Hilamonsta
-
Posts
17 -
Joined
Posts posted by Hilamonsta
-
-
White Hats...
White hats cost money. Black hats are free, and usually more dedicated I've found
-
I heard about that rootkit not to long ago.
I was watching the news yesterday and they had a small topic about Microsoft daring hackers to find holes in Vista before it ships. No matter how secure Vista is it will probably only be a matter of time before exploits are rampant as they are in the now which is per-normal.
MS "daring" hackers to find holes in Vista is a great way for them to provoke really smart people into thoroughly testing their software for them without having to pay for the service, I'd imagine. What better way to find the security vulnerabilities than to get the very people who will be trying to compromise it in the future to compromise it pre-release?
-
It doesn't look like an attack, since it's from multiple IPs and some of the same IPs are alternately blocked and allowed.
It looks like its coming from a wireless program. Are you on wireless?
Check out this link. It might provide some helpful information. It's a service and could be disabled (prefrably set to manual in case something bad happens)
Nope, I'm not on a wireless connection. And yeah I didn't think it was an attack either but why would Sygate be automatically blocking it? It's not taking any advanced rules into consideration when it blocks them... should I configure the firewall to let that stuff through? Is there any way to tell what it is, exactly? I'll check out that info on ndisuio, thank you.
-
Hey there. I'm a little suspicious of some of the activity that I've been seeing on my traffic logs for my firewall and I wanted to get some opinions on it. The slew of blocked incoming UDP connections is what caugt my attention. Here's a screenshot:
-
I would follow Taruns advice on this Hilamonsta, he knows about things like this. Here is a post about a similar name thing to yours perhaps
http://forum.avast.com/index.php?PHPSESSID...20856.msg174813
Well, I followed the advice and in the midst of typing a thankful response, my computer rebooted for no apparent reason. Upon rebooting, I received this warning message, "winlogon.exe encountered a problem and needed to close. [date & time] Please tell Microsoft... etc".
According to the error-report link (http://oca.microsoft.com/en/response.aspx?SGD=808ea20c-780c-4b55-a1ef-4ceb4ddaf382&SID=1888), this business was caused by "Winlogon Trojan/Worm".
So it appears as if everything is ok now. Thanks very much and I'll update the thread if anything happens in the next 48 hours or so.
-
Go to Start > Run > sfc.exe /purgecache
Next, you may need Unlocker to help you delete the infected file.
After you delete the file, run sfc.exe /purgecache once more.
Do you know if the file is part of my OS? I'd hate to go deleting it outright if so
-
Hey all, I have a problem that Norton Anti-Virus has identified as a generic Trojan that has compromised a file on my system. The file, windmh32.dll, is located in WINDOWS\system32\ directory and is, as of today, uncleanable, quarantineable or deleteable.
Upon discovering this, through a full system scan in safe mode, I did a manual search for the filename which returned this:
FOUND: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\windmh32\DllName type:reg_sz value:windmh32.dll
Having no recourse, I backed up my registry and deleted the entry in the hopes that it would orphan the file itself. Unfortunately, this hasn't been the case and realtime scans of my system have reported nothing has changed.
I've run through the list of programs to run and scans to perform prior to submitting a Hijack-This logfile (and have also submitted one for unrelated reasons) but I'd like to get some input on what else there is to be done. Reformatting is a possibility, albeit an unattractive one. However, if there are any other options to be explored that I haven't already I'd love to hear them.
Thanks for your time, all.
-Edit- Tarun reminded me of this, as well: If anyone knows what thar particular DLL does and if it is a legitimate file, I'd like to know that as well. If it's a system file, I'd like to avoid deleting it entirely. If not, great. I'll try what he proposed.
Windows Vista under attack
in Windows Security
Posted
One of the great constants in the universe. *sigh* agreed