Warning component has changed in OP

Discussion in 'other firewalls' started by strategia, May 19, 2004.

Thread Status:
Not open for further replies.
  1. strategia

    strategia Registered Member

    Joined:
    May 17, 2004
    Posts:
    10
    Re: Where is OP forum ?

    At last I'm posting my trojan? problem here. Or is it just OutPost?

    I get a warning that a component has changed in a (win98se) program using the internet — Opera, IE, Crazy Browser, Eudora, ePrompter. The thing is that I have not recently changed any of them; although I have recently moved from free to the paid version (trial) of Oupost.

    When I check to see which component has changed it is always a dll (they vary). Each time, the dll is NOT in the folder belonging to the program whose component has changed. Fearing a trojan, I have always blocked the program's access to the internet.

    I can only get past this by replacing my suystem files with an old set. But eventually the same warning will arise again and off we go into the loop.

    I've run AVG6, Avast, AdAware and SpybotS&D — none of them find anything to worry about. GoonMan has advised me to run HijackThis and post the report here for general expert review.

    Here it is and I would appreciate any help that you people may be able to offer. thank you.
    ============================
    Now here's a first! As I was uploading the files, I got my OP warning and had to block Opera. But before replacing the system files, I closed and rebooted Opera and managed to get past the "block". What gives there?
     

    Attached Files:

  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Re: Where is OP forum ?

    The problem with trying to protect against DLL injection is that it cannot discriminate against hostile and friendly changes made. I suggest you turn off this function in Outpost by going to Applications, and down in the bottom right section of that window click components. Then, at the top of the page, select the drop down and choose component control level is off.

    This function was added to Outpost to deal with leak tests and should only be used by people that want to track DLL changes.

    A better choice for protecting against leak type exploits is to use a sandbox type application like System Safety Monitor.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi strategia

    For your hijackthis log you may want to post it in the Browser Hijacks and Spyware Problems forum where the experts there can have a look at it. The sticky posts will explain how to go about posting it.

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.