Results 1 to 10 of 10

Thread: Randomer?

  1. #1
    Vaflis Guest

    Default Randomer?

    Well... Since my "avast" told me that "Svchost.exe" is rootkit i decided to instal "zonealarm extreme security". Then when i checked log i've seen this... Well i'll just post picture if allowed .

    http://img52.imageshack.us/i/91981197.jpg/
    http://img294.imageshack.us/i/79686882.jpg/

    The thing i couldn't figure out, that is what is "randomer" and "extallblock2" rule.

    P.S. What is rootkit?

  2. #2
    findley Guest

    Default Re: Randomer?

    Quote Originally Posted by Vaflis View Post
    Well... Since my "avast" told me that "Svchost.exe" is rootkit i decided to instal "zonealarm extreme security". Then when i checked log i've seen this... Well i'll just post picture if allowed .

    http://img52.imageshack.us/i/91981197.jpg/
    http://img294.imageshack.us/i/79686882.jpg/

    The thing i couldn't figure out, that is what is "randomer" and "extallblock2" rule.

    P.S. What is rootkit?

    Hi Vaflis,
    Here is some information on rootkits:
    A rootkit is a software system that consists of one or more programs designed to obscure the fact that a system has been compromised. Contrary to what its name may imply, a rootkit does not grant a user administrator privileges, as it requires prior access to execute and tamper with system files and processes. An attacker may use a rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a rootkit is intended to seize control of the operating system. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.[1] Rootkits may also install a "back door" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.
    More here

    You may also want to take a look here or have your system checked out for rootkits and other malware at bleepingcomputer or spywarehammer.

    Findley

  3. #3
    naivemelody Guest

    Default Re: two anti-virus XXX

    Vaflis, pay attention:

    Just One, Not Two -- Never use two anti-virus products at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel. I see Avast icon and ZA icon in your system tray.

    You have Avast av + ZAX - when you have two anti-virus products running, installed (even if one is disabled) can cause various problems.

    78-61-10-164.static.zebra.lt = LIETUVOS-TELEKOMAS - of Lithuania, telecom - which is probably your ISP. Not malware/ bad.

    I may be quessing that Avast has made a 'false positive'. Rootkits do exist, but are usually rare and often very hard to detect and remove; while 'false positives' are more common amongst all types of software. There are separate 'root-kit detector' software that you can get instead of ZAX.
    __________________________________________________ ______
    Click here > http://forum.avast.com/index.php?topic=36078.0 = this is Avast Forum - svchost.exe Rootkit - please read thru. It may be a very good idea to post your issue there, as it was Avast that originally detected it.
    __________________________________________________ ________
    Questions: please list back specifics...
    - are you using a router?
    - your Avast - the free version or full?
    - are you using 'anonymizer software'?
    - you had Avast av first, but what firewall were you using before you installed ZAX?
    - have you run a ZA anti-virus scan? Did it find anything?
    __________________________________________________ __

    You must decide - un-install Avast ? or ZAX ?


    Just One, Not Two -- Never use two 'software firewalls' at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility/ 'removal tool' or if not available use the Windows XP/ Vista/ Windows 7 'add/remove' software tool in the control panel. You can add/ use a 'hardware firewall' included in a Wired Router, Wireless Router or Broadband Gateway with your ZoneAlarm firewall.

    Most new pc/ laptops come with pre-installed security software.
    If you have pre-installed *Norton or McAfee* security software - please see here for more info of using their special 'Removal Tool' <> it does help - click here > http://forums.zonelabs.com/showthread.php?t=39422

    Whenever posting here- it is always advisable to list your:OS (XP SP 2-3 / Vista SP1-2 / Windows 7), your zonealarm product and it's version number
    Last edited by naivemelody; December 14th, 2009 at 11:39 PM.

  4. #4
    Vaflis Guest

    Smile Re: two anti-virus XXX

    Quote Originally Posted by naivemelody View Post
    Vaflis, pay attention:

    Just One, Not Two -- Never use two anti-virus products at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel. I see Avast icon and ZA icon in your system tray.

    You have Avast av + ZAX - when you have two anti-virus products running, installed (even if one is disabled) can cause various problems.

    78-61-10-164.static.zebra.lt = LIETUVOS-TELEKOMAS - of Lithuania, telecom - which is probably your ISP. Not malware/ bad.

    I may be quessing that Avast has made a 'false positive'. Rootkits do exist, but are usually rare and often very hard to detect and remove; while 'false positives' are more common amongst all types of software. There are separate 'root-kit detector' software that you can get instead of ZAX.
    __________________________________________________ ______
    Click here > http://forum.avast.com/index.php?topic=36078.0 = this is Avast Forum - svchost.exe Rootkit - please read thru. It may be a very good idea to post your issue there, as it was Avast that originally detected it.
    __________________________________________________ ________
    Questions: please list back specifics...
    - are you using a router?
    - your Avast - the free version or full?
    - are you using 'anonymizer software'?
    - you had Avast av first, but what firewall were you using before you installed ZAX?
    - have you run a ZA anti-virus scan? Did it find anything?
    __________________________________________________ __

    You must decide - un-install Avast ? or ZAX ?


    Just One, Not Two -- Never use two 'software firewalls' at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility/ 'removal tool' or if not available use the Windows XP/ Vista/ Windows 7 'add/remove' software tool in the control panel. You can add/ use a 'hardware firewall' included in a Wired Router, Wireless Router or Broadband Gateway with your ZoneAlarm firewall.

    Most new pc/ laptops come with pre-installed security software.
    If you have pre-installed *Norton or McAfee* security software - please see here for more info of using their special 'Removal Tool' <> it does help - click here > http://forums.zonelabs.com/showthread.php?t=39422

    Whenever posting here- it is always advisable to list your:OS (XP SP 2-3 / Vista SP1-2 / Windows 7), your zonealarm product and it's version number
    1.I used router, before i got new internet plan.
    2.Avast is pretty much free.
    3.What is that?
    4.Windows one (sp2), Don't ask.
    5.It said svchost.exe is rootkit.
    Btw, that ip you listed, isnt my ip. My is (i hope nobody will use it) 78.61.72.184-static zebra etc etc. I use Winxp SP3 (reinstalled cuz i had Win32:virtob and "thefeedonline.com" thingie (routed to there)).Changed hard drive too since other one is still infected with virtob. Zonelarm Extreme 9.1.

    P.S. What for is Port 90 and how to close it?
    P.S.S. (or p.p.s w.e) Would "unhackme" work?
    Last edited by Vaflis; December 15th, 2009 at 02:04 AM.

  5. #5
    findley Guest

    Default Re: Randomer?

    Quote Originally Posted by Vaflis View Post
    Well... Since my "avast" told me that "Svchost.exe" is rootkit i decided to instal "zonealarm extreme security". Then when i checked log i've seen this... Well i'll just post picture if allowed .

    http://img52.imageshack.us/i/91981197.jpg/
    http://img294.imageshack.us/i/79686882.jpg/

    The thing i couldn't figure out, that is what is "randomer" and "extallblock2" rule.

    P.S. What is rootkit?
    Vaflis,

    I'm cycling back to your presenting post - your antivirus - at the time identified a root kit in svchost.exe; installing another security suite on top of what could be malware is a bad idea and as pointed out now you have two anitivirus running - not a good idea. BUT the presenting problem as I see it is whether or not you have a rootkit svchost.exe

    svchost.exe is a legit file name BUT svchost.exe is a favorite file name for malware to use. Malware puts itself in legit file names - so you may have this file name in legit locations as well as locations on your computer from which malware and rootkits can operate. The name of the file is meaningless without knowing the locations. Also, the antivirus that flagged this is a good one and IMHO one not to be taken lightly.

    It's your computer and from your second post indicating more malware problems I strongly urge you to stop making changes and installing software on your system and work with a malware expert and see what is actually running on your computer and clean up any rootkits. Rootkits are nasty and if you are doing any financial transactions, well, you can read the stories of those whose computers were compromised - just google - the tales are endless.

    Findley

  6. #6
    Vaflis Guest

    Default Re: Randomer?

    Quote Originally Posted by findley View Post
    Vaflis,

    I'm cycling back to your presenting post - your antivirus - at the time identified a root kit in svchost.exe; installing another security suite on top of what could be malware is a bad idea and as pointed out now you have two anitivirus running - not a good idea. BUT the presenting problem as I see it is whether or not you have a rootkit svchost.exe

    svchost.exe is a legit file name BUT svchost.exe is a favorite file name for malware to use. Malware puts itself in legit file names - so you may have this file name in legit locations as well as locations on your computer from which malware and rootkits can operate. The name of the file is meaningless without knowing the locations. Also, the antivirus that flagged this is a good one and IMHO one not to be taken lightly.

    It's your computer and from your second post indicating more malware problems I strongly urge you to stop making changes and installing software on your system and work with a malware expert and see what is actually running on your computer and clean up any rootkits. Rootkits are nasty and if you are doing any financial transactions, well, you can read the stories of those whose computers were compromised - just google - the tales are endless.

    Findley
    http://img46.imageshack.us/img46/8094/79457269.jpg

    Answers your "2x antivirus". I don't use that "zonealarm" antivirus. I just deleted "reg.exe (in windows\system32)" And all "svchost.exe is rootkit" are gone! Besides, there are no malware experts where i live (atleast near ones (for just reinstalling windows they took 100LTL(3.50 LTL = 1euro))). And i got not legal ones too.

    P.S. It might be now 3.45 LTL, i dont remember.
    P.S.S. This computer is quite old, so i can't just get some software to clean those thingies up.

  7. #7
    findley Guest

    Default Re: Rootkit removal

    Quote Originally Posted by Vaflis View Post
    http://img46.imageshack.us/img46/8094/79457269.jpg

    Answers your "2x antivirus". I don't use that "zonealarm" antivirus. I just deleted "reg.exe (in windows\system32)" And all "svchost.exe is rootkit" are gone! Besides, there are no malware experts where i live (atleast near ones (for just reinstalling windows they took 100LTL(3.50 LTL = 1euro))). And i got not legal ones too.

    P.S. It might be now 3.45 LTL, i dont remember.
    P.S.S. This computer is quite old, so i can't just get some software to clean those thingies up.
    Hi,
    No need to pay for malware expertise - it is free at many sites. one excellent one is bleeping computer that works with alot of the top malware experts in the field - you would be in very good hands. See Preparation Guide for use before posting about your potential Malware problem and post your log HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
    They work with older computers and older operating systems and the tools you would be asked to use would be gauged to your OS and your particular malware issues as identified by them. I do hope you get your computer checked by a malware expert for free at bleepingcomputer or another free malware removal forum like spywarehammer or malwarebytes and there are many other excellent ones.

    Findley

  8. #8
    Vaflis Guest

    Default Re: Randomer?

    Yes, well, but it's fake alarm. You can check it at avast! forums. Mane threads are made about that problem with avast, so i think it's not to worry. But i shall try that "bleepling computer".

  9. #9
    findley Guest

    Default Re: Randomer?

    That's a good idea. Good luck!
    Findley

  10. #10
    Vaflis Guest

    Angry Re: Randomer?

    oh and by the way:

    How to stop those incomings from trying to get in again, because when zonealarm says one tried to get in, my PC starts to lag. Especially when im hosting stuff (warcraft 3 games or Counter-strike).

    P.S. Before i installed zonealarm it was almost the same.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •