| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 47691 | 2004-08-02 19:37:00 | Jetstream Bleeding | Paulmnz (3507) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 257719 | 2004-08-03 22:33:00 | Use a packet sniffer such as Ethereal... not really for the non-networking inclined but far more dependable and functional than depending on some messy third party firewall application to blindly suggest what the problem could be. | whetu (237) | ||
| 257720 | 2004-08-03 22:41:00 | Well thanks for all the discussion. Using Zone Alamr to den network access to the DLL file with the following specs: Product name Microsoft® Windows® Operating System File name C:\WINDOWS\System32\rundll32.exe Policy Manually configured Last policy update Not applicable Version 5.1.2600.0 (xpclient.010817-1148) Created date 24/08/2001 File size 31 KB Has reduced my unintentional network traffic to ZERO. No apparent ill effects at this time. Interesting. Oh and in response to Elephant's earlier post: It is secure when you go to the trouble of setting up passwords, including p/word protected screensaver return from options. The cable is unplugged at the router end (on my desk), the software control for the ADSL router is switched to the disconnect option and Telecom's Useage meter confirm that you haven't been online (the numbers havent changed). Which leads me to clarification of the original issue.... (Now with full technical detail!) System: XP PRO Conexant ADSL 4 port router Part# PT3812 IHug is the ISP, 256K 10gb Jetstream connection. Connecting via an ethernet connection to the router, with one other LAN computer (now unplugged at the router). Zone Alarm indicates a "DLL running as application" is the only active program. Zone Alarm and DU Meter (for monitoring network traffic) concur that every 3 seconds for 3 seconds the network registers a 14.1 DL and a 1.3 UL burst of data. When the software control for the ADSL connection is set to Disconnect - this does not effect my Telecom useage quoata. When Im online - it does effect the quota. [Issue resolved] |
Paulmnz (3507) | ||
| 257721 | 2004-08-03 23:06:00 | MVPS (www.mvps.org) re finding the process that rundll32.exe is executing. Spyware Info (www.spywareinfo.com) It would seem that ZA is only taking the info from windows Task Manager and not actually analysing the process itself. I would be very suspicious of anything that rundll32 is calling (or visa versa) and using that much data. It may not necessarily be malicious but it still needs to be tracked down and sorted. Cheers Murray P |
Murray P (44) | ||
| 257722 | 2004-08-04 00:48:00 | thanks for that... I run spybot and adaware 6 I have this pet hate of malware, thinking I should charge then $$ for allowing them into my putter... them and spammers. |
fairway (5932) | ||
| 257723 | 2004-08-04 01:13:00 | Paulmnz, I have my suspicions it may be something like a "virus in the wild" If you downloaded sygate you could use the dll authentication switch .. Do you guys have a love affair with zone alarm .. ? ( I think it's days are numbered.) The reason I suggested Avast Antivirus is also it has a top rating for these "wild viruses" and features not found anywhere else without a payment to be made. These Tools are all Freeware .. don't kick it till you've played with it ;-) Please post the offending DLL file when you find it .. we are laying bets here// |
fairway (5932) | ||
| 257724 | 2004-08-04 01:23:00 | whats a reliable firewall?I heard magazine publishing zone alarm is the best or...? | yingxuan (3330) | ||
| 257725 | 2004-08-04 01:45:00 | > Paulmnz, > > I have my suspicions it may be something like a > "virus in the wild" If you downloaded sygate you > could use the dll authentication switch .. Do you > guys have a love affair with zone alarm .. ? ( I > think it's days are numbered.) > The reason I suggested Avast Antivirus is also it has > a top rating for these "wild viruses" and features > not found anywhere else without a payment to be made. > > > These Tools are all Freeware .. > > don't kick it till you've played with it ;-) > > Please post the offending DLL file when you find it > .. we are laying bets here// This is what Zone Alarm lists as the DLL (its Rundll32.exe) Product name Microsoft® Windows® Operating System File name C:\WINDOWS\System32\rundll32.exe Policy Manually configured Last policy update Not applicable Version 5.1.2600.0 (xpclient.010817-1148) Created date 24/08/2001 File size 31 KB Murry P's link was useful too: www.mvps.org Personally I don't like Zone Alarm - but it's available. *shrug* |
Paulmnz (3507) | ||
| 257726 | 2004-08-04 01:46:00 | Here's a start for a fire wall if you want to build one ... I look upon a wirewall as a means to close down all unused ports of access(both ways) to my computer, when required, giving me detailed reports of data transfer, programs and aLL files using the ports and allow me to control all and any part of this exercise .. Anything else is a bonus... like anti program hijacking, dll authentication, enable anti-MAC spoofing... ETC.. Most importantly make me coffee in the morning! |
fairway (5932) | ||
| 257727 | 2004-08-04 01:50:00 | I'm not sure if Steve Gibson of grc.com has updated his site for a comparison of firewalls but Zonealarm came out tops and some were positively useless. You could even say dangerous because they gave people a false sense of security. | mikebartnz (21) | ||
| 257728 | 2004-08-04 01:53:00 | Okay a txt file print out of the following command line instruction tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll32.txt Gives this output: Image Name PID Modules ========================= ====== ============================================= rundll32.exe 1356 ntdll.dll, kernel32.dll, msvcrt.dll, GDI32.dll, USER32.dll, ADVAPI32.dll, RPCRT4.dll, IMAGEHLP.dll, CnxTrApp.dll, comdlg32.dll, SHLWAPI.dll, COMCTL32.dll, SHELL32.dll, WINSPOOL.DRV, OLEAUT32.dll, OLE32.DLL, WININET.dll, CRYPT32.dll, MSASN1.dll, comctl32.dll, uxtheme.dll, Secur32.dll, wsock32.dll, WS2_32.dll, WS2HELP.dll, mswsock.dll, DNSAPI.dll, MSCTF.dll, iphlpapi.dll, winrnr.dll, WLDAP32.dll, sensapi.dll, RASAPI32.DLL, rasman.dll, NETAPI32.dll, TAPI32.dll, rtutils.dll, WINMM.dll, serwvdrv.dll, umdmxfrm.dll, USERENV.dll, urlmon.dll, VERSION.dll, wshtcpip.dll rundll32.exe 1508 ntdll.dll, kernel32.dll, msvcrt.dll, GDI32.dll, USER32.dll, ADVAPI32.dll, RPCRT4.dll, IMAGEHLP.dll, NvMcTray.dll, SHELL32.dll, SHLWAPI.dll, COMCTL32.dll, comctl32.dll, PSAPI.DLL, uxtheme.dll, MSCTF.dll |
Paulmnz (3507) | ||
| 1 2 3 4 | |||||