Security breach in edonkey2000

[multi]

GREETZ to all P2P'ers
I was wondering if any body knows what this might be
is there some way to check winsock I wonder?(sorta hope it 's nothing &-)
TIA

BTW- I do use the bot

[TankGirl]

Suspicious.... might be spyware related.

At least Webhancer is known to change your Winsock (which can make it a real pain to remove from your system as the removal efforts can kill your net connection etc.). Webhancer comes with audioGalaxy but AFAIK it hasn't been bundled to eDonkey... at least so far...

Any fresh software installations? Have you upgraded eDonkey lately?

- tg

[multi]

weird is'nt it
hope it is'nt spyware
webhancer ewww
thx 4 the reply
i emailed js to get rid of 1 of these post but he not here can u do it
dont know how it happend
must of back tracked and hit submit again by mistake
and in underground
i screwed up my thread heading
musta been those

[multi]

upgraded to 259 when it come out but not sure if that was around that date id say it was a few week be4 th@

[napho]

Everyone should use regcleaner. It tells you what new programs have just been installed.

http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

[Dawn]

Quote:

Originally posted by napho
Everyone should use regcleaner. It tells you what new programs have just been installed.

http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

Yep, I suppose I'll go get that back again

[BuzzB2K]

Quote:

Originally posted by napho
Everyone should use regcleaner. It tells you what new programs have just been installed.

http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

Have been using it for ages...

[multi]

this one looks a lot differnt than the 1 i was using
i read there was problems with it so i stopped
the one im thinking of
the icon look like a little gift box and it put a .reg file as a backup every time u used it
hav'nt used it for about a year 1/2
this one may be a recent version of it

[BuzzB2K]

Quote:

Originally posted by multi inter user face
this one looks a lot differnt than the 1 i was using
i read there was problems with it so i stopped
the one im thinking of
the icon look like a little gift box and it put a .reg file as a backup every time u used it
hav'nt used it for about a year 1/2
this one may be a recent version of it

That one you are refering to is REGCLEAN.EXE which is a Microsoft Product (RegClean - Windows Registry Analysis and Correction Utility) This program didb't tell you what it was doing, just gave you the choice of yes or no.

The one napho refered to is RegCleaner by Jouni Vuorio...
Lot's of options in this one!

[multi]

yeah its much different
i think i read there was problems with the microsoft one and it suggested it was a good idea not to use it
but this one look like a good tool(thx Napho)
so back to the edonkey thing
i have now noticed that 2 or 3 popup windows every time edonkey starts(i think there used to be only 1) so im speculating that winsock change may have to do with that, bit like cydoor or something and may be have to put winsock back to origial state to get rid of it
(if this is a new way of inserting spy ware on to ppl's machines without being able to adaware it out(scary) a winsock backup and change detecting utility will be much needed!)

hope im not letting paranoia cloud my judgement here
but it seems these assheads will stop at nothing to infiltrate ppls machines with advert serving/detail collecting junk!

this is little more info i have found
i think the 3 inbound entries refer to the popups i mentioned
and this is the whois about 1 of them(all the outbound entries before these three were made by edonkey):
IANA (IANA-CBLK-RESERVED)
Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6695
US
Netname: IANA-CBLK1
Netblock: 192.168.0.0 - 192.168.255.255
Coordinator:
Internet Corporation for Assigned Names and Numbers (IANA-ARIN) res-ip@iana.org
(310) 823-9358
Domain System inverse mapping provided by:
BLACKHOLE-1.IANA.ORG192.0.32.18
BLACKHOLE-2.IANA.ORG192.0.32.19
These blocks are reserved for special purposes.
Please see RFC 1918 for additional information.
Record last updated on 12-Oct-2001.
Database last updated on 6-Mar-2002 19:57:26 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
Done
(the 192.168.*.*ip's are our local network(3 boxes) 192.168.0.1 is the box with the modem,192.168.0.255 i think is the broadcast ip&192.168.0.9 is my box)
ok im all a bit fuzzy on this but maybe some one can peice it together-and tell me if im off track
edit-http://www.onresponse.com/banners/
was the pop up but only one this time

[Smoketoomuch]

Lot of popopo windows are due to sharereactor if you use it. Everything else seems normal operation to me... I still don't know whether Cydoor is spyware or not - it is said to be adware. But there is a cydoor free version available, isn't it? But then, to tell the truth, I didn't understand much of the winsock problem...