BetaONE will rise again!


Reply
  #21  
Old 15th Oct 04, 03:53 PM
Sony's Avatar
Sony Sony is offline
M.I.A.
 
Join Date: Nov 2001
Location: Down Under
Posts: 319
Sony will become famous soon enoughSony will become famous soon enough
Send a message via ICQ to Sony Send a message via MSN to Sony
Quote:
Originally posted by war59312@Oct 15 2004, 01:24 PM
oh my bad...i was just kidding...i just men IIS is a pos and there are so many security issues....thats all... srry for the confusion...

lol

Um yeah I would say that a charter isp ip address....is that your ISP?

if not yeah something is going on...
[snapback]215590[/snapback]

Not at all is not my ISP!!!!

My internal IP is assigned automatically by my hardware rounter wich make it even more strange that is show as that.

I use a linksys wtr 54g router ....... and a alcatel speedtouch dsl modem


rikytik what hardware do you use?
__________________
[img]http://www.bbstyles.com/sony.php[/img]
Reply With Quote
  #22  
Old 15th Oct 04, 04:03 PM
rikytik's Avatar
rikytik rikytik is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: Canada
Posts: 1,051
rikytik is an unknown quantity at this point
My router is the same model as yours Sony. I don't use Charter either and am connected by cable.

The appearance of the mosow.eau connection also reflects the internal 192.168.101 ip apparently generated by the router. The connection seems to be PC#1 connecting to PC#2 Both are hardwired to the router. It is on PC#1 that I found the moscow entries in the registry using Registry Crawler. None of my scanning stuff found them. I did a whole sale reg clean and in poking around found about 4,000 directories in HKEY_USERS\S-1-5-21-2025429265-1580436667-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ that relate to mostly pop up and other spyware type connections that happened over the past year or two. Those directories appear to be void of any useful data, probably due to the registry cleaner (Registry Medic 3). It removed 100+ entries. But those thousands of directories are still there. Just trying to figure my next step.

Haven't rulled out a clean install and start fresh with a new attitude about security.
Reply With Quote
  #23  
Old 15th Oct 04, 04:27 PM
Sony's Avatar
Sony Sony is offline
M.I.A.
 
Join Date: Nov 2001
Location: Down Under
Posts: 319
Sony will become famous soon enoughSony will become famous soon enough
Send a message via ICQ to Sony Send a message via MSN to Sony
hmmm i searched everywhere my regestry and i only found the entry from xstat nothing else.

I'm really confused about this one ....i run every possible virus and trojan scanner that i know of most of the spyware tools and nothing is found on my system

I even passed the bloody test that i posted in this thread.

I alwasy been extra carefull with my system security .........i'm thinking that xstat is somehow detecting the ndisuio.sys used by linksys router as that but i'm not really sure.............

If you find more info let me know I will do the same

Sony
__________________
[img]http://www.bbstyles.com/sony.php[/img]
Reply With Quote
  #24  
Old 15th Oct 04, 04:37 PM
rikytik's Avatar
rikytik rikytik is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: Canada
Posts: 1,051
rikytik is an unknown quantity at this point
Yes, occurred to me also it is curious that this is happening with two same model Linksys routers.

I am going to restore this machine to a much earlier image and see what I find there, then decide about a clean install. Hmm. We'll see. I'll be following this thread!
Reply With Quote
  #25  
Old 15th Oct 04, 04:39 PM
rikytik's Avatar
rikytik rikytik is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: Canada
Posts: 1,051
rikytik is an unknown quantity at this point
Sony, one observation. I notice in your screen shot that the "Process" is Firefox.exe.

The 3 instances where I copied the connection info, all mine were "System".

Not sure what that means.
Reply With Quote
  #26  
Old 15th Oct 04, 04:56 PM
Sony's Avatar
Sony Sony is offline
M.I.A.
 
Join Date: Nov 2001
Location: Down Under
Posts: 319
Sony will become famous soon enoughSony will become famous soon enough
Send a message via ICQ to Sony Send a message via MSN to Sony
Quote:
Originally posted by rikytik@Oct 15 2004, 02:39 PM
Sony, one observation.  I notice in your screen shot that the "Process" is Firefox.exe. 

The 3 instances where I copied the connection info, all mine were "System".

Not sure what that means.
[snapback]215598[/snapback]

yeah i have system too
everything that i double click in xstats show as moscow with my internal IP

wondering if it's just a problem with x netstat and our hardware... i really like to test a different software and see
__________________
[img]http://www.bbstyles.com/sony.php[/img]
Reply With Quote
  #27  
Old 15th Oct 04, 05:01 PM
rikytik's Avatar
rikytik rikytik is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: Canada
Posts: 1,051
rikytik is an unknown quantity at this point
I have been think it is PC#1, but I just found this in the registry of PC#2

I'm wondering if this is simply part of x-netstat
Reply With Quote
  #28  
Old 15th Oct 04, 05:08 PM
rikytik's Avatar
rikytik rikytik is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: Canada
Posts: 1,051
rikytik is an unknown quantity at this point
A better view of the registry tree relating to preceeding screen shot. You think we've been chasing our tail on this one?
Reply With Quote
  #29  
Old 15th Oct 04, 05:14 PM
Sony's Avatar
Sony Sony is offline
M.I.A.
 
Join Date: Nov 2001
Location: Down Under
Posts: 319
Sony will become famous soon enoughSony will become famous soon enough
Send a message via ICQ to Sony Send a message via MSN to Sony
Quote:
Originally posted by rikytik@Oct 15 2004, 03:08 PM
A better view of the registry tree relating to preceeding screen shot.  You think we've been chasing our tail on this one?
[snapback]215602[/snapback]

I think is part of the DNS cache of xnetstats
if you open xnetstats and go to tools > option

click on edit DNS cache

you will notice that in the cache internal IP is equal to the freaking moscow name

close the dns cache

still in option click on clear dns cache

close xnetstat

restart it

now your internal IP should show your computer name !!!! yayay
__________________
[img]http://www.bbstyles.com/sony.php[/img]
Reply With Quote
  #30  
Old 15th Oct 04, 05:18 PM
unicorn unicorn is offline
Senior Member
 
Join Date: Oct 2001
Location: GMT+1
Posts: 851
unicorn is on a distinguished road
Off-topic now, put here just to make it clear.

Quote:
Originally posted by war59312@Oct 15 2004, 03:28 PM
Um moscow.eau.wi.charter.com?
Site does not even exist it seems? At least not http.
[snapback]215591[/snapback]
Sorry for that. It was h**p://www.wi.charter.com/ that asked for authentication. moscow weren't there (at least not http, right).
__________________
unicorn
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sygate Personal Firewall 5.6 Beta Build 2808 war59312 Other Beta Software 0 30th Oct 04 11:56 PM
AntiVirus & Spware / Adware & Firewall Resources Article war59312 Internet Security and Privacy 2 24th Oct 04 01:45 AM
Nvidia Puts a Firewall on a Motherboard NewsBot NeoWin News 0 21st Oct 04 12:57 PM
Speed up system. greasemonkey Hardware Support 6 6th Nov 01 08:32 PM


All times are GMT +1. The time now is 12:26 PM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.