The silent runners log doesn't show anything malicious. Could you post one more screen shot please? I dont think this is malware related...im trying to think whats going on.
Ok...here're the shots...could it be that it's because i'm using BT? Personally I don't think so cuz' it the rate doesn't slow even when I'm not using BT. I've tried it out.
Whats tml? If you could try the BT thing for me, I'd appreciate it. Your cable connection, is it through a router or modem? The IP addresses shown in the pic look like they belong to some kind of port...
Kaspersky found stuff hiding in System Restore. If you disabled and re-enabled system restore, like I said above then they should be gone now.
Panda is finding Cookies, which are nothing to worry about but you can use this tool to remove them:
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
Download CCleaner from here to clean temp files from your computer.
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.
Can you do the following, whenever you have time. No need to do it now
Please print out this instructions as you should have all open windows and programs closed when running the scan.
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure "Scan through Windows Explorer (Recommended)" is selected\checked
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
So there're no real problems that you see on my logs now? Thanks for the help! Damm these problems have gotten me worked up. I'll post what I find tomorrow on not using BT.
Um, you told me to "- Make sure "Scan through Windows Explorer (Recommended)" is selected\checked " but i can't find the option anywhere, Anyways, here're the results:
Um, you told me to "Make sure "Scan through Windows Explorer (Recommended)" is selected\checked" but I can't seem to find it anywhere. Anyway, here're the results:
oh...and the rate of my intrusion counter has dropped some, but it's still increasing at a much slower rate...So i guess it's really BT after all... Maybe you might still want me to test out for an hour...
Oh yes, before I forget, how do i prevent myself from getting things like SpyFalcon? I don't know how i got it, just that i HAD it before checking this forum and fixing it...
How did you fix SpyFalcon? Il get an email notification when you post back, so Il know when to check
Some prevention tools for you:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. If you don't have a Firewall, then choose ONE below
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have one, choose ONE from below.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders. Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start | Run | type msconfig | Press Enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
Okay, i've tested out the BT thing for 4 hours now. 2 hours with and 2 hours without. What i've found out is that there's a small difference. The 2 hours with BT on amounted the intrusions to around 170 in the morning here (which is nighttime in areas like Europe and the US) while the 2 hours without BT on amounted to around 90, also in the morning here. I noticed that the rates tend to fly when it's around late night here (around afternoon for EU and US) so my guess it's that the time period. Just a guess though...
Ok...experiment results time. The 1st pic is the hour WITHOUT BT on while the 2nd pic is WITH BT. Both are tested in the afternoon here, at 1330 and 1430 respectively. The fact that the rate of having BT on is lower is surprising, but i guess it kinda proves that the intrusions are not because of BT. What do you think?
It is strange but to be honest I dont think its anything to worry about...look at my pic below. Although it is not as much as yours, I still think its nothing to worry about. It could be all the programs we run? Just make sure that everything is ON in ZA.
I recently found out that ZA blocking things is nothing to worry about. ZA does it most of the time and as long as its blocking things, theres no need to worry.
Comments
What type of connection do you have...Router or modem? Broandband or Dial-up?
EDIT: Do you have any ports open?
Kaspersky found stuff hiding in System Restore. If you disabled and re-enabled system restore, like I said above then they should be gone now.
Panda is finding Cookies, which are nothing to worry about but you can use this tool to remove them:
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
Download CCleaner from here to clean temp files from your computer.
deselect "Only delete files in Windows Temp folders older than 48 hours."
Please print out this instructions as you should have all open windows and programs closed when running the scan.
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure "Scan through Windows Explorer (Recommended)" is selected\checked
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
03/18/06 00:38:00 [Info]: BlackLight Engine 1.0.33 initialized
03/18/06 00:38:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/18/06 00:38:00 [Note]: 7019 4
03/18/06 00:38:00 [Note]: 7005 0
03/18/06 00:38:55 [Note]: 7006 0
03/18/06 00:38:55 [Note]: 7011 776
03/18/06 00:38:55 [Note]: FSRAW library version 1.7.1015
03/18/06 00:39:35 [Note]: 7007 0
03/18/06 00:41:53 [Info]: BlackLight Engine 1.0.33 initialized
03/18/06 00:41:53 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/18/06 00:41:53 [Note]: 7019 4
03/18/06 00:41:53 [Note]: 7005 0
03/18/06 00:41:59 [Note]: 7006 0
03/18/06 00:41:59 [Note]: 7011 776
03/18/06 00:42:00 [Note]: FSRAW library version 1.7.1015
03/18/06 00:42:35 [Note]: 7007 0
Like I said, I dont think its a malware problem cause we've done most of the scans I can think of. Try the BT thing and let me know please. Good Luck!
Anyway a very big thank you to you guys for helping people like us out. This is the 4th time you guys saved my PC and my hair :P
Some prevention tools for you:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. If you don't have a Firewall, then choose ONE below
Zone Alarm
Sygate
Sunbelt Kerio PF
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have one, choose ONE from below.
Nod32
AVG Free Edition
AntiVir
avast! 4 Home Edition
Install and keep updated, Ad-Aware SE, and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster and SpywareGuard
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start | Run | type msconfig | Press Enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
Anyways, here's the link to my friend's thread:
http://www.short-media.com/forum/showthread.php?t=43597
I've replied to your friends log
How are things? Are you having any other issues?
I recently found out that ZA blocking things is nothing to worry about. ZA does it most of the time and as long as its blocking things, theres no need to worry.
Can we mark this resolved?
I'l mark this resolved. If you need help again, just start a new thread.