Spyware, Viruses, & Security forum

General discussion

Cause for concern?

by Gatzbee / April 11, 2005 2:01 AM PDT

Hi, I run Windows XP SP2, with all Windows update updated. I also have Trend Micro PC-cillin IS 2005. Today a firewall message popped up that was reporting some outbound connection being made. It was asking whether or not I would allow it. In my firewall log, the information reads as this:

Type: Exception List Rule
Protocol: TCP
Source IP Address: DL
Source Port: 4377
Application Path: C:\PROGRAM FILES\JAVA\JRE1.5.0_02\BIN\JAVAW.EXE
Application Description: Java(TM)2 Platform Standard Edition binary
Description: Send Mail for mass mail (SMTP)

I never clicked on any 'allow' or 'deny' button on the firewall window popup, yet all of a sudden it disappeared and when I went into the firewall connection exception list, it was listed as an exception (ie. it was allowed). I don't recall hitting an the keyboard 'enter' button either. Do you think there could be some virus or something or my computer? I'm currently running TM Housecall as opposed to my own virus scanner. I ran Spybot, and it only detected some tracking cookies, which I deleted, and then some other things came up like DSO Exploit, Wild Tangent, and Download Accelerator Plus Ads. I'm currently up to date with Windows Update. After Housecall I think I may try 1 or 2 other online virus scanners.

However, can anyone suggest any other possible checks I can perform to make sure there are no things like trojans, or that my comp. hasn't been hijacked or somehting?

Discussion is locked
You are posting a reply to: Cause for concern?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Cause for concern?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
javaw.exe
by Marianna Schmudlach / April 11, 2005 2:15 AM PDT
In reply to: Cause for concern?
Collapse -
I would also check to see
by roddy32 / April 11, 2005 2:22 AM PDT
In reply to: Cause for concern?

when Java is set to automatically check for updates. The default setting is once a month unless you changed it. Mine was set for 9:00PM last night on automatic although that does not explain why your firewall gave you a popup if you already have it on the exceptions list. You can check that setting by going into the control panel and double clicking on the java cup and then click on the update tab.

Collapse -
hi
by Gatzbee / April 11, 2005 4:12 AM PDT

hey marianna and roddy, thanks for your replies!
actually i checked the Java Update thing, I have it set to automatically check and notify me if I want to dl anything. it reads that on the 11th of each month at 2pm it will perform automatic checks. coincidentally today is the 11th, except when that firewall thing came up it was probably about 12noon.
also, i dunno if it was already put onto the firewall exception list and enabled before today. what i was saying in the previous post was that the firewall message came up and i definitely didn't click on any of the buttons in the msg window. the only possibility is that somehow i clicked on the enter key while i was typing on another window, and that applied to the firewall window...? im not sure whether or not i did that b/c everything happened very quickly. i know that after that firewall msg came up i opened a firefox browser window to see if i could find anything on cnet about it, and then it disappeared. it was after when i went to check the exceptions that i saw that it was enabled.

on a side note, i ran TM housecall and nothing showed up. i ran Panda Active Scan and have the following spyware:
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/WildTangent No disinfected C:\Program Files\WildTangent\Apps\WebDriverInstall.exe

my spybot also gave me a wildtangent result. i have weatherbug, which is probably why the weatherbug showed up.

should i still be concerned? i guess after briefly reading some other threads about ppl's comp.'s getting hijacked im just sort of freaked out Silly

Collapse -
Spybot also used to
by roddy32 / April 11, 2005 4:48 AM PDT
In reply to: hi

pick up Wild Tangent for me because I have a fairly new Compaq computer (HP's also have it)and it came with Wild Tangent games on it so have Spybot just ignore it. I also have Weatherbug but none of the scanners pick that up for me. Many programs consider weatherbug to be adware and even Norton has it in their definitions but even though I use Norton, that has not ever shown up on a scan either, nor have I ever had any kind of a problem with either the WildTangent or the Weatherbug but that is just my personal experience. It is also my understanding that weatherbug also comes with AIM. Maybe Marianna has some more input into this. I also think I remember seeing in your first post about Spybot finding the DSO Exploit, that can be fixed by following these directions. Make sure you do these in the correct order. That is a bug in Spybot which does not actually fix the problem when it says it does. There has been a beta fix released for it. Just download it on top of your current version. It will change your version to 1.3.1TX After you download it, run Spybot S&D, let it fix the exploit, then reboot and run it again. It should be gone, if not, just put it into ignore until Spybot comes out with a permanent fix for it which should be soon. I'm not sure if the rebooting is totally necessary but it seems to work better that way.
http://www.majorgeeks.com/download4392.html
Also, please be careful at Major Geeks and do NOT click on the ads, make sure you click on the correct thing it's confusing there unless you are used to it. Click on one of the "download locations" near the top of the page and when it takes you to the next page, do NOT click on the ad there, just wait for the download dialog box to start. Also make sure that Spybot is closed when you do this download and installation. Once that is done, open Spybot up and follow my previous instructions.

Collapse -
hey roddy
by Gatzbee / April 11, 2005 7:11 AM PDT
In reply to: Spybot also used to

actually it was the panda scan that picked up weatherbug. ive also never had a scan that picked that up before, when i used to have NAV 2003, or with my current TM suite or even with housecall. anyhow, i will follow ur advice on the DSO exploit thing with spybot. thanks for the info! much appreciated...

aside from that, do you think i should test anything else on my comp.? if online scanners such as Housecall and Panda ActiveScan haven't detected any viruses would that mean I'm ok, or could there still be a possibility of something else?

The thing that has me a bit puzzled still is the action that the Java program wanted to run, which was to "Send mail for mass mail"...?

Collapse -
Personally I THINK you are OK Gatzbee
by roddy32 / April 11, 2005 7:18 AM PDT
In reply to: hey roddy

but I would keep an extra eye out. Maybe the time zones are different and it was just java checking for updates and, as you stated, maybe you hit the enter key and allowed it.

Collapse -
UTC time
by Lit'l Sasquatch / April 11, 2005 8:06 AM PDT

Perhaps the Java updater uses UTC time, no matter what time zone you have your machine set to. The 1st post in the thread is listed as 9:01 AM, which would be 3:01 PM, UTC.

Collapse -
Lit'l Sasquatch
by Gatzbee / April 11, 2005 1:09 PM PDT
In reply to: UTC time

thats an interesting thing u pointed out, and actually looking back that may be very possible. I checked the firewall log, and it read 11:01am EST. according to the UTC thing u mentioned that would be 2pm i suppose accordingly, which is the time my java thing is supposed to automatically search for updates on the 11th of every month. i didn't even notice that my post appears on cnet as 9:01am, tho it was 12noon EST here...

Collapse -
(NT) (NT) The forum uses PST
by Lit'l Sasquatch / April 11, 2005 1:41 PM PDT
In reply to: Lit'l Sasquatch
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.