|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
05-03-02, 06:11 AM | #1 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
Security breach in edonkey2000
GREETZ to all P2P'ers
I was wondering if any body knows what this might be is there some way to check winsock I wonder?(sorta hope it 's nothing &-) TIA BTW- I do use the bot |
05-03-02, 06:42 AM | #2 |
Madame Comrade
Join Date: May 2000
Location: Area 25
Posts: 5,587
|
Suspicious.... might be spyware related.
At least Webhancer is known to change your Winsock (which can make it a real pain to remove from your system as the removal efforts can kill your net connection etc.). Webhancer comes with audioGalaxy but AFAIK it hasn't been bundled to eDonkey... at least so far... Any fresh software installations? Have you upgraded eDonkey lately? - tg |
05-03-02, 01:19 PM | #3 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
Not since 2.59 anyway
weird is'nt it
hope it is'nt spyware webhancer ewww thx 4 the reply i emailed js to get rid of 1 of these post but he not here can u do it dont know how it happend must of back tracked and hit submit again by mistake and in underground i screwed up my thread heading musta been those |
05-03-02, 02:32 PM | #4 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
seems all fixed thx who did that
upgraded to 259 when it come out but not sure if that was around that date id say it was a few week be4 th@
|
05-03-02, 04:11 PM | #5 |
Dawn's private genie
Join Date: May 2001
Location: the Canadian wasteland
Posts: 4,461
|
Everyone should use regcleaner. It tells you what new programs have just been installed.
http://www.vtoy.fi/jv16/shtml/regcleaner.shtml |
05-03-02, 04:14 PM | #6 | |
R.I.P napho 1-31-16
Join Date: Dec 2000
Location: Venus
Posts: 16,723
|
Quote:
__________________
I love you napho and I will weep forever.......... |
|
06-03-02, 04:03 AM | #7 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Quote:
|
|
06-03-02, 05:40 AM | #8 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
regclean?
this one looks a lot differnt than the 1 i was using
i read there was problems with it so i stopped the one im thinking of the icon look like a little gift box and it put a .reg file as a backup every time u used it hav'nt used it for about a year 1/2 this one may be a recent version of it Last edited by multi : 06-03-02 at 05:51 AM. |
06-03-02, 11:07 PM | #9 | |
Just another cat on the FastTrack...
Join Date: Jan 2002
Location: Hamilton
Posts: 727
|
Re: regclean?
Quote:
The one napho refered to is RegCleaner by Jouni Vuorio... Lot's of options in this one! |
|
07-03-02, 02:49 AM | #10 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
thx now i remember
yeah its much different
i think i read there was problems with the microsoft one and it suggested it was a good idea not to use it but this one look like a good tool(thx Napho) so back to the edonkey thing i have now noticed that 2 or 3 popup windows every time edonkey starts(i think there used to be only 1) so im speculating that winsock change may have to do with that, bit like cydoor or something and may be have to put winsock back to origial state to get rid of it (if this is a new way of inserting spy ware on to ppl's machines without being able to adaware it out(scary) a winsock backup and change detecting utility will be much needed!) hope im not letting paranoia cloud my judgement here but it seems these assheads will stop at nothing to infiltrate ppls machines with advert serving/detail collecting junk! this is little more info i have found i think the 3 inbound entries refer to the popups i mentioned and this is the whois about 1 of them(all the outbound entries before these three were made by edonkey): IANA (IANA-CBLK-RESERVED) Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292-6695 US Netname: IANA-CBLK1 Netblock: 192.168.0.0 - 192.168.255.255 Coordinator: Internet Corporation for Assigned Names and Numbers (IANA-ARIN) res-ip@iana.org (310) 823-9358 Domain System inverse mapping provided by: BLACKHOLE-1.IANA.ORG192.0.32.18 BLACKHOLE-2.IANA.ORG192.0.32.19 These blocks are reserved for special purposes. Please see RFC 1918 for additional information. Record last updated on 12-Oct-2001. Database last updated on 6-Mar-2002 19:57:26 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and whois.nic.mil for NIPRNET Information. Done (the 192.168.*.*ip's are our local network(3 boxes) 192.168.0.1 is the box with the modem,192.168.0.255 i think is the broadcast ip&192.168.0.9 is my box) ok im all a bit fuzzy on this but maybe some one can peice it together-and tell me if im off track edit-http://www.onresponse.com/banners/ was the pop up but only one this time Last edited by multi : 07-03-02 at 04:30 AM. |
08-03-02, 02:27 PM | #11 |
freak
Join Date: Jan 2002
Location: Hungary
Posts: 906
|
Lot of popopo windows are due to sharereactor if you use it. Everything else seems normal operation to me... I still don't know whether Cydoor is spyware or not - it is said to be adware. But there is a cydoor free version available, isn't it? But then, to tell the truth, I didn't understand much of the winsock problem...
__________________
"If you open your mind too wide, people would throw trash in it" |
Thread Tools | Search this Thread |
Display Modes | |
|
|