wyrozf.exe

Discussion in 'other firewalls' started by potatochip, Aug 2, 2007.

Thread Status:
Not open for further replies.
  1. potatochip

    potatochip Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    2
    i recently installed ZoneAlarm Pro v7.0.337. on the first hour, i already get 170 intrusions that have been blocked since install. is this normal?

    wyrozf.exe keep on asking permission to access internet. what is this program? is it safe?

    thanks :)
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Are you sure of the spelling. A quick Google search turns up nothing.
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I am not very familiar with ZA, but I wouldn't say that's normal. Unless you are running some server-type application (P2P i.e). What are the exact parameters of intrusions, IP, port? (of course, conceal any private info, like your IP)

    wyrozf.exe o_O

    I second this. If the spelling is OK, I'd be concerned. potatochip, do you have an AV installed?
     
  4. ASpace

    ASpace Guest

    Hello !

    If you want less things to get to your computer , consider buying a router with NAT/SPI technologies incorporated . Normal or not , the firewall is doing its job - keeping intruders out of your computer. :thumb:


    Who knows? It can be everything . Please , submit the file to a free service caleed VirusTotal (www.virustotal.com) . It will analyse the file with updated popular AV products and will submit the sample to those vendors who find nothing in the file . Thus , all vendors will have a copy of this file and will add if necessary -> your AV detect it
     
  5. MsFluffyMuffin

    MsFluffyMuffin Registered Member

    Joined:
    Jun 4, 2003
    Posts:
    67
    Location:
    UK
    It looks like the Wyr variant, a trojan I think, tries to access the wyr group of sites, I dont know the reason through, some install themselves as a service, some seem to drop loads of copies with random filenames, sorry I don't have any other info apart from that, info seems hard to find, have you tried removing all its files and start up registry keys ? , does it come back ?? I'm sure some one can help you remove this parasite :)

    Fluffy
     
  6. potatochip

    potatochip Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    2
    recently, i got a Sasser worm (lsass.exe error) and i did removed it. the reason i got it is because i did not have firewall (yes, stupid me). but i do have AV (NOD32).

    im not sure what happened, but wyrozf.exe does not exist anymore. o_O o_O

    say if wyrozf.exe (or other random name file) tried to access internet again, i will let u know about the details (the exact parameter, IP and port)

    btw, the "intrusions" are still happening (currently 6220 since install, which is yesterday). yes i use P2P (uTorrent) but even if i close the uTorrent, the intrusions are still happening.
     
  7. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    That happens when the tracker does not update. When you stop seeding files, the tracker doesnt ubdate straight away, so you still get lots of people trying to connect to you. It can go on for a couple of days before it stops. Nothing to worry about, just an irritation if anything.
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    As The_Duality already pointed out, that's quite normal, this is how filesharing works. The 'intrusions' should not be there when utorrent is running (connections are accepted), only when it's closed. This is due to your forwarded torrent port, which remains open. Your firewall blocks the connection attempts as there is no active destination (utorrent is closed) for them.
    If you have a dynamic IP, you could try changing it, the 'intrusions' will stop...
     
  9. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    I may be wrong but I thought the Sasser worm was from 2004 and we are now in 2007. Do you patch?
     
Thread Status:
Not open for further replies.