >> requests. >> >> For more information, see Help and Support Center at >> http://support.microsoft.com. >> >> *************************************************************************** >> >> Is this anything to be worried about? How to check into it further? I >> think he's worried about the use of the term "impersonate". > >It is a normal computerese term. > > Thanks. As I suspected. I will post a query in the regular WinXP group soliciting some more details about this particular bit of computerese, so that I may be able to convice my son that this isn't serious or a threat. Jack
From: FromTheRafters on 10 Sep 2009 09:46 "JClark" <jclark(a)nomail.invalid> wrote in message news:6apha5hesism55p5rjdiffkl9nr1c8loke(a)4ax.com... > On Wed, 9 Sep 2009 22:14:31 -0400, "FromTheRafters" > <erratic(a)nomail.afraid.org> wrote: > >> >>"JClark" <jclark(a)nomail.invalid> wrote in message >>news:4ebga5p1fpln9k65aq90j9m1kdkvi71nk6(a)4ax.com... >>> Hello Group, >>> >>> I posted details about my son's virus worries on August 25: >>> c3l7951gr0vcod4mc414nmvc9asumtcm97(a)4ax.com >>> >>> Without repeating the system details and my efforts to clean up the >>> computer, here's what he's mostly worried about. He sees warnings in >>> the event viewer/application in roughly this form: >>> ************************************************************************ >>> >>> A provider, [various things: RSOP, hi-perf cooker, etc] has been >>> registered in the WMI namespace, [various locations], to use the >>> LocalSystem account. This account is privileged and the provider may >>> cause a security violation if it does not correctly impersonate user >>> requests. >>> >>> For more information, see Help and Support Center at >>> http://support.microsoft.com. >>> >>> *************************************************************************** >>> >>> Is this anything to be worried about? How to check into it further? >>> I >>> think he's worried about the use of the term "impersonate". >> >>It is a normal computerese term. >> >> > Thanks. As I suspected. I will post a query in the regular WinXP group > soliciting some more details about this particular bit of computerese, > so that I may be able to convice my son that this isn't serious or a > threat. http://msdn.microsoft.com/en-us/library/aa390431(VS.85).aspx
From: JClark on 13 Sep 2009 17:40
On Thu, 10 Sep 2009 09:46:17 -0400, "FromTheRafters" <erratic(a)nomail.afraid.org> wrote: >"JClark" <jclark(a)nomail.invalid> wrote in message >news:6apha5hesism55p5rjdiffkl9nr1c8loke(a)4ax.com... >> On Wed, 9 Sep 2009 22:14:31 -0400, "FromTheRafters" >> <erratic(a)nomail.afraid.org> wrote: >> >>> >>>"JClark" <jclark(a)nomail.invalid> wrote in message >>>news:4ebga5p1fpln9k65aq90j9m1kdkvi71nk6(a)4ax.com... >>>> Hello Group, >>>> >>>> I posted details about my son's virus worries on August 25: >>>> c3l7951gr0vcod4mc414nmvc9asumtcm97(a)4ax.com >>>> >>>> Without repeating the system details and my efforts to clean up the >>>> computer, here's what he's mostly worried about. He sees warnings in >>>> the event viewer/application in roughly this form: >>>> ************************************************************************ >>>> >>>> A provider, [various things: RSOP, hi-perf cooker, etc] has been >>>> registered in the WMI namespace, [various locations], to use the >>>> LocalSystem account. This account is privileged and the provider may >>>> cause a security violation if it does not correctly impersonate user >>>> requests. >>>> >>>> For more information, see Help and Support Center at >>>> http://support.microsoft.com. >>>> >>>> *************************************************************************** >>>> >>>> Is this anything to be worried about? How to check into it further? >>>> I >>>> think he's worried about the use of the term "impersonate". >>> >>>It is a normal computerese term. >>> >>> >> Thanks. As I suspected. I will post a query in the regular WinXP group >> soliciting some more details about this particular bit of computerese, >> so that I may be able to convice my son that this isn't serious or a >> threat. > >http://msdn.microsoft.com/en-us/library/aa390431(VS.85).aspx > Thanks again for the additional information. Will reassure my son. Jack |