Go Back   IceInSpace > Equipment > Software and Computers
Register FAQ Calendar Today's Posts Search

Reply
 
Thread Tools Rate Thread
  #61  
Old 23-09-2006, 08:26 AM
[1ponders]'s Avatar
[1ponders] (Paul)
Retired, damn no pension

[1ponders] is offline
 
Join Date: Nov 2004
Location: Obi Obi, Qld
Posts: 18,778
Yes it is and after running it nothing was found, though it did recognise the ntoskrnl.exe file in the root directory. And I ran a full Spybot and Adaware but nothing there.

I've blocked ntoskrnl with the firewall, and I played around with a few other things. Unfortunately now the whole damn thing has crashed somehow. I'm going to leave it for the weekend and try again Monday as I won't need internet connection with it until then. Plus the frustration has reached eyeball level (ie I've had it up to....here)

Thanks for you help Eric. If it's ok with you I'll give yo a holler on Monday maybe.
Reply With Quote
  #62  
Old 23-09-2006, 08:40 AM
acropolite's Avatar
acropolite (Phil)
Registered User

acropolite is offline
 
Join Date: Feb 2005
Location: Launceston Tasmania
Posts: 9,021
Ponders, this link may be of help. It seems that there are some trojans/viruses that modify the ntoskrnl.exe. If that's not your problem I would do some google searches as there are a lot of problems that effect the ntoskrnl.exe file. Another option is to load Ethereal (downloadable) which will analyse your IP traffic and may give a clue as to where your web browser is trying to access.
Reply With Quote
  #63  
Old 23-09-2006, 08:45 AM
[1ponders]'s Avatar
[1ponders] (Paul)
Retired, damn no pension

[1ponders] is offline
 
Join Date: Nov 2004
Location: Obi Obi, Qld
Posts: 18,778
Thanks Phil. I'm going to leave everything until Monday now as I'll be a Ron's all weekend. Plus I'll be able to look at the problem with fresh eyes
Reply With Quote
  #64  
Old 23-09-2006, 12:02 PM
EzyStyles's Avatar
EzyStyles (Eric)
I HATE COMA!

EzyStyles is offline
 
Join Date: Jan 2006
Location: Melbourne, Victoria
Posts: 3,208
Try other anti-virus if you can . AVG definition might not have it.
Reply With Quote
  #65  
Old 23-09-2006, 02:05 PM
wasyoungonce's Avatar
wasyoungonce (Brendan)
Certified Village Idiot

wasyoungonce is offline
 
Join Date: Jul 2006
Location: Mexico city (Melb), Australia
Posts: 2,359
yep, ntoskrnl.exe is a boot process and should not be asking for access to the net if it is it is a virus:

http://www.liutilities.com/products/...rary/ntoskrnl/

w32.bolzano or variant virus.

http://service1.symantec.com/sarc/sarc.nsf/html/W32.Bolzano.html

this tool at symantec might help:
http://www.symantec.com/security_res...146-99&tabid=3

edit again. 1ponders i also have aanet and am using the netgear modem, 834G although i'm not using the wireless link.

Last edited by wasyoungonce; 24-09-2006 at 02:00 AM.
Reply With Quote
  #66  
Old 24-09-2006, 12:46 AM
netwolf's Avatar
netwolf
Registered User

netwolf is offline
 
Join Date: Jan 2005
Posts: 2,949
Paul, I would bet that its your Sygate firewall. As such i am not sure why you have this if you have a router modem it alredy should provide you with a firewall . I know some people reccomend a firewall on the PC also but its not realy necessary. I would further say that perhaps Sygate has recived an update that is causing the problem. Otherwise you have perhaps unknowingly answered a popup question by Sygate that is causing the issue.

If no issue exists when Sygate is disabled then that would be the most likely source of the problem. In my humble opinion.

Regards
Reply With Quote
  #67  
Old 24-09-2006, 08:32 AM
Dennis
Dazzled by the Cosmos.

Dennis is offline
 
Join Date: May 2005
Location: Brisbane
Posts: 11,820
Quote:
Originally Posted by netwolf
Paul, I would bet that its your Sygate firewall. As such i am not sure why you have this if you have a router modem it alredy should provide you with a firewall .
Regards
Hi Netwolf

I use both the Router firewall (HW) and Norton Internet Security firewall (SW) simply because I can configure the SW to allow or prevent applications accessing the internet, something that I think is not possible with the HW firewall?

Cheers

Dennis
Reply With Quote
  #68  
Old 24-09-2006, 11:48 AM
netwolf's Avatar
netwolf
Registered User

netwolf is offline
 
Join Date: Jan 2005
Posts: 2,949
Dennis,

You are 100% right one of the benifits of the local PC firewall is to filter outgoing traffic. And I did not mean to advocate disuse of it. Most home modem/Router based firewalls only protect you from incomming traffic. This outgoing filtering helps in protecting one from malicious code that you unwitingly allow to run on your system that feeds back information from your system to an outside IP. Steve Gibb's the security guru very aptly demonstrated this using a simple program he asks you to download and run that makes a ftp connection and notifys you of a leak. The point he is making is that the software made an outgoing connection without your permission. Normally you do want to use FtP but you want to specify when wher and to whom.

Usualy such malicious software is aptly named Trojan horse, as per the greek myth it is let in unwtingly by the user. However such software can also be disabled by most modern malicious malware that is created to detect such software and disable it calling into question its usefullness. In Paul's case i do not mean to advocate the disuse of Sygate, but rather to point out that it is the casue of the problem.

I belive that Paul's problem lies in the Sygate software rather than his network setup for the following reasons:
1. He can use internet with it disabled.
2. He can talk to other computers on his local network while it is on or disabled..

The above two would indcate his network settings are not the problem.

One issue most common with home modem routers can be DNS forwarding. Usualy the DHCP server on such Home modem routers is set to make itself the DNS server for PC's behind it. Basicaly the PC's send DNS request to it and then it pases to the DNS Server provided by the ISP to the modem/router.
I have found that its usually better to make your DHCP Server set DNS on internal systems to the ISP provided dns servers. AS this forwarder can often get overloaded and stops working in many of these home modem routers.

But if this was the problem or if there was another network config issue, then his Internet connection would not work when his local Sygate firewall was disabled.

Regards
Reply With Quote
  #69  
Old 28-09-2006, 04:03 PM
[1ponders]'s Avatar
[1ponders] (Paul)
Retired, damn no pension

[1ponders] is offline
 
Join Date: Nov 2004
Location: Obi Obi, Qld
Posts: 18,778
Well I ended up chucking something - Sygate. After uninstalling it and reinstalling it and still having problems, I decided to pitch it and give ZoneAlarm a go.

So far all systems look good Fingers crossed I've finally got it sussed.

I still have to check out that possible virus issue though
Reply With Quote
  #70  
Old 04-10-2006, 09:36 AM
[1ponders]'s Avatar
[1ponders] (Paul)
Retired, damn no pension

[1ponders] is offline
 
Join Date: Nov 2004
Location: Obi Obi, Qld
Posts: 18,778
Update:

I don't know if this is an update on an existing problem or it's a whole new one. Someone here might be able to tell me if the two are connected.

This morning I got a phone call from the helpful people at Westpac credit card security. It appears someone tried to spend $500 US on my credit card at 04:00 this morning There is no drama now as the payment has been cancelled and an investigation is under way. I've checked the usual likely scenarios of having the CC info compromised and it all seems clear atm (my investigation is ongoing).

However I am wondering if my info could have been sent from my computer if my firewall was not functioning. I stopped using Sygate for a while, and I hadn't as yet installed ZoneAlarm to monitor outgoing traffic and I'm wondering if during this time this bolzano virus (if I have it - still looking) or some other malware may have sent my info out.

Is this possible or am I totally barking?
Reply With Quote
  #71  
Old 04-10-2006, 09:47 AM
RB's Avatar
RB (Andrew)
Moderator

RB is offline
 
Join Date: Aug 2005
Posts: 26,632
Paul a month or so ago I had the same thing happen to me.
It was on my cc which I also use for PayPal.
I've cancelled both now.

Reply With Quote
  #72  
Old 04-10-2006, 09:56 AM
[1ponders]'s Avatar
[1ponders] (Paul)
Retired, damn no pension

[1ponders] is offline
 
Join Date: Nov 2004
Location: Obi Obi, Qld
Posts: 18,778
It's not the sort of morning wake up call that I would normally ask for, but all things considered I'm glad they called

I'll certainly be looking at how I conduct my online purchases more closely now.
Reply With Quote
  #73  
Old 04-10-2006, 10:17 AM
Dennis
Dazzled by the Cosmos.

Dennis is offline
 
Join Date: May 2005
Location: Brisbane
Posts: 11,820
I had a similar occurrence. The CBA ‘phoned me saying that some “Family Tree” organisation in the USA has tried to debit our CC for $40.00 so the card was immediately cancelled. It seems that in this crime scenario, they go fishing for small amounts and if they get away with it, they’ll start hitting you for larger and larger amounts.

I would imagine that your number was obtained from poor data handling practices at an overseas supplier, a dishonest employee, bank stuff ups (a US bank once lost storage media containing 3,500,00 CC transaction details) rather than someone breaking into your computer? Just guessing here.

Cheers

Dennis
Reply With Quote
  #74  
Old 04-10-2006, 10:42 AM
[1ponders]'s Avatar
[1ponders] (Paul)
Retired, damn no pension

[1ponders] is offline
 
Join Date: Nov 2004
Location: Obi Obi, Qld
Posts: 18,778
You could well be right Dennis. I'm generally very careful about how I carry out Online transactions, but this has certainly been a wakeup call. I'm in the process atm of going over my various computers and checking that all security/adware/spyware detection is uptodate and funtioning.
Reply With Quote
  #75  
Old 06-10-2006, 09:39 AM
SMR's Avatar
SMR (Steve)
Steve Russell

SMR is offline
 
Join Date: Jun 2006
Location: Orange, NSW
Posts: 76
Quote:
Originally Posted by EzyStyles
go into your adsl modem interface screen and enable DHCP. Assign each computer with an IP address eg comp 1: 10.0.0.2 comp 2: 10.0.0.3 .
Sorry, Eric, but this doesn't make sense. If you enable DHCP, each computer will be assigned an IP address by the router. If you manually assign IP addresses to each computer, you don't need (and aren't using) DHCP. It's one or the other, mate.

Steve.
Reply With Quote
  #76  
Old 06-10-2006, 10:43 PM
netwolf's Avatar
netwolf
Registered User

netwolf is offline
 
Join Date: Jan 2005
Posts: 2,949
SMR,
I think Eric, is talking about DHCP assignment using MAC addresses. I use this to ensure only the MAC addresses i have on my network can get IP's. DHCP allows for IP assignment be MAC address. It usefull if you want to have your PC's get the same IP everytime, this makes port forwarding easier.

Regards
Reply With Quote
  #77  
Old 07-10-2006, 03:01 PM
SMR's Avatar
SMR (Steve)
Steve Russell

SMR is offline
 
Join Date: Jun 2006
Location: Orange, NSW
Posts: 76
Quote:
Originally Posted by netwolf
I think Eric is talking about DHCP assignment using MAC addresses. I use this to ensure only the MAC addresses i have on my network can get IP's. DHCP allows for IP assignment be MAC address. It usefull if you want to have your PC's get the same IP everytime, this makes port forwarding easier.
Sounds logical. Thanks!

Steve.
Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time is now 07:40 PM.

Powered by vBulletin Version 3.8.7 | Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Advertisement
Astrophotography Prize
Advertisement
Bintel
Advertisement