Did I have a malicous intrusion?

Discussion in 'other firewalls' started by doug_hastings, Feb 4, 2005.

Thread Status:
Not open for further replies.
  1. doug_hastings

    doug_hastings Registered Member

    Feb 4, 2005
    Howdy folks,

    First post, but here goes.

    This morning when I booted my machine (XP pro, sp2, zone alarm, panda av), it froze immediately with the mouse in the middle of the screen , with an hourglass, like mentioned in this thread. I hit the "R" button on the front of my machine, and when it rebooted there was a new icon on my desktop. It is ATI CATALYST shortcut, which lead me to this thread in Wilders Security Forums.

    In addition, the #2 machine (XP home, sp1 (stupid I know, but we could not establish connection with sp2 after seperate installs), zone alarm, panda, abtrusion protector) appears to have been invaded because it attempted to log on to an web based email account unsuccessfully.

    These two machines are connected by a Linksys BEFSX41 firewall router, which in turn is connected to a cable modem.

    So, I ran adaware, spyware blaster, crap cleaner (would not run on primary machine), and a full panda scan. Nothing too fishy turned up. In addition I reset the password on the router and set all zone alarm program controls to "block" except for those I absolutely needed, which I set to "ask".

    I checked the event log, per the thread noted above, and in "application" at the time the ATI icon appeared on my desktop:
    -wuaueng.dll (716) SUS20ClientDataStore: The database engine started a new instance (0).

    and in "system" about an hour earlier were two instances of:

    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    -The Ati HotKey Poller service entered the stopped state
    -The iPod Service service entered the stopped state.
    -The ATICDSDr service was successfully sent a start control
    -The ATICDSDr service was successfully sent a start control.
    -Installation Successful: Windows successfully installed the following update: RADEON 9800 PRO Update

    It bears noting that I have had "sophisticated" malicious visitors on several occassions.

    My question is: did I have an uninvited visitor? What may they have done to my machines?

    Please excuse me if I seem out of my depth, but I am.

    Thanks in advance, and you have a nice forum here.
  2. Passerby

    Passerby Guest

    Go to Windows Update and check your install history, maybe you'll find Windows Update grabbed the ATI drivers from there after something hosed yours. You can tell XP to turn off checking for non-security driver updates.

    That still doesn't tell you what happened to get you there or if something nasty is afoot, I'm sorry I don't know that but this might be a start.

    To Turn Off Windows Update Device Driver Searching by Using Control Panel

    1. Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.

    2. Double-click System.

    3. In System Properties, click the Hardware tab.

    4. Click Windows Update.

    5. Click Never search Windows Update for drivers.
  3. doug_hastings

    doug_hastings Registered Member

    Feb 4, 2005
    Thanks Passerby,

    Checked windows update, and yes driver downloaded. So I guess everything is cool.

    I appreciate the peace of mind.


    BTW- Again, Nice forum. I have been looking for something like this for a while.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.