1howmanyunamesaretaken? Posted June 26, 2006 Share Posted June 26, 2006 (edited) Hi.I was playing with netstat today and realized that foreign address downloads.aaa1screensavers.com was playing with my ports:mine(to) his(from)=======:1257 :1258:1258 :1257:3366 :3367:3367 :3366Where do I start to get this guy off? Edited July 12, 2006 by 1howmanyunamesaretaken? Link to comment Share on other sites More sharing options...
tain Posted June 26, 2006 Share Posted June 26, 2006 That is bad news.You need to fix it ASAP.Refer to the first link in this Google search. Link to comment Share on other sites More sharing options...
Aegis Posted June 26, 2006 Share Posted June 26, 2006 Most likely you have a trojan. From what I've searched, aaa1screensavers.com is a free screensaver site that bundles spyware with their screensavers, although the site appeared to be down when I checked. So have you installed any screensavers lately? Link to comment Share on other sites More sharing options...
LLXX Posted June 27, 2006 Share Posted June 27, 2006 What process on your machine is making those connections? Get rid of it.You should redirect downloads.aaa1screensavers.com to 0.0.0.0 with the HOSTS file while solving this problem. Link to comment Share on other sites More sharing options...
1howmanyunamesaretaken? Posted June 27, 2006 Author Share Posted June 27, 2006 (edited) Thanks for the help. I was discouraged when I saw no replies at first.What process on your machine is making those connections? Get rid of it.The process is firefox (firefox.exe).There is another entry in my netstat that uses firefox, but the origin IP address doesn't indicate anything to me (72.14.205.19).You should redirect downloads.aaa1screensavers.com to 0.0.0.0 with the HOSTS file while solving this problem.I made a search for the hosts file. If you look carfully at this image, I could not find the occurence under .../CD BURNING/... .Anyways, I added the entry 0.0.0.0 downloads.aaa1screensavers.com in my hosts file and will now install an anti-virus software on the computer.Note: TAiN, I read the thread you referenced to me. Thanks, it was helpful. Edited June 27, 2006 by 1howmanyunamesaretaken? Link to comment Share on other sites More sharing options...
Jeremy Posted June 27, 2006 Share Posted June 27, 2006 You should go to a computer appliance store and pick up a good router. The D-Link DI-604 and above are very popular. You should also install a software firewall (other than the Windows Firewall). I recommend Outpost Firewall. As for anti-virus, use either Kaspersky or NOD32. Scan all files after you download them and before you open them for the first time. Link to comment Share on other sites More sharing options...
LLXX Posted June 28, 2006 Share Posted June 28, 2006 A FireFox is initiating those connections? It looks like a browser hijack to me.HiJackThis log results should be more conclusive. Link to comment Share on other sites More sharing options...
1howmanyunamesaretaken? Posted July 7, 2006 Author Share Posted July 7, 2006 (edited) You should go to a computer appliance store and pick up a good router. The D-Link DI-604 and above are very popular. Thanks, I have a D-Link DI-614.I've visited this site called Spywareinfo (SWI). There were excellent instructions to follow. I followed their instructions and you can see what it gave me by clicking on the links:Spybot search and destroy (no log)adawareEwido1 Antivirus (Ran Kaspersky)andHijackThisI also installed ZoneAlarm and it's really tracking everything. I have a feeling it gets less intrusive with time.Results: The downloads.aaa1screensavers.com is gone! Thank you very much. Let me know if you have any comments on the Logs.Maybe we can trace back to the root of the intrusion.Note: Let me know if and how I can improve the format of the log files. Edited July 7, 2006 by 1howmanyunamesaretaken? Link to comment Share on other sites More sharing options...
bober Posted July 9, 2006 Share Posted July 9, 2006 http://www.raymarron.com/hostess/ great freeware utility for modifing and maintaining your host file Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now