Jump to content

Hilamonsta

Experienced Members
  • Posts

    17
  • Joined

Reputation

0 Neutral

Profile Information

  • Gender
    Not Telling
  1. One of the great constants in the universe. *sigh* agreed
  2. White hats cost money. Black hats are free, and usually more dedicated I've found
  3. MS "daring" hackers to find holes in Vista is a great way for them to provoke really smart people into thoroughly testing their software for them without having to pay for the service, I'd imagine. What better way to find the security vulnerabilities than to get the very people who will be trying to compromise it in the future to compromise it pre-release?
  4. Nope, I'm not on a wireless connection. And yeah I didn't think it was an attack either but why would Sygate be automatically blocking it? It's not taking any advanced rules into consideration when it blocks them... should I configure the firewall to let that stuff through? Is there any way to tell what it is, exactly? I'll check out that info on ndisuio, thank you.
  5. Hey there. I'm a little suspicious of some of the activity that I've been seeing on my traffic logs for my firewall and I wanted to get some opinions on it. The slew of blocked incoming UDP connections is what caugt my attention. Here's a screenshot: http://img214.imageshack.us/my.php?image=sygate3852og3.jpg
  6. Well, I followed the advice and in the midst of typing a thankful response, my computer rebooted for no apparent reason. Upon rebooting, I received this warning message, "winlogon.exe encountered a problem and needed to close. [date & time] Please tell Microsoft... etc". According to the error-report link (http://oca.microsoft.com/en/response.aspx?SGD=808ea20c-780c-4b55-a1ef-4ceb4ddaf382&SID=1888), this business was caused by "Winlogon Trojan/Worm". So it appears as if everything is ok now. Thanks very much and I'll update the thread if anything happens in the next 48 hours or so.
  7. Do you know if the file is part of my OS? I'd hate to go deleting it outright if so
  8. Hey all, I have a problem that Norton Anti-Virus has identified as a generic Trojan that has compromised a file on my system. The file, windmh32.dll, is located in WINDOWS\system32\ directory and is, as of today, uncleanable, quarantineable or deleteable. Upon discovering this, through a full system scan in safe mode, I did a manual search for the filename which returned this: FOUND: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\windmh32\DllName type:reg_sz value:windmh32.dll Having no recourse, I backed up my registry and deleted the entry in the hopes that it would orphan the file itself. Unfortunately, this hasn't been the case and realtime scans of my system have reported nothing has changed. I've run through the list of programs to run and scans to perform prior to submitting a Hijack-This logfile (and have also submitted one for unrelated reasons) but I'd like to get some input on what else there is to be done. Reformatting is a possibility, albeit an unattractive one. However, if there are any other options to be explored that I haven't already I'd love to hear them. Thanks for your time, all. -Edit- Tarun reminded me of this, as well: If anyone knows what thar particular DLL does and if it is a legitimate file, I'd like to know that as well. If it's a system file, I'd like to avoid deleting it entirely. If not, great. I'll try what he proposed.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.