Results 1 to 10 of 10

Thread: PLEASE HELP ME , IM BEING SWAMPED

  1. #1
    xenomorph Guest

    Default PLEASE HELP ME , IM BEING SWAMPED

    hi,
    im currently using zonealarm pro, and im getting attacked badly. today alone it has blocked 218 intrusions. making it over 1000 blocked intusions in the past 10 days, 10 high rated.
    i also use spyware doctor, NOD32 AV, Spyware nuker XT.
    i have run full scans, there is no malicious files on my pc, and i have blocked several ip's of the person trying to hack me, but they keep cycling them. i did ip trace on some, were from canada, china, alaska, brazil, etc etc
    this semi-constant blocking of hacker attempts is really taking its toll on my pc,
    any help is highly appreciated.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:7.0

  2. #2
    xenomorph Guest

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    btw im abit of a noob lol.

    also this random exe appreaded on my pc" forditchroam.exe "no idea whats its from, or how it got here. it tried to access the net so i killed it with zonealarm. i googled it but it came up with nothing

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    Hi

    Do a Search using windows for the unknown .exe. Just make sure the bottom item of the search has all the items checked and search the entire C drive for the component. Once located check the properties for the version , manufacture or supplier and the time and the date.

    In fact if you right click the item in the Program Control list of the ZA, there is a properties check and the exact location can be found and it can be investitgated even further.

    The suspect file can be further scanned by a multitude of av scanners, all at the same time>

    http://virusscan.jotti.org/

    The file should be copied and uploaded to the testing site. But the readout of the results will leave no doubt in your mind as to whether the file is malware or safe.

    Plus the ZA logs will show the exact IP of the source of the intrusions. Please show some of those IPs to help us investigate the situation.

    Oldsod
    Best regards.
    oldsod

  4. #4
    naivemelody Guest

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    You have Spyware Doctor and SpywareNuker; with SpywareDoctor you really don't need Spyware Nuker -especially after it 'was' found to be a "rogue" anti-spy in the past- maybe they cleaned up their act - but, maybe, their still up to their old dirty tricks - that may explain how your getting all the intrusions - it's from within. "My personal" recommendation - uninstall and completely delete that software and instead use some of the "Trusted anit-spy apps" listed in the following website - http://www.spywarewarrior.com/rogue_...tm#trustworthy
    .<hr>Here is the background info. on Spyware Nuker - http://www.spywarewarrior.com/rogue_...e.htm#swn_note
    .



    and here is what is written about
    it-

    <hr>

    <a target="_blank"></a>Note on SpywareNuker &amp; pcOrion:
    Spyware Nuker and pcOrion are re-branded clones of one another; both are distributed by TrekBlue/TrekData. Spyware Nuker and pcOrion were listed on this page on this page primarily because of issues surrounding Version 1 of Spyware Nuker, because of TrekBlue's murky relationship with the adware distributor BlueHaven Media, and because of objectionable advertising that used to appear on the pcOrion home page.

    Version 1 of Spyware Nuker had a deservedly poor reputation. It was a clone of BPS Spyware &amp; Adware Remover, which itself is a rip-off of Ad-aware (1, 2) and Spybot Search &amp; Destroy (1, 2, 3, 4, 5). Moreover, it was prone to ridiculous false positives, like the other clones of BPS Spyware &amp; Adware Remover. (Contrary to allegations on the Net, no version of SpywareNuker or pcOrion, so far as we can tell, has itself installed adware or spyware.)

    In the late spring or early summer of 2004, TrekBlue released a new version of SpywareNuker (version 2, also known as SpywareNuker 2004) which is not built on the codebase licensed from BPS (1). Testing with this new version
    -- also released under the name pcOrion -- indicates that it does detect and remove spyware and adware. Moreover it is not prone to inexcusable false positives, as its predecessor was. Thus, the new SpywareNuker 2004 is a significant improvement on the justly discredited original version of SpywareNuker. Still further, the objectionable advertising on the pcOrion home page has been removed, and TrekBlue/TrekData has taken steps to clarify the history of its relationship with BlueHaven, which is no longer a TrekBlue/TrekData company. (1, 2)

    Given that the issues surrounding Spyware Nuker and pcOrion have been addressed by the TrekBlue/TrekData, we can no longer consider Spyware Nuker or pcOrion to be &quot;rogue/suspect&quot; anti-spyware.

    Domains: nuker.com, spywarenuker.com, trekblue.com, trekdata.com

    (Note: other domains associated w/ SpywareNuker &amp; pcOrion include: 1spybot.com, add-aware.biz, adawareinfo.com, catlab.us, dbxml.org, endadware.com, nukerdownloads.com, nuke-spyware.com, spy-bot.biz, spybotfinder.com, spywarealert.com, spyware-killer.com, spynuke.com, spywarenuker.us, spyware.pcwash.com) [A: 6-26-04 / U: 9-24-04]

    <hr>And of course, by now you should have your ZA firewall -Internet Zone Security - at &quot;High&quot; settings, have the latest IE 7- if you use that, have all the latest Microsoft Security Updates. Other software updated - such as
    Adobe, Windows Media Player, Quick Time, etc. as
    these software have exploits/vulnerabilities that software updates will cure.
    The Spywarewarrior site link has chapter if

    &quot;If your PC is infested w/spyware...&quot;

    -follow the recommendations - http://www.spywarewarrior.com/rogue_...are.htm#online
    .
    :8}NaiveMelody 3-25-07~6:37pm e.s.t. - The Living Daylights - a-ha














































  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    Hi NaiveMelody

    Hey you picked up on the Spyware-Nuker. I was wondering about that application. I'm glad you caught my mistake.Happy that you mentioned the rogue list at spywarewarrior.com

    Thanks,

    Oldsod
    Best regards.
    oldsod

  6. #6
    xenomorph Guest

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    wow, i really didnt know that about spyware nuker. in the past it has picked up win32 trojans that both spybot and Spyware doctor have missed tho.
    oh well, one less program to clog up my pc lol.


  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    By any chance, did your PC get a new IP assigned by the provider? You may have got (inherited) somebody elses old IP that was besiged or had numerous connections.

    Doing any P2P or used any P2P?

    Best regards.

    Oldsod

    Message Edited by Oldsod on 03-26-2007 03:29 AM
    Best regards.
    oldsod

  8. #8
    Join Date
    Mar 2007
    Location
    The UK
    Posts
    86

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    I only loaded ZAISS last Wednesday and the stats are showing 5661 intrusions blocked with 90 at high risk. I thought this was just normal, but having read this thread I wonder if
    this is
    unusually high??? Before loading ZA I did a thorough examination with a number of AV/ ASpam applications (e.g. Trend House call and Zaparsky) to ensure things were clean before loading.
    Regards,
    [/B]Graham[/B]

  9. #9
    xenomorph Guest

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    im on a router with some other pc's, but im seperate in that i have DMZ activated.
    one of the other pc's uses a P2P program, but it is unlike others, very high class no virus's or other unwanted files.
    so it is unlikely to be the cause, although since the touer IP is shared, indirectly someone could have noted it and begun attacks.

    basically iv given up, the attacks are
    lagging my pc lol.
    soon i will reformat and hopefully this person will leave me alone.

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: PLEASE HELP ME , IM BEING SWAMPED

    If behind a router and the DMZ is not used, then try this advice:

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    http://zonealarm.donhoover.net/dnsdhcp.html

    http://www.microsoft.com/resources/d....mspx?mfr=true

    Placing the DHCP and the DNS servers as Trusted could solve your problem.

    Best regards.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •