Hello all. I’ve got a strange things going on here last hour. At first Gereric host process for win32 services asked for outgoing connection. I’ve denied it with rule “always deny”. I’ve started to see this message (see below). Scanned my system with Dr.Web standalone scanner CureIt. My system seems to be clean. Tried to search the net for Goldstream… Nothing… Feel strange when I don’t know what is going on with my system… Any commens will be appreciated.
Also avast mail scanner ask for connection and I “recieve” some kind of email… sent to adminz.zone @ gmail.com not for me… It was twice today. moreover, I have no pop3 programs configured to work apart MS Outlook. avast scanner starts just like that…
There may be a Internet problem going on right now that is causing your problems? Different URLs here in the U.S.A. are very slow today when trying to access them. I have been experiencing this for the past several hours at home on my pc there and now at work on the pc at work. Not sure if this might be your problem but it could be some of it.
This seems to be related with email account hijack…
Well, some Google services, specially Google Desktop needs some ‘special’ connections when you’re not online.
Certainly the outbound connection is not that strange than inbound one. Mine, inbound, are always denied.
I know, I let all “green” Kerio alerts to connect, but what a * is Goldstream, if even kaspersky online says everything is ok. It gives me error messages even i’m not online, so it’s inside my pc. it’s for sure. Why he connects via avast mail scanner, why he recieves some kind of mail, which avast says to be clean but it’s saved to nowhere, besides, these words of subject and to is ugly words (if translated from russian which in this case is written by english letters). I have a headache already. Again new connection to the same point! >:( >:( >:( >:( I’m afraid of worst - I have something really new, and no av’s can detect it at the moment. And I know that some kind of strange things are on the net wright now… :-\
Well, some Google services, specially Google Desktop needs some 'special' connections when you're not online.
Nope, between, why it should connect to hell knows what mail server and to recieve hell knows what a mail message and to save it hell knows there! And it happens in about every 15 minutes. It connects, it downloads the same mail message which seems to be saved nowhere, and it repaets all this after 15-20 minutes. If I deny avast mail scanner connection, it gives me error window. If I’m not connected to the Net, it gives me an error window too. All these things tonight are going to kill me! >:( And it started from nowhere maybe 4 hours ago… >:(
Maybe you have fallen victim to the remote code vulnerability,
still not fixed and reported here: http://mangeek.com/. If you say you have been updating. It is a possibility,
Nothing unusual in any log file. I’ll just wait and see how the things will go on in future. All these things seems to be gone this morning… Till now… Could be the reason to all this that yesterday PC was on and connected to NET for more than 24 hours non-stop? But I have restarted it several times in evening… :-\ hell knows but till now it seems to be ok…
My comp is on 24/7 and i restart it once a week(maybe) it’s downloading all the time(Azureus) and everything works fine.I would suggest you start using backups so when something like this happens you can just go back and not worry…
OK, the strangest thing - everything is gone today. No more errors, no more unknown behaviour, PC works perfectly. And all things I’ve done - used system restore yesterday before going to sleep. I’ve restored it to the nearest 10 AM created checkpoint (all things started at about 6 PM). I hope all things will be fine…
Edit: I was wrong… Besides, I’m a bit disapointed. NOD32 found trojan on my pc running in the memory. avast didn’t say anything, but the strangest thing is after I extracted file from NOD32 quarantine and checked it with avast virus scanner on their website, the trojan was found. In my computer avast wasn’t able to cathc it. What a surprise, but the problem file was svchost.exe, the same file name as well known process belonging to Windows. That’s the reason I haven’t noticed anything. Just cant understant one thing, why it was not detected by security sofware when it was RUNNING in my memory… But tonight I’ve done clean install in my PC, but this time with NOD32 trial in the front line. :-\ I need to see, how it works… Comparing with avast…
Smart decision… I too had a trojan on my comp when i ditched avast and switched to Nod, but i don’t remember the name of the file anymore cause i deleted it immediatly since it wasn’t it any vital system folder…
That is just the nasty bit of these types of malware. It can be traced only until it starts to run on the machine, then it cannot be traced. So for certain kind of malware, and now spyware too is coming in with these aspects, a way of preventing installs of these types of malware is very important. What is the best AV protector in this case, it is you guessed it right the man behind the keyboard, Mr Ylap and Mr ReVaN in this case. When on a system a type of malware, like a backdoor, a trojan horse or a worm installs FUNCTIONALITY, we have a compromitation of the system. This can lead to compromitation of all sort of files, e.g. the AV files), which can be manipulated, also sensitive information of the user(s). WE THEREFORE CAN NO LONGER TRUST THIS SYSTEM and it lays or could lay now open to remote control.
To undo this situation, only a fresh install or in the case of Ylap’s troubles a RESTORE TO AN UN COMPROMISED STATE (if you knew when that was) can be necessary.
Then we have to do the following:
Drop your rights, use normal user rights.
Activate Win XP2 and install a good Firewall.
Update system.
Even if you use an alternate browser, configure IE securely.
Configure your Mailclient safely, use a safe mail client.
Change all your passwords.
Make an image of the system partition.
Analyze your surf & download habits.
Use a layered security solution, system monitor,
anti-malware solutions, anti-script solution, anti-virus
solution.
Use your brain at all times before you click.
There is a difference of opinion about when a system has become compromised, I say take no chances,
How NOD32 was installed and how avast ran WHEN the infection was detected?
Which were the resident?
avast? Which was its settings?
Did you submit the file to Jotti?
Just a curiosity, how much did you pay for its license?
I’m not trying to defend avast, just trying to be fair. We need to know the circunstances and settings of the infection.
Besides this, we all know, any software is perfect. avast can fail. Just trying to be fair in this thread.