Is there a risk with firewalls?

NoSpam wrote: ...

...

That is good, maybe you are lucky. But, let think, are you only one persone on world using Win2000 with ZA? No. Does other people having similar configuration like you have a same problem? (downloading of malware during mentioned period)? I belive not, am I wrong? Why do you have? What is the reason? It does not have to be malware, but probability is high. Try to scan with some on-line scanner (Kaspersky is OK). You can also try to download

rename it for example _root_dummy.exe and submit log to mentioned site. Best would be to ask somebody, who knows more than you, to check your hijackthis log and system for misconfiguration. Something is definetly wrong on your system. Are you running some server applicatons? this is interesting utility, you may find it usefull. Check running processes and listening ports.

NAT router will prevent dowloading of malware in future, but it will not fix your system, you have to do that.

Dear Mr. Arnold,

No, I am not intimidated by trolls. They are easy to recognize by their in- ability to address a problem, their lack of good grammar and the absence of social grace.

You said in your mail:

The program Antivir Guard has the ability to scan "Laufende Prozesse", that is "Ongoing Processes". Is that in some way equivalent to Process Explorer? If no ongoing processes are found and maleware can turn itself on and off according to some algorithm, such a program might not be too valuable.

Greetings GR.

Dear Alf,

Other people with the same configuration may have the same problem and not recognize it! It occured only once during the vulnerable period and AntiVir Guard caught it. There were however some six of these files on my PC from earlier unrecognized events. I am sorry I erased them all and did not keep a copy.

I have observed with an earlier version of ZoneAlarm, that immediately after booting up, a ping comes in. It is either from the IPS or from some other scanner. So there is a way to find PC,s which have just booted up. This could be the reason why I have been hit with that malware, rather than by malware residing on my PC calling out for more malware.

Newer versions of ZoneAlarm have done away with this reporting be- cause it led to very frequent reports which were apparently a nuisance and not of concern.

To answer your question whether I am running a server: I do not.

Greetings and thanks GR.

Hm, hm... I doubt.

Maybe I'm paranoid afterall. It is your system, you know better what is going on there. If you said it is clean, OK then it is clean. Now don't loose your time replying on this post. Configure your NAT router and keep on working normally.

Good luck.

"Running Processes" would be a more fitting translation. If I read this correctly, then AntiVir Guard scans the memory areas a program's code is loaded to while the program is being executed.

Process Explorer only lists processes, it doesn't scan them.

Malware doesn't turn itself on.

cu

59cobalt

Dear Ansgar, dear Mr. Arnold,

First: Win2k, my OS has the Task Manager. This program lists all running processes. It would be hard to discover malware among the various filenames it lists. Since Task Manager list running processes, Process Explorer would be superfluous, true?

Second: Does malware run all the time? Your post seems to indicate so. Task Manager indicates CPU usage. This would help to verify that malware is running!

Third: I do not know what exactly AntiVir Guard scans under Laufende Pro- zesse. All I know is that it says it scans "Laufende Prozesse".

I have done a scan with Kaspersky of the most sensitive area. The result showed

21 infected files and 2 Viruses. The final report lists the 21 files as not-a-virus AD files BUT it lists no virus.The Ad-files are like those I have located previously. They consists of a randomly selected sequence of 8 letters, the extension is .dll and they are in C:\\WINNT\\System32.

An example would be njmfgxfp.dll. They are all 124 436 bytes long and were created between June 15 and 18. Kaspersky calls them not-virus:AdWare.Win32. Virtumonde.ki with no other info available and their definitions were added to Kaspersky's list on 14 June. AntiVir Guard did not identify these 21 files nor any virus.

Why did Kaspersky not list the two Viruses they claim to have found?

Any comments?

Thank you GR.

Wrong, since Process Explorer shows *way* more (crucial) information about processes than the Windows Task Manager. These informations help identifying rogue processes.

Malware doesn't necessarily run all the time. However, it does not start all by itself, but needs some mechanism to be run. That can be the user, one of the many autorun-mechanisms Windows provides, the task scheduler or several other ways.

Usually virus scanners scan only files. As I said before "Laufende Prozesse" means "running processes", which would imply that AntiVir Guard scans not only files on your harddisk but also the processes in your RAM.

Because you configured it not to? Because it was manipulated by some malware? Because the stars are not right? There's no way to tell without a closer examination of your system.

However, apparently your system was compromised, and whatever did this had administrative privileges (because it was able to create files in %SystemRoot%\\system32). You can't trust anything any software running on a compromised system tells you. The only reasonable way to clean your system is to backup your data (expressly excluding any kind of executable), and then flatten and rebuild your system.

cu

59cobalt

No, it's not even in the ballpark with PE.

Malware likes to piggy back off of other processes that are running to hide or disguise itself, so that it's not easily spotted.

And Task Manager is no match for Process Explorer, because Task Manager only allows you to see the top process that's running.

PE allows you to not only to see a top process that's running, but it also allows you to look inside that top process and see the hidden processes that are being hosted by the top process, such as a possible malware process.

I'd title this post: "self-exposure of a troll"

But you're at least aware that you're either totally oversimplifying or talking utter bullshit?

It's not read go away. You are a lunatic.

that's a soft logical .

You read my other post. It applies to you here as well.

One other thing here, you don't need to answer any of it, please.

Do you even notice what a nuisance you are in this NG, and how you have dragged this NG down?

Do you even notice how most of the regulars pretty much mind their own business and post to the OP while you in the meantime attack everyone with running up and down the threads?

This NG use to be a lot livelier with a mixture of professionals and non-professionals that frequent the NG seeking help, until you showed one day out from under a rock and started choking the NG out. :(

So far, I can only see this applying to you.

Oh, and would you please stop giving ill-advised suggestions that even you should know how wrong they are? This guy is about to actually buy a NAT router, which will just make everything fail again.

You replied anyway, my God. When you're in this state of mind with pure lip dribbling, you know I am not reading it. :)

What a problem you have that you cannot control yourself with your postings in this NG.

If you'd pull your head from whatever holes it's currently in, you'd realize that your methods of "teaching" are anything but constructive.

Now what about one step after another? First deconstructing the nonsense, then thinking about the problem again, and then you'll start building a real solution.

Sorry for not suggesting a solution without even thinking about the problem again for figuring out what the actual problem is.

You just don't get it.

From what I've read, you've got a bunch of knowledge, but your attitude and method of presentation is so condescending, among other negative attributes, that it's all but wasted.

He'll never get the message. He has not gotten the message to date, and it's been made obvious to him by a few people in this NG over a several months period.

It's really a shame about him. He obviously has great knowledge or seems to have the knowledge.

But he is so messed-up as Human Being that he is beyond help with his teaching methods, mannerisms, and in general, a lack of basic knowledge on how to treat people.

He has dragged the NG down to the point that no one wants to make a post in this NG, because he is liable to show and start going out of control. :(