Downloads.aaa1screensavers.com Active Ports

[Jonathan]

Hi was wondering if u could help.
I have been using the netstat -a under command prompt to
check out my active ports. From a clean instal I have had
Norton Internet security including Norton Antivirus
installed fully updated every week, with security set to
high, Intrusion Alert on and Auto-Protect and Scan
Bloodhound Heuristics set to High. Lately was checking
through some freeware programs and came accross Flashget
which I remember my brother was using as a download
manager. Installed the bugger with no problems from
Norton (a program which I thought was extremely good??),
and all of a sardine I have activity on multiple ports to
do with downloads.aaa1screensavers.com. Uninstalled
Flashget and its counterpart program offering free
something or other and thought that that would do the
trick. Not a sausage was still there.
Funny thing though checked my computer numerous times in
normal and safe mode with Norton which is supposed to
check for spyware + joke progs, with Ad-Aware and spybot
search and destroy (yes am a fanatic worrying about
keyloggers and stuff cos of internet banking) and only
tracking cookies were found. Downloaded Microsoft Anti-
Spyware and lo and behold something to do with Flashget
was found and deleted. Thought yipee that is that.
Restarted for good measure into safe mode after disabling
system restore and ran scan again with all four mentioned
before. Nothing comes up. Yay......
Restarted again netstat -a and sorry for you there was
still activity to do with downloads.aaa1screensavers.com.

I am just about to teach my computer how to fly. Have
added downloads.aaa1screensavers.com to the hosts file
and redirected it to 127.0.0.1. What I cant understand is
how with all these programs it is still running in the
background with none of my protection detecting it.
Norton internet Security is set to high and this prog
must be its mate cos just seems to let it do what it
wants without any alerts whatsoever. Very puzzling. Just
wondering why I paid good money to Norton and what I
should buy that would do the job.

Well heres hoping u can help cheers for now

Jonathan UK

 

[jon]

Well I take it that nobody has a clue. Pity. Just for a
bit of info have downloaded and used every tool in the
book to no avail. Am still getting connection attempts to
the abovementioned web site. Funny thing though is, with a
program called port explorer, have noticed that the
processes listed that are trying to attempt the
connections to the screensaver site are all known
processes like messenger, ieplore etc. Most cases there
will be a slight difference in the process name ie with a
* in front of it, but this is not always the case. All are
attempting to connect to 127.0.0.1 ( have added the
downloads.aaa1screensavers.com to the hosts file to do so)
and there are numerous attempts. Noticed quite a few forum
postings on the subject and nobody seems to know the
problem. Pleeeeaaaassse is there anybody out there.

Cheers for now
Jon

 

[Bill Sanderson]

Jon - in a situation with an unknown critter, as this appears to be, the
current best method to get cleaned is to use HijackThis and post your log in
a forum.

See the info at this url for how to do this, where to get HijackThis, and a
forum where they can help you interpret the log:

http://www.aumha.org/a/quickfix.htm

 

[Cheekyal]

Maybe this is the answer

Did a google search since Kerio was showing the same for me - apparently it may be to do with Kazaa-Lite modifying your HOSTS file (in C:\WINDOWS\system32\drivers\etc) - to remedy it, edit the file and insert

127.0.0.1 localhost

as the first line.

Not sure why this was happening tho, I am now going to do an investigation into the use of the HOSTS file...

Cheers,
Chris

 

[Cheekyal]

The HOSTS file...

http://accs-net.com/hosts/what_is_hosts.html

Is a good explanation...

Hope this helps!!

Chris