|
|
|
|
|
Posted by jay on January 24, 2005, 3:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi!
My SW-Firewall (ZoneAlarm) keeps producing alerts on startup. An
application called "vsihoyguy5.exe" tries accessing the gateway on DNS
Port and Localhost: Port XXXX (changing). The Process doing this
changes every time ("process 860 is trying to.." the next time it's
process 348 and so on), thats why ZoneAlarm keeps alerting me and the
remembered settings are no use.
The application properties window shows the following:
Path: C:\Windows\System32
Size: 0 Bytes (!)
and so on..
I can't find the file "vsihoyqy5.exe" at this path, I didn't find any
information about the file on internet and groups and Spybot, Adaware
and some online Security Scanners didn't find anything.
I installed Java 1.5 recently, could this be the Problem? (I
personally don't think so..)
I'm using Windows XP.
Can anybody help me, any idea?
Thanks a lot,
cheers,
Jonas
|
|
Posted by Dips on January 25, 2005, 2:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi jay,
First of all you did mistake. Why you've not given PORT number. So that
we can identify it easily.
Anyway What I doubt is, Somebody has installed some keylogger kind of
thing in your Machine...
First reboot your machine to safe mode and see whatz their in your
system start-up (you can see the run part in Sys registry). Then go to
your System directory and check for the filename again. And see any
file is their by that name (Use your admin login there).
No Java not sends any Information and nor tries to connect to download
or to send any information....
I hope you'll definately find something fishy.... ;-)
Cheers!!
Dips
|
|
Posted by Nick Roberts on January 25, 2005, 7:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> vsihoyguy5
Have you tried an antivirus program?
There are some good free ones available. I recommend Anti-Vir:
http://www.free-av.com/
which I use myself. If that doesn't work, you could try other antivirus and
anti-adware programs. I'm not sure what else to suggest.
I'm guessing that there is some other program somewhere that creates
"vsihoyguy5.exe" every time it runs, and then runs "vsihoyguy5.exe", which
itself somehow hides the file while it runs (spawn a process then delete the
original process and its EXE file?). Maybe a contents (text) search of your
computer for "vsihoyguy" would turn up the real culprit? Best of luck.
--
Nick Roberts
|
| Similar Threads | Posted | | Pointers required for mysterious Sending Mail message in Ooutlook | November 30, 2004, 12:25 pm |
| Osama Found Hanged | July 22, 2004, 1:31 pm |
| n3monap23.exe and j0z.biz - spyware found? | January 31, 2005, 2:37 pm |
| found a freeware keylogger | June 4, 2006, 9:25 am |
| Security Ideas for new App I'm Building? | July 30, 2007, 4:39 pm |
| Re: Major DNS flaw found and addresed | July 10, 2008, 2:37 am |
| found a free service to browse the web anonymously.. | January 10, 2006, 8:53 pm |
| Need help with Zonealarm. Can't connect to internet | December 24, 2005, 10:24 am |
| PC trying to connect to a huge list of IP addresses. Aye Chihuahua! | May 2, 2004, 9:59 am |
| Is there any third party tools to connect active directory with Oracle? | May 9, 2005, 8:03 am |
|
|
|
XML site map