Please Help!

Greetings.

I formatted my C: drive 3 days ago and re-installed Windows XP. I’m also behind a router, and I run Avast!. Not two hours after the fresh installation, I checked the status of netstat and found one address constantly listening to certain ports. At first I thought it was normal, considering Avast! has a Network Shield and Web Shield and an Email shield etc… But then I uninstalled Avast!, to see if the listening host would leave, expecting it too, if indeed that IP is used by Avast! to run the Shields or whatever, but no. Even after uninstalling Avast! completely, (Also cleaning my cache’s and temp files) the host was still listening. This got me more then intrigued. There’s also the fact that it was the same IP.

I did a Network Lookup on the host/IP with http://network-tools.com/ for the IP that was listening. Here’s what I got.

I also want to mention that I have a DSL modem, and I tried changing my IP by resetting the modem (which worked), but the IP was still listening…

IP address: 151.32.25.54 Host name: ppp-54-25.32-151.iol.it

Then, I googled the IP itself (151.32.25.54) and there’s only one query reply. It’s a website with a blacklist, containing IP addresses. Guess which IP is on the blacklist, 151.32.25.54 - Try it yourself, open up a browser, and google the IP: “151.32.25.54”.

At this point my worries aren’t lessening in any way. I downloaded X-Netstat, and the program would detect EVERY connection but that one. I then tried NetStat Agent, the program would also detect EVERY connection but that one, 151.32.25.54.

The IP is listening on very sensitive ports, which are very common for worms or trojans. One of them is a very well know virus called Blaster, and coindently, the IP is using the same port many trojans would use, and the IP is also using processes, which was even scarier. Here’s what I found in Netstat -ab (to find out the PID and process the connection is or might be using).

Microsoft(R) Windows DOS (C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\ADMINI~1>netstat -ab

Active Connections

Proto Local Address Foreign Address State PID
TCP box:epmap ppp-54-25.32-151.iol.it:0 LISTENING 808
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
– unknown component(s) –
[svchost.exe]

TCP box:microsoft-ds ppp-54-25.32-151.iol.it:0 LISTENING 4
[System]

TCP box:2869 ppp-54-25.32-151.iol.it:0 LISTENING 1088
C:\WINDOWS\System32\httpapi.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

TCP box:1026 ppp-54-25.32-151.iol.it:0 LISTENING 1700
[alg.exe]

TCP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12080 ppp-54-25.32-151.iol.it:0 LISTENING 1104
[ashWebSv.exe]

TCP box:12110 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12119 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12143 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:netbios-ssn ppp-54-25.32-151.iol.it:0 LISTENING 4
[System]

Here is the result of Netstat -a after Uninstalling Avast!

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP box:epmap ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:microsoft-ds ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:2869 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:1026 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:1046 localhost:1045 TIME_WAIT
TCP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12080 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12110 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12119 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12143 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:netbios-ssn ppp-54-25.32-151.iol.it:0 LISTENING

The connections are still there. Notice that it’s listening on port 0, and that it’s also listening on the netbios.

That being said, I would appreciate greatly if someone could shed some light on this for me. I’m here thinking it’s a virus, but then if it is, why isn’t Avast! catching it? But then again, if it was a virus, why would Avast! use it?

And if it isn’t a virus, and it is from Avast!, why is it still there after I Uninstall?

Notice that the host-name starts with “ppp” - meaning it’s either a dial-up or DSL modem. Why would a company such as Avast! use “possibly” dial-up or DSL modems? Wouldn’t they use oc12’s or at least a T1/T3 ?

I’m utterly confused even after doing a vast amount of research on every single piece of information I could gather. I don’t expect all my questions to be answered - but if anyone could answer me this one: Why does Avast! use the ip and listen in on my ports when installed, and why does it still do it after I have uninstalled?

Thank you for taking the time to read, any help is greatly appreciated!

I think you have some misunderstanding of the information you are seeing … but the there is some basis for concern although not perhaps in the way that you think.

It does appear that you have been unsuccessful in removing avast from your system. If you had been successful then avast would not still be intercepting the ports that your report shows.

How did you uninstall avast?

Have you downloaded and run the latest avast uninstall utility (url=http://files.avast.com/files/eng/aswclear.exe[/url] from the avast website?

I used the control panel to remove Avast!

99% of programs I use don’t need for you to download it’s own uninstaller, it already comes with it. All my programs are safe to delete from the control panel, cleaning my temp folders and cache helps too. This is the first time I have to download a separate “uninstaller” - It’s not like Avast! makes sure you know either. Thanks for the tip. I’ll see if that works.

Why is the IP Avast! is using, is also on some online blacklists?

Ok so I re-installed Avast! to make sure no clonflicts would arise when properly uninstalling. I installed Avast! - the connections remained. I closed Avast! and ran the “aswclear.exe” - Avast!'s uninstall. And guess what, the connection is still there (even after rebooting). Except it’s no longer using ashweb.exe and stuff. It’s using system processes and DLL files. I think that I’m a lot more on the mark than you think. Avast! is completely uninstalled, my cache is cleaned and so are my temp folders, I also defragged my registry, my pc is super healthy.

The only possible explanation I can come up with is that Avast! can’t detect the worm or virus that is trying to phone home. I’s constantly listening on my ports, albeit waiting for one to open (fat chance, I’m behind a router) - but I still want to know who the hell keeps listening on my ports. This is a fresh install of windows XP, I shouldn’t have any problems. Avast! uses the same IP that is STILL CONNECTED to me after uninstalling Avast!. Why?!
And why does it use system processes and .DLL files?!

This is very frustrating. I have a right to know who’s listening on my ports. If a Staff member of the forums could answer? Thank you for all your help in advance to whoever is taking the time to read and help me!

Here is Netstat -ab WITH Avast! INSTALLED:

Microsoft(R) Windows DOS (C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\ADMINI~1>netstat -ab

Active Connections

Proto Local Address Foreign Address State PID
TCP box:epmap ppp-54-25.32-151.iol.it:0 LISTENING 808
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
– unknown component(s) –
[svchost.exe]

TCP box:microsoft-ds ppp-54-25.32-151.iol.it:0 LISTENING 4
[System]

TCP box:2869 ppp-54-25.32-151.iol.it:0 LISTENING 1088
C:\WINDOWS\System32\httpapi.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

TCP box:1026 ppp-54-25.32-151.iol.it:0 LISTENING 1700
[alg.exe]

TCP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12080 ppp-54-25.32-151.iol.it:0 LISTENING 1104
[ashWebSv.exe]

TCP box:12110 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12119 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12143 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:netbios-ssn ppp-54-25.32-151.iol.it:0 LISTENING 4

Here’s Netstat -ab after UNINSTALLING Avast! with “aswclear.exe”

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>netstat -ab

Active Connections

Proto Local Address Foreign Address State PID
TCP box:epmap ppp-54-25.32-151.iol.it:0 LISTENING 796
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP box:microsoft-ds ppp-54-25.32-151.iol.it:0 LISTENING 4
[System]

TCP box:1028 ppp-54-25.32-151.iol.it:0 LISTENING 444
[alg.exe]

TCP box:netbios-ssn ppp-54-25.32-151.iol.it:0 LISTENING 4
[System]

TCP box:1032 localhost:1033 ESTABLISHED 1696
[firefox.exe]

TCP box:1033 localhost:1032 ESTABLISHED 1696
[firefox.exe]

TCP box:1034 localhost:1035 ESTABLISHED 1696
[firefox.exe]

TCP box:1035 localhost:1034 ESTABLISHED 1696
[firefox.exe]

UDP box:isakmp : 588
[lsass.exe]

UDP box:1036 : 908
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP box:4500 : 588
[lsass.exe]

UDP box:microsoft-ds : 4
[System]

UDP box:1900 : 944
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP box:ntp : 864
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP box:netbios-ns : 4
[System]

UDP box:1900 : 944
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP box:netbios-dgm : 4
[System]

UDP box:ntp : 864
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

It’s there just in case that the common Add/Remove programs failed. It’s not a must have, but just if the default way failed (for any reason).

Clearly the IP is still there and using important processes, listening on sensitive ports. My registry is healthy, my copy of widows is legit, I just formatted not long ago, and I had installed Avast! right away.

I know 3 things.

1)Avast! uses the ip that is listening on my ports.
2)The ip is still there after completely uninstalling Avast!, and continues to listen on my ports.
3)I don’t want anyone listening on my ports. If my router goes down, chances are the ports will open. Right now the host is constantly on “Listening” because my router blocks the ports.

Also - Why is avast using an IP that listens on my port - but that ip is on a BLACKLIST Google 151.32.25.54

I also tried updating some of the files that it was trying to use: WS2_32.dll and RPCRT4.dll - the host is still listening.

Tech said:

It’s there just in case that the common Add/Remove programs failed. It’s not a must have, but just if the default way failed (for any reason).

I don’t mean to be rude but are you going to offer me any help with this matter?

I was expecting a little more help from a Staff member. than just “we have the uninstaller in case add/remove programs fails”.

can you explain why the IP is still listening on my ports after completely uninstalling Avast! ? And why is that IP that Avast! uses on a IP Blacklist?

??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ???

avast never uses a tracking back system.
To update, avast checks if there is an available connection each 40 seconds.
If there isn’t, wait more 40 seconds to check. Checking does not take more than one second and, of course, does not use the Internet band.
If there is a connection, check for an update. If there is not any new file to download, wait 4 hours to start checking again. If there is an available update, start it and install it. Again, wait 4 hours to check the next time.

If any program is trying to ‘listen’ your ports, look, maybe you’re infected.
avast does not do that and even less if it is uninstalled… that makes no sense at all…

How can I have a virus?

I installed Windows 4 days ago. CLEAN COMPUTER.

Before connecting the internet long term, I installed Avast!

I’m behind a router.

To be honest Tech you seem to have NO clue, thanks for the help though.

THE IP THAT AVAST USES FOR ASHWEB AND OTHER THINGS IS THE SAME IP THAT IS STILL LISTENING EVEN AFTER UNINSTALLING AVAST.

Please read my posts carefully, I’ve been on this problem ever since it started. I’m a fairly intelligent person with a good sense of logic. So far no one has been able to tell me something I don’t know other than “we have aswclear.exe in case add/remove programs dont work”

:frowning:

If no one can help me here, I will go through the painful process of calling ISP’s.

AVAST USES THIS IP

CP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING 480 [ashMaiSv.exe]

The ip STILL LISTENS ON MANY PORTS, USING VERY IMPORTANT PROCESSES, AVAST IS UNINSTALLED

Well that IP doesn’t belong to avast, if something on your system is trying to accesst the internet over one of the ports (80 http or email, 25, 110, 119, 143) that avast redirects through a localhost proxy, the reporting software may consider that avast is connecting to that IP.

Here are my netstat results whilst on-line

Active Connections

Proto Local Address Foreign Address State PID
TCP PC1:803 PC1:0 LISTENING 1444
[outpost.exe]

TCP PC1:1025 PC1:0 LISTENING 2200
[alg.exe]

TCP PC1:12025 PC1:0 LISTENING 2084
[ashMaiSv.exe]

TCP PC1:12080 PC1:0 LISTENING 2100
[ashWebSv.exe]

TCP PC1:12110 PC1:0 LISTENING 2084
[ashMaiSv.exe]

TCP PC1:12119 PC1:0 LISTENING 2084
[ashMaiSv.exe]

TCP PC1:12143 PC1:0 LISTENING 2084
[ashMaiSv.exe]

TCP PC1:1055 PC1:1056 ESTABLISHED 1924
[firefox.exe]

TCP PC1:1056 PC1:1055 ESTABLISHED 1924
[firefox.exe]

TCP PC1:1058 PC1:1059 ESTABLISHED 1924
[firefox.exe]

TCP PC1:1059 PC1:1058 ESTABLISHED 1924
[firefox.exe]

UDP PC1:4500 : 876
[lsass.exe]

UDP PC1:isakmp : 876
[lsass.exe]

So no spurious IPs
You will also notice in your list with and without avast uninstalled there is alg (Application Layer Gateway) which isn’t an avast process listrning and associated to that IP (Domain: iol.it).

Picture looks like you really have some malware which injecting into different processes and connecting to .it site.

In fact, seems that I do have clues…

avast does not use an IP by WebShield. WebShield works like a proxy and does not use an external IP to work. avast does not listen your ports by an IP.

It’s not a matter of good sense… but technical knowledge.

This IP is from your ISP server. ashMaiSv.exe is the avast mail provider that is listening a port (not an IP) to scan your mail.

It’s not correct uninstalled… ashMaiSv.exe shouldn’t be even running… Did you boot after uninstalling?

Not really connecting, more trying to connect.

Thanks to my router I think it’s preventing it from phoning home.

If indeed you two gentlemen have the same hypothesis as I do, and think that I am in fact, infected, then why - why is it that Avast!, was using that IP?

TCP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING 480 [ashMaiSv.exe]

TCP box:12080 ppp-54-25.32-151.iol.it:0 LISTENING 1104
[ashWebSv.exe]

TCP box:12110 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12119 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12143 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

Anyone?

Uninstall avast and these processes won’t be running/listening to anything…

Tech stop being so silly man. HAD YOU READ ALL MY POSTS, AVAST IS UNINSTALLED, I EVEN RAN ASWCLEAR.EXE - AVAST’S OWN UNINSTALL PROGRAM

Of course I rebooted after uninstalling.

I even ran CCleaner and Registry Booster, and Registry Booster is a licensed product that I bought, CCleaner is freeware. Had you read my posts, you wouldn’t have needed to ask the question, I already said that I rebooted, ran the cleaner, ran registry booster and did a registry defrag, but you seem more intent on being sarcastic with me because I was sarcastic with you (once). Understand that I am frustrated, and that by having common knowledge, I meant, knowing stuff like, what a registry is, and, rebooting after uninstalling a program like anti-virus software is important, or, don’t run two anti-viruses, or firewalls at once. Give me some credit here man.

I ran aswclear.exe and removed everything. That should do the trick itself. You seem to be the only one that doesn’t think it’s a virus here.

Quote from: AleKx on Today at 06:09:40 PM AVAST USES THIS IP CP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING 480 [ashMaiSv.exe] This IP is from your ISP server. ashMaiSv.exe is the avast mail provider that is listening a port (not an IP) to scan your mail.

You don’t seem to understand this. The program is uninstalled. The IP is no longer using ashmaisv.exe with PID 480, it’s using kernel32.dll, and asl.exe, and other important executable and dll files. Apparently bold characters won’t work so, Avast! is completely uninstalled and the IP is still listening on ports.

No hate Tech, all <3

I give up to keep a serene conversation and help…
I earn nothing giving my time for free here in avast forums. I do not deserve blaming.

Friend, I am not blaming you for anything. I am simply stating that had you read my posts, your questions would have been answered. Any people who take the time to help here is greatly appreciated, but you were going about it the wrong way, even if you kept on trying to help. Take 5 minutes and go through my posts, it will answer many of your questions, it took me a long time to gather this information and it would be appreciated if you read it before asking me silly questions like: “Did you reboot after uninstalling”

That’s all I mean. Your help is appreciated. <3

The reason I came on the Avast! forums for this was because the spyware I have was USING ashweb.exe
It completely by-passed Avast! even after doing a pre-boot scan.

I decided to call my ISP and I talked with 5 different technicians (I called 5 times because no one could tell me anything, I was hoping I’d land on someone that would.) And 4 out of the 5 technicians didn’t know the “Netstat” command. I’m dead serious.

The first 2 technicians were clueless, and the third told me to call my D-Link router support. Which I did. I called and the technician was impolite, barely articulated, and showed no interest in helping me at all. I finally gave up with him and called my ISP again.

Technician #4 was very nice, did the best he could, but had no clue what Netstat was. How can I explain my problem to someone who doesn’t even know how Netstat works.

I hung up with him and called again, and this time the technician knew what he was talking about. He asked me a series of logical questions (basically the same questions I asked myself), and we both came to the conclusion that it was spy-ware or other malicious software trying to dial home to the IP always showing up in my Netstat. Since he works for Bell, he wasn’t allowed to help me with non-bell related products like Ad-Aware or any other tool that could help me, but he let me know that it was obvious that I was infected. The files infected are multiple, kernel32.dll, alg.exe to name 2, but there’s plenty more. The virus is trying to dial to that IP I keep seeing, with the use of those .dll files and .exe’s. It says “listening” because it’s waiting on those ports it uses to connect to the IP, to open, so the files I have infected, can then download a virus.

Note that the IP was hooked on files that Avast! was using, so that’s why I saw ashweb.exe related to them, and trying to connect to the IP. Avast! is also an anti-virus, it is NOT an anti-spyware. It’s just a reminder that not one program will keep you completely safe.

It’s very confusing when the spyware is using your anti-virus processes when you see this:

TCP box:1026 ppp-54-25.32-151.iol.it:0 LISTENING 1700
[alg.exe]

TCP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12080 ppp-54-25.32-151.iol.it:0 LISTENING 1104
[ashWebSv.exe]

TCP box:12110 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12119 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

TCP box:12143 ppp-54-25.32-151.iol.it:0 LISTENING 480
[ashMaiSv.exe]

Is it normal for someone to assume that the IP above is a server that ashmaisv.exe (aka Avast!) uses? I think it is.

After uninstalling Avast!..

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP box:epmap ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:microsoft-ds ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:2869 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:1026 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:1046 localhost:1045 TIME_WAIT
TCP box:12025 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12080 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12110 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12119 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:12143 ppp-54-25.32-151.iol.it:0 LISTENING
TCP box:netbios-ssn ppp-54-25.32-151.iol.it:0 LISTENING

Looking at this, after Avast! is completely uninstalled, isn’t it safe to theorize that you might have spy-ware or a virus?

I think it’s important to let other Avast! users know about this. REGARDLESS if anyone know exactly what the point is, actually not regardless, ESPECIALLY, if no one knows what the problem is.

To prevent further bashful comments, I’m not putting Avast! down. It’s a good anti-virus. It makes a poor anti-spyware though.

*All this are hypothesis based on logical deduction from about 12 different people, including staff from Avast!, technical support staff from my ISP, and other Internet gurus whom I know personally. So far 10 out of the 12 people think its a spy-ware/virus

Couple of things.

First it would probably help you a bit more if you installed a program that gives you a better view of your connections like the free TCPView available from Microsodt/Sysinternals.

You are not connecting to a website as such - you are connecting to an individual user at that site. That has all the hallmarks of someone using a P2P program where the person at the other other end is telling you to connect to them on well known ports such as port 25, port 119, port 80 etc. such usage is quite common in the P2P world. It so happens that avast scans activity on those well known ports because that it how it works to scan email, nntp and web browsing.

So - are you using a P2P program on your system?

Yes, but the program is seldom used. I’ve used it twice since formatting, and only to get 2 well know Unreal Tournament movies that I can’t find elsewhere, ( not even on levitation-gaming). I’ve scanned everything that I’ve downloaded with Avast! before running anything, DivX, Ventrilo, mIRC, nnscript, peerguardian, firefox, filezilla, x-netstat, netstat agent. Those are the only programs I’ve downloaded. All have been scanned and passed through Avast!. I had just reformatted…

Thanks for sharing your opiniong alanrf, do you suggest I uninstall the p2p ?

I’ve looked into spyware removal tools and found Ghost Buster. I ran that and it found the trojan (a trojan is a virus right? why didn’t avast catch it?) : Trojan.Win32.Patched.m

Ghost Buster is a Spyware removal tool but a Trojan is a virus to my knowledge, (if someone could clear that up if I’m wrong) but it wouldn’t remove it since I only have the trial version. The path it found the trojan in was C:\Windows\system32\winlogin.exe

If you look at all the applications and DLL files it was listening with (My netstat -ab reports) winlogin.exe uses some of those files to function. It kind of all makes sense. I have a trojan, Avast didn’t detect it, and all this energy spent on trying to find out why the heck someone is listening on my ports is at least validated.

One of you did the Netstat -ab and gave me your results. That was a clean Netstat right there, and that’s how most pc’s should be secure.

I’ve gone and and beyond with this, I’ve learned a lot too, and after more than 10 years of using microsoft products, I’m switching to Linux or Mac. I will try out both first to see which I prefer of course.

Microsoft sells you an operating system that is not finished. The product, is not finished. There’s no muffler on your car, there’s no roof on your house, and there’s holes everywhere in your operating system when you run Windows. XP was most likely it’s best operating system, WindowsME being the poorest (I’d rather run windows 3.1)

Why do you think you have hundreds of updates when you have windows?
Because they sell you something that’s unfinished, but they have the courtesy to patch the things that THEY find. Imagine all the stuff they DON’T find.

After re-installing Windows XP, the first day I have 28 updates. The second, 90 updates. The third, 10 updates… I didn’t count how many there were in total but apparently it’s still going. It’s not only security updates for your operating system, it’s for other microsoft products such as IE and Explorer and registry fixes or what have you. These are serious holes and serious issues. If you want to run windows you need: A) A firewall, B) An anti-virus, C) A router if you can B) Spyware removal tools C) Registry Cleaner/fixer etc etc etc.

They sell you this crap for 300$ a CD (When the OS just came out, windows sold for 350$ a CD at futur shop).

Linux is FREE.

Do some research of how many people on linux have problems with viruses and trojans and spyware and malware and i-ware (heh). Do some research on how many people have problems with viruses and trojans and spyware and malware with Macintosh computers.

It took me 10 years to wake up and smell the freaking coffee. I’ve been up to date throughout all these years as much as I could with protecting myself while operating a Windows operating system, and I’ll have none of it no more.

I’ve banged my head in walls and tried to protect myself for years, when I don’t really have to. If I buy a mac, sure it’s expensive, but they have the fastest processors, and they are the best when it comes to graphics, which is great for a gamer like me. I also get the friendly GUI that windows has, but without all it’s holes. Or, I can try Linux, a FREE operating system with one freaking millionth of Windows’ vulnerabilities, and have a more “raw” GUI, and have to do things more manually or through WINE.

Either way, I’m not sticking with microsoft. Good riddance.