Who is This?????

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dabwid

Thread Starter
Joined
Aug 3, 2003
Messages
209
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: USNetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: [email protected]

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2003-10-02 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

My firewall has blocked aprox. 50 attempts today from this address. My computer talks to it with C:\Windows\System32\ntoskml.exe
 

dabwid

Thread Starter
Joined
Aug 3, 2003
Messages
209
Trend Micro Online scan comes up clean. Panda makes IE stop running. I am using Avast V4.1 Home Edition. It comes up clean. I am using Sygate Personal Firewall 5.1.
Here is my Hijack log:

Logfile of HijackThis v1.97.2
Scan saved at 5:56:24 PM, on 10/3/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\JonathanGrimes\Simply Transparent 7\SimplyTransparent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Find-a-Drug\server.exe
C:\Program Files\Find-a-Drug\think.exe
C:\Program Files\Find-a-Drug\tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Documents and Settings\All Users\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SaveWealth
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - Global Startup: Simply Transparent.lnk = C:\Program Files\JonathanGrimes\Simply Transparent 7\SimplyTransparent.exe
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: think.lgo
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.9108680556
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
 
Joined
Apr 2, 2002
Messages
5,933
IANA is a 'legit' organisation http://www.iana.org/ and I can't imagine why it should want to access your machine.

Ntoskml.exe appears to be a Windows NT file, is that your OS? Have you run an antivirus scan lately and which port does your firewall claim is being attacked, or at least contacted, by IANA?

I suppose it is possible that some hacker/cracker has somehow managed to 'spoof' IANA's address in some way (because it is so 'respectable' and trustworthy) but I don't know how that could be done.

Sorry I can't be of much help. Perhaps you could try contacting IANA and see what they say about your firewall's findings.
 

dabwid

Thread Starter
Joined
Aug 3, 2003
Messages
209
Found two virus,
win32:kuang C:\windows\system\activescan\imscan.dll
win95:matyas C;windows\system\activescan\pav.sig
Found with Avast4.1 Home Edition, TrendMirco missed them.
 
Joined
Sep 27, 2002
Messages
867
I just wonder since you tried the Panda ActiveScan, if those are some of Panda ActiveScan files that Avast is picking up.



Note down at the bottom of this web page/

http://www.pcpitstop.com/safe.asp

Pav.dll the AntiVirus ActiveX control, shows up as AV Class. Imscan.dll, the AntiVirus scanning engine, apvxdut.vxd, the AntiVirus virtual device driver and PAV.SIG, the AntiVirus signature file, are all found in the Windows\System directory.
 

dabwid

Thread Starter
Joined
Aug 3, 2003
Messages
209
Avast off still can not scan. Firewall also off still get IE error. The file for the active scan had not been accessed since 9/10/03, I have ran several scan since then. I wonder why it just showed up today? Is that file safe to delete?
 
Joined
Sep 27, 2002
Messages
867
dabwid,

I've tried three times to use Panda's online scan and it has failed to download all three times for me also.

It gets down to the last little bit, then I get an error on page.
 

dabwid

Thread Starter
Joined
Aug 3, 2003
Messages
209
I have tried to disable firewall and virus protection and I still can not get Panda to work. I get a password window with no clue as what the password is, none of mine work. I have tried a couple other ones and they work fine.
 

dabwid

Thread Starter
Joined
Aug 3, 2003
Messages
209
Why does it not show up on all the scans I have done. I have done four different virus scans and nothing has shown up.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top