PDA

View Full Version : Am i paranoid?



AKILLSUX
2008-07-27, 05:20
HI all,have been posting in the Spybot thread,and have been advised to check out my problems with you.Spybot shows no immediate threats,but several issues have been worrying me
After being a victim of the 9th July MS update clash with ZoneAlarmPro firewall,I found that I could not access the Windows update site,and in fact my last auto update was 25Jun.Last Windows Defender update was about the same,although I have since uninstalled the latter,after finding a related filetracker file that I was uncertain about.
I temporarily disabled ZoneAlarm,and when I tried to re-enable it would not start,although the related zlclient.exe constantly appeared in Task Manager.
Then I noticed the last scan date on my antivrus (AvastPro)was 17Jun,although i have scanned regularly.The antivirus appears to update OK,but then the tray icons disappeared,and upon checking start/run.services.msc I found all components disabled.
The latter was reversed after help from a technician working on the MS update issue,not intentionally,but it happened.I have not patched yet to SP3(I have a CD),as I see your advice is to sort out the malware issues first.
My bookmarks have been removed(that hurt!),and my homepage changed.
I cannot access the Java updates,and although I constantly updated all security software was shocked to discover from secunia.com,I was running a few applications,that were not the latest version
I include a rootkit scan that shows hidden items in the registry
avast! Antirootkit, version 0.9.6
Scan started: Thursday, 24 July 2008 7:57:37 p.m.

Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}] **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}] iaepjlkaomgpjjlibk=(binary value) **HIDDEN**
Registry item [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}] haoopkjkaelfamgg=(binary value) **HIDDEN**

Scan finished: Thursday, 24 July 2008 8:01:48 p.m.
Hidden files found: 0
Hidden registry items found: 3
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

I haven't been able to get an online scanner to work,but nothing shows on my
own security programs.
I do not use peer to peer apps,visit porn sites,or do online gambling
My ISP shows as being vulnerable to the DNS cache poisoning issue,also several programs are listening on ports which might not be a problem some are above 1065,but I don't know how to interpret that.
Hope this makes sense,am I right I right to be concerned?

AKILLSUX
2008-07-31, 05:35
Know you are really busy,it's only been four days but want to check whether anyone can help.I posted under heading Am I paranoid,have not included a HJT log yet,the link is http://forums.spybot.info/showthread.php?t=31636&highlight=paranoid

tashi
2008-08-02, 01:37
have not included a HJT log yet,

Hello AKILLSUX,

As posted here: http://forums.spybot.info/showpost.php?p=215421&postcount=4

Please follow the instructions to post a HJT log.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

If you can produce the HJT log, start a new topic providing that with a link back to this one, as helpers look for threads without a response.

Best regards.