What do you make of this?

I ran Winamp and started up a radio station I then got an alert from Sygate PF that "wuauclt.exe" (Windows autoupdate file, I have autoupdates disabled) wanted to acccess the internet. Below is my security log. Remote host is AOL. If I enter the IP in my browser I get this;

ICY 404 Resource Not Found icy-notice1:SHOUTcast Distributed Network Audio Server/posix v1.8.1 icy-notice2:The resource requested was not found

OK, so it's an audio server but why would Windows autoupdate be used to access an audio server?

Security Log: Application Hijacking has been detected The application: C:\\WINDOWS\\system32\\wuauclt.exe try to launch another application: C:\\Program Files\\Winamp\\winamp.exe to go to remote host 64.236.34.67

Reply to
Trinity
Loading thread data ...

Maybe. I got another one concerning AVG and I know this one is a false alarm for sure.

Application Hijacking has been detected The application: C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe try to launch another application: C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe to go to remote host guru.grisoft.com

Reply to
Trinity

Possible CODEC update for WinAmp using the MS updater to download the correct CODEC

Reply to
ABC

On 25 Feb 2005, Trinity wrote in news: snipped-for-privacy@4ax.com:

Sygate PF sometimes mis-identifies a program and blocks it unnecessarily. This can be due to a corrupt database and may require a reinstall.

Reply to
Nil

v5.06. Just check and see they are up to v5.08 so will download that now. Thx.

Reply to
Trinity

Yes, I had manually tried to get the virus database updated. Sygate didn't stop it from getting the update, just flagged it as a hijacking attempt because AVG7 now uses two files for getting updates instead of one file like it did in AVG6. You have to let two files through the firewall for AVG updates.

Reply to
Trinity

Does your security log show it as a hijacking attempt like mine did? I know it's not a hijacking attempt, just curious if it did or not.

Reply to
Trinity

What version of WinAmp are you running? They recently fixed a security problem.

Reply to
CyberDroog

This one looks authentic. avginet.exe is trying to get an AVG signature update. I have had that one in the past. Casey

Reply to
Casey

Yes, I just manually updated AVG7 signatures. From Sygate traffic log, avginet.exe went to guru.grisoft.com

193.86.3.34 on remote port 80.
Reply to
Casey

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.