I was wrond, the problem is still present, don't know what to do???
I was wrond, the problem is still present, don't know what to do???
So, what ELSE have *you* done?
- Have you ran a FULL scan with a recently updated anti-virus program?
- Have you used BHO Demon to see what BHOs are installed in IE?
- Have you used msconfig.exe or Mike Lin's Startup applet to disable
startup programs, reboot, and check if the problem continues?
- Have you disabled all non-critical NT services?
- Have you booted into Safe mode (with networking)?
- If you disable the rules you defined to block the connection, does
your firewall popup an alert saying what program is trying to make an
outbound connection (and let you select to block, permit, or manual
configure a rule for it)? If so, that might itself identify the culprit
program. If it is svchost.exe then an NT service is making the
connection, so you need to stop all non-critical NT services and restart
them one by one to see which one attempts the connection.
- SysInternal's TCPview (free) might indicate who owns the local port
through which the communication is moving.
- Use Task Manager to see what processes are running. Then go hunting
for those executables to see where they are. Right-click on them and
look under the Version tab to see if there is any identifying
information as to its maker and its use.
--
__________________________________________________ __________
"Albert_Hall" <dcosic@net.hr> wrote in message
news:blm4ou$4ll$1@bagan.srce.hr...
> I was wrond, the problem is still present, don't know what to do???
>
>
Did all that except nt services. Firewall says that IE is trying to connect
to that IP's. Gonna try the services part. Thanx
"Vanguard" <no-email@post-reply-in-newsgroup.nix> wrote in message
news:Q2Bfb.36209$%h1.24415@sccrnsc02...
> So, what ELSE have *you* done?
>
> - Have you ran a FULL scan with a recently updated anti-virus program?
>
> - Have you used BHO Demon to see what BHOs are installed in IE?
>
> - Have you used msconfig.exe or Mike Lin's Startup applet to disable
> startup programs, reboot, and check if the problem continues?
>
> - Have you disabled all non-critical NT services?
>
> - Have you booted into Safe mode (with networking)?
>
> - If you disable the rules you defined to block the connection, does
> your firewall popup an alert saying what program is trying to make an
> outbound connection (and let you select to block, permit, or manual
> configure a rule for it)? If so, that might itself identify the culprit
> program. If it is svchost.exe then an NT service is making the
> connection, so you need to stop all non-critical NT services and restart
> them one by one to see which one attempts the connection.
>
> - SysInternal's TCPview (free) might indicate who owns the local port
> through which the communication is moving.
>
> - Use Task Manager to see what processes are running. Then go hunting
> for those executables to see where they are. Right-click on them and
> look under the Version tab to see if there is any identifying
> information as to its maker and its use.
>
>
> --
> __________________________________________________ __________
> "Albert_Hall" <dcosic@net.hr> wrote in message
> news:blm4ou$4ll$1@bagan.srce.hr...
> > I was wrond, the problem is still present, don't know what to do???
> >
> >
>
>
Hi Albert - From your description it's difficult to be sure just what you
got into, and therefore to prescribe any specific actions. Do the following:
Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt
Go to Spyware and Hijackware Removal Support, here:
http://www.spywareinfo.com/forums/in...74&act=SF&f=11
Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:bln9df$onh$1@bagan.srce.hr,
Albert_Hall <dcosic@net.hr> typed:
> Did all that except nt services. Firewall says that IE is trying to
> connect to that IP's. Gonna try the services part. Thanx
> "Vanguard" <no-email@post-reply-in-newsgroup.nix> wrote in message
> news:Q2Bfb.36209$%h1.24415@sccrnsc02...
>> So, what ELSE have *you* done?
>>
>> - Have you ran a FULL scan with a recently updated anti-virus
>> program?
>>
>> - Have you used BHO Demon to see what BHOs are installed in IE?
>>
>> - Have you used msconfig.exe or Mike Lin's Startup applet to disable
>> startup programs, reboot, and check if the problem continues?
>>
>> - Have you disabled all non-critical NT services?
>>
>> - Have you booted into Safe mode (with networking)?
>>
>> - If you disable the rules you defined to block the connection, does
>> your firewall popup an alert saying what program is trying to make an
>> outbound connection (and let you select to block, permit, or manual
>> configure a rule for it)? If so, that might itself identify the
>> culprit program. If it is svchost.exe then an NT service is making
>> the connection, so you need to stop all non-critical NT services and
>> restart them one by one to see which one attempts the connection.
>>
>> - SysInternal's TCPview (free) might indicate who owns the local port
>> through which the communication is moving.
>>
>> - Use Task Manager to see what processes are running. Then go
>> hunting for those executables to see where they are. Right-click on
>> them and look under the Version tab to see if there is any
>> identifying information as to its maker and its use.
>>
>>
>> --
>> __________________________________________________ __________
>> "Albert_Hall" <dcosic@net.hr> wrote in message
>> news:blm4ou$4ll$1@bagan.srce.hr...
>>> I was wrond, the problem is still present, don't know what to do???
In article <bln9df$onh$1@bagan.srce.hr>, "Albert_Hall" <dcosic@net.hr> wrote:
>Did all that except nt services. Firewall says that IE is trying to connect
>to that IP's. Gonna try the services part. Thanx
As an aside, the best spot to find out which (NT & XP) services
to enable and disable is:
www.blackviper.com
Regards,
In article <blm4ou$4ll$1@bagan.srce.hr>, Albert_Hall wrote:
> I was wrond, the problem is still present, don't know what to do???
Isn't there anything for Windows that can tell you *what* is trying to make
that connection? I'd expect some of the firewall products to be able to do
that.
It would be fairly easy for anyone who knows how to write Windows LSPs to
write one that watches for connections to a specific IP address or range of
IP addresses, and then reports what task is trying to make that connection,
so I'd be very surprised if there isn't something free out there to do this
already.
--
Evidence Eliminator is worthless. See evidence-eliminator-sucks.com
--Tim Smith
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote