| Oct 10, 2002, 05:52 PM | |
|  Suspicious Activity 
		  
			
			Crono sent me this program, avb.exe or something simmulair, he said it was a movie about all your bases belong to us or something. He had to try sending it sevral times before it would actually send (this was via msn messenger) The file was over 2,000 kb and less than 3,000 kb if I remember correctly. I opened the file straight after he sent it, forgetting to virus scan it first. Then I closed it and maxamized my virus scanner, I scanned the program and it said no viruses found. Then my virus scanner closed without me doing anything. After, I checked my firewall log and less than a minute after I opened it, it closed the window. I scanned my computer for viruses (via a windows os) and it said none found, then I tried it in safe mode and still none found, I enabled it so it would scan even regulair files, still none found. I got an error when I rebooted saying something about something I forget what trying to write to system.ini if I remember rightly. It was a dos warning. It had the choices stop, continue and exclude. I pressed s for stop and it booted into windows, still the problem persisted, then I tried exclude, still the problem persisted. I restarted again and I didnt get the warning again, but I still have the problem, and the internet is going slower than usual. I have also seen some suspicious hostnames in my firewall log. Got any ideas how to fix this or something? Help much appreciated! 
				__________________ -Roseta aka atesoR of JOL <img src="http://images.quizilla.com/S/Skulg/1036765868_zesjj2jazz.gif" border="0" alt="Jazz Jackrabbit"><br>You're Jazz Jackrabbit! Go you! <br><br><a href="http://quizilla.com/users/Skulg/quizzes/Which%20Jazz%20Jackrabbit%20Character%20Are%20You% 3F/"> <font size="-1">Which Jazz Jackrabbit Character Are You?</font></a><BR> <font size="-3">brought to you by <a href="http://quizilla.com">Quizilla</a></font> <br> <img src="http://sc.groups.msn.com/tn/58/E1/JazzOnlineClan/1/4.jpg"> | 
| Oct 10, 2002, 06:49 PM | |
| 
		  
			
			I think I fixed it by closing stuff before they loaded. EDIT: yeah has to be right, it happened again. These unsual programs showed in groups: stuff that dissipear when its finished loading: cmdnist (I dnno this is probably a system file) statemgr (I dont like the name) Rundll32 Pchschd Tcaudiag wmiexe defalert Instaccess Registerdrophandler Kernal32 Ssdpsrv Autochk stuff that stays: Ndect (something to do with the internet?) Loadqm (admits its not responding when I click on it and close it) Realplay (when I close this and im trying to disconnect from the internet and its not responding, it responds again) Service (firewall stuff?) Winmgmt (huh?) And when I start in safemode, I never have the virus problem. I dont know how to tell if the stuff in msconfig is good or bad. Crono told me he got the program off a website (it was the exe version) and that he watched the movie on the website. 
				__________________ -Roseta aka atesoR of JOL <img src="http://images.quizilla.com/S/Skulg/1036765868_zesjj2jazz.gif" border="0" alt="Jazz Jackrabbit"><br>You're Jazz Jackrabbit! Go you! <br><br><a href="http://quizilla.com/users/Skulg/quizzes/Which%20Jazz%20Jackrabbit%20Character%20Are%20You% 3F/"> <font size="-1">Which Jazz Jackrabbit Character Are You?</font></a><BR> <font size="-3">brought to you by <a href="http://quizilla.com">Quizilla</a></font> <br> <img src="http://sc.groups.msn.com/tn/58/E1/JazzOnlineClan/1/4.jpg"> Last edited by atesoRJOL; Oct 11, 2002 at 09:21 AM. | 
| Oct 10, 2002, 07:25 PM | |
| 
		  
			
			Why don't you ask Crono? He sent you the program.  From the looks of it though, (suspicious firewall activity and writing to system.ini), he may have sent you a trojan. It might look like you have it fixed, but check your startup configuration (Start->Run, and type "msconfig") for anything suspicious. Anyways, how old are the definitions on your virus scanner? A virus scanner is useless against new viruses unless you have up-to-date definitions. Virus scanner software companies offer update subscriptions for a nominal charge (like $5 per year) but it is well worth it to keep your computer protected from viruses. If the problem is actually a trojan, a virus scanner will be able to detect it unless it is homemade or something (which I doubt that Crono could do). Purposely putting anything malicious on someones computer is illegal, so if you are sure it is a trojan (or any other kind of malicious program) you should go to his ISP and report it. 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | 
| Oct 10, 2002, 07:30 PM | |
| 
		  
			
			What Link says is accurate. I would recommend two pieces of software if you are getting a firewall and trojan remover. The first is ZoneAlarm Free (www.zonealarm.com) which you should never be without. It is a definitely 10 on a scale of 1 to 10. The second is Trojan Cleaner (use the free 30 day trial at www.moosoft.com) which will help detect and remove a Trojan if you have one. Sometimes, it can alert constantly and is more and more helpful the higher your technical knowledge is. Cr0n0 is really not the kind of person who would do this, in my opinion, but be safe and download these immediately. If it detects something, find out who the sender's ISP is and report them to abuse@ Good luck, Trafton EDIT: Roseta, while I'm not sure if you trust me enough, private messaging me the firewall log or emailing it to me at traftonofjj2@yahoo.com would be very helpful. Please do not post this here, as I want to protect the security of innocent people that your computer may have connected with for various reasons. | 
| Oct 11, 2002, 11:33 AM | |
| 
		  
			
			The only one suspicous looking out of those is Kernal32 Everything else is pretty much Windows stuff. For those people who know, it is kernel, not kernal, so that is likely the trojan or whatever. I seem to recall the name Kernal from somewhere. The kernel is basically the core of the operating system, and it would not be loaded as a program through the registry. I would recommend disabling Kernal32 in msconfig immediately. Also get the program Trafton mentioned and scan for trojans. 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | 
| Oct 11, 2002, 12:44 PM | |
| 
		  
			
			I seem to have gotten rid of it though regedit and safemode with cronos help, hopefully   
				__________________ -Roseta aka atesoR of JOL <img src="http://images.quizilla.com/S/Skulg/1036765868_zesjj2jazz.gif" border="0" alt="Jazz Jackrabbit"><br>You're Jazz Jackrabbit! Go you! <br><br><a href="http://quizilla.com/users/Skulg/quizzes/Which%20Jazz%20Jackrabbit%20Character%20Are%20You% 3F/"> <font size="-1">Which Jazz Jackrabbit Character Are You?</font></a><BR> <font size="-3">brought to you by <a href="http://quizilla.com">Quizilla</a></font> <br> <img src="http://sc.groups.msn.com/tn/58/E1/JazzOnlineClan/1/4.jpg"> | 
| Oct 12, 2002, 09:08 AM | |
| 
		  
			
			Roseta, please still scan your computer for trojans anyway.  Stuff like that is programmed to linger, so it might be gone now but could come back sometime.
		 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | 
| Oct 13, 2002, 09:29 AM | |
| 
		  
			
			I will..
		 
				__________________ -Roseta aka atesoR of JOL <img src="http://images.quizilla.com/S/Skulg/1036765868_zesjj2jazz.gif" border="0" alt="Jazz Jackrabbit"><br>You're Jazz Jackrabbit! Go you! <br><br><a href="http://quizilla.com/users/Skulg/quizzes/Which%20Jazz%20Jackrabbit%20Character%20Are%20You% 3F/"> <font size="-1">Which Jazz Jackrabbit Character Are You?</font></a><BR> <font size="-3">brought to you by <a href="http://quizilla.com">Quizilla</a></font> <br> <img src="http://sc.groups.msn.com/tn/58/E1/JazzOnlineClan/1/4.jpg"> | 
| Oct 13, 2002, 10:08 AM | |
| 
		  
			
			Yay! I got ZoneAlarm Pro and it seems to be messing with some websties. I sometimes see weird text in my browser instead of HTML page. One more problem was that whether I used it JCF wouldn't recognise me. I have to login again and again. It's annoying.
		 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | 
| Oct 13, 2002, 03:46 PM | ||
| Quote: 
 | ||
| Oct 14, 2002, 07:18 AM | |
| 
		  
			
			How? I couldn't find any option like that. Bleh! This firewall sometimes slows down my PC. Last time I noticed that my PC clock was 30 minutes off. 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | 
| Oct 14, 2002, 04:06 PM | |
| 
		  
			
			The program didnt find any trojans.
		 
				__________________ -Roseta aka atesoR of JOL <img src="http://images.quizilla.com/S/Skulg/1036765868_zesjj2jazz.gif" border="0" alt="Jazz Jackrabbit"><br>You're Jazz Jackrabbit! Go you! <br><br><a href="http://quizilla.com/users/Skulg/quizzes/Which%20Jazz%20Jackrabbit%20Character%20Are%20You% 3F/"> <font size="-1">Which Jazz Jackrabbit Character Are You?</font></a><BR> <font size="-3">brought to you by <a href="http://quizilla.com">Quizilla</a></font> <br> <img src="http://sc.groups.msn.com/tn/58/E1/JazzOnlineClan/1/4.jpg"> | 
| Oct 23, 2002, 01:17 PM | ||
| Quote: 
 *Had W32.Klez.H@MM A while ago and is STILL smarting from that* Good luck preventing that from happening again... Tis ture, u need updated def.! W/o its useless! Some viruses will disable your AV program (KLEZ!!!) so becareful opening crud! | ||
| Oct 23, 2002, 01:38 PM | |||
| Quote: 
 Quote: 
 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | |||
|  | 
  		«
  			Previous Thread
  			|
  			Next Thread
  		»
  	
  
  
  
  
  
  
  
  
  
  
  
  | Thread Tools | |
| 
 | 
 | 
All times are GMT -8. The time now is 03:08 PM.
		Jazz2Online © 1999-INFINITY (Site Credits). Jazz Jackrabbit, Jazz Jackrabbit 2, Jazz Jackrabbit Advance and all related trademarks and media are ™ and © Epic Games. Lori Jackrabbit is © Dean Dodrill. J2O development powered by Loops of Fury and Chemical Beats. Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Original site design by Ovi Demetrian. DrJones is the puppet master. Eat your lima beans, Johnny.


 
    	    
    		  
    		  
    		  
    		

 
  
 