[XP] Strange behavior with Windows Explorer - Security

Author	All Replies
vukodlak75 Nisam Ti Dude Premium,MVM join:2001-10-27 Beachwood, OH	reply to keith2468 Re: [XP] Strange behavior with Windows Explorer Nothing in the registry. This is too wierd. I do have a image of my hard drive dated October 18, 2003 and could try to restore to that date. But I will wait a bit longer. -- "For long you live and high you fly But only if you ride the tide And balanced on the biggest wave You race towards an early grave."
	to forum · permalink · 2003-11-01 19:46:02 ·
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	reply to vukodlak75 Can you double check that there isn't a link to the site in your favorites or other folder? If it isn't in the registry, maybe do an advanced search to look for f*p.umax.com.tw in file contents (with the file search tool). I'm thinking that if it was "make available offline" that would trigger your explorer connecting to it. Or maybe you have a link to the site in a word document or something that is somehow being activated. That or an automatic updates feature in the actual scanner software. Maybe do what you need to to get the connection to appear, and then run "hijack this" (or do ctl-alt-del before and after and look for a change). Maybe whatever is doing this will then appear in the running processes. System restore is an option, but it is a blunt tool that would affect every system change that has happened in the time period being rolled back. The ones you know about, and the ones that happened automatically. I'd use SR only when the time interval is short, or when the situation is serious. In this case it isn't that you are running the FTP server, you are merely connecting to one. So myself, I'd say hold off until we run out of other ideas. (Oh, and if this is some kind of executable file doing this, zip it up or rename it rather than deleting it. Several people will want copies.)
	to forum · permalink · 2003-11-01 19:54:03 ·
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	reply to vukodlak75 You've run spybot s&d and ad-aware. There is some malware that will disable AV scanners. Often web based AV scanners can get around this. To save the last 12 days work, why not try a couple of these: Free AV Scans (scans detect existing infections only) »security.symantec.com/ »housecall.trendmicro.com/ »www.grisoft.com/ »www.ravantivirus.com/scan/ »www.pandasoftware.com/activescan/ To let them run faster, disable you local AV monitor while they run (and re-enable it when the web based scan finishes). Also maybe an anti-trojan scan might pick up somethings: »www.diamondcs.com.au/ »www.nsclean.com/update.html »www.misec.net/trojanhunter/ I think all the ATs let you run them for 30 days for free, which would be enough time to resolve this. I'm also wondering about your hosts file. It is a file that resolves IP addresses to domains. Search for hosts.sam and use notepad to take a look inside.
	to forum · permalink · 2003-11-01 20:06:48 ·
vukodlak75 Nisam Ti Dude Premium,MVM join:2001-10-27 Beachwood, OH	I will do some online tests real soon but I did scan with NAV 2002, TH 3.7, KAV 4.5, Spybot and Ad-Aware. I've never touched my host file but will take a look. Thanks all for helping BTW. [text was edited by author 2003-11-01 20:10:45]
	to forum · permalink · 2003-11-01 20:09:14 ·
DSmithLady Premium,MVM join:2002-04-23 Deep South	reply to vukodlak75 said by vukodlak75: Nothing in the registry. This is too wierd. I do have a image of my hard drive dated October 18, 2003 and could try to restore to that date. But I will wait a bit longer. You don't have system restore turned on? -- It's really easy to join one of our Cancer fighting teams. JOIN TEAM HELIX! JOIN TEAM DISCOVERY UD/TSC!
	to forum · permalink · 2003-11-01 20:11:49 ·
vukodlak75 Nisam Ti Dude Premium,MVM join:2001-10-27 Beachwood, OH	No, I have it turned on. But am reluctant to use it yet because I really want to know what the hell is going on. When I give up then I will use System Restore first and if that doesn't help then I'll revert my drive to October 18 from an image. I'm very anal when it comes to pc problems, I NEED to figure it out. There was only one time when we here at DSLR could not fix one of my problems. Two weeks on trying to fix it then I formatted my drive. -- "For long you live and high you fly But only if you ride the tide And balanced on the biggest wave You race towards an early grave."
	to forum · permalink · 2003-11-01 20:15:34 ·
vukodlak75 Nisam Ti Dude Premium,MVM join:2001-10-27 Beachwood, OH	reply to keith2468 said by keith2468: Can you double check that there isn't a link to the site in your favorites or other folder? SOB, that was it. I had the link in my favorites. f*p://ftp.umax.com.tw/SUPPORT/scanner/PC/UPDATE/ Thank you so much. I was really getting scared that I was infiltrated. Now, why doesn't this happen on my other pc? I have that same link in my favorites. -- "For long you live and high you fly But only if you ride the tide And balanced on the biggest wave You race towards an early grave."
	to forum · permalink · 2003-11-01 20:38:13 ·
Sarick It's Only Logical Premium join:2003-06-03 USA	reply to vukodlak75 O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL WHATS this it looks.. Umm.?
	to forum · permalink · 2003-11-01 21:15:34 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL kudos:8	said by Sarick: O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL WHATS this it looks.. Umm.? I find L=legitimate Items: L {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216}: Folderbox.dll > FolderBox You can check it here: »home01.wxs.nl/~kleyn080/BHO_list.html What did you find to say Umm.? -- It takes a disaster to make a woman out of a female Gladiator Security Forum
	to forum · permalink · 2003-11-01 21:28:46 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL kudos:8	reply to vukodlak75 »www.baxbex.com/products.html FolderBox 1.20 quote: Enhance your Windows- and Internet Explorer! FolderBox displays additional folders in the lower part of Explorer, which enables your to display the contents of two folders at once. You can set-up and configure up to five FolderBoxes over the tab sheets of the FolderBox extension. Additional drives and folders are now just a mouse click away. NoNags HIGHEST rating! You can even use FolderBox inside Internet Explorer! Get it! Enjoy it! It's free for use at home! Edit: Ooops sorry, wrong program I posted at first - corrected, but this looks safe to use (geesh, I have been losing brain cells all day here) -- It takes a disaster to make a woman out of a female Gladiator Security Forum [text was edited by author 2003-11-01 21:53:10]
	to forum · permalink · 2003-11-01 21:38:10 ·

Sarick It's Only Logical Premium join:2003-06-03 USA	reply to CalamityJane Yea that's a nice link. It hides folders, I'd be suspect unless I installed it myself. interesting. Needless to say it's not a hijacker. Thanks for the link. -- Sarick's Dungeon Clipart Page Trouble spelling? www.iespell.com
	to forum · permalink · 2003-11-01 22:43:22 ·
Penguins Have You Played Atari Today? join:2001-12-01 Cleveland, OH	Whats in 'My Documents'? There could be a media file or some other file that windows belives contains 'extended attributes' that is triggering the net access. Create a new folder called 'My Old Documents' and move every file from 'My Documents' to that folder. Then close explorer and try accessing the empty 'My Documents' to see if it still triggers. [text was edited by author 2003-11-02 05:18:02]
	to forum · permalink · 2003-11-02 05:16:54 ·

Broadband Tech > Security > Security > [XP] Strange behavior with Windows Explorer

Re: [XP] Strange behavior with Windows Explorer