Main Page 
PC Review
Forums
Newsgroups
Microsoft AntiSpyware
Security Networking
Scan Results that left me without the Windows Firewall
Forums
Newsgroups
Microsoft AntiSpyware
Security Networking
Scan Results that left me without the Windows Firewall
 |
Scan Results that left me without the Windows Firewall |
|
|
Thread Tools | Rate Thread |
12-01-2005, 09:21 PM
|
#1 |
|
Guest
Posts: n/a
|
Scan Results that left me without the Windows Firewall
Spyware Scan Details
Start Date: 09/01/2005 02:00:36 End Date: 09/01/2005 02:21:50 Total Time: 21 mins 14 secs Detected Threats ShopAtHome Spyware more information... Details: ShopAtHome installs itself in the Winsock layer of your system and redirects your browser to merchant sites to take advantage of the affiliate fees. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078438.exe c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078441.exe c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078442.dll c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078443.dll c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078444.dll eZula.WebOffer Adware more information... Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078448.exe NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer redirection plug- in that adds subdomains of new.net to your name resolution system (Windows' Host file), resulting in what appears to be extra top-level domains. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078447.exe QuickSearch Toolbar Search Hijacker more information... Details: QuickSearch Toolbar redirects Internet Explorers search URLs to a specific Web site. Status: Removed Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078445.exe c:\system volume information\_restore{f367ac2d-f2dc-4dab- bff1-1d3f7ffad5a3}\rp167\a0078446.dll Detected Spyware Cookies No spyware cookies were found during this scan. |
|
|
12-01-2005, 11:54 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: Scan Results that left me without the Windows Firewall
Every thing in your scan results below are located in your system restore
folders and removing them should have no effect on your PC unless you used that restore point after clearing those items out. And, if you did that then I would suspect the restore would have failed. -- Spider http://web.tampabay.rr.com/spider1 "Alan Duncan" <anonymous@discussions.microsoft.com> wrote in message news:0ed701c4f8f5$133c4750$a601280a@phx.gbl... > Spyware Scan Details > Start Date: 09/01/2005 02:00:36 > End Date: 09/01/2005 02:21:50 > Total Time: 21 mins 14 secs > > Detected Threats > > ShopAtHome Spyware more information... > Details: ShopAtHome installs itself in the Winsock layer > of your system and redirects your browser to merchant > sites to take advantage of the affiliate fees. > Status: Removed > > Severe threat - Severe threats typically are remotely > exploitable vulnerabilities, which can lead to system > compromise. Successful exploitation does not normally > require any interaction and exploits are in the wild. > There exists a high possibility of potential system > damage or security flaw. Attacker has complete control > over your computer or install new software on your > machine. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078438.exe > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078441.exe > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078442.dll > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078443.dll > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078444.dll > > > eZula.WebOffer Adware more information... > Status: Removed > High threat - High risk threats typically are remotely > exploitable vulnerabilities, which can lead to system > compromise. Successful exploitation does not normally > require any interaction. May open up communication ports, > use polymorphic tactics, stealth installations, and/or > anti-spy counter measures. May us a security flaw in the > operating system to gain access to your computer. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078448.exe > > > NewDotNet Browser Plug-in more information... > Details: New.Net is an Internet Explorer redirection plug- > in that adds subdomains of new.net to your name > resolution system (Windows' Host file), resulting in what > appears to be extra top-level domains. > Status: Removed > High threat - High risk threats typically are remotely > exploitable vulnerabilities, which can lead to system > compromise. Successful exploitation does not normally > require any interaction. May open up communication ports, > use polymorphic tactics, stealth installations, and/or > anti-spy counter measures. May us a security flaw in the > operating system to gain access to your computer. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078447.exe > > > QuickSearch Toolbar Search Hijacker more information... > Details: QuickSearch Toolbar redirects Internet Explorers > search URLs to a specific Web site. > Status: Removed > > Elevated threat - Elevated threats are usually threats > that fall into the range of adware in which data about a > user's habits are tracked and sent back to a server for > analysis without your consent or knowledge. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078445.exe > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078446.dll > > > Detected Spyware Cookies > No spyware cookies were found during this scan. > > > > |
|
|
|
13-01-2005, 02:19 AM
|
#3 |
|
Guest
Posts: n/a
|
Re: Scan Results that left me without the Windows Firewall
I don't disagree with Spider, but, on a practical level:
If you are on SP2, do this at a command prompt: netsh winsock reset Hit enter, restart machine. For earlier versions of XP, follow the instructions in this KB article http://support.microsoft.com/defaul...kb;en-us;817571 one of these two steps should restore your Winsock LSP stack, and restore the firewall to functionality. Thanks for posting the file--I don't understand the situation--as Spider says, this shouldn't have caused the problems you mention. Was there more than one cleaner run? "Alan Duncan" <anonymous@discussions.microsoft.com> wrote in message news:0ed701c4f8f5$133c4750$a601280a@phx.gbl... > Spyware Scan Details > Start Date: 09/01/2005 02:00:36 > End Date: 09/01/2005 02:21:50 > Total Time: 21 mins 14 secs > > Detected Threats > > ShopAtHome Spyware more information... > Details: ShopAtHome installs itself in the Winsock layer > of your system and redirects your browser to merchant > sites to take advantage of the affiliate fees. > Status: Removed > > Severe threat - Severe threats typically are remotely > exploitable vulnerabilities, which can lead to system > compromise. Successful exploitation does not normally > require any interaction and exploits are in the wild. > There exists a high possibility of potential system > damage or security flaw. Attacker has complete control > over your computer or install new software on your > machine. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078438.exe > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078441.exe > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078442.dll > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078443.dll > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078444.dll > > > eZula.WebOffer Adware more information... > Status: Removed > High threat - High risk threats typically are remotely > exploitable vulnerabilities, which can lead to system > compromise. Successful exploitation does not normally > require any interaction. May open up communication ports, > use polymorphic tactics, stealth installations, and/or > anti-spy counter measures. May us a security flaw in the > operating system to gain access to your computer. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078448.exe > > > NewDotNet Browser Plug-in more information... > Details: New.Net is an Internet Explorer redirection plug- > in that adds subdomains of new.net to your name > resolution system (Windows' Host file), resulting in what > appears to be extra top-level domains. > Status: Removed > High threat - High risk threats typically are remotely > exploitable vulnerabilities, which can lead to system > compromise. Successful exploitation does not normally > require any interaction. May open up communication ports, > use polymorphic tactics, stealth installations, and/or > anti-spy counter measures. May us a security flaw in the > operating system to gain access to your computer. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078447.exe > > > QuickSearch Toolbar Search Hijacker more information... > Details: QuickSearch Toolbar redirects Internet Explorers > search URLs to a specific Web site. > Status: Removed > > Elevated threat - Elevated threats are usually threats > that fall into the range of adware in which data about a > user's habits are tracked and sent back to a server for > analysis without your consent or knowledge. > > Infected files detected > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078445.exe > c:\system volume information\_restore{f367ac2d-f2dc-4dab- > bff1-1d3f7ffad5a3}\rp167\a0078446.dll > > > Detected Spyware Cookies > No spyware cookies were found during this scan. > > > > |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
