Why do I see a lot of "packets" being sent when I am not doing
anything? I have ICF on, is someone stealing my stuff? How can I
tell what is being transferred...specific files...like my MP3's????

"George L" > schreef in bericht
...
> Why do I see a lot of "packets" being sent when I am not doing
> anything? I have ICF on, is someone stealing my stuff? How can I
> tell what is being transferred...specific files...like my MP3's???

George,

When you use the XP firewall, outbound traffic isn´t monitored. XP´s
firewall only checks inbound traffic. All sorts of mallware can send out
packadges unhindered. What firewall do you have installed? When using
ZoneAlarm you can check settings to see what program is generating outbound
traffic and you can deny or admit programs to connect to the Internet.
Furthermore, I advice you to run Ad-Aware or Spybot to check for spyware.

Best regards,

Ben

The "packets" may be anything. Microsoft Automatic Updates, a spyware/trojan
or an application performing a live update by itself. Install a firewall
like ZoneAlarm (www.zonelabs.com) and monitor the outgoing traffic. Windows
XP's ICF only takes care of inbound traffic.

--
Regards,

Ramesh (MS-MVP)

http://www.mvps.org/sramesh2k

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

~ Please reply to newsgroup ~


"George L" > wrote in message
...
Why do I see a lot of "packets" being sent when I am not doing
anything? I have ICF on, is someone stealing my stuff? How can I
tell what is being transferred...specific files...like my MP3's????

I installed ZoneAlarm...

I see repeat programs trying to access...and these three things....

1. vnsc-bak-dsl.genuity.net as destination DNS

2. Cisco VPN keeps trying to connect to 4.2.2.4:53

3. NetBios keeps trying to connect to 69.10.144.209:6667

What is happening? I still can't do a full virus scan....THANKS :-)




On Sat, 1 Nov 2003 18:51:15 +0530, "Ramesh [MS-MVP]"
> wrote:

>The "packets" may be anything. Microsoft Automatic Updates, a spyware/trojan
>or an application performing a live update by itself. Install a firewall
>like ZoneAlarm (www.zonelabs.com) and monitor the outgoing traffic. Windows
>XP's ICF only takes care of inbound traffic.

You don't need to worry about the notifications by Zone Alarm. But, don't
ignore the high-alert notifications. The medium alert prompts are the
results of a port scan (from a remote computer) or a PING.

You will need to concentrate on the "Applications" part. Block unwanted
applications from accessing the internet (using the programs tab in ZA).

--
Regards,
Ramesh (MS-MVP)

http://www.mvps.org/sramesh2k

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

~ Please reply to newsgroup ~


"George L" > wrote in message
...
I installed ZoneAlarm...

I see repeat programs trying to access...and these three things....

1. vnsc-bak-dsl.genuity.net as destination DNS

2. Cisco VPN keeps trying to connect to 4.2.2.4:53

3. NetBios keeps trying to connect to 69.10.144.209:6667

What is happening? I still can't do a full virus scan....THANKS :-)




On Sat, 1 Nov 2003 18:51:15 +0530, "Ramesh [MS-MVP]"
> wrote:

>The "packets" may be anything. Microsoft Automatic Updates, a
spyware/trojan
>or an application performing a live update by itself. Install a firewall
>like ZoneAlarm (www.zonelabs.com) and monitor the outgoing traffic. Windows
>XP's ICF only takes care of inbound traffic.

Great news...so how did these applications start doing this? (Like my
university VPN program.) Does it have anything to do with my virus
scan not starting because of a scan engibe error?

Also, I plan to stop these programs (repeat program and program
access)...do they sound familiar?

IAMSERV.EXE
NetBios Information
Generic Host Process for Win32 Services

IAMSERV.EXE seems to be a trojan. Check here:
http://vil.nai.com/vil/content/Print100237.htm

Block access for this program using ZoneAlarm. Reinstall the Anti-virus
software and update it. Perform a full system scan.

--
Ramesh - Microsoft MVP
Aim: SRamesh2k

http://www.mvps.org/sramesh2k


"George L" > wrote in message
...
Great news...so how did these applications start doing this? (Like my
university VPN program.) Does it have anything to do with my virus
scan not starting because of a scan engibe error?

Also, I plan to stop these programs (repeat program and program
access)...do they sound familiar?

IAMSERV.EXE
NetBios Information
Generic Host Process for Win32 Services