Newbie in imminent danger?

Published by: anonym 2009-01-07

14.10 300 Patients/300th Episode - NBC::
12 posts - Last post: Dec 18, 2007Newbie Group: Members Posts: 30. Joined: 31-October 07 Abby didn't have Joe with her at the time, so Joe was not in any imminent danger.
http://boards.nbc.com/nbc/index.php?showtopic=775744&view=getlastpostHOME

Posted this in someone else's thread, now I'm re-posting it here with added information.

Win XP SP2, Outpost 2.5.369.4608 (369)

Avionics Build It Yourself Manuals - Aircraft Design & Building ::
someone unless they are in some other form of imminent danger (the most . This is another case of a newbie falling prey to some hi-tek huckster.
http://www.airtalk.org/image-vp683803.htmlHOME

-----

I'm a total newbie at Outpost, which I recently installed on my laptop and promptly bought (v.2.1). Then I upgraded to 2.5 -- I believe it was last week (things are a bit hectic here). I only have Outpost installed on my laptop, as I still have a valid license for ZoneAlarm Pro for my desktop.

Now I'm getting a lot of component control warnings, including one for Opera.exe which really has me worried because I haven't upgraded Opera recently. I'm not altogether certain whether this is merely attributable to Outpost's new behavior, since I'd been running the laptop without a reboot for more than a week and I may have upgraded Opera just before that (can't remember, frankly).

I ran a lot of checks on the laptop, as listed in http://Aumha.org/a/quickfix.php (a link I followed from a message in this forum, I believe) and ran CWShredder, Ad-Aware and Spybot S&D twice, first in normal mode and then in Safe mode. They all give me a clean bill of health now, except for a DSO exploit found by Spybot S&D which I can't seem to get rid of, but I have Win XP SP2 anyway so I figure I'm safe on that front. All Ad-Aware found - the first time I ran it - were cookies and something called BroadcastPC.

Also, bidirectional request router tells me a hidden process is requesting an outbound network connection; unfortunately I can't tell which file the process is in because the path doesn't fit in the box and I can't resize it, but it is launched by what I'm assuming to be a printer (c:windowssystem32spooldriversw32x863 is all I can see of that path)

For the time being I'm blocking access on this one, as I seem to recall the Microsoft Fax driver needlessly requesting network access on my desktop (still running ZoneAlarm Pro).

--ADDED--

I've tried running the PestPatrol online scan. On my desktop it finds SdBot.o but the file and entries listed in PP's removal instructions do not appear to be on my computer (yes, I can see hidden files). On my laptop, however, the online scan just doesn't seem to work - it's lightning-fast on the desktop but just sits there and seems to find nothing on the laptop.

--END ADDED--

This is dreadful because I was waiting to have everything up and running on the laptop before I did some major work on the desktop; now I don't know which is less safe or whether I'll need to do a reinstall on both (please, not that!).

TECHXNY / PC Expo with the Gadgeteers - Monday — The Gadgeteer::
and I had already been spotted as a newbie. puh-leeze! . I never take a sick day this time of year unless I am in imminent danger of death.
http://the-gadgeteer.com/2003/09/15/techxny_pc_expo_with_the_gadgeteers_monday/HOME

Robert Pattinson cuts his hair but not his sex appeal,but not fans ::
2 posts - Last post: Dec 23, 2008Group: AF-newbie. http://www.chicagotribune.com/entertainmen0,6587168.story in no imminent danger of losing his heartthrob status.
http://asianfanatics.net/forum/Robert-Pattinson-cuts-his-hair-but-not-his-sex-appealbut-not-fans-love-talk611742.htmlHOME

Can anyone help me, please, or direct me somewhere else? I hardly dare get online! I am going to post my HijackThis log in the aumha forums but help on the Outpost front would be greatly appreciated.

Thanks!

The DSO Exploit that is found is a problem with the lastest version of Internet Explorer and isn't really spyware. Instead it is more of a vulnerability that would allow spyware in and that is why Spybot reports it, so you know it exists. Sadly, according to what I have read on the subject there presently is no fix. I have the same report from Spybot, and I am under the impression that we are at the mercy of Microsoft to plug this hole.

Edit below:

I forgot to mention that there are some that believe this is a false positive in Spybot and that as long as you have SP2 there is no exploit. The microsoft support forum has a lot of users talking about this false positive.

Component Control warnings can happen for a variety of reasons - could you please post which components you are receiving them for?

Well, lots of DLLs which I (stupidly?) allowed thinking it was an Outpost upgrade issue and assuming they would be frequently changing components. The one that worried me and made me get that computer off the Internet fast was Opera.exe (yes, the exe file rather than a dll).

Unfortunately the logs cleared for the early stuff; all I have now is 10 log entries of THGUARD.EXE modifying the memory of EXPLORER.EXE.

Well something seems wrong if Spybot is reporting something it can't get rid of.

As pointed out in linkshadow's msg after yours, this seems to be a known issue with Spybot and apparently it's all right with SP2.

I would suggest running an anti-trojan scanner on your system - a trial version of TrojanHunter (http://www.trojanhunter.com/) may be the best choice here since it is easy to use and it has been gaining anti-adware capabilities.

I must have neglected to mention it. In fact, I was running TrojanHunter in trial mode and it only found stuff that came in through the mail but never got opened.

What I am currently doing (it's taking ages) is running Tauscan (which I had bought immediately prior to reading about TrojanHunter, but hadn't installed) in maximum-security heuristic mode (well, that's not what it's called but it's what it is) against Agnitum's advice to do this only for suspect files. It's taking ages for it to go through my two partitions, but we're finally getting to the end and it's found nothing untoward in my C drive. Should be finished in an hour or two.

Try checking the Outpost logs (the Alerts Tracker and Component Control sections specifically), these should list the full path.

Too late for the Alerts Tracker, all it lists is the THGUARD.EXE stuff I mentioned.

Component control has a very long log file (475 kb); surely I can't post it here? Is there some method for getting a log file into Excel so it can be processed, or something? I do own Notetab Pro, if that helps.

I find repeated messages saying that the component checksum has been stored (they all seem to be components working for Eudora, Mailwasher, Explorer, Opera, Aupdrun, and Spybot .exe files, as far as I can tell). I know I did a dumb thing by allowing all these changes without knowing what was what, but I just had to get online in a hurry at the time. I thought.

Thsec.dll (in the TrojanHunter directory) seems to have become a component of several Internet-oriented applications. Guess that makes sense.

The Fax service is one of many Windows XP components (http://www.hevanet.com/peace/microsoft.htm) that will attempt Internet access - being able to control (and block) Microsoft's attempts to be "helpful" is one of the key benefits to running a firewall.

Yes, I'm used to using ZoneAlarm Pro that way (had it even before I got broadband access), but I can also find my way around the ZAP interface far more easily than with Outpost, to understand just what I've blocked or allowed; Outpost is more cryptic in its messages, less helpful for an intermediate user like me (I wouldn't recommend it to the friends who ask for my advice on computer issues, if you know what I mean.) Paths are only provided some of the time, and can't be seen fully in msg boxes. I only switched to it because of performance issues with ZAP, excellent reviews, and a new computer requiring an extra license anyway. I was mostly happy with v.2.1 - but now I'm flummoxed.

Now I'm getting a lot of component control warnings, including one for Opera.exe which really has me worried because I haven't upgraded Opera recently. I'm not altogether certain whether this is merely attributable to Outpost's new behavior, since I'd been running the laptop without a reboot for more than a week and I may have upgraded Opera just before that (can't remember, frankly).Component Control warnings can happen for a variety of reasons - could you please post which components you are receiving them for?I ran a lot of checks on the laptop, as listed in http://Aumha.org/a/quickfix.php (a link I followed from a message in this forum, I believe) and ran CWShredder, Ad-Aware and Spybot S&D twice, first in normal mode and then in Safe mode. They all give me a clean bill of health now, except for a DSO exploit found by Spybot S&D which I can't seem to get rid of, but I have Win XP SP2 anyway so I figure I'm safe on that front. All Ad-Aware found - the first time I ran it - were cookies and something called BroadcastPC.Well something seems wrong if Spybot is reporting something it can't get rid of. I would suggest running an anti-trojan scanner on your system - a trial version of TrojanHunter (http://www.trojanhunter.com/) may be the best choice here since it is easy to use and it has been gaining anti-adware capabilities.Also, bidirectional request router tells me a hidden process is requesting an outbound network connection; unfortunately I can't tell which file the process is in because the path doesn't fit in the box and I can't resize it, but it is launched by what I'm assuming to be a printer (c:windowssystem32spooldriversw32x863 is all I can see of that path)Try checking the Outpost logs (the Alerts Tracker and Component Control sections specifically), these should list the full path.For the time being I'm blocking access on this one, as I seem to recall the Microsoft Fax driver needlessly requesting network access on my desktop (still running ZoneAlarm Pro).The Fax service is one of many Windows XP components (http://www.hevanet.com/peace/microsoft.htm) that will attempt Internet access - being able to control (and block) Microsoft's attempts to be "helpful" is one of the key benefits to running a firewall.