Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Trojan?

  • 07-11-2005 4:45am
    #1
    Closed Accounts Posts: 1,248 ✭✭✭


    My firewall reports that winlogon.exe and rundll32.exe are constantly trying to contact an ip address on port 80, mostly but not exclusively when web browsers are running. This is definitely not legitimate system activity.

    All WHOIS can tell me is that these connections are to a series of communcations companies in the US.

    This looks like a possible trojan or spyware. I've scanned my system with everything I can think of, Ad-Aware, Spybot, MS Antispy, Trojanhunter, Symantec AV, McAfee's online AV - nothing has picked it up.

    Any ideas what else I could do to find out what this is? winlogon and rundll32 are obviously in the tasklist where they belong.


Comments

  • Closed Accounts Posts: 1,248 ✭✭✭Duffman


    Turns out it was Look2Me spyware. Webroot Spy Sweeper is the only software that detected it.

    I have less faith in Ad-Aware now :rolleyes:


  • Closed Accounts Posts: 12,382 ✭✭✭✭AARRRGH


    Ad-aware always misses loads of things for me!

    Have you ever gotten wwwcool? If I knew who the ****er was who wrote that (it disables and crashes your AV software, it ****s up IE and the latest version cannot be uninstalled) I would have no problem taking a very hard baseball bat very close to his skull!!


Advertisement