Unknown svchost.exe DNS port 53 network activity

[Gabriele Neukam]

On this special day, David H. Lipman wrote :

> If you are using any version of Sun Java that is prior to JRE Version 6.0,
> then you are strongly urged to remove any/all versions.

You should replace the six with a nine or ten.

http://sunsolve.sun.com/search/docum...=1-26-102729-1
http://sunsolve.sun.com/search/docum...=1-26-102731-1
http://sunsolve.sun.com/search/docum...=1-26-102732-1

are the newest alerts by Sun.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

--
Bei Windows haut man raus was man nicht braucht.
Bei Linux haut man rein was man braucht.
(René 'vollmi' Vollmeier in de.comp.security.misc)

[David H. Lipman]

From: "Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de>

| On this special day, David H. Lipman wrote :
|
>> If you are using any version of Sun Java that is prior to JRE Version 6.0,
>> then you are strongly urged to remove any/all versions.
|
| You should replace the six with a nine or ten.
|
| http://sunsolve.sun.com/search/docum...=1-26-102729-1
| http://sunsolve.sun.com/search/docum...=1-26-102731-1
| http://sunsolve.sun.com/search/docum...=1-26-102732-1
|
| are the newest alerts by Sun.
|
| Gabriele Neukam
|
| Gabriele.Spamfighter.Neukam@t-online.de
|

I'm sorry Gabriele but Sun is f'd up and confusing.

v6 is the latest and based upon ALL the problems with Sun not being forthcoming with
Vulnerability statements, v6 is the suggested version. It is a complete re-write.

In the middle of the following page...
"Java Runtime Environment (JRE) 6"
http://java.sun.com/javase/downloads/index.jsp

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Raffi]

David H. Lipman wrote:
> From: "Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de>
>
> | On this special day, David H. Lipman wrote :
> |
> >> If you are using any version of Sun Java that is prior to JRE Version 6.0,
> >> then you are strongly urged to remove any/all versions.
> |
> | You should replace the six with a nine or ten.
> |
> | http://sunsolve.sun.com/search/docum...=1-26-102729-1
> | http://sunsolve.sun.com/search/docum...=1-26-102731-1
> | http://sunsolve.sun.com/search/docum...=1-26-102732-1
> |
> | are the newest alerts by Sun.
> |
> | Gabriele Neukam
> |
> | Gabriele.Spamfighter.Neukam@t-online.de
> |
>
> I'm sorry Gabriele but Sun is f'd up and confusing.
>
> v6 is the latest and based upon ALL the problems with Sun not being forthcoming with
> Vulnerability statements, v6 is the suggested version. It is a complete re-write.
>
> In the middle of the following page...
> "Java Runtime Environment (JRE) 6"
> http://java.sun.com/javase/downloads/index.jsp
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

I did have older versions of JRE, J2SE and J2ME SDK and uninstalled
them as well as deleting all related folders. The problem is still
there.

As I mentioned before, I have run a few anivirus and antispyware
programs both in normal and safe mode and they haven't identified any
issues. Of course all software were properly updated before running.

At this poing I'm starting to consider reinstalling Windows XP.

Raffi

[David H. Lipman]

From: "Raffi" <thegrizzzly@yahoo.com>

|
| I did have older versions of JRE, J2SE and J2ME SDK and uninstalled
| them as well as deleting all related folders. The problem is still
| there.
|
| As I mentioned before, I have run a few anivirus and antispyware
| programs both in normal and safe mode and they haven't identified any
| issues. Of course all software were properly updated before running.
|
| At this poing I'm starting to consider reinstalling Windows XP.
|
| Raffi

Replacing Sun Java was NOT part of the solution for you.

Since there are so many vulnerabilities in older version, upgrading and replacing them with
the latest version will help mitigate malware which may exploit those vulnerablities and
help prevent future problems.

Plaese run the anti malware scans and software I suggested.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Raffi]

David H. Lipman wrote:
> From: "Raffi" <thegrizzzly@yahoo.com>
>
> |
> | I did have older versions of JRE, J2SE and J2ME SDK and uninstalled
> | them as well as deleting all related folders. The problem is still
> | there.
> |
> | As I mentioned before, I have run a few anivirus and antispyware
> | programs both in normal and safe mode and they haven't identified any
> | issues. Of course all software were properly updated before running.
> |
> | At this poing I'm starting to consider reinstalling Windows XP.
> |
> | Raffi
>
> Replacing Sun Java was NOT part of the solution for you.
>
> Since there are so many vulnerabilities in older version, upgrading and replacing them with
> the latest version will help mitigate malware which may exploit those vulnerablities and
> help prevent future problems.
>
> Plaese run the anti malware scans and software I suggested.
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

I'll run all the scans you suggested later today and post the results.

Raffi

[Raffi]

Raffi wrote:
> David H. Lipman wrote:
> > From: "Raffi" <thegrizzzly@yahoo.com>
> >
> > |
> > | I did have older versions of JRE, J2SE and J2ME SDK and uninstalled
> > | them as well as deleting all related folders. The problem is still
> > | there.
> > |
> > | As I mentioned before, I have run a few anivirus and antispyware
> > | programs both in normal and safe mode and they haven't identified any
> > | issues. Of course all software were properly updated before running.
> > |
> > | At this poing I'm starting to consider reinstalling Windows XP.
> > |
> > | Raffi
> >
> > Replacing Sun Java was NOT part of the solution for you.
> >
> > Since there are so many vulnerabilities in older version, upgrading and replacing them with
> > the latest version will help mitigate malware which may exploit those vulnerablities and
> > help prevent future problems.
> >
> > Plaese run the anti malware scans and software I suggested.
> > --
> > Dave
> > http://www.claymania.com/removal-trojan-adware.html
> > http://www.ik-cs.com/got-a-virus.htm
>
> I'll run all the scans you suggested later today and post the results.
>
> Raffi

OK, I downloaded and ran all the software. While Ad-Aware was running I
get a warning from AntiVir that it had found a virus called
Run_it_xxx.exe. I deleted it. Other than that, they came up with a few
minor viruses on some files that have been on my PC for ever. I
quarantined them. I also made sure I have all the Windows security
updates, and I do except for a RAID driver. I also upgraded to IE 7
just to be sure. The problem still persists.

I installed a program called Prevx1 which seems to be a nice program.
It tells you when an application starts ends etc. Every time I
disconnect and reconnect the network connection, it tells me that a
program called MOBSYNC.EXE has started. I'm not sure if this is
related.

Also, the network connection seems to be active only at certain times
and inactive otherwise. When it's active it goes like crazy. I'm
suspicious that the PC is being used for DOS attacks or SPAM etc.

I'm still at a loss and any help will be appreciated. The only way I
can fight this is by unplugging the network connection.

Also, I recently configured reverse DNS lookup for my static IP address
through my ISP. Can this be related to the network activity?

Raffi

[David H. Lipman]

From: "Raffi" <thegrizzzly@yahoo.com>


|
| OK, I downloaded and ran all the software. While Ad-Aware was running I
| get a warning from AntiVir that it had found a virus called
| Run_it_xxx.exe. I deleted it. Other than that, they came up with a few
| minor viruses on some files that have been on my PC for ever. I
| quarantined them. I also made sure I have all the Windows security
| updates, and I do except for a RAID driver. I also upgraded to IE 7
| just to be sure. The problem still persists.
|
| I installed a program called Prevx1 which seems to be a nice program.
| It tells you when an application starts ends etc. Every time I
| disconnect and reconnect the network connection, it tells me that a
| program called MOBSYNC.EXE has started. I'm not sure if this is
| related.
|
| Also, the network connection seems to be active only at certain times
| and inactive otherwise. When it's active it goes like crazy. I'm
| suspicious that the PC is being used for DOS attacks or SPAM etc.
|
| I'm still at a loss and any help will be appreciated. The only way I
| can fight this is by unplugging the network connection.
|
| Also, I recently configured reverse DNS lookup for my static IP address
| through my ISP. Can this be related to the network activity?
|
| Raffi

MOBSYNC.EXE is most likely legit and OK.

This may have to do with the RDNS service.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm