Hijacked Security Log Sygate!

Discussion in 'other firewalls' started by Bunyip, Dec 14, 2004.

Thread Status:
Not open for further replies.
  1. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi

    Does anyone have experience with the Hijacking of Firewall Security Logs.

    I get notification from my Sygate Firewall that I am being Hijacked. When I go to Security Log to stop any further action I then get a Box up saying that Security Log Unavailable due to upgrade. Now this would be fine now and again but not an Upgrade two or more times a day. When I can get to the Security Log the offender is not registered. Obviously I will get some notifications of Hijack attempts from certain downloads etc. and these do register and don't cause box to come up.

    Anyone know of this and what I can do to catch in act on Whois.
    Some Hijacks can't be traced as they have a 0000 number only, however, these types which I get everytime on Internet don't appear to be the hijackers causing this problem.

    Checking the Packet Logs has shown attempts to turn Sygate Off several times.

    I have Uninstalled and Re-installed and thought problem over for awhile but back again.

    Please don't suggest Sygate Forums as I have mucked about for seven days trying to get a Membership Validated. It maybe because I'm in Australia?

    Any suggestions or help would be greatly appreciated

    I am not a Computer Whiz so keep it simple please.

    Regards
    Bunyip
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Bunyip

    ... and welcome to Wilders :)

    Are you referring to entries in your logs that the firewall has blocked?
    To help explain what you may be seeing in your logs in the way of firewall events it is helpful to post a sample from the log. Just edit your public IP prior to posting them (ie. 123.45.xx.xx)

    Regards,

    CrazyM
     
  3. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi
    Thanks for welcome.

    This is a sample of Hijack registered in Security Log.

    Application Hijacking has been detected
    The application: C:\Program Files\Internet Explorer\IEXPLORE.EXE try to launch another application: C:\Program Files\Outlook Express\msimn.exe

    These are not the Hijacks that are a problem.

    The ones that are will not let me access my Security Log nor my Packet Log to stop any further action of me using the pull down tab to click on "Stop Any Further Action" till they have done whatever and then when I can access they are not registered in Log.

    I get them nearly every time on Internet.

    Spyware or Virus Scans do not pick them up so nothing left in computer as far as I know. It's what's going out that worries me.

    Many regards
    Bunyip :doubt:
     
  4. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi
    Just something that happened this morning when going on Internet.
    A File appeared on my Desktop called ~ so can't find properties. I deleted to my Recycle and have made a copy to MS Documents. I don't want to copy and post here in case it is some kind of Virus or Trojan etc., Neither my Firewall nor Spyware nor Anti-Virus picked up its entry. It just appeared on the desktop the moment I went onto the Internet. Whether this has anything to do with my problems with Sygate I have no idea.

    Regards
    Bunyip
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Application Hijacking is generally not something you should be worried about at least not the example you listed in your post. All Sygate is telling you is that IE attempted to launch Outlook Express IM client I beleive. As long as you have OE as your default email program and you did just launch it prior to getting this alert I wouldn't worry about it. As to the symbol appearing on your desktop that could be strange and viral or at least malicious. What AV are you using and is it updated to the most recent Def file for that maker?
     
  6. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
  7. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Sygate Pro already includes it's own Anti-shutdown and allows blocking of all traffic if the service is shutdown.

    Operating System Layer -- Secure Process Interactions
    Secure System Start-up
    It is the first personal firewall that integrates meaningful operating system layer protection, guarding the legitimacy of outbound traffic. It blocks any traffic generated before its own service starts up, eliminating the brief security policy vacuum. It can automatically terminate known attacks such as Trojans, Denial of Service (DoS) Zombies. Sygate Personal Firewall Pro also has defense mechanisms that prevent malicious code/and or users from disabling or exiting the personal firewall.
     
  8. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi all!

    I will try to answer all posts as in line.

    FLYARFAN 111

    First Post; I am not worried about the Hijack I sent only the ones that do not register either in Security Log or Packet Log and prevent any action from me.

    Second Post:Regarding the File found on Desktop ~. I have AVG7 with the absolute latest updates. It updates almost daily.

    Last Post: I do not have Sygate Pro. I have the Sygate Free Trial Version that has to be upgraded to Sygate Pro. I am a Pensioner and cannot afford much in the way of purchasing of product so have not been able to upgrade yet.

    NADIRAH

    Yes I think you are in the right ballpark re what is happening? I did read something on a RIPE site when looking for answers regards attacks this way through Firewalls. However, it had no recommendation for fix etc. I will look at your suggestion http re protection.

    Hope I have answered all satisfactorily.

    Regards
    Bunyip
     
    Last edited: Dec 16, 2004
  9. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi

    The strangest thing happened when I tried to do this post.

    I got the Post Box up and then;

    My page kept diverting to show Favourites on left of page and suddenly I had Wilders in 15 times in Favourites. Nothing happened in the Post Box and each time i tried to key a letter another Wilders Http would show on Favourites list o_O??

    All I could do was close down immediately and REBOOT.

    I don't seem to be having trouble this timeo_O??

    NADIRAH: What you recommended is only for later versions of OS than mine.
    I have Windows ME but completely up to date with all Critical Updates.
    My fault I didn't mention my OS :doubt:

    Further to the Article I read on RIPE site it said that one can purchase packages on the Internet now that can break through any Firewall and the USER does not have to be a Computer Whiz as the Package Techs do it all fror themo_O

    Regards to all
    Bunyip :) o_O
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
  11. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi CrazyM.

    If that is all it is, regards File ~,then you should be able hear the sigh of relief at your end :D

    I have now deleted both instances. One from my copy MS Docs and the Original on Desktop.

    Only thing is I have not Edited any Contact Addresses in my Outlook Express?


    Just a query; Could this also happen, if an Address in my Hosts Files, "which are locked" via Spybot S+D which has a tool to lock such files, has been unlocked and an address deleted? I know this is not Outlook Express but I have a very large Hosts File I downloaded from Spyad and also from another site re spyware etc. They do a fantastic job in stopping Popups and interference when I visit Web pages. They both mentioned locking the Files as "read only" so that any hijacjker could not delete or change.

    Anyway thanks heaps regards that File~.

    Regards to you
    Bunyip :)
     
  12. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi CrazyM

    Want a good laugh?

    As I said in earlier post I deleted both instances of File~.
    Apparently I was supposed to rename it :D LOL, re visiting your http.
    I had deleted prior to your message when things went funny here re posting and thought that File may have been the problem.

    However, I tried to download the patch that cures this problem and all Outlook Express 6 Downloads only have only downloads for XP and on etc. The only one that has download for Windows ME is for Outlook Express 5.5 so thinking that must be it because all others are for more recent OS's I downloaded that and got a Message Box that I had to have 5.5 to recieve download LOL :D I'm not going back to 5.5 as I'm upgraded to 6.

    Anyway I'm so relieved re that File~ that I will put up with any problems that arise with addresses except of course re this Hijacking etc.

    Many regards
    Bunyip :D
     
  13. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi all!

    I hope this thread is still alive re my problm of Security Log Hijack.

    Regards
    Bunyip
     
  14. Bunyip

    Bunyip Registered Member

    Joined:
    Dec 13, 2004
    Posts:
    9
    Hi all!

    Thanks to all those that attempted to help on this problem re Hijacking of my Security Log.

    It appears that there is now a total lack of interest on this thread so will close off.

    I have downloaded "Stop'n'Look" so hopefully that will put a stop to it.

    I am a little amazed that the seriousness of what I said was occurring seems to have been dismissed by most as impossible especially those promoting Sygate? Traffic logs are not Security Logs and it had nothing whatsever to do with them or their blocking of some TCP UDP IMCP traffic, only the continous blocking of me being able to stop further info going out of my Computer re supposed Upgrade Box making impossible to access Action Tabs.

    Anyway thanks again

    Regards
    Bunyip
     
Loading...
Thread Status:
Not open for further replies.