Things just get more and more strange.
In looking at my NIS 2009 History/Log, just now, it's showing NIS "Intrusion Prevention is monitoring 0 signatures." Has been this way since 9-16-09, at 9:48:18 pm -- the same date and ~ time a lot of critical ".ini" files disappeared from my computer. Just before, at 9:40:48 pm, it said "Intrusion Prevention is monitoring 1456 signatures."
Also, the Intrusion Driver had been changed from 9.1.1.7 to an older version 9.0.5.23. And, the Intrusion Prevention Engine version changed to 4.1.0.61, as well as having the Definitions Set version changed to 20090910.003 -- from 9:40:48 pm time (correct) versions of 4.5.0.67, and 20090916.003.
Win Event Viewer shows an Anonymous Logon (ALO) at 9:40:35. I've been looking at these ALO's for a long time (several months). First time I've been able to make such an obvious correlation between things happening on my computer -- and an ALO.
It appears that someone is just "having their way" with my computer, any time they want. How are they getting past NIS?? And, *how in the world* can they just roll back the NIS Intrusion Prevention Drivers, Signatures, etc, like this??
Did a Google on this Intrusion Prevention topic and found a Norton Community Forum post with a somewhat similar problem (3-16-09).
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=40555
But, they had previously had a virus infection, that probably wiped out Intrusion Prevention (again, how are these things getting past NIS?). So, they un/re-installed NIS.
I did a NIS Full System Scan just a few days ago (9/18/09). Nothing but "tracking cookies" found.
Appreciate any ideas.
Kind Regards,
Robby
PS, System Config: NIS 2009, GHOST 14, Win XP SP3