Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Rockford.discoverconsole.com

  1. #11
    coisa Guest

    Default Re: miorsocft.com 218.66.104.248 Rockford.discoverconsole.com myFtp.exe

    Update
    Using the uninstall from program files\disc folder stopped myFTP.exe from accessing the internet via Rockford.discoverconsole.com.
    I believed the full problem to be resolved. I was wrong
    ZoneAlarm is still blocking daily and regular attempts to access miorsocft.com (this is the correct spelling at easy glance it might be mistaken as Microsoft) at IP 218.66.104.248 via Winlogon.exe.
    I believe this to be a key logger of some type.
    Beware, if you have an unprotected machine, it may be attempting to steal your accounts and passwords.
    I have used Microsoft's RootKitRevealer, Spybot, Norton Anti-virus, Norton SystemWorks and ZoneAlarm to no avail.
    Searching the web has not revealed a solution.
    ZoneAlarm recently identified win32.backdoor.agent.aro spyware and quarentineed it, but the winlogon.exe attempts to miorsocft.com continues.
    I use Microsoft FrontPage to edit a couple of 3rd party hosted web sites.
    Those sites were compromized, apparently by miorsocft.com,
    and the infection latter 'cleaned' by their anti-virus update as admitted by
    the ISP.
    I have cleaned up the code, where necessary, both on my computer and web host.
    I have not logged on to these sites in the last 2 weeks
    I have re-established the FP security protocol on the 3rd party host.
    Researching this issue on net has found obscure references to rsbo.exe kb1ss1p.dll kb1ss1p.sys in3.dll - I have found none of the programs on the PC or in the registry.
    I have researched winlogon.exe on the net and my files seem to have the right date, time stamps, and byte count - there are 2 versions of the file in the windows/system32 and windows/system32/dllcache folders.
    Further help is needed.
    The only alternative I can think without help
    is to reformat the hard drive and reload using the HP recovery disk set - we all know what an ardous task that can be.
    If I have this problem there must be others with it, perhaps unaware of it.

  2. #12
    coisa Guest

    Default Re: 218.66.104.248 miorsocft.com Rockford.discoverconsole.com myFtp.exe

    Additional word re 218.66.104.248 miorsocft.com.
    Since I last
    posted using IE, access to 218.66.104.248 miorsocft.com seem to be related to IE specifically.
    ZA blocked the access to this site when I last posted.
    ZA does not seem to get the block logged when I use Firefox
    Thanks for all your help



  3. #13
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: miorsocft.com 218.66.104.248 Rockford.discoverconsole.com myFtp.exe

    Malware writers are very sophisticated. They create files that are signed by windows and so easily integrated into the windiws OS it is amazing.

    I would suggest to scan the copies of the files in question uploaded to jotti's or virustotal. Then delete all of the rogue files in the safe mode and clean the recycle bin.

    Going to a HJT forum and getting help is prudent. They usually give good help and advice.

    I would try the freeware scanners such as asquared from emsisoft, superantispyware, the online scan ewido from ewido.net, and so forth.

    Sometimes reloading the OS is the best.
    But I would use a proper disk eraser (something like DBAN), doing a complete wipe, then kill all power (pull the power cord!), and then flash the BIOS. This will make the machine perfectly clean. Any possible rootkits/troyans are removed.

    Oldsod
    Best regards.
    oldsod

  4. #14
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 218.66.104.248 miorsocft.com Rockford.discoverconsole.com myFtp.exe

    Just block this site in the Zones of the Firewall of the ZA. That will stop all or any connections to this rogue site.

    Oldsod
    Best regards.
    oldsod

  5. #15
    RoboRoi Guest

    Default Re: Rockford.discoverconsole.com

    Quote Originally Posted by esando View Post
    Has anyone heard of this?
    It keeps trying to access thru "MyFTP.exe" every hour.
    I ran the ZA scan and it stopped for a little while then it changed the time it tries to log on.
    ZA blocks it's access but I am suspicious.Thanks,Ed

    Operating System:Windows XP Home Edition
    Software Version:5.x
    Product Name:ZoneAlarm Internet Security Suite
    Probably a waste of time at this point, but myFTP.exe is related to or part of DISCover.exe & both programs are made by Digital Interactive Systems of L.A CA. A few minutes ago myFTP.exe wanted to act as a server which I denied & everything seems to be working just fine without it. I found 3 files on my PC named myFTP & scanned all 3, no infections were found.
    I emailed Digital Interactive for more info but from visiting their website I doubt if they'll answer their own contact form is obviously for potential customers. Their IP is in L.A. CA & I have no idea why their software needs to act as a server, the software is used for gaming and/or burning CDs I think. Hope this helps someone out there.

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •