downloads.aaa1screensavers.com ??

I don't know about this one ! I can't find any site or reference to this anywhere. Possibly it may have something to do with ZoneAlarm but there are still instances of it if ZAP is shut down.
Anyone got any idea what it's about ?

 

Hi,

Connecting to aaa1screensavers looks suspicious !

I would advice to scan your system with AV/AT and anti-spyware programs.
Maybe a scan with HijackThis is needed, but the Wilders-board doesn't do them anymore.

BTW: aaa1screensavers is listed in IE-SPYAD from Eric Howes.

 

If I remember correctly, it's a site that gives you trojans bundled witj screensavers... have you downloaded new screensavers?

BTW ::: add it to your 'hosts' file and you can be sure that no program is connecting to it from your PC, even if they try to.
Then you can run scans on your PC to see what is wrong in peace.

 

No13. You're right. I downloaded a "free" screensaver from there a little while ago and NOD32 picked up a trojan in the download immediately.

Avoid the site.

 

Why is Adaware.exe listed as a top security threat in their list?

 

Hi crkit1,

The legitimate Lavasoft Ad-Aware executable is Ad-Aware.exe, not Adaware.exe.

Nick

 

So...if I see adaware.exe in my programs list, I should get rid of it?

 

Yes. It's a common practice to distribute malware executables with names similar to legitimate apps.

Nick

 

I just discovered a similar "problem" on my computer and have figured it out.
I was using netstat -ab and Firefox instead of Port Explorer and ZoneAlarm, but it's the same thing. Your two processes (both from ZoneAlarm) are actually just connecting to your local machine normally, not to downloads.aaa1screensavers.com.

I use a host file (in C:\windows\system32\drivers\etc) with a list of "bad" sites set to 127.0.0.1 so my browsers and other applications won't actually go to the sites. I am assuming you do the same. The copy I have did not have the required entry of

127.0.0.1 localhost

at the top of the file. The first entry is downloads.aaa1screensavers.com
The application is accessing the localhost (your machine) using 127.0.0.1 and when Port Explorer did a lookup on the address it picked the first matching line one out of your hosts file (I was using netstat -ab, but it's the same principle). I commented out the aaa1screensavers lines and reran the netstat command, and the site reported was abcsearch.com (the next in the list). When I removed the comments and added the line above to the top of my hosts file (like it is supposed to be), netstat returned the correct information.

 

yea aaa1screansavers is deffinetly a virus that will screw you up hardcore in the long run, i suggest getting an anti-virus tool that acctually detects it and then delete