On Fri, 5 May 2006 09:19:02 -0700, bigjimbo
Admin Shares are blocked i cannot access any shares on the machine or anything
There's a .REG that can do that; personally, I prefer it to be
impossible for anything to drop malware into startup locations, no
matter how "authenticated" Windows thinks it is, so I use the .REG to
deliberately kill admin shares.
<paste>
Windows Registry Editor Version 5.00
; Kills hidden admin shares c$, d$ etc. in XP
; Does not kill $IPC that RPC uses
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
"AutoShareWks"=dword:00000000
; This is the Undo, allowing just a thin password
; between your startup axis and meddlers:
;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
; "AutoShareServer"=dword:00000001
; "AutoShareWks"=dword:00000001
</paste>
Also, there's at least one malware that enters through admin shares
and then kills the admin shares using the above approach. So when the
av "cleans" the malware and reverses this effect, it opens the door
for the malware to re-infect the PC all over again.
Also windows Firewall has been disabled!
Spontaneously? If so, think malware. OTOH if you mean you disabled
the firewall as a step in tshooting this problem and it didn't help,
then I'm with you, though I'd look to see if there are 3rd-party
firewall or firewall-like things added.
Can you F&PS into "normal" (explicit) shares?
Domain environment machines are XP Pro
OK, then you'd also have to see whether the domain management is
pushing out a setting to kill admin shares, as above.
