Author Topic: Network or DNS problem?  (Read 10452 times)

0 Members and 1 Guest are viewing this topic.

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Network or DNS problem?
« on: April 04, 2010, 01:29:44 PM »
Hi all, yesterday it's started, after startup and logging in a message happens:

And what is this??? OK, I think ZoneAlarm blocks it but I don't know what is this thing

Some plus: - It happened after installing the newest database
- I scanned my computer with avast! fast scan = nothing
- I scanned my computer with MS malicious software removal tool full scan = nothing
Nothing more...

Thank you... :)
... And please be quick!
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4124
  • There is no magic, only lost physics
    • spg SCOTT
Re: Network or DNS problem?
« Reply #1 on: April 04, 2010, 01:38:05 PM »
See: http://forum.avast.com/index.php?topic=13868.msg117585#msg117585

From what I understand it is an external thing, not an indication of an infection.
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline psw

  • Sr. Member
  • ****
  • Posts: 286
Re: Network or DNS problem?
« Reply #2 on: April 04, 2010, 01:42:24 PM »
It was an attempt to infect your system from outer world (89.165.245.226 - from some Romanian net) using port 445 for sending exploit. This attempt was prevented by Avast!

In principle this attempt should be rejected by your Firewall. But Firewall passed this attempt, so its rules have security holes.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33335
  • malware fighter
Re: Network or DNS problem?
« Reply #3 on: April 04, 2010, 04:28:44 PM »
Hi psw,

It was blocklisted here: cbl.abuseat.org          (127.0.0.2)  
cbl.abuseat.org   
bl.nszones.com         (127.0.0.3)  
bl.nszones.com   
dyn.nszones.com         (127.0.0.3)  
dyn.nszones.com   
list.quorum.to         (127.0.0.2)  
list.quorum.to   
all.spamrats.com         (127.0.0.36)  
all.spamrats.com   
dnsbl.mags.net         (127.0.0.2)  
dnsbl.mags.net   
problems.dnsbl.sorbs.net         (127.0.0.6)  
problems.dnsbl.sorbs.net   
Project Honeypot     link     (127.15.14.1)  
15 days, threat score 14, suspicious
Project Honeypot   
b.barracudacentral.org     link     (127.0.0.2)  
b.barracudacentral.org   
spamcop     link     (127.0.0.2)  
spamcop   
spam.dnsbl.sorbs.net     link     (127.0.0.6)  
spam.dnsbl.sorbs.net   - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be blocked.  
dnsbl-2.uceprotect.net     link     (127.0.0.2)  
dnsbl-2.uceprotect.net   
dnsbl-3.uceprotect.net     link     (127.0.0.2)  
dnsbl-3.uceprotect.net   
psbl.surriel.com         (127.0.0.2)  
psbl.surriel.com   
urlopen.error given. What one could do is close RPC Locator port (445) with WWDC:
http://www.portablefreeware.com/download.php?dd=861

polonus
« Last Edit: April 04, 2010, 04:49:57 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #4 on: April 04, 2010, 06:24:45 PM »
HI, thank you for the quick answer =)
I was very frightened and I have scanned my computer with MS Malicious Software Removal Tool - full scan, and with avast! Quick Scan + I installed all the security updates.

Thank you very much...
But... what do you mean on "not an indication of an infection."
And I turned back ZoneAlarm because it blocks some DNS ports, with some malicious DNS sites too :D

Ok, so after I installed the security updates, I won't get any more warnings like this?

EDIT:
 :o Windows Firewall was turned off :o
I think it was a week ago... something needed, but I can't remember...

EDIT #2:
So these attacks weren't blocked, and a note: ashampoo can only block programs....
I turned off the ZoneAlarm autostart because it slowed down my system... now I turned it on
And... the Windows Firewall is enough to block some attacks, not all, but some :)
« Last Edit: April 04, 2010, 07:53:51 PM by Sartigan »
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #5 on: April 05, 2010, 11:16:41 AM »
OOOPS..... I need some help... again
Sorry, I know it's easter

So, Now, my system started, and I wanted to check the Windows Firewall, it was turned off, AND yesterday I turned it back!!
Is it a rootkit, or something like this? If it is a rootkit I run a boot scan, but now, ZoneAlarm and Ashampoo! is enough to defend my system until I turn on Windows Firewall

Any idea?
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Network or DNS problem?
« Reply #6 on: April 05, 2010, 08:18:33 PM »
***

If you are running ZoneAlarm firewall, then Windows firewall will be turned off automatically.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33335
  • malware fighter
Re: Network or DNS problem?
« Reply #7 on: April 06, 2010, 12:03:05 AM »
Hi Sartigan,

Did you close that Worm Door with the small tool I gave you in my previous link and close the RPC Locator port, you can easily disable it with WWDC tool, download onto your desktop from here: http://www.portablefreeware.com/download.php?dd=861

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #8 on: April 06, 2010, 11:30:51 AM »
Hi Sartigan,

Did you close that Worm Door with the small tool I gave you in my previous link and close the RPC Locator port, you can easily disable it with WWDC tool, download onto your desktop from here: http://www.portablefreeware.com/download.php?dd=861

polonus
Cannot be downloaded, redirects to a firewallleaktester.com and says:

Code: [Select]
Welcome,

http://www.firewallleaktester.com will not be available for a few months from now primarily due to the money it costs me each month (more than 40Euro).

Also, one of the first purposes of firewallleaktester was to make people aware that software firewalls could be bypassed by many ways, point well taken nowadays by both the end users and the vendors themselves. Current security suites are more secure than before, and are able to detect and block the stealthiest malware out there.

I am keeping the domain name though, as firewallleaktester may come back later, probably about security globally and not just about software firewalls.

Time will tell.

Best Regards,
Guillaume Kaddouch.
:D
But I search for it on the portablefreeware ;)

Edit: cannot be downloaded :S
Please send me this thing in e-mail as an attachement to hanziness (at) windowslive (dot) com
thank you
« Last Edit: April 06, 2010, 11:34:55 AM by Sartigan »
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #9 on: April 07, 2010, 05:03:20 PM »
Anyone?
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #10 on: April 08, 2010, 02:13:05 PM »
Thank you very much, Polonus for sending WWDC, found THREE worm doors (:D)
I have closed all

I hope that this will work, thank you :)
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Network or DNS problem?
« Reply #11 on: April 08, 2010, 03:14:01 PM »
On my systems I use:
UnPlug n' Pray
http://www.grc.com/unpnp/unpnp.htm
DCOMbobulator
http://www.grc.com/freeware/dcom.htm

I used to have WWDC tool but somehow I lost it on my XP Pro system and it is on my old XP Home system I sold.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #12 on: April 09, 2010, 01:24:55 PM »
Thank you very much, Polonus for sending WWDC, found THREE worm doors (:D)
I have closed all

I hope that this will work, thank you :)
Something is wrong: now if I want to start WWDC, it freezes my system and I need to press reset.
Ok, but I think I won't get any more attacks like these

Anyway, thank you everyone :)
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #13 on: April 09, 2010, 08:11:13 PM »
:( ???
See the attachement
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)

Offline Hanziness

  • Full Member
  • ***
  • Posts: 139
  • Programmer
    • My website (Hungarian)
Re: Network or DNS problem?
« Reply #14 on: April 10, 2010, 09:51:17 AM »
PLEASE HELP!!
When I start my computer, it loads normally but when on the "Welcome" screen it bleeps 3 times and comes in, OK
But after it loads everything, and I want to start a program, it freezes and doesn't starts it, just shows the wait cursor and I can't do enything else than press reset, I need to do it 2 times and it should works, why is this?

plus:
Windows Firewall automatically turns off at startup :(
ZoneAlarm and Ashampoo! was uninstalled from my system, Online Armor does do it?
« Last Edit: April 10, 2010, 09:54:50 AM by Sartigan »
My "jobs":
- Emsi Software GmbH Translator (Online Armor) (to: Hungarian)
- Avast! Translator (Mobile Security) (to: Hungarian)

' I made some wallpapers too, you can see them on my Windows Live profile - just ask for a link ;)