View Full Version : kaymoore6's thread
July 21st, 2003, 10:00 AM
So I have some questions.
Which program could be the problem?
Should I uninstall all of them and try again?
Use a different popup program (I can't modify it.)
Any help would be appreciated.
July 21st, 2003, 10:21 AM
Could you post your HijackThis log (http://www.tomcoyote.org/hjt/)
Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
Don´t fix anything yet. Most of what it finds is harmless.
July 21st, 2003, 03:14 PM
I received kaymoore68's by mail
and had him fix several things.
One however didn't ring any bells:
O4 - HKLM\..\Run: [infus] c:\windows\system\infus.exe /noconnect
If anyone is familiar with it, let us know.
July 21st, 2003, 04:00 PM
no, it did not work. Still cannot log into Mypoints.
July 21st, 2003, 04:16 PM
Check in Internet Options > Security, and select "Trusted Sites".
Press the "Sites" button and add the URL for the MyPoints site.
Does that help?
Please don't do the same for Iwon. Their reputation is dodgy, to say the least: http://www.safersite.com/PestInfo/db/i/iwon.asp
July 21st, 2003, 04:43 PM
No did not help, changed the setting as requested, closed the browser, reopened then when it did not work went ahead and restarted. Still will not accept username and password at mypoints. I did also check and ensure the username and password from them is correct. (They emailed it). I was able to correct the problem with the Iwon site. It logs me in now. I will be away until tomorrow. I will check this site when I log back in. Thanks for working with me on this.
July 21st, 2003, 05:26 PM
FWIW, the only candidates I found for infus were a web development application and an online pharmaceutical ordering app. I can't imagine either of those loading within the auto-run areas of the registry.
July 21st, 2003, 05:52 PM
Yup. And the /noconnect switch always makes me suspicious.
Seen that on too many dialers. :-\
July 22nd, 2003, 03:57 AM
:) Hello again, brief update,
Upon restart, Zero Popup threw up a screen that said my trial period had expired which was wrong since I only had the program three days from download to use. I don't remember how many days it was to be used, but was much more that three. I uninstalled it, and accessed Mypoints immediately and your site with a little tweaking ( your site was modified under managed sites to always allow cookies).
However, I am still looking into the energy variations on this computer, since I have not had any ( lag between sites, pauses) for the past few days. This computer accesses the internet through a cable modem as well which would also make it attractive to hackers or remote users.
I installed EMS Free Surfer mk II - I allow it to chirp when a pop up tries to open. It is a very satisfying sound.
Thank you for your help, as for the infus, don't know what it was, took it out with hijack and will continue to look for good cleaner type software. I would not have thought Zonealarm would allow this through.
Any monitoring software recommendations?
July 22nd, 2003, 10:17 AM
I'm still interested in a copy of infus.exe, if you can provide it.
I think your question about monitoring software needs some specifying as to what you'd like to monitor.
July 22nd, 2003, 03:13 PM
infus.exe is an application program when I run a find from the start menu. How would I send it to you?
Also I am looking to monitor intrusions, such as stealing passwords to my accounts online or using my computer remotely, the last of which I think was being done prior to using spywareblaster.
July 22nd, 2003, 03:24 PM
In addition it sits in the C drive//windows//system, an infus uninstall sits right beside it. I have made sure to be able to view all files hidden or otherwise. No info shows when I ask for the properties such as company name etc.
July 22nd, 2003, 03:48 PM
Can you compose an e-mail, click attachment and the browse to that file and doubleclick it.
It will not disappeasr from your system. I will just get a copy.
For intrusion detection: doesn't your ZoneAlarm create logs? I'm sure our firewall experts can help you out there.
July 22nd, 2003, 04:28 PM
The email is away. I forgot about the logs in Zonealarm. Since I feel someone has already remote accessed this computer, I thought maybe there would not be a record.
July 22nd, 2003, 04:49 PM
I received the file. I think it's best to delete it.
No firm name listed, which is suspicious. There is an IP address in there, formatted as a URL.
The site it points to seems to be down.
I'll see if I can interest someone in analyzing it further.
July 23rd, 2003, 02:10 PM
I have deleted it. I also used Zonealarm analyzer and downloaded myNetwatchman. Zonealarm analyzer shows one attack, and My netwatchman shows these:
SQL Slammer Worm
NetBios Session Service
What to do?
July 23rd, 2003, 03:11 PM
If anyone is interested, I picked up a FREE copy of Popup Killer before it went commercial. I use it on all four of my machines. <Edited. See comment below. Pieter>Takes a few steps to set up but works great.
July 23rd, 2003, 03:44 PM
I think if you read the EULA you OK'ed when installing that free version you will see it says you are not allowed to distribute it.
Am I right? ;)
July 23rd, 2003, 04:42 PM
I'll look. In the help about, on the version I've got, it says it is 'FREEWARE'. I noticed that when I saw it a few days later that it was stated as 'SHAREWARE'. Does this constitute a change in how I look at it?
July 23rd, 2003, 04:45 PM
Even freeware will make that restriction most of the times.
But I'm pretty sure they wouldn't appreciate us, allowing you to give away free copies, of a software you now have to pay for.
July 23rd, 2003, 04:45 PM
Here is the disclaimer:
This program is 100% free, which means that you can copy it, use it as in many machines as you like, and make as many backup copies as you like! But please, if you're going to copy it, copy the original setup file, so the integrity of the program is maintained.
Anyway, if you like this program and wish to make a donation in order to help me maintain it free, you're welcome to do so.
There's a secure registration that you can use to make your donations:
Click here for more information.
The disclaimer part is very short... I'm not responsible if the program (PopUp Killer) behaves in some way different from expected and because of that you loose some data, or some of your data gets damaged or... or... or... Yours is the responsibility to use the program! not mine, ok?
July 23rd, 2003, 04:51 PM
I understand about the distribution. I'm sure the version I have is a far cry from what it is now but I'll not offer it again.
Just want to stay on the right road.
July 23rd, 2003, 05:25 PM
Thank you for understanding. :)
July 24th, 2003, 03:33 AM
:D Thanks for all the help and the point in the right direction. My computer has a few bugs and glitches, and the infus.exe must have been the problem as Zonealarm analyzer reported 1 attack. Spywareblaster probably was enough for what I needed, but I felt I had to know what was being done so I installed mynetwatchman. PC Cillin and Truscan both reported no viruses, this after infus.exe was deleted. I don't have all the time I need to dedicate to this. i,e trace back, so I'll now let the new monitoring tool check the ports for me and also run spywareblaster and the other tools as well. Thanks Pieter and everyone.
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums