 vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH
| [XP] Strange behavior with Windows Explorer A while ago I donloaded a file from f*p.umax.com.tw and now when I click on My Documents from within Windows Eplorer my firewall (ZAP) alerts me that Windows Explorer is trying to access to f*p.umax.com.tw
Is some sort of history that I can delete? I've checked for the usual Viruses, Trojans and Spyware. I could sware that someone had a similar problem a while back but I cannot find the thread. I do believe that this is a Windows setting/problem and that is why I posted here.(Not sure now)
If I'm wrong then I'm sure this will be moved.
--
"For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave."
[text was edited by author 2003-11-01 11:19:45] |
|
 Sweet WitchBe the flame, not the moth.Premium,MVM
join:2003-07-15
Gallifrey | Could a new program be loading at boot in msconfig that came with the downloaded file, telling it to look for updates? Also go into the umax software and uncheck anything about automatic updates. |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | said by Sweet Witch:
Could a new program be loading at boot in msconfig that came with the downloaded file, telling it to look for updates?
Nope, I checked.
said by Sweet Witch:
Also go into the umax software and uncheck anything about automatic updates.
I don't have the software installed on this pc. I just browsed the ftp site and downloaded the software from this pc.
--
"For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave." |
|
ShootistPremium
join:2003-02-10
Decatur, GA
kudos:3 | Run Spybot and Ad-Aware. This web site put some type spyware on your PC.
--
Are You Ready--Stand By BEEP ******** |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | I have done that all ready.
said by vukodlak75:
I've checked for the usual Viruses, Trojans and Spyware.
--
"For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave." |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH
| Actually if I just hover my mouse over my documents in Windows Explorer I get the alert.
PE,2003/10/31,23:23:18 -5:00 GMT,Windows Explorer,210.58.98.5:21,N/A
ACCESS,2003/10/31,23:23:22 -5:00 GMT,Windows Explorer was temporarily blocked from connecting to the Internet (210.58.98.5:FTP).,N/A,N/A
PE,2003/11/01,10:56:52 -5:00 GMT,Windows Explorer,210.58.98.5:21,N/A
ACCESS,2003/11/01,10:57:10 -5:00 GMT,Windows Explorer was temporarily blocked from connecting to the Internet (210.58.98.5:FTP).,N/A,N/A
PE,2003/11/01,11:04:50 -5:00 GMT,Windows Explorer,210.58.98.5:21,N/A
ACCESS,2003/11/01,11:05:00 -5:00 GMT,Windows Explorer was temporarily blocked from connecting to the Internet (210.58.98.5:FTP).,N/A,N/A
--
"For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave."
[text was edited by author 2003-11-01 11:17:08] |
|
ShootistPremium
join:2003-02-10
Decatur, GA
kudos:3 | Well the simple fact is this web site loaded something, change something, on your PC. What it is and how to remove it I have no idea.
--
Are You Ready--Stand By BEEP ******** |
|
 ReaperOS2Send Me Dvd'sPremium
join:2001-02-27
Round Lake, IL | reply to vukodlak75
Did you FTP the file? If I remember, Windows Explorer will try to check the FTP server to make sure it's still there. I've had that happen to me before. Could be a similar situation.
HTH,
Grim
--
DVD Collector;
"I'm already Warped! Do I need the software, too?" |
|
| reply to vukodlak75
Try this. It will help us help you figure out what is going on in your system
HijackThis v1.97
Download *Hijack This!* »www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the content of the scan results.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | reply to ReaperOS2
That sounds interesting. Please explain further. When that happened to you, how did you resolve it? |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH
| reply to CalamityJane
That link didn't work for me but I had that stashed away in my utilities folder.
Logfile of HijackThis v1.97.3
Scan saved at 11:43:05 AM, on 11/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Weather Pulse\weatherpulse.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Avp32.exe
D:\Downloads\hijackthis1973\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »/forums
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ScriptSentry] C:\Program Files\Script Sentry\ScriptSentry.exe /check
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe
O4 - Startup: LiveUpdate.lnk = C:\Program Files\TrojanHunter 3.7\Tools\LiveUpdate\LiveUpdate.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: FavSearch (HKCU)
O9 - Extra 'Tools' menuitem: FavSearch (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: »download.com.com
O15 - Trusted Zone: »www.dslreports.com
O15 - Trusted Zone: »login.neptune.lunarpages.com
O15 - Trusted Zone: »www.nero.com
O15 - Trusted Zone: »subzeroelite.no-ip.info
O15 - Trusted Zone: »*.subzeroelite.com
O15 - Trusted Zone: »www.toast.net
O15 - Trusted Zone: »www.toledorocket.com
O15 - Trusted Zone: »www.ulead.com
O15 - Trusted Zone: »download.vso-software.fr
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - »office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - »office.microsoft.com/officeupdat···opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - »office.microsoft.com/productupda···opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···16898148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
[text was edited by author 2003-11-01 11:44:44] |
|
|
|
ReaperOS2Send Me Dvd'sPremium
join:2001-02-27
Round Lake, IL | reply to vukodlak75
said by vukodlak75:
That sounds interesting. Please explain further. When that happened to you, how did you resolve it?
When it first happened, I had ftp'ed a file using IE. It put a link to the FTP site in My Network Places and in IE history. After that, everytime I started WinExplorer or IE, it would check the connection to the ftp site. And it was also in the pull down history on IE. I cleared the history and I removed the entry in My Network. That cured it.
HTH,
Grim
--
DVD Collector;
"I'm already Warped! Do I need the software, too?" |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | There is no link in 'My Network Places" and I have gone and tried the other stuff you mention, then rebooted. I'm still having the problem. This is very strange.
--
"For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave." |
|
Sweet WitchBe the flame, not the moth.Premium,MVM
join:2003-07-15
Gallifrey | reply to vukodlak75
quote:
I don't have the software installed on this pc. I just browsed the ftp site and downloaded the software from this pc.
What did you download? Or do you mean you uploaded? |
|
ReaperOS2Send Me Dvd'sPremium
join:2001-02-27
Round Lake, IL | reply to vukodlak75
said by vukodlak75:
There is no link in 'My Network Places" and I have gone and tried the other stuff you mention, then rebooted. I'm still having the problem. This is very strange.
Do you have the ftp site in the drop down on the address bar? That is where I found it.
Grim
--
DVD Collector;
"I'm already Warped! Do I need the software, too?" |
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to vukodlak75
Hi RIP -
So what worked for Give Me Dvd's didn't work for you?
There are quite a few files on that FTP site, f*p.umax.com.tw. Any idea what it was you downloaded? Name, type of file, what it was supposed to do, location?
Maybe do a search in your registry for anything containing the value "unmax.com.tw". If you find anything, write it down and post back here about it.
Good luck. |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | reply to Sweet Witch
said by Sweet Witch:
What did you download? Or do you mean you uploaded?
I downloaded an update (I think) to my scanner software that I use on my desktop. Come to think of it I really don't remember.
said by ReaperOS2:
Do you have the ftp site in the drop down on the address bar? That is where I found it.
Grim
nope
I will go and search the registry now. This is driving me crazy.
--
"For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave." |
|
Sweet WitchBe the flame, not the moth.Premium,MVM
join:2003-07-15
Gallifrey | reply to vukodlak75
Can you try deleting/uninstalling the update and seeing if that fixes the problem? |
|
vukodlak75Nisam Ti DudePremium,MVM
join:2001-10-27
Beachwood, OH | I don't have the software installed on this pc. I just browsed the ftp site and downloaded the software from this pc. |
|
| reply to vukodlak75
How about trying a system restore? |
|
