I also support GRC and so does MicroSoft SBS 2008 in diagnostic's of ports in TechNet. Also at Microsoft TechNet web site you can find three other utilities that ARE very helpful @ http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx they are 'Process Monitor' & 'Port Monitor' & 'Process Explorer'
Once you see how your computer misbehaves and use something like 'HiJack This' and get rid of the app (Use this App carefully) you can clean up a whole lot of issue. I am not going to name virus and download sites like *^##%&#^%. And then such sites add some keyloggers etc. but with the apps from Microsoft I was able to catch these so good for nothing's and I added them into my OS\System32\............\.........\file name and they are STOPPED! End of Story. And the beauty of this is nobody can get to that site with this computer using this OS. They are just sent to the default 127.0.0.1 (your own computer) I could not believe that these people offer to help and underhanded placed their own crap spyware/keylogger. I am not saying that ANY mentioned companies on this list cured problems and are adding or tracking. But take the time to check yourself. Watch your traffic without touching the keyboard. That is how I found my little devil lurking around. About every 15-20 minutes an IP address would pop open and packets would be sent. And no it was not port :25 (aka Email!!) I looked at the log text file and copied the IP into that nice file that Microsoft provided us with years ago and bang! Now that IP address is redirected to 127.0.0.1. I guess now I get my own info till I found the program and killed that also. Oh a little note. If you go to a site when watching ports they sometimes will comeback in another site like 443. This is normal and read the GRC web site to find other things that happen that are normal. Other things like LimeWire that open ports that should be left closed and you may have opened by accident and then find out Oops! Not such a good thing. Really watch those ports! Also last night/yesterday I mentioned HiJacking without saying it. You go to a web site and think that is the site you know. Come to find out it was Hijacked or marked 'Friendly' etc... I know of this and I had my site Marked and linked to a bad site. Audit your Web Site and look for little strange things that you did not place there. What these people do is take your code and add a little marker to show the rest of the world that they broke into your site and added a marker. The next thing is they become a better hacker and go up in ranks. Well the next person comes along and will place a marker or worst hijack it but add links that you are not aware of. Most is fairly innocent with a few links to paying link sites. However some of these sites are ones that you and I would not normally visit. (I hope you know what I mean here) but they get paid for each link referral. And as a bonus they get your web site to help make them money. Sincerely, Paul From: [email protected] [mailto:[email protected]] On Behalf Of Gray, Damon Sent: Thursday, April 23, 2009 11:37 AM To: RBASE-L Mailing List Subject: [RBASE-L] - Re: Security Programs Cathy, In addition to the excellent feedback you've received from others here, I'll offer a couple of tidbits for your consideration. 1. Gibson Research Corporation will do a probe of your machine and let you know what "ports" are open on your machine. In the best scenario, the report will come back all green and say essentially, "I can't even tell you're online." Think of ports as doors and windows into your computer. Every piece of visiting data has to enter through one of these doors or windows, and there are thousands of them. What differentiates a computer port from a door or window is that ports must "respond" when they are probed in order for the probing computer to know they exist. By default, most ports closed, or in "stealth" mode, and to allow traffic in and out, you must force them open. Go to https://www.grc.com/x/ne.dll?bh0bkyd2 , click the "proceed" button and let GRC do a probe of your box. This is a highly reputable company, and I completely trust them. It is a free service they provide, and there is no danger to you in using their service. They will tell you exactly what is open and closed on your computer. There is also some excellent information on protecting yourself. 2. Some of the better known free antivirus products. a. You've already seen Avast. b. ClamWin Antivirus - will run on 64bit windows and 2003 server c. AVG Free - one of the more widely used free antivirus solutions. _____ From: [email protected] [mailto:[email protected]] On Behalf Of cfgrimes Sent: Thursday, April 23, 2009 3:58 AM To: RBASE-L Mailing List Subject: [RBASE-L] - Re: Security Programs Though I have not had the problem below (at least not to my knowledge), I would love to get all your advice on the best protection programs for anti-virus, anti-spyware/malware, firewall, etc. so I have the best chance of avoiding future problems. I am a single user and am hoping there are some good free (or not too expensive annual fee) programs that will protect me. I have Windows XP Professional on new computer purchased a few months ago. At that time, my Windows/drivers were updated by paid tech guy. But I am not getting any additional Windows updates as every single time I have done this in the past, it has completely wrecked my computer (and several other friends have had same experience - HATE Microsoft weaknesses). Anyway, I am currently using only Windows firewall (have router), which I don't really know how to configure. Used to have Norton - HATE Norton as caused more hassle/problems than helped, so didn't reinstall in new computer. I also have Avast! Anti-virus, Spybot, Spywareblaster, and Malwarebyte's anti-malware (all free programs - but, again, I really don't know enough to use them other than with their defaults). I also use Tune-Up Utilities and Ultimate Troubleshooter to clean up and check what is running. I have Privacy Control, but newest version of that continually removes all my passwords from email, and they don't know how to fix that, so will probably remove as I don't remember my passwords and have to use Restore to get them back (as I did with another of their programs, DriverControl, which totally messed up my printer drivers and couldn't fix after tons of emails to them and 8+ hours on phone/email with Hewlett Packard - Restore didn't help there). Will the programs I'm using keep me safe enough? Are there others any of you would recommend? Hope this is an ok question to ask this group. Cathy Grimes Huntington Beach, Calif ----- Original Message ----- From: Emmitt Dove <mailto:[email protected]> To: RBASE-L Mailing List <mailto:[email protected]> Sent: Wednesday, April 22, 2009 5:04 PM Subject: [RBASE-L] - RE: OT - no DOS box - FIXED Your anti-malware program let something through. You need better protection. Emmitt Dove Manager, Converting Applications Development Evergreen Packaging, Inc. [email protected] (203) 214-5683 m (203) 643-8022 o (203) 643-8086 f [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, April 22, 2009 7:12 PM To: RBASE-L Mailing List Subject: [RBASE-L] - OT - no DOS box - FIXED Must have been something running rampant today. Per John's advice, I did a search on ComboFix, was sent to BleepingComputer.com (my sentiments exactly). In their virus forum, found half a dozen posts from today from people describing the same problem I had. No DOS box, no regedit, cannot edit batch files ... I downloaded ComboFix, ran it, and IT'S FIXED! Got a DOS box, got Regedit ... It printed out a big old log .txt file, but I can't make anything out that tells me what it did. THANK YOU JOHN! Now if I can only figure out how I got it so I don't do it again ... Karen
