19-11-2004, 09:33 PM | #1 | ||
Join Date: Sep 2004
Location: Valleyfield, Canada
Posts: 4,892
|
Today I noticed that my cable modem is allowing traffic coming from or to my PC without having programs running which would attemp to connect to the internet.
I checked in my ZoneAlarm archive and noticed that the "Spooler Subsystem App" tryied to connect to the internet 48 times today only, and it's the first day whatsoever that this program try to connect to the internet. A little search on yahoo lead me to think that the "Spooler Subsystem App" is commonly used by Windows when printers try to access a network or a wireless network. The main problem is that I don't have any printers installed or even pluged on this computer, and I have no networks installed either. I ran my usual anti-spyware and malware programs along with my anti-virus but none of them found something revelant. Any help on the matter will be really helpfull. I don't really know how to search deeper than what I already do right now. |
||
|
|
20-11-2004, 02:57 PM | #2 | ||
Join Date: Jun 2004
Location: Jan Mayen, Svalbard and Jan Mayen
Posts: 2,167
|
do you have printer/drive sharing active ?
__________________
Flowing with the stream of life |
||
|
|
20-11-2004, 05:48 PM | #3 | ||
Join Date: Sep 2004
Location: Valleyfield, Canada
Posts: 4,892
|
Not to my knowledge. And even so it would not explain why the program tryied to connect to the internet yesterday for the first time ever.
|
||
|
|
20-11-2004, 09:22 PM | #4 | ||
Join Date: Oct 2003
Location: Shella, Kenya
Posts: 1,578
|
It is very likely you have been infected with something. As long as your firewall keeps blocking whatever it is though your OK for now. Try and update all your anti spyware and especially your Anti Virus programs and look again.
__________________
Rabyd Rev -- 2 Timothy 2:15 |
||
|
|
20-11-2004, 11:38 PM | #5 | ||
Join Date: Sep 2004
Location: Valleyfield, Canada
Posts: 4,892
|
I already did that Picard. And it seems that what infected my computer try to connect to the internect even before my normal programs load, i.e. in the screen I need to choose which user will log in. I can see it with my cable modem that my computer try to access internet. But nothing's loaded yet! :angry:
I checked my ZA today and noticed that, in the last 300 alerts, 90%+ of those alerts have the same destination DNS: PROPRI-DHXNAFLL Perhaps this would mean something to someone here. My neighbor suggested me to borrow his Norton System Works... I am wondering if it would be good to do so. Especially since I'm not sure I'll find something in the first place, especially if it's a virus of some sort. |
||
|
|
21-11-2004, 07:00 AM | #6 | ||
|
Got to the Start-button, select Run and type in: Msconfig.
There go to Systemstart-tab or similar named one, the tab where programs are about to load at system start. Now you can see there which programs are loaded at systemstart. Be careful what you turn off, some are needed and if Windows doesn't run after you unchecked them and clicked on OK, start it in the debug-mode and turn the things again on, only one per time. If you see some unusual name there that is loaded, something like 49384msload.exe or similar, this would be the suspected Nr. 1. You can then first try to check it off, then if Windows starts normal still, search your HD and delete this file. You might need to turn off in the Windows Explorer the option "Fade out protected system files" under the middle tab first, because the program may hide itself as a system + hidden file. Also be sure that the option "Show contents of system folders" under the above mentioned option is turned on too. Good luck (goddamned hackers)! |
||
|
|
21-11-2004, 07:47 AM | #7 | ||
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 963
|
If you're worried about viruses or spyware, I found a forum today that specialises in ridding computers of both. They have a step-by-step guide and links to four great free programs. You can also post a log result in the forum and their members can tell by looking at it if you've got any problems in your computer system.
http://www.webuser.co.uk/cgi-bin/forums/sh...sb=5&o=93&part= Good luck! |
||
|
|
21-11-2004, 08:27 AM | #8 | ||
Join Date: Sep 2004
Location: Valleyfield, Canada
Posts: 4,892
|
Thanks you two, I'll check both of this tomorrow.
|
||
|
|
22-11-2004, 04:25 PM | #9 | ||
Join Date: Nov 2004
Location: Oklahoma City, United States
Posts: 1,128
|
Quote:
Of course, if that name resolves to some external machine, you should block it on principle.
__________________
Today is a good day for pie. |
||
|
|
22-11-2004, 04:33 PM | #10 | ||
Join Date: Nov 2004
Location: Afrim, Albania
Posts: 2,113
|
I would sugest you to get SPYBOT or/and AdAware, as you can use it to protect PC, IE, and to make sure nobody is messing with your registry and host file.
If you already using latest ZA, then your computer is safe from attacks from outside (but not if uou install some spy/ad stuff) and SPYBOT and AdAware will clean and secure your computer. A lot of the trafic I got is some robots trying to infect me with MS SQL worm. But in my case, my computer firewall is second in the chain of protection, as I'm using IPCop as firewall (an old computer acting as firewall) or router (with forward ports turned off). If anybody like to know more about IP cop, let me know. |
||
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Too much eprsonal information is required in edit | peace01 | Old Suggestions | 54 | 25-07-2008 04:21 PM |
Translation Assistancer Required | Caged | Blah, blah, blah... | 7 | 27-07-2006 01:46 PM |
|
|
||
  |