Author Topic: Network or DNS problem?  (Read 10873 times)

0 Members and 1 Guest are viewing this topic.

Sartigan

  • Guest
Network or DNS problem?
« on: April 04, 2010, 01:29:44 PM »
Hi all, yesterday it's started, after startup and logging in a message happens:

And what is this??? OK, I think ZoneAlarm blocks it but I don't know what is this thing

Some plus: - It happened after installing the newest database
- I scanned my computer with avast! fast scan = nothing
- I scanned my computer with MS malicious software removal tool full scan = nothing
Nothing more...

Thank you... :)
... And please be quick!

spg SCOTT

  • Guest
Re: Network or DNS problem?
« Reply #1 on: April 04, 2010, 01:38:05 PM »
See: http://forum.avast.com/index.php?topic=13868.msg117585#msg117585

From what I understand it is an external thing, not an indication of an infection.

psw

  • Guest
Re: Network or DNS problem?
« Reply #2 on: April 04, 2010, 01:42:24 PM »
It was an attempt to infect your system from outer world (89.165.245.226 - from some Romanian net) using port 445 for sending exploit. This attempt was prevented by Avast!

In principle this attempt should be rejected by your Firewall. But Firewall passed this attempt, so its rules have security holes.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33517
  • malware fighter
Re: Network or DNS problem?
« Reply #3 on: April 04, 2010, 04:28:44 PM »
Hi psw,

It was blocklisted here: cbl.abuseat.org          (127.0.0.2)  
cbl.abuseat.org   
bl.nszones.com         (127.0.0.3)  
bl.nszones.com   
dyn.nszones.com         (127.0.0.3)  
dyn.nszones.com   
list.quorum.to         (127.0.0.2)  
list.quorum.to   
all.spamrats.com         (127.0.0.36)  
all.spamrats.com   
dnsbl.mags.net         (127.0.0.2)  
dnsbl.mags.net   
problems.dnsbl.sorbs.net         (127.0.0.6)  
problems.dnsbl.sorbs.net   
Project Honeypot     link     (127.15.14.1)  
15 days, threat score 14, suspicious
Project Honeypot   
b.barracudacentral.org     link     (127.0.0.2)  
b.barracudacentral.org   
spamcop     link     (127.0.0.2)  
spamcop   
spam.dnsbl.sorbs.net     link     (127.0.0.6)  
spam.dnsbl.sorbs.net   - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be blocked.  
dnsbl-2.uceprotect.net     link     (127.0.0.2)  
dnsbl-2.uceprotect.net   
dnsbl-3.uceprotect.net     link     (127.0.0.2)  
dnsbl-3.uceprotect.net   
psbl.surriel.com         (127.0.0.2)  
psbl.surriel.com   
urlopen.error given. What one could do is close RPC Locator port (445) with WWDC:
http://www.portablefreeware.com/download.php?dd=861

polonus
« Last Edit: April 04, 2010, 04:49:57 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #4 on: April 04, 2010, 06:24:45 PM »
HI, thank you for the quick answer =)
I was very frightened and I have scanned my computer with MS Malicious Software Removal Tool - full scan, and with avast! Quick Scan + I installed all the security updates.

Thank you very much...
But... what do you mean on "not an indication of an infection."
And I turned back ZoneAlarm because it blocks some DNS ports, with some malicious DNS sites too :D

Ok, so after I installed the security updates, I won't get any more warnings like this?

EDIT:
 :o Windows Firewall was turned off :o
I think it was a week ago... something needed, but I can't remember...

EDIT #2:
So these attacks weren't blocked, and a note: ashampoo can only block programs....
I turned off the ZoneAlarm autostart because it slowed down my system... now I turned it on
And... the Windows Firewall is enough to block some attacks, not all, but some :)
« Last Edit: April 04, 2010, 07:53:51 PM by Sartigan »

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #5 on: April 05, 2010, 11:16:41 AM »
OOOPS..... I need some help... again
Sorry, I know it's easter

So, Now, my system started, and I wanted to check the Windows Firewall, it was turned off, AND yesterday I turned it back!!
Is it a rootkit, or something like this? If it is a rootkit I run a boot scan, but now, ZoneAlarm and Ashampoo! is enough to defend my system until I turn on Windows Firewall

Any idea?

CharleyO

  • Guest
Re: Network or DNS problem?
« Reply #6 on: April 05, 2010, 08:18:33 PM »
***

If you are running ZoneAlarm firewall, then Windows firewall will be turned off automatically.


***

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33517
  • malware fighter
Re: Network or DNS problem?
« Reply #7 on: April 06, 2010, 12:03:05 AM »
Hi Sartigan,

Did you close that Worm Door with the small tool I gave you in my previous link and close the RPC Locator port, you can easily disable it with WWDC tool, download onto your desktop from here: http://www.portablefreeware.com/download.php?dd=861

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #8 on: April 06, 2010, 11:30:51 AM »
Hi Sartigan,

Did you close that Worm Door with the small tool I gave you in my previous link and close the RPC Locator port, you can easily disable it with WWDC tool, download onto your desktop from here: http://www.portablefreeware.com/download.php?dd=861

polonus
Cannot be downloaded, redirects to a firewallleaktester.com and says:

Code: [Select]
Welcome,

http://www.firewallleaktester.com will not be available for a few months from now primarily due to the money it costs me each month (more than 40Euro).

Also, one of the first purposes of firewallleaktester was to make people aware that software firewalls could be bypassed by many ways, point well taken nowadays by both the end users and the vendors themselves. Current security suites are more secure than before, and are able to detect and block the stealthiest malware out there.

I am keeping the domain name though, as firewallleaktester may come back later, probably about security globally and not just about software firewalls.

Time will tell.

Best Regards,
Guillaume Kaddouch.
:D
But I search for it on the portablefreeware ;)

Edit: cannot be downloaded :S
Please send me this thing in e-mail as an attachement to hanziness (at) windowslive (dot) com
thank you
« Last Edit: April 06, 2010, 11:34:55 AM by Sartigan »

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #9 on: April 07, 2010, 05:03:20 PM »
Anyone?

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #10 on: April 08, 2010, 02:13:05 PM »
Thank you very much, Polonus for sending WWDC, found THREE worm doors (:D)
I have closed all

I hope that this will work, thank you :)

YoKenny

  • Guest
Re: Network or DNS problem?
« Reply #11 on: April 08, 2010, 03:14:01 PM »
On my systems I use:
UnPlug n' Pray
http://www.grc.com/unpnp/unpnp.htm
DCOMbobulator
http://www.grc.com/freeware/dcom.htm

I used to have WWDC tool but somehow I lost it on my XP Pro system and it is on my old XP Home system I sold.

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #12 on: April 09, 2010, 01:24:55 PM »
Thank you very much, Polonus for sending WWDC, found THREE worm doors (:D)
I have closed all

I hope that this will work, thank you :)
Something is wrong: now if I want to start WWDC, it freezes my system and I need to press reset.
Ok, but I think I won't get any more attacks like these

Anyway, thank you everyone :)

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #13 on: April 09, 2010, 08:11:13 PM »
:( ???
See the attachement

Sartigan

  • Guest
Re: Network or DNS problem?
« Reply #14 on: April 10, 2010, 09:51:17 AM »
PLEASE HELP!!
When I start my computer, it loads normally but when on the "Welcome" screen it bleeps 3 times and comes in, OK
But after it loads everything, and I want to start a program, it freezes and doesn't starts it, just shows the wait cursor and I can't do enything else than press reset, I need to do it 2 times and it should works, why is this?

plus:
Windows Firewall automatically turns off at startup :(
ZoneAlarm and Ashampoo! was uninstalled from my system, Online Armor does do it?
« Last Edit: April 10, 2010, 09:54:50 AM by Sartigan »