T any idea what the heck is happening here - Windows Explorer keeps trying to access the internet! Every couple of minutes Sygate personal firewall keeps alerting me to the fact that WE is trying to access the internet - why on earth would WE do that??This happens even when I am not "internetting" - i.e just using the computer for art work and what have you. I checked the security log in Sygate and it appears that WE is trying to do this on average every second! This has only started happening in the last few days. I have done a scan of my computer and there are no viruses and no no trojans detected. I am using Windows XP pro and have installed service pack 2. Any ideas? All help appreciated :work:

EDIT: Checking outgoing traffic on Sygate when the computer is idle - i.e nothing is running - it shows outgoing traffic every 2 seconds or so of 152B (incoming 0) attack history graph shows nothing happening.

I'm no expert but it sure sounds like a bug to me...

I assume you've got the latest updates on virus definitions. What about spy-ware programs? Do you run anything like Ad-aware or Spybot regularly to make sure there are no nasty little programs anywhere - the anti-virus programs are now beginning to checl for htese too, but there is still nothing better than the programs made just for that. So if you don't have either Spybot or Ad-aware, I suggest you get them.

Search google - sorry, I'd find you the addresses but I'm in a rush this morning.

Other than that, just keep updating your virus defs and re-scanning - it could be something new that has snuck in.

Sure hope you get it figured out!

Hmmm... does Sygate tell you which port is trying to dial home?

How long has this been happening as far as you can tell? Did you install anything new recently? (or worse, click "yes" or "ok" on any pop-up windows?)

You might want to download and run a program called HijackThis (http://www.spywareinfo.com/~merijn/downloads.html) - it will give you a lot of info as to what is actually running on your PC...

Instructions for using HijackThis can be found at http://www.spywareinfo.com/~merijn/htlogtutorial.html

I hope this helps...

T.

Thanks Judee and T :) I will let you know how I get on - T - No I have not installed anything recently and never get pop up's thanks to pop up blocker :)
I have run "spybot search and destroy" and it found nothing suspicious :( Strangley my other half's computer has started doing this too - we are on a home network so I don't know if he got it from me or vice versa. As to ports - it appears to trying every port according to Sygate! (last few in the list are 2105, 2091, 2102, 2106, 2088,2095, 2101, 2096, 2089, 2094, 2109, 2092, 2103, 2099, 2107, 2104, 2098, 2100, 2097, 2093) and thats only in the last minute or so :(

Oh dear Engel47, I think that your computer has been well and truely hacked. I don't think that it will be a virus, though I hope that it is for your sake.

I would guess that you computer has been 'zombied', or turned into a launching pad for hackers to launch attacks on other machines. :eek:

By the way, you don't need to have installed anything to get virused/hacked. You can get hacked or have other nasties happen simply from clicking the wrong link (porn and 'securty'/crack websites are notorious for it..not suggesting that you must have gone there Engel47!)

A friend of mine got hacked through a 'certificate' (one of those thingts you need to accept before you can download from a 'secure'/SSH website). It is possible to be hacked through MSN (and I would assume though other instant messaging programmes as well, but I don't actualy know) Not trying to make you scared, but it took my friend a total fromat to remove the hacking problem (and it wasn't through technical incompetence, she works with servers and her brother is a meant to be a internet security expert)

My friend had the same problem as you have Engel47, once it was on one machine on the network it spread to the others. Also, nothing (Ad-Aware SE, Spybot, Hijackthis) helped.

Maybe you should try the old "clean out the hidden cache on IE" trick- go to start, then ruun. At run type (no inverted commas) "%temp%". When you get to the folder it will send you to, select EVERYTHING and delete it, then empty your recycle bin. You should also try cleaning out your other IE settings (or firefox if you use it) Go start-> control panel-> Internet options. On the page that will be open when you open it, select "Delete cookies" Then "Delete Files" then go back to "delete files" and select the "delete all offline content" box and "delete files" again.

I've found that if everything in the "%temp%" file deletes, you don't (normally) have a problem. It can remove some of the more basic hacks and viruss if you do have them, and it doesn't hurt, so it is always worth a try! :)

If that doesn't help, maybe someone can suggest something else. I can always ask someone who should know (internet security isn't my thing). If there is anything else I can do, just ask...

I hope that everything works out, and that your problem is easily fixed. Good luck!

Edit- Great, I forgot that I registered here under 'Vandal999', that looks great me talking about hacking with that name. (franticallywaves arms) Its not what it looks like!...I really should change it, it started as a joke. It doesn't really suit me anyway.....now to figure out if this forum lets you change names or if I should just re-register...

@Vandal999 - thanks - I tried the "run" "%temp%" thingy and the folder it took me to was empty! I use "Window Washer" and whenever I have been connected to the internet and I close the browser it automatically clears all cookies (aside from those I have told it to keep) it also "washes" Address bar (history), Temporary internet files (cache), History (visited sites), Autocomplete form data, Media bar history and index.dat.

You can edit your e-mail address and password in User CP but not your user name - Sorry :)

You can edit more than just the email and password in UserCP, but as far as I know you can't simply change user username as a user, you have to be an admin to do that. (I've used more than a few version of VB, I have a rough idea of what is, and isn't possible) I'm sort of glad that you can't just change names, one forum that I used to go to was super confusing as the members were always changing names! (Ohh, Tomas87, thats what fantasprimea was last week, and he'll probably be eggbertthegreat next week) Thanks for the info anyway Engel47.

OK, you use window washer, it does clean out all that junk. Pity that it didn't help, but its always worth trying (its worth doing for any fourm members out there that don't run window washer)

There is the possibilty that you have been taken over 'remotely' (using the remote assistance controls). I do have a nice little file on settings for windows to minimise the risks of using the internet (and how to get as much performance out of windows as you can, a few very neat tricks) However, it isn't on this machine at the moment, and I wrote it myself so I
can't just find a download link for, I'll have to email it/post it tomorrow night. It probably won't help in this case, unless it is remote assistance that has been the route that the nastyness has taken, but it is always handy to have.

Unless your running a cracked version of windows, not much i can do at the moment (cracked versions of windows commonly have 'holes' left in them, long story, its not really my field, and not really suited for this site)(if you have any hardware problems, that IS my field, but internet stuff, I'm still wet behind the ears)

The only other thing that I can say that may, or may not help is...when you do get the problem fixed, dont go onto the net in 'administrator' mode for windows. Mircosoft has said that you shouldn't EVER go on the net in administrator, it makes it to easy for hackers/etc to gain control of your system. You should have a seperate account that is in 'user' mode for surfing the net. Its a pain, as you can't do much in user mode, but it beats the annoyance that you must be suffering.

Sorry that I couldn't help now, but if I think of anything new I'll post/PM you.

Edit- there are some good tools from here- Spychecker (http://www.spychecker.com/)
Try here too- UnPlug n' Pray, The DCOMbobulator and XPdite are very good- by the way if you go here have a look at the vunerabilities of windows... scary
Gibson Research (http://www.grc.com/default.htm)

New problem - only started yesterday - I am constantly getting pop ups whilst viewing this site! Mainly german "betting" web sites. I have checked "tools" "internet options" "privacy" and "Block Pop Up's" is ticked - and in settings the filter level is set at "High - Block all pop up's" so why the heck am I getting them??? Any idea's anyone?

Is it only this site giving you pop-ups? That is really strange! In your firewall or pop-up blocker, look in options and see if you can specifically block ads from certain sites - I don't know if this is possible, but check anyway.

Something is definitely wrong - this all sounds so familiar to me, first of all the WE trying to access internet - only with me, it had gotten so bad it was like every 2 minutes - I couldn't do anything because of the red flag always popping up asking to allow access.

It sounds like someone has hacked into your system and is using it. I hate to say this, but if you don't have all of your art stuff backed up, now is the time. If your anti-virus and spybot can't help, you may have to re-format. :raincloud

Don't wait til you are forced - maybe someone in here can give you a better answer, but when this happened to me, after a certain time I ended up totally blocked, blue screen on startup and nothing to do about it!

Hoping for the ^best, sorry to scare you but do be prepared with your backups!

I think you eather have some one using your home network or they hack you through it - you should check how it is set up for security .

Henry

go into admin tools and services and check to make sure messenger is disabled.

I had a few problems like that ended up having to reformat! I think it came in through messenger but who knows. btw IE sucks! :D

To disable Messenger service in Windows XP... the following page has instructions...

http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

Have you downloaded and run HijackThis yet? Post the log to a message here, and I may be able to tell you which things to have it remove to make life more comfortable for you...

T.

Gosh Angela hope you won't have to reformat how terrble for you to have this to deal with now.

Good Luck I hope this can be fixed without any reformatting:blowkiss:

To disable Messenger service in Windows XP... the following page has instructions...

http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

Have you downloaded and run HijackThis yet? Post the log to a message here, and I may be able to tell you which things to have it remove to make life more comfortable for you...

T.
Thanks for the link T - I will go there straight away - and no - I haven't got Hijack this yet! I will though!

Thanks everyone that replied to this thread :) I have good news - at last I found it!! It was an infected malware thingie called Win32.BHO (wmasf32.dll)and it has now been zapped! That was causing the pop ups and the rest of my problems - Back to normal now. The only thing I can think of was that I was downloading loads of freebies that day from various places, and I reckon I picked it somewhere along the line. So there ya go!!

Glad to hear you found the bugger - that is so frustrating when something like that happens! But at least now your pc is back in functioning order!