attacks on local port 1025

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - ITT Technical Institute Hey everyone - I'm investigating ITT's Information Systems Security degree program and want to find info on what the industry syas about ITT. They don't seem to have any recognition w/ the industry and the investment is fairly large comparitively to a standard university program. I'm in Arkansas so keep that in mind when it comes to industry recognition! :) Tag: attacks on local port 1025 Tag: 55827
 - 2
 - error checking and Norton's firewall Does Norton's Firewall remain enabled when computer is restarted to go into error checking? Thanks Tag: attacks on local port 1025 Tag: 55818
 - 3
 - Windows 2000 Security Update (KB837001) I tried downloading a few security updates including KB837001 Security Update for Windows 2000. The download about 6 updates) went fine, but the Installation Process ran for over 4 hours - the KB837001 was the the install being displayed on the Download dialog box. I finally killed it - didn't think this long of an install could be right. Two questions - has anyone else had a problem with this install, and have I caused other problems by killing it? Thanks for any info anyone has!! Jo Tag: attacks on local port 1025 Tag: 55806
 - 4
 - who the hell do I believe? I suspect unfair play on my system so I have run several anti spyware/malware progs. The stalwarts tell me that all is ok, (adaware, spybot) but others tell me I have coolweb etc etc, funny thing is many of the lesser known progs all tell me a different story, it is almost as though they have added a potential threat to their free scan, to make one believe that one should buy their product. Am I being unduly cynical? Tag: attacks on local port 1025 Tag: 55804
 - 5
 - all email stopped at 10:22 am, seriously read and did not start until now, none came into any email box of mine at all. any to me that is the very meaning of theft. the new webvirus is but part of the problem, i am referring to the one where visiting any website by the thousands now is a sure sign of a virus. losing an untold amount of information today is also a sign that a massive system wide internet breakdown is headed our way. seriously, you can blame either the barnstable police, willis of barnstable housing authority, shane kelly, leonda mahler, anna durkin and or a psychiatrist, janet and or chris morris. all i did was came to this group and asked anyone of you call me, make the landline ring, it didn't. the question was to you, how to keep a nation from losing its self control, bodily self control when faced with the enormisity of the very information about this song and what it means to the 9/11/01 investigation and to the people in this nation, the u. s. a. and around the world. it happened yesterday when i watched a man choke on his own spit when listening to the song while realizing it is what i say it is. it isn't a matter of power display to hurt someone it is a matter of how to keep people from all out rioting and worse my own wife won't even talk with me in here and it is her that i asked to be by my side now despite how we do and do not relate as husband and wife but as two people interested in keeping peace here and it is from here like anyone else it could be kept. we are looking at a serious nationwide internet outage affecting the very core components of inforation technologies that willl bring out economic and emotional ruin for millions. read well stranger in my time, i've come to despise psychiatrists, psychologists for a good reason., i am quite serious about everything ive come to know of those of whom i had to deal with face to face once a week. for me to sit here and tell you that when asked what do i do with myself and respond in complete truth of my jobs etc, only to be told ive got a mental illness to me is an absolute travesty to me, its like being waylaid and nobody around not giving any consideration to the mere possiblity that i wasn't. even to this day although my wife says to my face she dont believe i am, she does turn right around and say opposite i am faced with a serious problem here and im writing here publically to you in hopes that any one of you who is young, open minded and got some time outside of school and or work who will chat with me about some seriously serious subjects on a not a patient to doctor/student level is exactly why i write. this must be done in person here on cape cod and mighty soon too. it is this very fact i write of but i will put some perspective on this first last weekend a young nubile and intelligen albiet drunk young woman knew me on site and literally would not bring up the subject she is studying which is psychology because she knew of what i wrote in here and elsewhere. she literaly said to me "well go to new york" when i told her that i'd like to be in new york but yet i was plainly in my opinion there to chat with her. as if she thought i was not present there at all to some extent. she literally broke down crying for a simple reason and that reason is, i am faced with the fact that this here nation caught quite by suprise was knocked down, bloodied and battered badly september 11, 2001. she was ready to walk away from her boyfriend for she took me and my wife towards my car as if she were to go with us to our home (she never did). my fact is i did create some music that went worldwide by august 30, 2001. it did make it to some seriously connected people who were at the time and are that established within the pentagon as private contractors and now even part of the secret service (and that i was told by a motorist passing by yelling at 60 + mph two weeks ago) this music is like being inside any one of those jets through the span of under 7 minutes from beginning to end. i have yet to seriously analyze this music with anyone aside from my wife and a former friend note for note. yesterday i stunned a man to almost completely changing his demeanor and watching him choke on his own spit when he heard this music and he was a complete stranger. the other facet to all this is that while that music was made, i was being told my wife was with another man at my own home. this music was made adlib, freestyle and due to some of the very actions going on where i was at the time too, they were inspiration. i have been told to my face that i had been tranquilized for 15 years yet until 2000 i was not diagnosed with schizophrenia. to this day i totally dismiss that diagnosis yet each day i bring it up constantly as if i oughta be speaking elsewhere. thursday some children walked up towards myself and there on main street i ended up realizing that i had been making not only those children laugh hysterically but others as well just by being serious and somewhat lighthearted about the history of computers, present time of computers and the future of computers and how the body can heal itself. my wife was totally incensed with the idea that all that was what she had been trying to convince me of for a long time. yet between us, it is i telling her literally, not to be trying to convince me of anything, take care of herself first. our own problems have to be dealt with and between when we first married even to this day the ability to be as only we truly can be is a daily dilemna that is the catalyst for what we do get done. as if our lives could be turned around dramatically if we did live as each other thinks of ourselves to be. i'm left with the thought that it is not mental illness but its a matter of heart. i could go on about every minute detail about myself, her wrongs, my wrongs and the very essence about good and bad parts to our relationship and how to ammend them yet so little gets done. it is that "his opinion, not living it" she knows and vice verca. anyways, the fact about that music, the total power it has just played and easily explained as i have in a seriously done this many a time way "these are the facts" that i am able to do that leaves me with quite the few questions to ask you in person, anyone that will meet with my wife and i in person here in hyannis and soon out of office. it was last week the 9/11 investigations were front page as to the investigations are still in progress and i have yet to read about this song, the story in any newspaper or t. v. myself. i have heard howie carr via his radio show state my name recently but the story was not told. he obviously read some of my online material. then i've not told this story nationwide either and came home to watch a vcr tape. its not just this music, 9/11/01 that is something about psychiatry i do want to chat with you about, its the entire adult industry utilized by psychiatry. believe me, it has in massachusetts hospitals, i was there. in my humble opinion, it the very essense of relating between a married couple, boyfriend - girlfriend, casual date that is each particular reason that built the reasons for 9/11/01. so easy to write all that, a different story living. no doctors office wanted. one too many no direct response emails, they've in my opinion left elsehwhere. i should've been flooded with them since 9/12/01. here is what i've left for the public around the world recently about that song. my name is in the hyannis area verizon phone book, please call and call today. --leonda (i'm coming home)-- august 2001 i'm comin' home, i've been here before it's been a long, long road, traveled many times, times been walking miles trying to find my lady i love her so, dearly so she's got my heart, keeps the child in me my guiding light, she sets, sets me free i'm coming home, today, traveled that walk happy as I could ever be i thank you, with all my heart just where to begin, I know that love will never depart these many oceans are filled with tears Cry for centuries, happiness and fear i think it's time, i bring up my anchor paddle on, to a distant shore, somehow, someway, i'll make it home, what my love will say, I'm countin' on So many times, i've crossed the lords path i might have forgiveness, just from where I'm at now I don't know about you you had your time, you made it through, somehow, someway you might, may find something beyond, that love be so blind may the sand, flow through your fingers and when that crow flies, it'll guide you on somehow, someway i am coming home again, i'm coming home again, to my love, my one true friend i'll make you happy, i know I'll make you cry I'll give you my love, all the time when we're alone, with the spirits who listen and talk we may decide, on our eternal walk someday our child, one or two will know at least your love and what i will put you through under our roof, massive or small, with a fire burning, and as our child crawls we'll sing together, country and blues you lead the way i'll try my best to satisfy you woman leonda i am coming home to you i hear what i refer to as listening to the whine of a jet, i hear the voice of mine potraying what it was like inside those jets, brief moments from each jet from beginning to impact. the only difference between the original audio and now is the volume was turned up from the original audio and that does have the exact same sounds. you think an award for that song oughta be presented? you think it oughta be covered with dance? you think it oughta have any other form of music involved? you think it oughta be rerecorded? as if it is now a weapon against violence? that has been suggested to me and i'm telling you here and now i do not authorize it nor condone it either, not now, not ever. ---june 25, 2004--- i'll tell you now, francis scott key was literally in a battlefield with total violence unlike any other at the time when the star spangled banner was written. my song was created in a small coffee house during *peace* time. this song was in the possession of anyone who decided to download it within 24 hours, August 30, 2001. Janet E. Morris, my wife Leonda's aunt was known for sci - fi fantasy writing and that requires visionary experiences, remember the communicator of Star Trek, now known as the cell phone, Gene Roddenburys creative design? Mrs. Morris and Christopher Morris (some people tbink he looks like the Edge Of U2 and he does play electric guitar) had created "The 40 Minute War" long before Bill Clinton was President. mrs. morris had total access to some of the "deepest" parts of the pentagon prior to 9/11/01 meaning, she was a protege to a former cia deputy director who served president kennedy the cuban missile photos himself. she was raised a few miles from the kennedy compound. every few weeks i read or hear or view stories about 911 inquisitions about what was and what not known ahead of time and in my opinion, the song alone was heard by anyone 'round the world inluding the pentagon long before 9/11 so why so many questions? that is why i called the white house. unless i totally missed the story of the century, it hasn't been in the front pages yet yesterday a man from nyc with a fire department t-shirt on with his child and his wife, he just about melted me with this wet big eyed and blue friendly smile like his wife and child. sorry for the non existant outward response but it was proof positive to me it was heard about at the least. to be quite honest i've not "exploded" in outright grief yet, that day is coming yet for over 2 years it has been a factor amongst many emotions. and btw, to that woman and man out there that dares even think they don't know where i live here in hyannis who do come into this area when my wife leonda and i are going out or even in the same parking lot as him/her, ya, you should've come directly to us without question face to face and introduced yourselves plain and simple. and anyone up here in hyannis from nyc, please come and see us, craigville beach at night is where we usually are and our names leonda and william mahler are in the verizon local phone book. or come here and ring our buzzer, no one after 6 pm please. My "secret" to this song, it's simple, listening to those around me, in the same establishment, not for the exact words straight from their vocal chords but by their actions and with the idea that i'd create a song without any words like type or print in mind or in ear or in view in anyway, not even during the actual creation but by spirit, living spirit alone. I did have a stage time established earlier that day. If you are new to ths story or not, I don't mind repeating it again, just not living the experiences of what it took leading up to and during the creation of the song ever again. A second song, "Got Me Worldwide" was following the song and the entire performances start to finish are safely kept in many places around the world. This version is from my equipment with the small left right radio shack microphone, built more for speech than music and a sony minidisc recorder placed behind me on the floor close to the store front window with traffic close by. this song is about 9/11/01 but it took awhile after 9/11/01 to begin to listen to it with that perspective, from my vantage of knowledge. During that time, it was in the possession of anyone in the world. The scenarios i've yet to hear and see in full myself is inside the jets from audio and video. Yes the imagination does provide but to witness externally is an entirely different vantage point. At least for myself it gives room for acceptance. Leonda was not at the coffee house that night, she was home and not by herself. I've not seen any pictures and or video from that night, August 29, 2001 at the Prodigal Son of Hyannis, MA. I've heard from many a persons my voice was total strength of persona that night, it is full of weakness as well in my opinion. If there is or isn't any similarities to Bruce Springsteen in your opinion, listen to "Drive All Night", and or "Fade Away" both from "The River" and "I'm On Fire" from "Born In The U. S. A.". It is the vocal performance of Springsteen that became a basis for my performance that night and I repeat, not a direct source for words for there are none in any similarity to "Leonda (I'm Coming Home)". The MP3 here is edited yet the song and amplitude are in tact and louder, the original was recorded with recording levels approx 50% of the full available set to manual instead of auto. Sound Forge 5 from (then) Sonic Foundry has been the editor of choice then and now. A new "star spangled banner"? not at all. Believe me, I called the White House last night and spoke with an operator who rang in less than 5 rings, "good evening, white house" for that was my first call ever. There were more pops in that phone call via cell phone that i have yet to count. I am coming to the World Trade Center site for the 1st time ever for July 4th with myself driving my own car (if God has his way). I've heard that all festivities are already settled and that was long before I called the New York Port Authority June 22, 2004. I've got some family that does work within the taxi business, maybe I might just have a easier ride. If you are wondering why this took so long, many a time my imagination sees myself there then and even now. http://www.mahlers.com/leondaimcominghome.mp3 i am coming home again i am coming home again i am coming home to you tower one tower two pentagon pennsylvania http://www.mahlers.com W. K. Mahler William K. Mahler and Leonda K. Mahler william Tag: attacks on local port 1025 Tag: 55802
 - 6
 - cannot access ebay via address bar I cannot access ebay via the address bar, I can access any other site via url but not ebay. I can access ebay via search (Google) but not url why is this? Tag: attacks on local port 1025 Tag: 55801
 - 7
 - Trojan? I have a severe problem with my pc, I cannot view anything in My Computer and it keeps hanging, system restore doesn't work, the pc is slow to boot 5-10 mins but eventually all desktop items appear. I am stopped from running any online checks virus trojan etc, the programs work upto a point then they stop. all of my AV, spybot,adaware etc etc report no problems. Do I have a nasty in the system? I have also run hijackthis but have no listed unknowns. One thing that is puzzling me is that when I try to remove certain progs from ZA, when I go back to the progs menu they are back again. 2.1GHZ xp home office 2003 professional 1gb DDRAM 30gb HDD Nvidia TNT 64mb GC ZA pro NAV 2004 spybot adaware system utilities 2004 Tag: attacks on local port 1025 Tag: 55798
 - 8
 - installing a cd game I bouught a cd game yesterday. When I tryed to install it today I received the folling message; "1644: You do not have sufficient privileges to complete this installation. Log on as administrator (which I do not know how to do) and then retry the installation. Can anyone help me with this? Tag: attacks on local port 1025 Tag: 55793
 - 9
 - Hotmail sign-in i keep getting a message that says that too many unsucessful attempts have been made to access my account and that I should logon at a future time. However I havent been logging on frequently with an incorrect password. Is there a way of tracking who is accessing my hotmail account? Tag: attacks on local port 1025 Tag: 55792
 - 10
 - my computer keeps shuting down (Type your message here) my computer keeps shuting down i can not do any thing on my computer it shut down -------------------------------- From: dora breeden ----------------------- Posted by a user from AdminLife (http://www.adminlife.com/) <Id>9oZMjh+4eU6HU2H2+ds3/A==</Id> Tag: attacks on local port 1025 Tag: 55791
 - 11
 - need a way to import 2000 gp into 2003 server i want to know is there a way to import a default gp for 2000sever into my new 2003 domain ...reason is that with the default domain gp all my wks are lock down (limited access and right ) and i can not seem to raised the level example no permisson to manage netowrk settings, make vpn connections, install applications .......this is what i want in the future but for now im locking laptops down with the 2003 gp and all my users a crying .....please help Tag: attacks on local port 1025 Tag: 55782
 - 12
 - concerning my password I have more that one email account, but i recently changed my password a few weeks ago, for one of my email accounts, sadly i cannot remember the password n secrete question. Are there any other ways or methods i can go by in finding this info out? Tag: attacks on local port 1025 Tag: 55777
 - 13
 - my norton security keeps crashing PLEASE HELP....when i run my norton security scan everything is fine until it try's to scan my c.d. drive's then i get a blue screen with the measage: STOP:0x000000(0xc000001D,0x805239d2,0xa647f830,0x00000000) IVE REINSTALLED NORTON SECURITY AND IT STILL KEEP'S COMING UP,I WOULD REALLY LIKE SOME HELP AS I CANT SCAN MY DISC'S AT THE MOMENT...THANK'S ANYONE WHO CAN HELP AWSPARKY@HOTMAIL.COM Tag: attacks on local port 1025 Tag: 55776
 - 14
 - home page hijack I have a similar problem to niv of todays date. Home page is hijacked to ahbnr.dll/index.html#35759. Any suggestion would be appreciated. Tag: attacks on local port 1025 Tag: 55773
 - 15
 - home page hijacked I have picked up the same problem as niv of today's date. In my case Web address is ahbnr.dll/index.html#35759 using IE6. Any help would be appreciated Tag: attacks on local port 1025 Tag: 55772
 - 16
 - MSConfig won't run I noticed my "Auto Protect" with NAV was not enabled. Upon trying to enable it, I received and error message. To make a long process short, I have had to uninstall and reintall ny Norton IS. I have attempted to I tried running "msconfig" to select start-up services upon reinstallation however, I receive the message "Another Prodgram is using msconfig" I have no other programs running. Thanx for any help Michelle Tag: attacks on local port 1025 Tag: 55771
 - 17
 - home page hijacked my home page keeps getting hijacked to res://lxtow.dll/index.html#96676 its a search page got no idea why ???? i keep changing ,but it keeps going back to this, the only pop up's i get are from a company called only the best , does anyone know now to resolve this ????? thanks Tag: attacks on local port 1025 Tag: 55769
 - 18
 - Share Experience Posting Hello, I'm not sure if this is the appropriate place to post this. I received an email stating "Advisory - A user is attempting to share opinions and experiences about you in our online community. " It then provides a link and explains "Anonymous users post Experience Requests at this website. An Experience Request is simply an indication of a user's interest in sharing the experiences that he or she has had with a particular individual or business. Each Experience Request has one subject (an individual or business), and the subject is identified in the Experience Request."The email is from supportdepartment@sharingexperience.biz. Does anybody know what this is about?! I'm tempted to respond to the posting on the web page but I'm afraid it's a setup of some sort... any ideas would be welcome. Tag: attacks on local port 1025 Tag: 55763
 - 19
 - Coolwebsearch Infection Hi, Hope someone can help. Recently had my PC infected with a version of coolwebsearch trojan. I've ran CWShreader which found and deleted it, and then ran AdAware 6 and Spybot to remove any remaining traces, but it keeps re-installing it'self everytime I connect to IE explorer. Anyone have any ideas as it's really annoying. All software tools used are up to date as is my Microsoft patching, I've attached a copy of my adaware scan results below in case it helps. Many Thanks Craig Lavasoft Ad-aware Personal Build 6.181 Logfile created on :26 June 2004 07:50:40 AM Created with Ad-aware Personal, free for private use. Using reference-file :01R324 22.06.2004 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file 26-06-2004 07:50:40 AM - Scan started. (Smart mode) Listing running processes Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 26-06-2004 06:47:33 AM BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:44 AM BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:45 AM BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 06:48:18 AM Last modified : 23/08/2001 12:00:00 PM #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:45 AM BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 06:48:18 AM Last modified : 29/08/2002 10:41:26 AM #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:46 AM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 06:48:18 AM Last modified : 23/08/2001 12:00:00 PM #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 26-06-2004 06:47:46 AM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 06:48:18 AM Last modified : 23/08/2001 12:00:00 PM #:7 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:49 AM BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 05:53:46 AM Last modified : 23/08/2001 12:00:00 PM #:8 [cisvc.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 26-06-2004 06:47:50 AM BasePriority : Normal FileSize : 5 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe OriginalFilename : cisvc.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 06:38:40 AM Last modified : 23/08/2001 12:00:00 PM #:9 [cvpnd.exe] FilePath : C:\Program Files\Cisco Systems\VPN Client\ ThreadCreationTime : 26-06-2004 06:47:50 AM BasePriority : Normal FileSize : 1387 KB FileVersion : 4.0.2 (D) ProductVersion : 4.0.2 (D) Copyright : Copyright CompanyName : Cisco Systems, Inc. FileDescription : Cisco Systems VPN Client InternalName : cvpnd OriginalFilename : CVPND.EXE ProductName : Cisco Systems VPN Client Created on : 13/10/2003 10:09:15 PM Last accessed : 26/06/2004 06:49:30 AM Last modified : 25/08/2003 03:41:30 PM #:10 [dkservice.exe] FilePath : C:\Program Files\Executive Software\DiskeeperServer\ ThreadCreationTime : 26-06-2004 06:47:51 AM BasePriority : Normal FileSize : 248 KB FileVersion : 7.0.393.0 ProductVersion : 7.0.393.0 CompanyName : Executive Software International, Inc. FileDescription : DKSERVICE.EXE InternalName : DKSERVICE OriginalFilename : DKSERVICE ProductName : Diskeeper (TM) Disk Defragmenter Created on : 31/08/2001 02:23:12 PM Last accessed : 26/06/2004 05:53:46 AM Last modified : 31/08/2001 02:23:12 PM #:11 [sagent2.exe] FilePath : C:\Program Files\Common Files\EPSON\EBAPI\ ThreadCreationTime : 26-06-2004 06:47:51 AM BasePriority : Normal FileSize : 112 KB FileVersion : 1, 2, 0, 0 ProductVersion : 1, 0, 0, 0 Copyright : Copyright (C) SEIKO EPSON CORP. 2000 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 OriginalFilename : SAgent2.exe ProductName : EPSON Bidirectional Printer Created on : 14/12/2001 12:10:37 PM Last accessed : 26/06/2004 05:53:47 AM Last modified : 17/11/2000 01:02:00 AM #:12 [gearsec.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:51 AM BasePriority : Normal FileSize : 48 KB FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 Copyright : Copyright CompanyName : GEAR Software FileDescription : gearsec InternalName : gearsec OriginalFilename : gearsec.exe ProductName : gearsec Created on : 12/12/2003 05:32:29 PM Last accessed : 26/06/2004 06:38:40 AM Last modified : 12/12/2003 05:32:29 PM #:13 [ghosts~2.exe] FilePath : D:\PROGRA~1\Symantec\NORTON~1\ ThreadCreationTime : 26-06-2004 06:47:52 AM BasePriority : Normal FileSize : 196 KB FileVersion : 2003.775 ProductVersion : 2003.775 Copyright : Copyright (C) 1998-2002 Symantec Corp. All rights reserved. CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartService OriginalFilename : GhostStartService.exe ProductName : Norton Ghost Start Service #:14 [inorpc.exe] FilePath : C:\Program Files\CA\eTrust\Antivirus\ ThreadCreationTime : 26-06-2004 06:47:52 AM BasePriority : Normal FileSize : 136 KB FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 Copyright : Copyright 2004 Computer Associates International, Inc. CompanyName : Computer Associates International, Inc. InternalName : InoRpc.exe OriginalFilename : InoRpc.exe ProductName : eTrust Antivirus Created on : 06/04/2004 04:13:54 PM Last accessed : 26/06/2004 05:53:51 AM Last modified : 06/04/2004 04:13:54 PM #:15 [inort.exe] FilePath : C:\Program Files\CA\eTrust\Antivirus\ ThreadCreationTime : 26-06-2004 06:47:54 AM BasePriority : Normal FileSize : 236 KB FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 Copyright : Copyright 2004 Computer Associates International, Inc. CompanyName : Computer Associates International, Inc. InternalName : InoRT.dll OriginalFilename : InoRT.dll ProductName : eTrust Antivirus Created on : 06/04/2004 04:13:56 PM Last accessed : 26/06/2004 05:53:51 AM Last modified : 06/04/2004 04:13:56 PM #:16 [inotask.exe] FilePath : C:\Program Files\CA\eTrust\Antivirus\ ThreadCreationTime : 26-06-2004 06:47:54 AM BasePriority : Normal FileSize : 248 KB FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 Copyright : Copyright 2004 Computer Associates International, Inc. CompanyName : Computer Associates International, Inc. InternalName : InoTask.exe OriginalFilename : InoTask.exe ProductName : eTrust Antivirus Created on : 06/04/2004 04:14:10 PM Last accessed : 26/06/2004 06:04:55 AM Last modified : 06/04/2004 04:14:10 PM #:17 [appservices.exe] FilePath : C:\PROGRA~1\Iomega\System32\ ThreadCreationTime : 26-06-2004 06:47:56 AM BasePriority : Normal FileSize : 72 KB FileVersion : 2, 0, 2, 5 ProductVersion : 2, 0, 2, 5 Copyright : Copyright CompanyName : Iomega Corporation FileDescription : AppServices InternalName : AppServices OriginalFilename : AppService.exe ProductName : Iomega App Services Created on : 04/09/2002 02:36:50 PM Last accessed : 26/06/2004 05:53:52 AM Last modified : 04/09/2002 02:11:04 PM #:18 [logwatnt.exe] FilePath : C:\CA_LIC\ ThreadCreationTime : 26-06-2004 06:47:56 AM BasePriority : Normal FileSize : 52 KB FileVersion : 1.52 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Computer Associates FileDescription : LogWatNT InternalName : LogWatNT OriginalFilename : LogWatNT.exe ProductName : Computer Associates LogWatNT Created on : 20/09/2002 04:29:28 PM Last accessed : 26/06/2004 05:53:52 AM Last modified : 20/09/2002 04:29:28 PM #:19 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 26-06-2004 06:47:56 AM BasePriority : Normal FileSize : 80 KB FileVersion : 6.14.10.5216 ProductVersion : 6.14.10.5216 Copyright : (C) NVIDIA Corporation. All rights reserved. CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 52.16 InternalName : NVSVC OriginalFilename : nvsvc32.exe ProductName : NVIDIA Driver Helper Service, Version 52.16 Created on : 06/10/2003 02:16:00 PM Last accessed : 26/06/2004 05:53:52 AM Last modified : 06/10/2003 02:16:00 PM #:20 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 26-06-2004 06:47:56 AM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 23/08/2001 12:00:00 PM Last accessed : 26/06/2004 06:48:18 AM Last modified : 23/08/2001 12:00:00 PM #:21 [vmware-authd.exe] FilePath : C:\Program Files\VMware\VMware Workstation\Programs\ ThreadCreationTime : 26-06-2004 06:47:56 AM BasePriority : Normal FileSize : 176 KB Created on : 09/09/2002 07:20:12 PM Last accessed : 26/06/2004 05:53:53 AM Last modified : 09/09/2002 07:20:12 PM #:22 [vmnetdhcp.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 26-06-2004 06:47:57 AM BasePriority : Normal FileSize : 140 KB FileVersion : 3.2.0 $Name: build-2230 $ ProductVersion : 3.2.0 $Name: build-2230 $ Copyright : Copyright CompanyName : VMware, Inc. FileDescription : VMnet DHCP Service InternalName : VMnetDHCP OriginalFilename : VMnetDHCP.exe ProductName : VMware Workstation Created on : 09/09/2002 07:17:46 PM Last accessed : 26/06/2004 06:38:40 AM Last modified : 09/09/2002 07:17:46 PM #:23 [vmnat.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:47:57 AM BasePriority : Normal FileSize : 112 KB Created on : 09/09/2002 07:20:54 PM Last accessed : 26/06/2004 05:53:53 AM Last modified : 09/09/2002 07:20:54 PM #:24 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ThreadCreationTime : 26-06-2004 06:47:59 AM BasePriority : Normal FileSize : 893 KB FileVersion : 5.0.590.015 ProductVersion : 5.0.590.015 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon OriginalFilename : vsmon.exe ProductName : TrueVector Service Created on : 24/08/2003 09:02:11 PM Last accessed : 26/06/2004 06:47:59 AM Last modified : 17/05/2004 03:55:26 AM #:25 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 26-06-2004 06:48:10 AM BasePriority : Normal FileSize : 973 KB FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 11/05/2003 08:12:10 PM Last accessed : 26/06/2004 06:49:23 AM Last modified : 11/05/2003 08:12:10 PM #:26 [dragdiag.exe] FilePath : C:\Program Files\Alcatel\SpeedTouch USB\ ThreadCreationTime : 26-06-2004 06:49:08 AM BasePriority : Normal FileSize : 840 KB FileVersion : 201.2.0.0 ProductVersion : 201.2.0.0 Copyright : Copyright CompanyName : THOMSON multimedia FileDescription : SpeedTouch Statistics ProductName : SpeedTouch USB Created on : 28/07/2002 03:07:21 PM Last accessed : 26/06/2004 06:49:09 AM Last modified : 12/11/2002 10:02:08 AM #:27 [realmon.exe] FilePath : C:\PROGRA~1\CA\eTrust\ANTIVI~1\ ThreadCreationTime : 26-06-2004 06:49:09 AM BasePriority : Normal FileSize : 492 KB FileVersion : 7.1.192.0 ProductVersion : 7.1.192.0 Copyright : Copyright 2004 Computer Associates International, Inc. CompanyName : Computer Associates International, Inc. InternalName : Realmon.exe OriginalFilename : Realmon.exe ProductName : eTrust Antivirus Created on : 06/04/2004 04:14:48 PM Last accessed : 26/06/2004 06:49:10 AM Last modified : 06/04/2004 04:14:48 PM #:28 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ThreadCreationTime : 26-06-2004 06:49:09 AM BasePriority : Normal FileSize : 176 KB FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp OriginalFilename : realsched.exe ProductName : RealPlayer (32-bit) Created on : 10/02/2004 12:17:51 AM Last accessed : 26/06/2004 06:49:09 AM Last modified : 05/05/2004 09:49:54 PM #:29 [zlclient.exe] FilePath : C:\Program Files\zafiles\Zone Labs\ZoneAlarm\ ThreadCreationTime : 26-06-2004 06:49:09 AM BasePriority : Normal FileSize : 681 KB FileVersion : 5.0.590.015 ProductVersion : 5.0.590.015 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient OriginalFilename : zlclient.exe ProductName : Zone Labs Client Created on : 24/12/2003 12:23:57 AM Last accessed : 26/06/2004 06:49:16 AM Last modified : 17/05/2004 03:56:14 AM #:30 [d3rk32.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:49:10 AM BasePriority : Normal FileSize : 26 KB Created on : 27/05/2004 04:39:18 PM Last accessed : 26/06/2004 06:49:10 AM Last modified : 27/05/2004 04:39:18 PM #:31 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ThreadCreationTime : 26-06-2004 06:49:10 AM BasePriority : Normal FileSize : 4768 KB FileVersion : 6.2.0137 ProductVersion : Version 6.2 Copyright : Copyright (c) Microsoft Corporation 1997-2004 CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr OriginalFilename : msnmsgr.exe ProductName : MSN Messenger Created on : 28/05/2004 02:22:04 PM Last accessed : 26/06/2004 06:49:17 AM Last modified : 28/05/2004 02:22:04 PM #:32 [psfree.exe] FilePath : C:\PROGRA~1\PANICW~1\POP-UP~2\ ThreadCreationTime : 26-06-2004 06:49:10 AM BasePriority : Normal FileSize : 512 KB FileVersion : 3, 1, 0, 1012 ProductVersion : 1, 0, 0, 1 Copyright : Copyright (C) 2002-2003 CompanyName : Panicware, Inc. FileDescription : Pop-Up Stopper Free Edition InternalName : Pop-Up Stopper Free Edition OriginalFilename : PSFree.exe ProductName : Pop-Up Stopper Free Edition Created on : 16/01/2004 11:35:30 PM Last accessed : 26/06/2004 06:49:16 AM Last modified : 29/10/2003 11:01:02 AM #:33 [wcescomm.exe] FilePath : C:\Program Files\Microsoft ActiveSync\ ThreadCreationTime : 26-06-2004 06:49:11 AM BasePriority : Normal FileSize : 368 KB FileVersion : 3.7.1.3244 ProductVersion : 3.7.3244 Copyright : Copyright CompanyName : Microsoft Corporation FileDescription : Connection Manager InternalName : wcescomm OriginalFilename : WCESCOMM.EXE ProductName : Microsoft ActiveSync Created on : 09/03/2002 11:16:01 PM Last accessed : 26/06/2004 06:49:17 AM Last modified : 01/09/2003 06:52:42 PM #:34 [crzt.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 26-06-2004 06:50:03 AM BasePriority : Normal FileSize : 9 KB Created on : 25/06/2004 07:41:18 AM Last accessed : 26/06/2004 06:50:03 AM Last modified : 25/06/2004 07:41:18 AM Warning! CoolWebSearch object found in memory(C:\WINDOWS\system32\crzt.exe) CoolWebSearch Object recognized! Type : Process Data : crzt.exe Object : C:\WINDOWS\system32\ FileSize : 9 KB Created on : 25/06/2004 07:41:18 AM Last accessed : 26/06/2004 06:50:03 AM Last modified : 25/06/2004 07:41:18 AM Warning! "crzt.exe"Process could not be terminated! #:35 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 26-06-2004 06:50:32 AM BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 19/02/2003 12:18:25 AM Last accessed : 26/06/2004 06:50:33 AM Last modified : 12/07/2003 09:00:20 PM Memory scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 1 Objects found so far: 1 Started registry scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Registry scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 1 Started deep registry scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html Possible Browser Hijack attempt Object recognized! Type : RegData Data : "res://jcirb.dll/index.html#35759" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "res://jcirb.dll/index.html#35759" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html Possible Browser Hijack attempt Object recognized! Type : RegData Data : "res://jcirb.dll/index.html#35759" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "res://jcirb.dll/index.html#35759" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html Possible Browser Hijack attempt Object recognized! Type : RegData Data : "res://jcirb.dll/index.html#35759" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Default_Page_URL Data : "res://jcirb.dll/index.html#35759" Deep registry scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 3 Objects found so far: 4 Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Deep scanning and examining files (C:) Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Performing conditional scans.. Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ CoolWebSearch Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SYSTEM\CurrentControlSet\Services\__NS_Service_3 Conditional scan result: Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 1 Objects found so far: 5 07:54:09 AM Scan complete Summary of this scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Total scanning time :00:03:28:406 Objects scanned :52452 Objects identified :5 Objects ignored :0 New objects :5 Tag: attacks on local port 1025 Tag: 55761
 - 20
 - Why webmail is less secure than OE? e.g. Hotmail is less secure than using OE to email? Why? the server is less secure? Tag: attacks on local port 1025 Tag: 55753
 - 21
 - digital signature and the web-based hotmail Why doesn't the web-based hotmail added with the digital signature option? We can't use digital signature when login to the www.hotmail.com? Is the webmail more secure than OE? Tag: attacks on local port 1025 Tag: 55746
 - 22
 - Trojan/virus effects For the past two days I tried to get rid of several pesky viruses/trojans that apparently messed up my machine and kept returning on reboot. I'm running XP and turned off System Restore, then rebooted in Safe Mode, then ran my AV program, and deleted the "Trojano" worm and a few other viruses, like the "DyfucDldr" variety. I think I'm now virus, trojan, worm, and adware-free, but the damage seems to have been done: First, I can't open programs from my desktop, like IE or Ad-Aware, or Real Audio. The system just hangs and the hourglass icon stares at me. CTL-ALT-DEL doesn't work...it either freezes the computer or I get an error message saying there is something wrong with the program and asking me to send a report to Microsoft. Second, there is no audio on the computer anymore. The files for all of the Windows sounds are missing -- there is no C:/WINDOWS/MEDIA folder anymore. Instead, in Control Panel, the icons for each sound show a path that begins with "%System Root%" and I get a message that the file can't be located. The same is true of all the other program sounds, for Real Audio, my anti-virus alerts, etc. (I checked and nothing is muted.) Finally, I noticed the Startup list after running "msconfig" shows a couple strange ".exe" files, for example, "Nye42.exe". This box is checked like all the others, and it says the location is in the C:/Windows folder, but I did a search for it and there is no such file found on my computer. I unchecked this from the Startup list, but the two problems noted above still exist. I'm afraid whatever got me really got me good and I have no idea how to recover from this. Any suggestions would be appreciated. I've done a web search (on my other computer) and reviewed the bulletin board threads. I think I've done everything I've read to get rid of the nasties, I just don't know how to restore the system to an operational mode. I am thinking of restoring the "System Restore" function and going back a month or so before I got whacked to do a System Restore at that point. Hopefully that will restore the sounds and functionality. It may also restore the viruses, but I may be able to delete them this time before they do permanent damage. I'd appreciate anyone's thoughts on what I can do or whether my plan even makes sense. Thanks in advance for your help. Tag: attacks on local port 1025 Tag: 55745
 - 23
 - security concern about using proxy I use proxy setting to browse webs in my IE. if I login the hotmail account and send the non-encrypted email,is there the risk that the content of email be captured by the proxy? Tag: attacks on local port 1025 Tag: 55744
 - 24
 - Is this OK? I installed Sygate Personal Firewall. Now it asks me the following: Win32Kernel core component (KERNEL32DLL) is trying to broadcast an ICMP Type 10 (Router Solicitation) packet to (224.0.0.2). Do you want to allow this program to access the network? When I look up the properties of this application it says it is a Microsoft program. My question is do I allow it access or is it some type of spyware? I hope someone can help answer this. Thank you Cheryl Tag: attacks on local port 1025 Tag: 55738
 - 25
 - Annoying webpages Some webpages keep loading up on IE. They ask me to install programs that are obviously malicious. This is off a clean install of XP. I was wondering if these webpages are as a result of spyware or such. If I get IE just to block the pages, it just crashes. Anybody got any solutions? Tag: attacks on local port 1025 Tag: 55725
- Next
 - 1
 - undeliverable Hot Mail Received from Service Manager;;undeliverable mail.with my e-mail address and an unknown name as sender. Tag: attacks on local port 1025 Tag: 55724
 - 2
 - question about cable and ad-aware Hi-simple question. My sister is switching to cable from her dialup-she has the free version of ad-aware from lavasoft- Are there any changes she needs to make at this point or does it not matter what type of connection one uses- Your help is appreciated. -- Thanks so very much for your help-! ! ! ! Tag: attacks on local port 1025 Tag: 55718
 - 3
 - Hi Jacking I need to know how to stop "Home Search" from hi jacking my home page. It also comes up as "hysnn.dll/index.html#12802". I've tried Add & Remove Programs and going into the registry but can't get it out of my system. Could someome PLEASE help me with this. Thanks for your time, rdb8899@hotmail.com Tag: attacks on local port 1025 Tag: 55717
 - 4
 - UPDATE: Internet Attack Slowing Down SOURCE: http://www.informationweek.com/story/showArticle.jhtml? articleID=22102178 A major Internet attack that installs hacker tools on users' systems is subsiding, security experts say. But more copycat attacks are possible in the days ahead. By George V. Hulme A widespread attack that targeted major E-commerce sites and secretly planted hacker tools on the computers of Internet surfers is subsiding, security experts say. Security experts estimate that thousands of Web sites were compromised in the past week. The attack, which may have begun as early as Sunday, didn't attract much attention until late Thursday evening when it was identified by Internet security firms. Most of the Web sites known to have been infected have been cleaned, security analysts say. Also, Internet service providers have blocked access to, or "black- holed," the Russian server that was planting the hacker tools on user PCs. Alfred Huger, senior director of engineering for Internet security firm Symantec Corp., says Web sites running Microsoft's Internet Information Services software version 5.0 were attacked and infected with a malicious JavaScript application. When Web surfers visited affected sites, their computers were subsequently infected through multiple vulnerabilities in Internet Explorer. Once a Web surfer's system was attacked by the malicious JavaScript application, the surfer's computer was connected to a server located in Russia and infected with hacker tools such as backdoors and keystroke loggers, which could be used to take control of the user's system or steal confidential information. While patches are available for most of the Internet Explorer vulnerabilities used in the attack, no patch is available for one of the flaws, commonly known as the ADODB vulnerability. It's still unclear how the attackers managed to successfully compromise Web servers running Microsoft's IIS software, security experts say. "It's something we're looking into," Huger says. It's possible, but unlikely, that systems running Microsoft IIS 5.0 software could have been attacked by a "zero-day" vulnerability, which is a new software flaw that's unknown and unpatched by software vendors, says Marcus Sachs, director, of The SANS Institute's Internet Storm Center. "That's the worst-case scenario," he says. Other possibilities include Web servers that administrators believed to have been patched but were not, or Web servers that could have been attacked through vulnerabilities unrelated to IIS 5.0. Security experts warn that future attacks are possible. "Others may attempt copycat attacks, especially if there is a zero-day attack in IIS," Sachs says. Major antivirus companies have updated their software to spot the malicious code downloaded to end-user systems in this attack. Microsoft is urging Web-site operators running Windows 2000 Server and IIS to apply a patch found in Microsoft Security Bulletin MS04-011. Microsoft has published a Web site with more information about this attack and the IIS and Internet Explorer vulnerabilities; it's located at www.microsoft.com/security/incident/download_ject.mspx. Tag: attacks on local port 1025 Tag: 55714
 - 5
 - Internet virus may target financial data Last Updated Fri, 25 Jun 2004 15:41:58 NEW YORK - Security experts are tracking a mysterious new internet virus that may help hackers steal personal data, including credit card information. The user's computer is infected with malicious code placed on normally trustworthy websites that use Microsoft's Internet Information Server (IIS). The infection is not substantially interfering with internet traffic, but there are concerns of it spreading because work is still under way to isolate the problem and find defences against it. Some experts suggest hackers are actually loading computers with software that allows pop-up ads and use the infected machine to spread unsolicited e-mail. The virus is being spread by hundreds, and possibly thousands, of infected websites. The "malware" code redirects browsers to Russian-based web servers. The infection appears to take advantage of three separate flaws in Microsoft products. Microsoft says it patched two of those flaws in April, but the company has not had time to fix the third problem. Experts recommend users update the antivirus software on their computers to immunize them against infected sites. Windows users should also turn up security settings on Microsoft's Internet Explorer browsers to the highest levels. SOURCE: http://www.cbc.ca/stories/2004/06/25/world/internet_virus04 0625 Tag: attacks on local port 1025 Tag: 55713
 - 6
 - PC Users Warned of Infected Web Sites By Brian Krebs washingtonpost.com Staff Writer Friday, June 25, 2004; 3:30 PM Computer security experts and the federal government are warning Internet users to take extra precautions when browsing the Web after an Internet attack seeded Web sites with programs that hackers can use to steal personal information. The attack is more dangerous than most, according to the government's US-CERT cybersecurity center, because it affects even computers that are running updated antivirus and firewall software. Infection is possible just by visiting affected Web sites, according to US-CERT, a division of the U.S. Department of Homeland Security. The attackers, whose identities are unknown, targeted a flaw in Web sites powered by Microsoft's Internet Information Server (IIS). The sites hit by the attack were programmed to redirect the Explorer browser to another Web site that contains code that hackers use to record what people type on their keyboards -- including data such as passwords, credit card and Social Security numbers. The code then e-mails that information back to the attackers. Computers that run Microsoft's Internet Explorer browsers are vulnerable to infection, according to US-CERT. The CERT alert said Internet Explorer users can protect themselves by turning off the "javascript" function in their browsers. Javascript is a computer language often used in building Web sites. The attack takes advantage of two recently discovered security flaws in Internet Explorer. Microsoft released a patch in April to fix one of the security holes; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago. CERT recommends that Internet Explorer users consider different browsers such as Mozilla Firefox, Netscape Communicator or Opera. For people who continue to use Internet Explorer, CERT and Microsoft recommend setting the browser's security setting to "high." Among the several Web sites hit were kbb.com, the Internet address of the Kelley Blue Book automobile pricing guide, and MinervaHealth, a health care financing company based in Jackson, Wyo. Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelley Blue Book removed the malicious code from its site by late Thursday afternoon. Jennifer Scharff, vice president of marketing for the company MinervaHealth, said some of the company's clients reported the problem on Thursday. The company has since fixed its site, she said. Scharff said no more than 50 visitors browsed the Web site during the time it was serving up the hostile code. In addition, at least one auction page on the eBay online auction site contained a photograph that links to an infected Web site, said Johannes Ullrich, chief technology officer for the Bethesda, Md.-based SANS Institute's Internet Storm Center. Ken Dunham, malicious code manager for Reston, Va.-based security company iDefense, said the attack bears the trademark signatures of the Hangup Group, a Russian hacker organization thought to be responsible for unleashing the recent "Korgo" worms. Korgo worms allow hackers to read what people are typing on their computers and scours infected PCs for other financial information. According to SANS, most large Internet service providers stopped forwarding Internet traffic to the Russian Web site that hosts the "keylogging" software. FBI spokesman Joe Parris declined to say whether the agency is investigating this particular attack. But Parris said hackers commonly use similar Trojan horse techniques. "We work closely with Microsoft in investigating matters of this type and always follow up on any information provided by industry," he said. Dunham and other security experts said they expect this kind of attack to become more widespread in coming weeks and months. "These guys have the tools, techniques and motivation to launch highly sophisticated attacks that are very difficult for consumers to protect themselves against," he said. "Whoever is responsible has just seen how well this attack works, and other (hacker groups) are almost surely going to take notice." Stephen Toulouse, a security program manager at Microsoft, said the company does not believe the attack is widespread. "Nonetheless, we view this is a very real threat, with serious significance in terms of the potential impact on our customers," he said. Toulouse said the company is gathering information on the attack and will hand it over to the FBI. Security experts said it is not yet clear which Microsoft vulnerability the attackers used to commandeer the Web sites. Ullrich said the culprit is a flaw in the way IIS processes secure login pages for Web sites that require users to enter a username and password. Microsoft released a patch for that flaw in April in a massive bundle of security fixes. Toulouse said that the proprietors for the majority of sites affected by the attack failed to install the patches. SOURCE: http://www.washingtonpost.com/wp- dyn/articles/A5524-2004Jun25.html Tag: attacks on local port 1025 Tag: 55712
 - 7
 - THANX 4 NOTHIN MICROISSOFT Web Virus May Be Stealing Financial Data Jun 25, 1:52 PM (ET) By ANICK JESDANUN NEW YORK (AP) - A mysterious Internet virus being spread Friday by hundreds and possibly thousands of infected Web sites may be aimed at stealing credit card and other valuable information, security experts warned. The infection appears to take advantage of three separate flaws with Microsoft Corp. (MSFT) products. Microsoft said software updates to fix two of them had been released in April, BUT THE THIRD FLAW WAS NEWLY DISCOVERED AND HAD NO PATCH TO FIX IT YET. Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn't substantially interfering with Internet traffic. Security experts at Microsoft and elsewhere worked Friday to pin down how the infection spreads across Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites - called Internet Information Server. The infection makes subtle changes to the Web site so visitors get a piece of code that's designed to retrieve from a Russian Web site software that records a person's keystrokes and can send data back, experts say. Such software "Trojan horses" are routinely used to fish for credit card numbers, bank accounts, passwords and the like. Now that the code is out, other hackers are likely to adapt it to distribute software for spamming and for launching broad Internet attacks against popular Web sites, said Alfred Huger, senior director of engineering at security company Symantec Corp. (SYMC) "Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. Computer Emergency Readiness Team warned in an Internet alert. Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their anti- virus and firewall programs. Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft's Internet Explorer browsers to the highest levels. Security experts noted that users can avoid the exploit by using alternative browsers such as Mozilla and Opera. Users could also turn off the "Javascript" feature on their Microsoft browsers, though doing so cripple functions on some sites. The infection does not affect Macintosh versions of Internet Explorer. Tag: attacks on local port 1025 Tag: 55706
 - 8
 - Contract work in delhi This is a multi-part message in MIME format. ------=_NextPart_000_007E_01C45B0C.3E5C2D60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi,=20 We have contract project/work in delhi and we are looking for "Subject = Matter Experts" in the following areas.=20 ------------------------------- Knowledge of the following fields:=20 - TCP/IP stack, especially Layer 2 and 3=20 - VPN, IPSEC=20 - Routing theory=20 - Routing protocols - OSPF, RIP, IGRP=20 - Unix networking utilities - netstat, ifconfig, arp, tcpdump, etc.=20 - RADIUS,LDAP=20 - Checkpoint=20 - HIgh availability technologies like- VRRP,- IP clustering=20 -------------------------------- Please email your profile and contact the below email for more = information. Regards=20 pvsp@ulmail.net ------=_NextPart_000_007E_01C45B0C.3E5C2D60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV> Hi, We have contract project/work in delhi = and we are=20 looking for "Subject Matter Experts" in the following areas. ------------------------------- Knowledge of the=20 following fields: - TCP/IP stack, especially Layer 2 and 3 - = VPN, IPSEC=20 - Routing theory - Routing protocols - OSPF, RIP, IGRP - = Unix=20 networking utilities - netstat, ifconfig, arp, tcpdump, etc. - = RADIUS,LDAP=20 - Checkpoint - HIgh availability technologies like- VRRP,- IP = clustering=20 -------------------------------- Please email your profile and contact the = below email=20 for more information. Regards <A=20 href=3D"mailto:pvsp@ulmail.net">pvsp@ulmail.net</A>    </DIV></BODY></HTML> ------=_NextPart_000_007E_01C45B0C.3E5C2D60-- Tag: attacks on local port 1025 Tag: 55699
 - 9
 - Internet Explorer Pop-Up This address takes over my "blank" setting on my "home" designation. It comes up as; res://gdqmj.dll/index.html#96676. Have deleted it many times in system 32, but it keeps coming back. Not only does it assign itself as my home page, but also causes numerous pop-ups such as: "looking-for" (Home Search, SearchExtender, Shopping Wizard, etc.). Any solutions would be appreciated Tag: attacks on local port 1025 Tag: 55696
 - 10
 - Internet Explorer hijacked?? I'm running WinXP Pro with IE version 6.0.2800.1106.xpsp2.030422-1633. All available critical updates have been installed for XP and IE. My problem is every so often when I click a hyperlink (from any app) or open IE, it opens to either a casino site or a porn site. I have Ad-Aware with the latest updates and I run Norton AV 9.05.15, but something seems to have slipped through the cracks any way. Does anyone know how I can detect and remove whatever it is that is taking over my pc? Thanks. Tag: attacks on local port 1025 Tag: 55695
 - 11
 - multiple explorer windows open randomly? Anyone remember the problem that causes Explorer to open a multiple # of windows randomly when booting up on XP? I've seen it before and can't remember the cause...thinking virus? Tag: attacks on local port 1025 Tag: 55689
 - 12
 - Event log access rights on Windows 2003 Hello, I have a COM object which allows an asp page reading a user defined event log (the account used to access the event log is the connected user's one.) When I store the page on IIS on a W2000 server, I can use it whathever user account I use. But if I store the page on IIS on w Windows 2003 server I get on error (Access denied) when I open the asp page with a user that does not belong to Domain Admins group. I want to know if there is a difference (in a security point of view) between IIS on Windows 2003 and IIS on Windows 2000. Thank you. Tag: attacks on local port 1025 Tag: 55688
 - 13
 - Detecting number of processors I want to add "number of processors" to my license control system. I know I can use Environment.GetEnvironmentVariable() to check for the environment variable NUMBER_OF_PROCESSORS, but I do not know how easy this might be to fake. Would I be better off using a Win32 sdk call to GetSystemInfo? Is there a better way? Which is more reliable? Which is more portable? Thanks! Tag: attacks on local port 1025 Tag: 55680
 - 14
 - Critical Update for Outlook Express I am running XP Pro SP1 and Outlook 2k SP3 (don't use OE). However, whenever I run Windows Update it tells me that I need to download a patch for Outlook Express (Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB837009) Do I need it? Edward -- The reading group's reading group: http://www.bookgroup.org.uk Tag: attacks on local port 1025 Tag: 55679
 - 15
 - Cat's Claw When on the internet, if closing a window, the IE crashes a window with the message "An unauthorised attempt to close Cat's Claw was ignored" The computer must then be re-booted. I cannot find any reference to this on the computer or on the internet - Microsoft, AVG, Norman, Symantec. Can anyone help as this is getting to be really annoying. Tag: attacks on local port 1025 Tag: 55677
 - 16
 - can't install winPatrol I have a Gateway 400 notebook with XP. When I try and install winPatrol I get an error message saying the InstallShield had a problem. Does anyone know how to install winPatrol in this configuration? Thanks, Bob Blum Tag: attacks on local port 1025 Tag: 55672
 - 17
 - Instant Access now on computer - how do we remove? In the past two days, an Instant Access shortcut appeared on our desktop and tries to dial up the internet. We cannot remove it using Add/Remove application without going to the porn site it defaults to. Any advice? Tag: attacks on local port 1025 Tag: 55666
 - 18
 - patch.exe I have received an email from security@microsoft.com with a patch.exe file. I have been getting an error message when I logon to my computer but I'm not sure the message came from Microsoft. Any hints or tips on what I should do? Tag: attacks on local port 1025 Tag: 55665
 - 19
 - Browser Hijackers This is a most insidious website: res://mshp.dll/index.html#37049 I have spent hours of my time trying to stop this website from hijacking my homepage. Have downloaded Spybot Search and Destroy, Spyblaster, NoAdware6 - and nothing seems to work. Does anybody have any suggestions on how to stop this website from hijacking my hompage; and also, would love to find out who is personally responsible for this website and where it originates. I would pay this person a visit - in the flesh. If you have any thoughts about how to get rid of this website, please email Al at apt@sev.org Thanks. al Tag: attacks on local port 1025 Tag: 55661
 - 20
 - RDC schedule i want to schedule Remote Desktop to start & stop at certain times. i.e. shut it down at 8pm. start it up at 9am every day. does anyone know the cmd command to run from batch file? Tag: attacks on local port 1025 Tag: 55660
 - 21
 - Attachments in email Is there any way I can view my attachments. I'm taking an online class and I receive emails with attatchments. BUt Outlook express deletes the attachement before I can read it. This is the message attached to the email "OE removed the following unsafe attachments in your email. But it is safe and I need to see it. HELP!!!! Tag: attacks on local port 1025 Tag: 55653
 - 22
 - Something Hosed? Whenever I'm on the net (both Explorer and Outlook Express), my system (XP) keeps wanting to invoke the Install Shield and load Excel (which I already have loaded). What file/files control this? Thanks in advance. ED Tag: attacks on local port 1025 Tag: 55652
 - 23
 - Hope this may be of some help to those with coolwebsearch issues Yesterday while surfing I noticed my modem clicking. I don't use the = modem for Internet connection I only use it for FAX service. Anyway I = knew something was wrong. In the Task Manager Windows 2000 this file = was running: dale.exe This file has no Version tab in properties and thus is suspect. It is = 27KB about the size of the NETSKY virus and variants. It has an = accompanying dll called 2.01.00.dll. The name is not important here. = It is a self-registering dll so yiou can remove its information from the = registry using this command in command prompt in the folder where it = resides (%SYSTEMROOT%\system32\services) regsvr32 /u 2.01.00.dll <ENTER> | OK <OK> That should be the very first step. Once that is done you can End the = Process of dale.exe in the Task Manager. But there is still a long way = to go before you've cleaned out this coolwebsearch hijack. Next get Merlin's CWShredder. That will fix the Windows Media Player 9 = whose executable is replaced by this worm. Also the other files in the = above services folder (which you should not have there) are: crontab.ini keywords.ini sl.ini titles.ini wmplayer.exe (the worm) You will also find the above executable called in the Registry in these = keys: HKCR\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run (remove the call to the executable on right) Also it infests win.ini. CWShredder will find that and take care of it. Still not done. At this point you have to make sure that your dllcache is replenished = with bona fide files. This is a smart worm and the developers have gone = to great lengths to make sure you overlook something. To replensish the = dllcache you insert your Windows 2000 (in my case) CD-ROM go to the = command prompt and type: sfc /purgecache /scannow The last switch is only necessary in Windows 2000 Professional. Now you have a new dllcache and you should be able to fire up the other = Spyware catchers you have: Adaware 6 BHODemon HijackThis Rebooting during this process when significant changes are made should = get everything back to normal. Oh I forgot. You also have to reinstall = Windows Media Player 9. If you are in XP I'm not sure what to do = here... And one last caveat. If you are using Windows 2000 SP3 then sfc will = break your system. You need to get qfecheck.exe and determine with that = what Hotfixes you need to reapply. Watch out for HTML Help breaking and = you might need to reinstall Windows Messaging if you use it. HTM someone. --=20 George Hester __________________________________ Tag: attacks on local port 1025 Tag: 55637
 - 24
 - email scanning norton not scanning/ zonealarm2 fault? On Mon, 14 Jun 2004 12:47:17 -0700, "Lz" <anonymous@discussions.microsoft.com> wrote: >I have norton 2004 - which i bought in march. >When sending email it used to scan outgoing and incoming >email. However now it does not.. >It still says that auto- protect is enabled and i did >the 'Eicar test txt file' and nav worked straight away >saying it was a high risk file and delete it immediately. >so why is it not scanning email or finding virus >attachments in my email like it used too? >i have done various online scans to check i dont have a >virus (just incase my antivirus was not working properly) >I have no viruses. > >has nav changed the way it works? >i used express live update daily. >When i used help and support (automatic)in >norton/symantec website >it says that i am running a older version of live update - > i only bought it a few months ago! then it asks me to >download the new live update but the page doesnt load (i >have 600k broadband). > >can anyone help me? >thanks reply /answer: Sorry no I can't - I have the same problem. I have noticed that as from about 2 wks ago Norton is no longer scanning my email either (Norton 2003 in my case). It says it IS scanning the email but it appears to be telling porkies because the little scan window no longer shows and for the first time in ages I have started receiving attachments from people I don't know (I can't be sure they're viruses because I am not opening them to find out, but it is odd). I've even tried completely re-installing Norton but the situation remains unchanged. The only thing I changed recently which might conceivably have an impact is that I updated my ZoneAlarm firewall to the latest version. This version monitors suspicious email code itself (although not viruses) AND monitors the AV software to make sure it is behaving itself and is up to date. Could this be causing some sort of invisible conflict? LiveUpdate still works and complete system scans appear to show the system remains uninfected. Adaware has done it's customary spring clean of dodgy data miners etc but basically also drawn a blank on anything seriously amiss. . Tag: attacks on local port 1025 Tag: 55634
 - 25
 - spy ware I get the little "eye" icon on my lower tool bar. Last week I was infested with the spam of the world trying to get me to purchase a spy blocker. It caused everything to go bonkers. I had to finally restore my hard drive. Is there anything I can do to block this from my pc without purchasing a program. If not please recommend one that is a valid and trustworthy company. thanks Tag: attacks on local port 1025 Tag: 55633

I use XP Home and noticed on several occasions attacks on local port 1025. On this port svchost.exe is listening (TCP). These attackers manage somehow to establish an incoming connection on this port using PASV FTP. Luckely I deny inbound traffic for svchost.exe if it's using PASV FTP. In my firewall log I can see these attackers have rather exotic ip's as 220.168.167.245 (CHINANET HUNAN PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I suggest if someone notices similar inbound traffic on local port 1025 to report it here. It could be that there's someone outthere exploiting a system vulnurability.

Top

Re: attacks on local port 1025 by jeff

jeff
Sun Jun 27 15:45:06 CDT 2004

On Sat, 26 Jun 2004 23:52:01 -0700, "Erwin Michiels"
<ErwinMichiels@discussions.microsoft.com> wrote:

>I use XP Home and noticed on several occasions attacks on local port 1025. On this port svchost.exe is listening (TCP). These attackers manage somehow to establish an incoming connection on this port using PASV FTP. Luckely I deny inbound traffic for svchost.exe if it's using PASV FTP. In my firewall log I can see these attackers have rather exotic ip's as 220.168.167.245 (CHINANET HUNAN PROVINCE NETWORK) and 219.145.23.169 (CHINANET SHANXI PROVINCE NETWORK). I suggest if someone notices similar inbound traffic on local port 1025 to report it here. It could be that there's someone outthere exploiting a system vulnurability.

First, why isn't your firewall blocking this? Second, port 1025 is a
common port used for many access reasons, and FTP is one of those.
Third, port 1025 is an often used port for a number of scripted attack
vectors, usually a compromised system that has had ServU installed.

Jeff

Top

Re: attacks on local port 1025 by ErwinMichiels

ErwinMichiels
Sun Jun 27 18:26:01 CDT 2004

My firewall (Agnitum Outpost) is blocking this inbound traffic when svchost.exe uses PASV FTP (TCP) on port 1025 and a range of others. Nevertheless my firewall logs the connection request ("attack") on port 1025 (TCP) and also the attempted inbound connection with svchost.exe using PASV FTP on the same port. As written in my first post my firewall then denies the request. My point is that SVCHOST.EXE ALLOWS THIS INBOUND TRAFFIC on port 1025. So this is a system vulnurability. I doubt this is caused by a trojan having called home or some other virus. I run a fully patched system checked with MBSA, a firewall checked with grc.com (fully stealthed), an up-to-date anti-virus application and an up-to-date spyware blocker. If this is caused by a virus of some kind it has to be completely new. But I will look into ServU. Thank you for the suggestion.

"Jeff Cochran" wrote:

> First, why isn't your firewall blocking this? Second, port 1025 is a
> common port used for many access reasons, and FTP is one of those.
> Third, port 1025 is an often used port for a number of scripted attack
> vectors, usually a compromised system that has had ServU installed.
>
> Jeff

Top

Re: attacks on local port 1025 by jeff

jeff
Mon Jun 28 09:40:51 CDT 2004

On Sun, 27 Jun 2004 16:26:01 -0700, "Erwin Michiels"
<ErwinMichiels@discussions.microsoft.com> wrote:

>My point is that SVCHOST.EXE ALLOWS THIS INBOUND TRAFFIC on port 1025. So this is a system vulnurability.

SVCHOST doesn't allow or deny traffic on any ports. SVCHOST is a
generic name, used to indicate any process running from a DLL. Try
this to see what the real process might be:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;314056

Jeff

Top