| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 76362 | 2007-01-30 03:07:00 | Who is Brad Friedman? | JackStraw (6573) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 520519 | 2007-01-30 03:07:00 | I was just doing a system check, as you do and using TCPView, from sysinternals, I found I was connected to <<www.bradfriedman.com>>. As this was an address unknown to me I closed the connection. Then strange things started to happen, the connection opened without any input from me. I had just run spybot and AVG all up to date and no problems. I tried to connect to the site through the browser and it would not establish a connection, not even a 404 came up. So I added the address to the denied names in the routers firewall and rebooted the modem. After this I lost all access to WWW. I waited about half an hour to ensure it wasn't just the router playing up and still no joy. So I removed the url from the denied list and, hey presto, access was back to normal. Should we be worried? Who IS Brad Friedman? |
JackStraw (6573) | ||
| 520520 | 2007-01-30 03:15:00 | Hi Jack. Google comes back with over 27,000 entries for Brad Friedman - none of which am I prepared to connect with just in case....... | Scouse (83) | ||
| 520521 | 2007-01-30 04:04:00 | Well I seem to have solved part of the mystery. Apparently if i block ANY url's with my trusty D-Link router, I block EVERYTHING. Good EH? But here's somthing interesting. I found I was connected to a secure server when all I thought I was connected to was PF1 I did a whois check and guess what? that server was located at; Domain Services, Inc., Special dns@secureserver.net 14455 N Hayden Rd Scottsdale, Arizona 85260 United States Which also hosts Domain Name: FORTBENDREPUBLICANPAC.COM Created on: 02-Jan-07 Expires on: 02-Jan-08 It also hosts Brad Friedmans site. Brad Freidman is known for his views on Diebold voting machines. Conspiracy anyone? |
JackStraw (6573) | ||
| 520522 | 2007-02-01 23:00:00 | I did some more research and I think you should all take note. A whois search reveals; Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: BRADFRIEDMAN.COM Created on: 21-Jan-00 Expires on: 21-Jan-10 Last Updated on: 16-Dec-06 Administrative Contact: Private, Registration BRADFRIEDMAN.COM@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Technical Contact: Private, Registration BRADFRIEDMAN.COM@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Domain servers in listed order: NS1.WINPOINT.COM NS3.WINPOINT.COM NS2.WINPOINT.COM I don't know if Mr Friedman knows about this but this company, Domains by Proxy inc., are the host for many of the push/dump stock-market scams and this appears to be how they harvest eMail addresses. I strongly suggest you all block this domain and that if anyone can assist in finding out more about this it would be appreciated. I also suggest downloading tcpView so you can see who is connected to your computer. Tcpview can be downloaded, free, from; www.microsoft.com |
JackStraw (6573) | ||
| 520523 | 2007-02-02 05:55:00 | en.wikipedia.org | pine-o-cleen (2955) | ||
| 520524 | 2007-02-02 09:34:00 | Thank you Pino. I have found that info myself but thank you any way. As I stated in my earlier post I suspect he is a patsy in this scam. I have asked Bruce to disable the links in this thread because it seems that any connecton them will open your system to a port scan and infiltrate your eMail, for whatever they want to find, adresses info or whatever. I may seem a little paranoid here but we all want to reduce spam and snooping and I think this is worth looking at. I will continue to look into this and will post a warning when I have more info. If anyone can find out more then PM me or post to this thread. |
JackStraw (6573) | ||
| 520525 | 2007-02-04 09:20:00 | I don't know if Mr Friedman knows about this but this company, Domains by Proxy inc., are the host for many of the push/dump stock-market scams and this appears to be how they harvest eMail addresses. I strongly suggest you all block this domain and that if anyone can assist in finding out more about this it would be appreciated. I also suggest downloading tcpView so you can see who is connected to your computer. Tcpview can be downloaded, free, from; www.microsoft.com DomainsByProxy is an outfit that registers domains by proxy, i.e., if you don't want your contact details from the WHOIS database to be harvested, then you can pay DomainsByProxy to do it for you...Scammers/spammers also use it to hide from the you etc. Do a HJT scan and ask Speedy (PF1) to look at it. |
vinref (6194) | ||
| 520526 | 2007-02-04 10:35:00 | Not only are these guys trying to access my system, they are also spoofing domain names somehow. I regulary go to Digg .com and today I noticed that even though I wasn't in a session with the site their domain name was in tcpview. I checked the whois link and it took me back to domainsbyproxy. As I have that domain blocked, as was indicated by my inabillity to reach riaa. com, the only way for that to happen was for the domain name to be spoofed. Is this the way domainsbyproxy works? by spoofing domain names? and even if that were true why do they keep trying to get into my system? or anybody's system for that matter. Anyhoo, here's my hjt for perusal. Logfile of HijackThis v1.99.1 Scan saved at 11:13:35 p.m., on 4/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe E:\WINDOWS\system32\taskswitch.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe E:\WINDOWS\system32\fast.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\SOUNDMAN.EXE E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe E:\PROGRA~1\SYSTEM~1\WScheduler.exe E:\Program Files\Brother\ControlCenter2\brctrcen.exe E:\Program Files\Java\jre1.5.0_10\bin\jusched.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\System32\tcpsvcs.exe E:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe E:\WINDOWS\system32\Fast.exe E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Program Files\Free Download Manager\fdm.exe E:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\wscntfy.exe E:\WINDOWS\System32\svchost.exe E:\Documents and Settings\Steve Barnes\Desktop\System tools\procexp.exe E:\Program Files\Motherboard Monitor 5\MBM5.exe E:\Program Files\Opera\Opera.exe E:\Documents and Settings\Steve Barnes\Desktop\Tools\TCPView\Tcpview.exe E:\Documents and Settings\Steve Barnes\Desktop\System tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woosh.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.ht m O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [iKeyWorks] E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WheelMouse] E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] E:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WScheduler] E:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [SetDefPrt] E:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] E:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SW20] E:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] E:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Line Speed Meter] E:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe -minimize O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [FreeRAM XP] "E:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4104B2D3-55F1-4008-BDFA-4F053CC60C1C}: NameServer = 202.74.207.10,202.74.207.100 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - E:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MZX - Sysinternals - www.sysinternals.com - E:\DOCUME~1\STEVEB~1\LOCALS~1\Temp\MZX.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) no clues there, well not that I can see, I hope (runs and hides under desk) |
JackStraw (6573) | ||
| 520527 | 2007-02-04 11:07:00 | Any chance you can post a TCPView screenshot? | vinref (6194) | ||
| 520528 | 2007-02-04 11:23:00 | www.imagef1.net.nz There's the link but as I have managed to block them to some extent the're not listed. But, still, it gave me a chance to try the new ImageF1. Well done Daniel |
JackStraw (6573) | ||
| 1 | |||||