How to stop MS from breaking in?????

  • Thread starter Thread starter Rich
  • Start date Start date
R

Rich

Hi all,

Dell sent me a clean machine that didn't have all of MS's
intrusion stuff on it. Unfortunately, I accidently loaded
some stuff - I have no idea what - and MS's servers keep
bombarding me trying to get in. The address of MS's
server is 207.46.228.35. I have been trying to get some
help on this for a couple of days and there doesn't seem
to be anyone who knows what MS is trying to do. Can
someone tell me what this server is trying to do by
trying to break through my firewall and how to stop it?
It is simply unbelievable that they install software that
continually tries to break through firewalls!! This is a
world gone mad.

Thanks for any help that you can provide.

Rich
 
it is mshome, it isnt ms itself. it is some hacker that
has taken over several computers mine included. look at
my posts for help. my computer is listed as mshome and it
puts up anonymous as a return address just like you have.
Im not sure if that is part of what the system is doing,
but I do know there is a very big problem that Microsoft
techs refuse to admit is there. I have been on the phone
with them since oct 15 and they keep telling me my system
is fine. it isnt and posts like your post and my log
files prove it.

You might have to send the system back to dell to have
them check it. I hope someone sees what is going on soon.
Im getting tired of running around the same circles time
after time.

I bought all brand new equipt and brand new oem microsoft
xp home edition full install cd. somehow someone loaded
in something that changed my computer into a windows NT
server - lanman server with lanman workstation. I always
get this log that claims it is checking with "france" for
a fix or a fix came back from "france"

Someone found a loophole and is compromising a lot of
systems. Microsoft refuses to go further into checking
this out and I am stuck with a computer that is no longer
controlled by me. some of you might say, just go buy a
new clean computer, why? so this can happen again? next
answer, Im a disabled american. this can be fixed and now
I have stopped trying to protect the general community
with microsofts blessing and encouragement that all is
fine. not only them, but the people I bought the hardware
from insist all is fine - no problems found. If someone
knows a cure or can help me fix this. Post to one of my
help posts please, leave your email and also email me at
my email address of (e-mail address removed), I do not check
that email from this computer and only go elsewhere to
check it. Nothing on this computer has the real info
about me that I know of. I will not use and have not used
my real email account since building this system. I will
not arrange any open access to anyone in forum, only
through email. I am willing to open my computer up to
allow someone else to fix the problem if they think they
can. I have tried and I cant fix it and microsoft tech
dept is not willing to even look to see if a problem
actually exists.

Im sorry for the ranting, Im just tired and feel very
alone in this problem and how to fix it. I hope you are
not infected and I hope dell can and will help you with
the problem. Dell seems to be better with security issues
than most others.
 
Hi,

Thanks much for taking the time to try to help me.

It looks like UDP Incoming from a GHP Firewall from
Microsoft. Here is the relevant log information from
ZoneAlarm. Any assistance would be greatly appreciated
since it is very uncomfortable to have a remote machine
from Microsoft that keeps trying to break into my
machine.

Thanks again,
Rich

ACCESS,2003/11/04,17:31:48 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.34:Port
3544).,N/A,N/A
ACCESS,2003/11/04,17:32:24 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.35:Port
3544).,N/A,N/A
ACCESS,2003/11/04,18:32:34 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.35:Port
3544).,N/A,N/A
FWIN,2003/11/04,19:00:12 -6:00
GMT,207.46.228.33:3544,192.168.0.2:1179,UDP
ACCESS,2003/11/04,19:00:36 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.33:Port
3544).,N/A,N/A
ACCESS,2003/11/04,20:00:42 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.33:Port
3544).,N/A,N/A
ACCESS,2003/11/04,20:14:34 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.35:Port
3544).,N/A,N/A
ACCESS,2003/11/04,21:14:54 -6:00 GMT,Generic Host Process
for Win32 Services was blocked from accepting a
connection from the Internet (207.46.228.35:Port
3544).,N/A,N/A
 
Gee either of you whinny idiots stop to think if your running xp its the
autoupdate feature phoning home and a reply from Microsoft that your
blocking. Also Dell setups are flawed from the factory. They are usually
missing several security patches. So how do you patch them. You hook them
to your cable, DSL or phone and dial in to the internet. While your
downloading zone alarm or the updates your computer gets hacked. Now its
all Microsoft's fault. You all should be using WebTV not a computer!!! Oh
wait I think WebTV went bankrupt. Stop blaming Microsoft because you don't
know how to secure your computers before connecting them to the internet.
Well I only didn't use a condom for 1 stroke I don't know how I got HIV.
Also dell and many other companies that do generic images, the administrator
password is left blank. Guess what remotely I could now own your system by
logging onto \\youripaddress\c$ and logging on as administrator with a
blank password. Or better yet have a program that hunts computers and does
it automatically. Of which there already are.

--
 
You might check out Media Player's Tools\Options - check
for Updates - Daily ? - move it to Monthly

Also the Help and Support will Update itself whenever
you're online

These things are not Microsoft 'spying' on you - just
trying to be helful!

Lesley
 
nice answer idjit! I dont have a dell! I have a system
that even the tech dept at the store I bought all my
hardware from claims there is no problem because they
cant find it on first look! I do or did a clean install,
my system was always upto date with all the latest
security. Its idiots like you that refuse to look beyond
your nose and see a real problem exists. I know what is
in my system so get off your hump and go suck and egg
already. Zonealarm pro4 and norton 4 and windows xp (rev
ed 8) was all installed from cd's! now what is your
answer? all securities were set in place and taken care
of. I have really had it with know_it_alls like yourself
that seem to claim to know it all when you do not even
see what is actually happening here. If you think I was a
bit harsh, read back over your words to others having the
same problem. If you read all these together, they all
amount to the same type of problem and "know_it_alls"
such as yourself are unwilling to get up off your lazy
self to check and see if maybe there is a real problem.
get a life and stop hurting others and try to help rather
than your morbid ignore the people that need help tactics.
 
So you don't have a dell ooooo but the other poster did. I'm proud to be a
know it all who hasn't been hacked because I've followed all the steps to
secure a computer correctly. I don't open email from people I don't know.
I turn the preview pane off so virus don't launch automatically when I go to
delete a message. I could care less if Microsoft wants to update my machine
remotely. Don't even care when my machine calls home to Microsoft to see if
there are any new updates. I still think the autoupdate is one of the
better things Microsoft has done. Half the know_it_alls your complaining
about like me are tired of trying to help the newbies that if they would
have scrolled 3 messages down probably would have found the answer instead
of asking the same bloody question for the 100th time. Or the people who
insist its Microsoft's fault because they setup or configured something
wrong. My biggest complaint about people is them relying on software
firewalls. Especially when people are still running zone alarm 2.0 or
Norton 2000 and expecting it to secure there computer. How many patches are
there for Norton or Zone alarm? Where Zone alarm or Norton had to update
there software because some hacker found a way to DOS a computer or hack it.
Sorta like a house with a alarm. What would be better a perimeter alarm,
alerting or stopping someone from even getting to the house, or a alarm on
the house that only goes off when someone's coming in the front door. Btw
you have any idea how easy it is to spoof packets from Microsoft. I could
hammer your computer all day long and make it look like its coming from
Microsoft. Look up the most known and used hacker utility out there called
nmap look at the feature of

-Ddecoy_host1,decoy2[,...] Hide scan using many decoys

There are so many ways to IP spoof its not funny. There are even the fun
ways to bounce traffic off other servers. Send a packet to Microsoft with
your machine ID and IP guess where Microsoft is going to return the response
packet. Also Zone alarm for example is known for what I call generating
hysteria alarms. So someone port scanned your computer big deal. The
business web servers I'm in charge of get port scanned by hackers at least
20 times a day if not more. Do I get anal and report every port scan to the
ISP that the scan came from? No I use to till I saw the futility in that
and again had people spoofing IP addresses. So call me a know it all I'll
proudly wear that title. I do answer many questions a day but sometimes I
go off on people for blaming Microsoft, especially when there is no
possibility it could be there fault or not have something configured right.
 
Hi Lesley,

Thanks for your reply. I set Media Player to once a
month, but MS server still keeps trying to enter my
computer.

My feelings are this:

When I want help I ask for it. :-) I don't want or need
MS's help. XP is designed to allow MS in my household
whenever MS wants to. They are control addicts. It is a
corporate problem that they have to work out. But the
result of their addiction is that XP has a wide-open
architecture which is costing users astronomical amount
of time. I never, never, never had this much problems
with OS systems that were designed to keep intruders out.
MS wants in - like a robber wants in. They want to see
what is going on. I know ... when I catch a robber in my
home, he/she will contend that they were just there to
help clean up the kitchen - but they were in there to
snoop and I don't want anyone snooping around unless I
ask for it. And when I am finished - I would like them to
leave. It is really as simple as that.

But really thanks for trying to help me out.

Best,
Rich
 
I see nothing indicating UDP, and "GHP Firewall" is
misinterpreting this. GHP is something running (probably
a couple instances of it) on your machine. One of the apps
hosted in GHP has contacted MS and your ZA is blocking
the reply. Configure your machine. It is possible to make
it so that it does not originate any communications outbound
(yes, even those that ZA does to ZoneLabs).

This is not an MS server trying to crack through your firewall,
it is just a process on some server trying to fulfill something
your machine has asked for. It is offering you something for
free, from which you may benefit, that you have not taken
control over your machine to stop from being requested, and
you are not happy ?

One possibility is the Window Update capability, as it runs
in one of these GHPs as does BITS that is used to dribble
down the software updates. Have you configured it to not
check for updates (not recommended) ?
 
Humorous as it may, or not, be please do not post binaries
in the newsgroups. It is sometimes not realized that many
visiting these newsgroup pay for network traffic by the byte
in their parts of the world.
 
Humorous as it may, or not, be please do not post binaries
in the newsgroups. It is sometimes not realized that many
visiting these newsgroup pay for network traffic by the byte
in their parts of the world.
Click to expand...
Actually, this character "ricky" at btcentralplus.com 81.152.63.201
has posted a few malicious attachements earlier in this group.

Dave
 
Hi Roger,

Thanks much for taking the time to try to help me. It is
very much appreciated. Can you tell me how I can
configure my machine so that it does not ask for any
updates or BITS (I don't know what this is). Thanks again.

As for my own feelings on this matter, please be assured
that I (personally) never asked for a connection from my
machine to a MS server. However, MS did program its
software so that this was "automatic" and I was not given
the option to say "no". So be it. I wish there was a
question asked by Windows XP which I could reply "no" to.
This would save me lots of time. For me, this is like
someone entering into my home and inviting other guests
in without my permission - and leaving the door open for
other unwelcome guests. Please take this as my own
personal feedback for what it is worth. Again, thanks for
you assistance.

Rich
 
-----Original Message-----
Hi all,

Dell sent me a clean machine that didn't have all of MS's
intrusion stuff on it. Unfortunately, I accidently loaded
some stuff - I have no idea what - and MS's servers keep
bombarding me trying to get in. The address of MS's
server is 207.46.228.35. I have been trying to get some
help on this for a couple of days and there doesn't seem
to be anyone who knows what MS is trying to do. Can
someone tell me what this server is trying to do by
trying to break through my firewall and how to stop it?
It is simply unbelievable that they install software that
continually tries to break through firewalls!! This is a
world gone mad.

Thanks for any help that you can provide.

Rich

.Rich, have you tried using the internet options under
Click to expand...
Tools on your browser menubar. You can set your security
options here and also list MS's address under restricted
sites. Hope this helps. Susi
 
Hi,

I replied to your other newer thread on the WU/Bits
behavior conrol issue.

On the default behaviors of XP in initiating contact to
external servers, many would fully agree with you.
However, the MS lawyers will point out that you did
either explicitly or implicitly agree to the licence, that
you can read in file EULA.txt, and so agreed to having
your system updated. That is a lawyer answer.

The reality is, and this may help you appreciate the
rock-and-the-hard-place scenario somewhat, people
often would not enable this, or become aware that they
should, but without it enabled MS has no way of trying
to help their less-informed customers maintain patched,
healthy systems. So, the question may be cast as, is it
better to seem invasive or to let millions of machines
not be serviced ? The middle ground solution seems
to have been to seem invasive but to go out of the way
in both design/architecting this (and to point this out in
the PR information about this) to make it so that it is not
uninvited and it is not dealing with any identifiable
information moving up to the servers (info only flows
down to the machines for the autoupdate capability).

Now, it only remains to determine just what is actually
triggering the communication. Candidates are WUAU
(as this does use the service wrapper), timesync (wrong
port), calling to the Search Assistant (an option in the
Explorer options), behaviors from Office products that
might be installed, Windows Messenger, MSN if it is
installed, etc.
 
davetest said:
Actually, this character "ricky" at btcentralplus.com 81.152.63.201
has posted a few malicious attachements earlier in this group.

Dave
Click to expand...

Which is why I decided this unusual type of posting
from myself might be in order.
 
No ones breaking in (silly ... very silly

As previously mentioned, it could be the Windows Automatic Update service which is enabled by default. (Microsoft even turns it back on in Win2k SP4 if you had it turned off). Or it could be the Windows Messenger, etc.. I've found that even when not connected, if this program is loaded (which it usually is by default) there are several TCP/UDP ports open. Why don't you try to find out what the application is

At a command promp

netstat -an

This command will show you the PID (process ID) of the applications Listening for connections or with Established connection. Compare the PID to the list in Task Manager

HTH
 
When I said no one breaking in - I meant Microsoft, not no one. It is, of course possible that someone is hacking your machine.
 
Back
Top