Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Firewall


  • Please log in to reply
3 replies to this topic

#1 hpspartans24

hpspartans24

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 20 April 2005 - 05:36 PM

Some ports are being opened by some unknown users. Why does windows have to connect to the internet and use different ports? I notice that there are some connections being made by my comp and then data is sent back to my pc. What the hell is going on? There are some services that log on by themselves and I dont know what there for. What can I do to protect my comp with microsoft firewall?

    Advertisements

Register to Remove


#2 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 21 April 2005 - 04:17 AM

some window components need internet access, like your browser, email, apps that update, like antivirus etc.. some ports are open be default. having a open port isnt necessarily a bad thing unless there is a vulnerable service or trojan running on it. i would download a free (like zone alarm) firewall, and disable xp built in firewall. zone alarm can preconfigure for you components that need acsess, then will ask you if other things can use your connection. learn what needs to use it. if something strange pops up deny it accsess until you find more info on it. whats that and why does it need to use my internet connection?
How Can I Reduce My Risk?

#3 hpspartans24

hpspartans24

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 21 April 2005 - 08:21 PM

Hi Shelflife,

Thanks for you reply. I did install zone alarm and its working good. Its blocked 102 intrusions and 5 of those have been high rated. I knew some people were connecting to my comp. I have another question. I check in my task manager and I check the processes there are 5 svhost.exe processes running, there are 2 Network Services and the rest are system. Is this normal, shouldnt there only be 1 for the Network Service? I think my comp might be infected and its trying to connect to other and allow them to connect to me. Do you think you can check my hi jack this log? I put it up but no one has checked it. I will post it right now thanks a lot. Help me in what you can. Thanks a lot.



Logfile of HijackThis v1.99.1
Scan saved at 10:17:32 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 22 April 2005 - 04:16 PM

hi hpspartans24, your log looks good. there can be more than one svchost and service.
How Can I Reduce My Risk?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users