application hijacking

Discussion in 'malware problems & news' started by spasmoid, Aug 20, 2007.

Thread Status:
Not open for further replies.
  1. spasmoid

    spasmoid Registered Member

    Aug 20, 2007
    I'm using windows XP SP2. I run sygate personal edition for my desktop firewall. It seems that every time I run a new executable, this executable tries to connect somewhere. It doesn't matter what the executable is - even if it is not network related.

    When I say "no" to the firewall prompt for allowing connections, then sometimes the firewall says "application hijacking detected". Has anyone come across this problem?

    I'd like to learn more about it because it means that my existing internet apps like my web browser are being used by this worm or whatever it is.

    I'm also running ClamWin antivirus.
  2. Climenole

    Climenole Look 'n' Stop Expert

    Jun 3, 2005
    Hi spasmoid :)

    This can be absolutly normal...

    The firewall doesn't know if the program will connect or not to Internet and it checked for the signature of this executable (a way to identify it...)

    Some programs do not connect to Internet but are used to launch other programs connecting to Internet like Windows Explorer.

    and so on...

    Give us some examples... Which program ?

    Worms and other threats like this are detected by a specific program: an anti-virus...

    That's the problem... There's no resident protection (On Access) with ClamAV under Windows... (only "On Demand"...)

    Check this post:

    Check this AV FAQ:

  3. Mapson

    Mapson Registered Member

    Dec 29, 2005
    Did you resolve the issue? I've started having a similar problem. I'm running NOD32, BOClean and Online Armour.
Thread Status:
Not open for further replies.