appllication hijack

Discussion in 'other firewalls' started by Rita, Sep 10, 2004.

Thread Status:
Not open for further replies.
  1. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hello
    can anyone tell me what an application hijack is?I was looking at the security log from the firewall and i've had one said it was critical-severe.c:windows\system\setup_incred_3.exe what do i do about this anything?i had no alerts or anything with this.should i check and see if its in registry and delete it?or did the firewall block it?
    thanks
    rita
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    It depends on which firewall you are using, I presume you are using Sygate, an application hijack means that some other appilication is attempting to use that application to access the internet. As to whether it was blocked or not, it depends if access was granted or not.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Rita,

    Wait for a second opinion!
    From an initial search, it seems like these MAY be part of a trojan downloader. It may also be a false positive though.
    Here are two sites that refer to the setup_incred_3.exe.
    Here and here
    One of the two sites referred to it as: C:\WINDOWS\system32\setup_incred_3.exe Infected Trojan.Downloader.KeenValue.A

    I would update all security software and scan it with everything. Hopefully someone else will be able to come along and help. Don't Panic. :)

    Edit: You may need to post or have this moved in the trojan forum.
     
    Last edited: Sep 10, 2004
  4. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello ritaann

    Do you have Ad-Aware SE and have you updated and run it lately? It seems this Trojan is related to eUniverse possibly and Ad-Aware has some definitions for it. Please keep us posted.
     
  5. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hey Devinco
    I have scanned using adaware ,spybot. a two and norton antivirus,nothing found.i'll keep scanning and thanks for the links.I did download a screensaver this morning,hope i didnt pick something up
    rita
     
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Devinco and Qsection, Thanks for the save guys, I didn't even think of trojans, I was just answering the hijack question.
     
  7. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi Q section
    thanks for replying.yes i've run adware spybot and a squared 2 and norton--nothing found
    rita
     
  8. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    ritaann
    We cannot help asking but is your Ad-Aware the SE version and is it currently updated?
     
  9. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi
    i just run spybot again,this time it found as follows:eacceleration--16 enteries
    keen value e universe.my free cursors-2 enteries
    search for it-1 entry
    shop at home-2 enteries
    sybot deleted all but 5 and ask if it could run at startup and i clicked yes and shut down the computer and rebooted and it ran and said no immediate threats.does that mean it deleted the other 5?I'll run it again and post back.Yes, Q section i have adware se and its updated--it didnt find anything,i ran it again too ,thanks to all who replied
    rita
     
  10. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi
    i checked again and it still found 2 enteries and ask about running on startup--i clicked yes and also another strange thing happened.Scotty the watch dog of winpatrol give a message that a program i had not had before wanted access,it was spybot.I have always had spybot but i clicked allow access.i have had winpatrol for ages too and it never before ask about spybot.hope this post makes sense
    rita
     
  11. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    ritaann - the reason we mentioned Ad-Aware was that someone else had posted a log and it had the exact same signature as you had. We are surprised that AA did not notice your entry! Well it sounds as if you are clear for now!

    Be seeing you. :)
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
  13. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
     
  14. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Thanks Infinity
    If i soon dont get rid of it i sure will.now i'm down to one entry of shop at home.I'm running adware now to see what it finds.Every time i shut down and let spybot run on startup it finds nothing and soon as i get back online and run it it finds shop at home and tells me it can be fixed on startup but it hasnt so far.It sure is agravating.thank you for link
    rita
     
  15. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  16. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi everyone
    i finally got rid of it.I scanned with adware again and it found something Sahent- anyway i deleted it and run spybot again and it was clear.I dont think i'll ever download another screensaver because i know all this was found after doing so,anyway i even deleted the screensaver too :D thank you every one for helping me.i so appreciate it
    rita
     
  17. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi IC
    i thank you for the stinger link--i may need it sometime- but i think i finally got it all cleared up
    rita
     
  18. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Hi ritaann

    Deja vu. About six months ago i downloaded a screensaver from tucows, installed it, luckily one of the first things i did after this was go to my favourites folder, and it was filled with pornlinks, i spent most of that day removing spyware from my computer, a very learning experience :eek: :p :D. Anyway i hope your computer is clean now. :) :cool:

    Regards
     
  19. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    thank you don Pelotas for this post.I'm glad i'm not the only one to make the mistake of downloading something.It's hard to tell what to do sometimes isnt it?Do you have any tips on how to reconize what is ok and whats not?
    thank you
    rita
     
Thread Status:
Not open for further replies.