Avast WEBforum
Other => General Topics => Topic started by: YLAP on December 11, 2005, 08:38:22 PM
-
Hello all. I've got a strange things going on here last hour. At first Gereric host process for win32 services asked for outgoing connection. I've denied it with rule "always deny". I've started to see this message (see below). Scanned my system with Dr.Web standalone scanner CureIt. My system seems to be clean. Tried to search the net for Goldstream... Nothing... Feel strange when I don't know what is going on with my system... Any commens will be appreciated. ;)
Also avast mail scanner ask for connection and I "recieve" some kind of email.... sent to adminz.zone @ gmail.com not for me... It was twice today. moreover, I have no pop3 programs configured to work apart MS Outlook. avast scanner starts just like that...
-
ok, it's third time during two hours avast mail scanner acts strange... again the same email wich, is not in my pc... I'm totaly messed!
-
Denied avast mail scanner to connect the net... Again goldstream error... That a shit is it???? >:( And how to remove it, if I can't find anything!
-
Ylap,
There may be a Internet problem going on right now that is causing your problems? Different URLs here in the U.S.A. are very slow today when trying to access them. I have been experiencing this for the past several hours at home on my pc there and now at work on the pc at work. Not sure if this might be your problem but it could be some of it.
-
ok, it's third time during two hours avast mail scanner acts strange... again the same email wich, is not in my pc... I'm totaly messed!
This seems to be related with email account hijack...
At first Gereric host process for win32 services asked for outgoing connection ... gmail.com
Well, some Google services, specially Google Desktop needs some 'special' connections when you're not online.
Certainly the outbound connection is not that strange than inbound one. Mine, inbound, are always denied.
-
I know, I let all "green" Kerio alerts to connect, but what a * is Goldstream, if even kaspersky online says everything is ok. It gives me error messages even i'm not online, so it's inside my pc. it's for sure. Why he connects via avast mail scanner, why he recieves some kind of mail, which avast says to be clean but it's saved to nowhere, besides, these words of subject and to is ugly words (if translated from russian which in this case is written by english letters). I have a headache already. Again new connection to the same point! >:( >:( >:( >:( I'm afraid of worst - I have something really new, and no av's can detect it at the moment. And I know that some kind of strange things are on the net wright now... :-\
Well, some Google services, specially Google Desktop needs some 'special' connections when you're not online.
I don't have any tools from google... :-\
-
Hi Ylap,
Goldstream. Heh, isn't that your networking card driver?
Test your hardware: see http://www.driverforum.com/network5/10097.html.
Success, hope your trouble is cured soon,
polonus
-
Goldstream. Heh, isn't that your networking card driver?
Nope, between, why it should connect to hell knows what mail server and to recieve hell knows what a mail message and to save it hell knows there! And it happens in about every 15 minutes. It connects, it downloads the same mail message which seems to be saved nowhere, and it repaets all this after 15-20 minutes. If I deny avast mail scanner connection, it gives me error window. If I'm not connected to the Net, it gives me an error window too. All these things tonight are going to kill me! >:( And it started from nowhere maybe 4 hours ago... >:(
-
Hi Ylap,
Maybe you have fallen victim to the remote code vulnerability,
still not fixed and reported here: http://mangeek.com/. If you say you have been updating. It is a possibility,
polonus
-
YLAP, do you use Azureus? Some Internet Mail provider issues are related to non-standard connections made by P2P programs.
-
no, but i have limewire.... I think i'll remove it. as i don't use it anymore...
-
no, but i have limewire.... I think i'll remove it. as i don't use it anymore...
Limewire is not guilty here even it is installed. I'll think but it's not that easy...
Anything into avast logs or Kerio logs? Windows events?
-
Limewire is installed on my system with no problems at all.........
-
Nothing unusual in any log file. I'll just wait and see how the things will go on in future. All these things seems to be gone this morning... Till now... Could be the reason to all this that yesterday PC was on and connected to NET for more than 24 hours non-stop? But I have restarted it several times in evening.... :-\ hell knows but till now it seems to be ok...
-
Could be the reason to all this that yesterday PC was on and connected to NET for more than 24 hours non-stop?
Paulius
My comp is on 24/7 and i restart it once a week(maybe) it's downloading all the time(Azureus) and everything works fine.I would suggest you start using backups so when something like this happens you can just go back and not worry...
Cheers
-
OK, the strangest thing - everything is gone today. No more errors, no more unknown behaviour, PC works perfectly. And all things I've done - used system restore yesterday before going to sleep. I've restored it to the nearest 10 AM created checkpoint (all things started at about 6 PM). I hope all things will be fine... ;)
Edit: I was wrong.... Besides, I'm a bit disapointed. NOD32 found trojan on my pc running in the memory. avast didn't say anything, but the strangest thing is after I extracted file from NOD32 quarantine and checked it with avast virus scanner on their website, the trojan was found. In my computer avast wasn't able to cathc it. What a surprise, but the problem file was svchost.exe, the same file name as well known process belonging to Windows. That's the reason I haven't noticed anything. Just cant understant one thing, why it was not detected by security sofware when it was RUNNING in my memory... But tonight I've done clean install in my PC, but this time with NOD32 trial in the front line. :-\ I need to see, how it works... ;) Comparing with avast...
-
But tonight I've done clean install in my PC, but this time with NOD32 in the front line. :-\
Smart decision... I too had a trojan on my comp when i ditched avast and switched to Nod, but i don't remember the name of the file anymore cause i deleted it immediatly since it wasn't it any vital system folder..
-
Hi Ylap and ReVaN,
That is just the nasty bit of these types of malware. It can be traced only until it starts to run on the machine, then it cannot be traced. So for certain kind of malware, and now spyware too is coming in with these aspects, a way of preventing installs of these types of malware is very important. What is the best AV protector in this case, it is you guessed it right the man behind the keyboard, Mr Ylap and Mr ReVaN in this case. When on a system a type of malware, like a backdoor, a trojan horse or a worm installs FUNCTIONALITY, we have a compromitation of the system. This can lead to compromitation of all sort of files, e.g. the AV files), which can be manipulated, also sensitive information of the user(s). WE THEREFORE CAN NO LONGER TRUST THIS SYSTEM and it lays or could lay now open to remote control.
To undo this situation, only a fresh install or in the case of Ylap's troubles a RESTORE TO AN UN COMPROMISED STATE (if you knew when that was) can be necessary.
Then we have to do the following:
1. Drop your rights, use normal user rights.
2. Activate Win XP2 and install a good Firewall.
3. Update system.
4. Even if you use an alternate browser, configure IE securely.
5. Configure your Mailclient safely, use a safe mail client.
6. Change all your passwords.
7. Make an image of the system partition.
8. Analyze your surf & download habits.
9. Use a layered security solution, system monitor,
anti-malware solutions, anti-script solution, anti-virus
solution.
10. Use your brain at all times before you click.
There is a difference of opinion about when a system has become compromised, I say take no chances,
greets,
polonus
-
I'm very disapointed in avast. Only NOD32 found trojan on my pc running in the memory.
How NOD32 was installed and how avast ran WHEN the infection was detected?
Which were the resident?
avast? Which was its settings?
Did you submit the file to Jotti?
But tonight I've done clean install in my PC, but this time with NOD32 in the front line. :-\
Just a curiosity, how much did you pay for its license?
I'm not trying to defend avast, just trying to be fair. We need to know the circunstances and settings of the infection.
Besides this, we all know, any software is perfect. avast can fail. Just trying to be fair in this thread.
-
Tech are you working for some anti piracy group?!Are you saying you never ever used a crack in your life? bullshit.....
-
Tech are you working for some anti piracy group?!Are you saying you never ever used a crack in your life? bullshit.....
Why are you asking me that?
I just want to be fair. Blaming against avast won't make it better. We need the test (problem) conditions to think about.
I'm not on Alwil side. Just trying to be fair.
I won't start blaming avast in avast forums. I want it better. Just this.
But I won't start making advertisement of NOD32. I've tested it since Sasha pointed me a trial version link.
I won't pay for its subscription as I have avast Pro license.
For me, NOD32 was not so better than avast. In fact, 4 false positives and did not detect 4 or 5 issues that avast caught easily.
Let's be fair. I did not post against NOD32 but I think it's not fair start blaming avast.
I just want avast better and better.
I have AVG, BitDefender, ClamWin, NOD32, Antivir and MWAV... I've tested and still keep avast Pro after all.
All software has faults... :'(
But, I'm not from an antipiracy group. Just don't use, never, an avast! pirated version and come here to ask for help from Alwil. Not that Ylap has done this. I'm not saying anything. I just ask how much cost NOD32 license, nothing more. I just want to be fair.
Am I wrong? Stupid? Silly? Fanatic? ;D
-
Why are you asking me that?
Because it's none of your bussines if he uses a crack or not(or do you work for ESET or are you his dad or something like that?).
I'm not on Alwil side. Just trying to be fair.
Yes you are...For as long as i have been reading your posts...
I won't start blaming avast in avast forums. I want it better. Just this.
Yes i want avast better too Tech that is why i complain so much
But I won't start making advertisement of NOD32
I'm not trying to advertise anybody but since YLAP mentioned in his post that he is on Nod now i see no harm in me telling my opinion.
Let's be fair. I did not post against NOD32 but I think it's not fair start blaming avast
Who is blaming avast for what?We are just telling our experiences nothing more...
I just want avast better and bette
Like i said me too cause i really like this program
But, I'm not from an antipiracy group. Just don't use, never, an avast! pirated version and come here to ask for help from Alwil
Who is using avast pirated version?Do you have any proof of that?And what is it to you anyway if people use cracks?
P.S: As you can see i am a very direct person by nature so don't feel offended by my posts this is just my opinion nothing else...
Cheers
-
Why are you asking me that?
Because it's none of your bussines if he uses a crack or not (or do you work for ESET or are you his dad or something like that?).
You're right. I just ask for a price.
It will be my business if avast is the one pirated... I don't like to help for free to a pirated version, just this.
I'm not on Alwil side. Just trying to be fair.
Yes you are...For as long as i have been reading your posts...
I'm trying to be fair, nothing more.
I won't start blaming avast in avast forums. I want it better. Just this.
Yes i want avast better too Tech that is why i complain so much
You're right. Complain is good. So, I've asked the conditions to blame, blame and blame.
If I know I can make avast better complaining, I will, I do.
But I won't start making advertisement of NOD32
I'm not trying to advertise anybody but since YLAP mentioned in his post that he is on Nod now i see no harm in me telling my opinion.
By the way, in my opinion, NOD32 is a very good antivirus, the second in my list ;D
Let's be fair. I did not post against NOD32 but I think it's not fair start blaming avast
Who is blaming avast for what?We are just telling our experiences nothing more...
Sorry, I went far than I want to write. You're right again, nobody is blaming avast.
But, I'm not from an antipiracy group. Just don't use, never, an avast! pirated version and come here to ask for help from Alwil
Who is using avast pirated version? Do you have any proof of that? And what is it to you anyway if people use cracks?
I'm just a guy that want to help people, be happy and make the software I use better.
I won't stay here helping people that don't share this opinion about avast. If they want to pirate other software, go ahead. But I won't help and give my time to the ones that do this with avast.
P.S: As you can see i am a very direct person by nature so don't feel offended by my posts this is just my opinion nothing else...
I won't. Hope you too 8)
-
I also do not see anyone even tried to blame on avast! All we are trying to acomplish here is to "push" Alwil do something regarding those existing problems, and please do not pretend like there are none. We can not be avast! fanatics, that's all. We have to be objective, and we have to think that way...
If something is wrong with this piece of software, we are here to report that and if someone else already reported that, we are here to double-check it...
Alwil is here to give their final word, and that's exactly what we are asking... give us some hope guys.
Who is going to profit if these problems are never going to be solved ? No one I guess...
Tech, asking YLAP about NOD32 license is his personal thing I believe... same thing with both of us... as we all know we never paid for avast! license, right ? Yest, we still have it... ok, I believe we earned ours, but still we never paid for it, and that's the fact. If someone is so in love with avast! and he says he never used patch or crack or something like that (which is btw, not likely... I mean what are the odds, c'mon), I believe there should be always some side money to purchase that product no matter what... ;)
-
It will be my business if avast is the one pirated... I don't like to help for free to a pirated version, just this
Well the point is you won't know if someone is using a crack will you
P.S: As you can see i am a very direct person by nature so don't feel offended by my posts this is just my opinion nothing else...
I won't. Hope you too 8)
Ofcourse there's no hard feelings Tech we are all friends here, we just have a difference of opinion sometimes and that certainly isn't bad... ;)
as we all know we never paid for avast! license, right ? Yest, we still have it... ok, I believe we earned ours, but still we never paid for it, and that's the fact
AHA i got you there i actually PAYED my license haha ;D And yes you guys deserve it BTW... Hmmm maybe i should translate avast too but not cause of the license it's just there isn't a Slovenian version out there and believe it or not avast is probably the most popular AV in my country(i'm serious everybody is on avast)Who do i contact about this?
Cheers
Mikey
-
How NOD32 was installed and how avast ran WHEN the infection was detected?
Which were the resident?
avast? Which was its settings?
Did you submit the file to Jotti?
Just a curiosity, how much did you pay for its license?
I'm not trying to defend avast, just trying to be fair. We need to know the circunstances and settings of the infection.
Besides this, we all know, any software is perfect. avast can fail. Just trying to be fair in this thread.
I uninstaled avast completely and installed nod32. after reboot I've got message about infiltration (virus in memory). Moved it to quarantine, as it was unbelievable for me. After that restored file to different location, sent it to kaspersky online - virus detected, avast online scanner detected virus too, but when it was running in my system it was missed even by kaspersky online full scanner. I was unable to install Bit defender online, my internet connection was unstable, and recieved errror messages constatntly. I think my PC under full virus control was for about week, maybe longer, as system becamed really unstable.
Resident was set to Normal, running all the time.
Used Normal and Through scans on demand.
Using NOD trial. One year lic costs 45 eurs, after first year one year subscr costs 27, two years 50 eurs. (With current exchange rate here) There is a dealer in my city. (It's not an adverstisment, you asked me - I've answered, have it in mind!)
I know, we all humans, just at the moment I need max protection available. avast is really good, 85 from 100 points from me, but it has weak points and need improvements as any software. About NOD32 at the moment I can say 95 from 100 points. I had a big timeloss because this infection, and time is very important at the moment to me as I have to prepare for my exams. I'm still here, ready to help to others, maybe not in all questions, but I like this forum. I have no hard feelings to you, or any of forum users.
-
I also do not see anyone even tried to blame on avast! All we are trying to acomplish here is to "push" Alwil do something regarding those existing problems, and please do not pretend like there are none. We can not be avast! fanatics, that's all. We have to be objective, and we have to think that way... If something is wrong with this piece of software, we are here to report that and if someone else already reported that, we are here to double-check it... Alwil is here to give their final word, and that's exactly what we are asking... give us some hope guys. Who is going to profit if these problems are never going to be solved ? No one I guess...
Fully agree with you.
Tech, asking YLAP about NOD32 license is his personal thing I believe
You're right.
Ylap, I beg your pardon.
It will be my business if avast is the one pirated... I don't like to help for free to a pirated version, just this
Well the point is you won't know if someone is using a crack will you
No, I won't know. So I've asked for this possibility into the avast wishlist thread.
There were some 'problems' that only the pirated versions have... so we, better, Vlk, discovered. I was losing my time there...
Hmmm maybe i should translate avast too but not cause of the license it's just there isn't a Slovenian version out there and believe it or not avast is probably the most popular AV in my country(i'm serious everybody is on avast)Who do i contact about this?
Igor 8)
-
I uninstaled avast completely and installed nod32. after reboot I've got message about infiltration (virus in memory). Moved it to quarantine, as it was unbelievable for me. After that restored file to different location, sent it to kaspersky online - virus detected, avast online scanner detected virus too, but when it was running in my system it was missed even by kaspersky online full scanner. I was unable to install Bit defender online, my internet connection was unstable, and recieved errror messages constatntly. I think my PC under full virus control was for about week, maybe longer, as system becamed really unstable. Resident was set to Normal, running all the time. Used Normal and Through scans on demand.
S*it... Lack of detection... Did you take note of the virus name, path, etc.?
Could you submit the file to avast?
Using NOD trial. One year lic costs 45 eurs, after first year one year subscr costs 27, two years 50 eurs. (With current exchange rate here) There is a dealer in my city. (It's not an adverstisment, you asked me - I've answered, have it in mind!)
Thanks. I should have asked you by IM to avoid the discussion about piracy. Sorry, again. Thanks for the info. It's cheaper than avast.
I know, we all humans, just at the moment I need max protection available. avast is really good, 85 from 100 points from me, but it has weak points and need improvements as any software. About NOD32 at the moment I can say 95 from 100 points. I had a big timeloss because this infection, and time is very important at the moment to me as I have to prepare for my exams. I'm still here, ready to help to others, maybe not in all questions, but I like this forum. I have no hard feelings to you, or any of forum users.
Don't think I had never bad moments with avast.
Once, it failed to detect what AVG caught easily... nightmare...
I fully understand your disapointment...
What is very difficult to be disapointed is the friendship here 8)
-
Hi Tech and Ylap and also ReVaN,
I have not got your views on what I say about compromised systems, and that they cannot longer be trusted. It is a common misinterpretation, that after the fact your system has been compromised, you can clean it with an AV or RegCleaner or manually, and you can again trust the system. Yes if you got a run of the mill virus, and yes if it is caught right there by the AV product, or yes when the System Monitoring Program alerts to changes, yes, then you can recover. In other cases especially where LEGAL programs are used for the WRONG or MALICIOUS purpose, you cannot, because you won't know where your system was altered. You have to start anew or restore to the point where you know your system was not yet compromised.
If you donloaded malware that is not in the book, or a legal program that was altered or even a running rootkitted thingy, the best AV is of no avail.
That is why you make copies of your system partition. That is why you do not download from strange places or get resource hacked programs.
But this goes without saying, not that there is anything against this, but because it isn't very clever. But everybody can have down-right ill luck, but not that often I presume.
greets,
polonus
-
Could you submit the file to avast?
He did... ;)
What is very difficult to be disapointed is the friendship here
What a strange choice of words Tech but i got the point and you're right about that... ;)
Hmmm maybe i should translate avast too but not cause of the license it's just there isn't a Slovenian version out there and believe it or not avast is probably the most popular AV in my country(i'm serious everybody is on avast)Who do i contact about this?
Igor 8)
OK thanks for the info i'll send him a PM
@Polonus what can i say to you except i have so much trouble understanding your posts sometimes... I use Norton Ghost and i regulary backup my system for such rare cases when i am compromised(yet to happen) it's something Sasha taught me ;)
cheers friends
Mikey
-
Did you take note of the virus name, path, etc.?
C:/ Windows / svchost.exe ; The real file should be in the system32 folder as I know and it is actually, this one wasn't there. Oh, now I remember that security center was disable by it. And the name was something with Backdoor. All things I remember.