Miscellaneous > The Lounge
Windows is hacking me non-stop! Very weird...
Lennon:
I didn't manage to download a firewall and as soon as I connected and started downloading the sygate personal firewall (free and good firewall) i noticed that by the end of the 1mb download I had uploaded 40mb to someplace. So I got the firewall running and this thing was sending to some 239.255.255.250. After a search I found it had to do something with local networks but I had some SVCHOST.exe sending data there constantly. So i block it in the firwall.
Now the really weird thing. Some DLLHOST.exe file starts uploading like mad instead. I block it too and now after 6mb of uploaded data it stopped. It started uploading to EVERY IP starting with 62.193 62.192 62.191 62.190 or so I think. It keeps trying 100 IPs in a second but i blocked it. Even blocked, it is wasting my internet connection and its realllly slow. I can hardly use the damn thing.
I also got a file access monitor to see if it was drawing any files off my machine. I found that when I started IE it scanned my desktop and my whole C drive for data structure, and then opened the infamous CONTENT.IE/INDEX.DAT file and wrote to it. I'll deal with that later. But this is obviously all part of IE. Also it was accessing files so quickly i couldnt really catch what it was doing (the log file grows huge and the peice o sh*t is slow). I don't think it scanned my D drive.
Anyway, i never heard of this happening before. Am I being hacked? Why is this happening? I also found some remote PC control programs are in use some WMBP , Koreg authentication, object.something files bla bla...
I just came here to find out how to get linux back up and running cos i really need the net (i'm a webmaster!) and window$ is not only shit but I can't use the net at all. (You can help me with that problem in the Linux fourm, cheers)
Lennon:
now it stopped switching IPs and landed at
(port 8)
62.191.169.172
GeekTools Whois Proxy v5.0.2 Ready.
Checking access for 62.193.130.XX... ok. /* << my ip */
Final results obtained from whois.ripe.net.
Results:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 62.191.0.0 - 62.191.255.255
netname: EU-UUNET-991026
descr: UUNET UK (Formerly PIPEX)
descr: PROVIDER
country: GB
admin-c: WERT1-RIPE
tech-c: UPHM1-RIPE
status: ALLOCATED PA
remarks: Please send abuse notification to [email protected]
notify: [email protected]
mnt-by: RIPE-NCC-HM-MNT
mnt-by: AS1849-MNT
changed: [email protected] 19991026
changed: [email protected] 20000229
changed: [email protected] 20000713
changed: [email protected] 20030513 # eu.uunet.ton via https://lirportal.ripe.net
source: RIPE
role: WCOM EMEA Registrar Team
address: UUNET
address: EMEA Network Services
address: J. Muyskenweg 22
address: NL-1096 CJ Amsterdam
address: The Netherlands
phone: +31 20 711 6000
fax-no: +31 20 711 6001
e-mail: [email protected]
admin-c: SC301-RIPE
admin-c: TONE1-RIPE
admin-c: AK111-RIPE
admin-c: HTV5-RIPE
tech-c: SC301-RIPE
tech-c: TONE1-RIPE
tech-c: AK111-RIPE
tech-c: HTV5-RIPE
nic-hdl: WERT1-RIPE
notify: [email protected]
mnt-by: AS1849-MNT
changed: [email protected] 20030202
source: RIPE
role: PIPEX Hostmaster
address: UUNET UK
address: Internet House
address: 330 Science Park
address: Milton Road
address: Cambridge
address: CB4 4BZ
address: UK
phone: +44 1223 250122
fax-no: +44 1223 250133
e-mail: [email protected]
trouble: Telephone number available 24x7
admin-c: WERT1-RIPE
tech-c: WERT1-RIPE
nic-hdl: UPHM1-RIPE
remarks: UUNET UK
mnt-by: AS1849-MNT
changed: [email protected] 19971009
changed: [email protected] 19971111
changed: [email protected] 19980402
changed: [email protected] 19981214
changed: [email protected] 20000224
source: RIPE
notify: [email protected]
changed: [email protected] 20030605
flap:
Where is this dllhost.exe file?
Lennon:
c:\windows\system32
c:\windows\system32\wins
flap:
what are the creation dates on those two files?
Navigation
[0] Message Index
[#] Next page
Go to full version