1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

attack

Discussion in 'Virus & Other Malware Removal' started by jm100dm, Jan 26, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    My Visualzone is growing wildly. Even when not connected it keeps recording several hits every minute. Any suggestions. Spybot found nothing. Running a current virus check as I type.
    The hits seem like the same ones over and over again with time ranges of 1:00 to now.

    Over 5000 hits in the past 10 minutes.

    Jm100dm
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Thats the idea of running a firewall, (which you must be to use VisualZone) to protect your computer's internet traffic. Anything you see in a firewall log is what your firewall has stopped already.
     
  3. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    Thanks

    But it keeps replicating. Even if not connected.

    I delete the logs and start with nothing in any of them. File is recreated empty and within minutes there are hundreds again.

    Heres a sample of the log. The times are sporatic and repeating.
    Is tvdebug.log a valid file in windows\internet logs ?

    FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
    FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
    FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
    FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
    FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
    FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
    FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
    FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
    FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
    FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
    FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
    FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
    FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
    FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
    FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
    FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
    FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
    FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:25:08 -5:00 GMT,219.155.218.180:1073,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:23:26 -5:00 GMT,62.150.81.204:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:16:42 -5:00 GMT,80.249.193.54:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:07:46 -5:00 GMT,210.54.106.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:03:34 -5:00 GMT,61.216.128.212:62903,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:02:36 -5:00 GMT,12.158.109.129:62133,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:54 -5:00 GMT,68.164.86.38:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:00:30 -5:00 GMT,200.204.181.16:1028,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:51:10 -5:00 GMT,68.155.35.67:61000,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:48 -5:00 GMT,213.156.54.138:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:34 -5:00 GMT,65.57.56.5:1027,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:40:28 -5:00 GMT,80.15.68.165:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:38:32 -5:00 GMT,63.196.58.254:33077,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:54 -5:00 GMT,64.154.184.135:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:37:04 -5:00 GMT,67.85.13.132:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:19:30 -5:00 GMT,211.254.167.203:1037,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:13:20 -5:00 GMT,67.69.252.117:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,16:00:54 -5:00 GMT,81.91.224.182:1029,151.201.38.252:137,UDP
    FWIN,2003/01/26,15:06:42 -5:00 GMT,151.197.52.212:1032,151.201.40.155:137,UDP
    FWIN,2003/01/26,13:51:08 -5:00 GMT,81.130.162.61:34245,151.201.40.116:137,UDP
    FWIN,2003/01/26,19:29:54 -5:00 GMT,198.63.245.120:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:06 -5:00 GMT,202.183.182.8:1030,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:02 -5:00 GMT,151.201.41.189:1029,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:23:00 -5:00 GMT,151.201.41.189:1026,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:36 -5:00 GMT,151.201.41.189:1027,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:32 -5:00 GMT,151.201.41.189:1025,151.201.41.91:137,UDP
    FWIN,2003/01/26,19:22:30 -5:00 GMT,151.201.41.189:1028,151.201.41.91:137,UDP
    FWIN,2003/01/26,18:37:10 -5:00 GMT,65.69.221.126:1026,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:27:48 -5:00 GMT,219.162.176.186:33239,151.201.38.252:137,UDP
    FWIN,2003/01/26,18:12:52 -5:00 GMT,200.75.194.216:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:48:30 -5:00 GMT,209.99.229.31:1032,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:20 -5:00 GMT,24.112.27.33:1025,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:47:18 -5:00 GMT,67.41.89.148:16989,151.201.38.252:137,UDP
    FWIN,2003/01/26,17:31:00 -5:00 GMT,212.20.111.50:1024,151.201.38.252:137,UDP
     
  4. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    ---------- C:\WINDOWS\desktop\StartUp.Log

    Start-Ups checked at 01-26-2003 8:33:00.46p
    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log for Windows 95/98 - Freeware by rmbox
    __________________________________________________________________________
    __________________________________________________________________________

    Comments:

    This is a log of all the programs on your computer that
    are starting automatically every time you start Windows.
    Using this log can be a quick way to spot trojans.

    StartUp Log (version 1.56) - Release Date 3/11/2002

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NORTON~1\\NAVAPW32.EXE /LOADQUIET"
    "RegProt"="c:\\regprot\\regprot.exe /start"
    "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
    "Norton eMail Protect"="C:\\PROGRAM FILES\\NORTON SYSTEMWORKS\\NORTON ANTIVIRUS\\POProxy.exe"
    @=""


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]


    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file

    run=

    load=

    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    SET BLASTER=A220 I7 D1 H5 P330 T6
    SET SBPCI=C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV
    rem - By Windows 98 Network for Netware Upgrade - C:\WINDOWS\lsl.com
    SET CLASSPATH=c:\adobe\AdobeConnectables
    @ECHO OFF
    rem
    rem *** DO NOT EDIT THIS FILE! ***
    rem
    rem This file was created by the System Configuration Utility as
    rem a placeholder for your AUTOEXEC.BAT file. Your actual
    rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.
    rem

    PATH C:\BITWARE\

    rem - By Windows 98 Network for Netware Upgrade - C:\WINDOWS\odihlp.exe


    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    C:\WINDOWS\Start Menu\Programs\StartUp\CapsLockOff.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\Taskmon.lnk

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder

    C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm.lnk

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

    "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -=========================-
    HKU (.Default) Run - Registry
    -=========================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]


    -==============================-
    HKU (.Default) RunOnce - Registry
    -==============================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    -================================-
    StubPaths - Registry (Partial Listing)
    -================================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
    "StubPath"=""
    "StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
    "OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:WIN9X /user /install"
    "RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
    "OldRealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
    "StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

    -=================-
    DOSSTART.BAT File - (c:\windows\dosstart.bat)
    -=================-


    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

    REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
    C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
    C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV\SBINIT



    -=================-
    WININIT.BAK File - (c:\windows\wininit.bak)
    (name) (type) (size)(modified)(time)
    wininit bak 44 01-22-03 11:48a
    -=================-

    [Rename]
    NUL=C:\WINDOWS\TEMP\A~NSISU_.EXE
    -=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-

    SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\EROTIC~1.SCR

    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    TMP=C:\WINDOWS\TEMP
    TEMP=C:\WINDOWS\TEMP
    winbootdir=C:\WINDOWS
    COMSPEC=C:\WINDOWS\COMMAND.COM
    CLASSPATH=c:\adobe\AdobeConnectables
    PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\BITWARE\
    windir=C:\WINDOWS

    File - c:\windows\Wininit.bak
    File - c:\windows\deletefi.ini

    ==========================================================================
    __________________________________________________________________________

    - End -
     
  5. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    Got it to stop. Not sure how but I had down loaded some bios updates earlier and may have caused this myself. After deleting the files and clearing the logs it stopped. I'll leave the bios alone for now.

    Also unchecked the open box in msconfig and restarted. See attachment. Any ideas what this is?

    Will check back tomorrow.

    jm100dm
     

    Attached Files:

  6. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Which one were you wondering about?
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    This might have been the culprit: Perhaps even though you are not running SQL server....your ISP might be and you were getting intrusions through an accessed server. It says a lot of major ISPs got hit....http://www.eweek.com/article2/0,3959,845164,00.asp
     
  8. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    If you will notice the only port they are hitting is 137 which is open if you have NetBIOS bound to your NIC or file and printer sharing enabled. You also appear not to have a static IP address so don't worry too much....shut off file and printer sharing tho.
     
  9. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Yes, it is only port 137. Probably someone doing random scans looking to hack over NetBIOS, or for un-password protected fileshares.
     
  10. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    There was a box with nothing to the right of it. In regedit under run- the data for default was " ",so I deleted the key and now the box is gone. And default is (value not set). Shortened my msconfig too.

    I didn't know that file share was open. Quick refresher - where do I change the setting?

    Thanks
    jm100dm
     

    Attached Files:

  11. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Network control panel, Windows Logon, File & Print Sharing.
     
  12. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    Thanks and it was set not to share.

    Goodnight all

    jm100dm
     
  13. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    OK then all is well.
    G'night.
     
  14. jm100dm

    jm100dm Thread Starter

    Joined:
    May 26, 1999
    Messages:
    994
    This just does not seem right to me. My ZALog is now 18.658mb. I downloaded hijackthis and ran it but am clueless as to how to read it. Does anyone see anything that could be causing my problem. Thanks for any help with this.

    Jm100dm

    Logfile of HijackThis v1.91.2
    Scan saved at 7:12:09 PM, on 1/28/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://home.netscape.com/home/winsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.americasbest.com/danscripts/jokeoftheday.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://home.netscape.com/home/winsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Access4Free
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://keyword.netscape.com/keyword/%s
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
    O4 - Startup: CapsLockOff.lnk = C:\unzipped\CapsLockOff1\CapsLockOff.exe
    O4 - Startup: Taskmon.lnk = C:\WINDOWS\TASKMON.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &2 Customize Menu - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComCustomIEMenu.html
    O8 - Extra context menu item: &7 Fill Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComFillForms.html
    O8 - Extra context menu item: &8 Save Forms - res://C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll/ComSavePass.html
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
    O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: RF Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
    O9 - Extra button: Fill Forms (HKLM)
    O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
    O9 - Extra button: Save (HKLM)
    O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.americangreetings.com/cnp/Install/AxCtp.cab
    O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} (VoilaXctl Class) - http://www.belarc.com/Programs/advisor.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
    O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/coloring/Coloring.ocx
    O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.broderbund.com/Plugin/3DGreetings/vroom.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37641.1581365741
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\SYSTEM\EBKP.DLL
     

    Attached Files:

  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/115462

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice