Just a question ........NEWWWWS !!!!!
Hi Again thank you all for answering, but I've got some news I didn't use fport ( which was a proposition of someone of you ), but I tried to block this address by ZoneAlarm Pro that is installed and running. ZApro gave me then an alert every 20 seconds, and said that Microsoft outlook express tried to connect to www.myhost.com which resolves in the browser directly to weguardyou.com !! the alert is : Your computer was prevented from connecting to a restricted site (www.myhost.com). User: Bassam ALHUSSEIN Program: Microsoft Outlook Express . Time: 23/02/2002 03:34:20 PM the problem is that I never visited that site before or downloaded something from there ...!!! softwares that I use at startup are : some Norton utilities and AV, ZoneAlarmPro, and getright !! I have had these alerts even when outlook is not running ...!!! So when I passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 1)Outlook Express (which is the file msimn.exe) 2)Microsoft Outlook Express (which is support-http.exe ) and it is this one that was trying to connect to myhost.com ..but why ??? ( it exists even in the registry to run at the startup ..!! wow but with name of http tunnel ?? I remember ..http-tunnel is a program I used once to bypass my the proxy server of my ISP that blocks free email sites ...!!! ) what do you think ??? should I still block the address and have the alerts every 20 sec... should I delete that key from the registry ??? Do you know if support-http is really a program from microsoft ? ( cause it is in the system folder and http-tunnel that I used is just one exe file on another hard drive ) I am lost .help I sent email to [EMAIL PROTECTED] but got no answer . Bisso
RE: Just a question ........NEWWWWS !!!!!
Windows 98 machine? Run msconfig and remove the support-http.exe program from start up and remove it from the startup list in the System Registry. Also go to the file and left-click on it and look at it's properties. It might have some more company information that will might jog your memory about it being something you installed or something someone else has tricked you into installing. Also, see if you can go to your Control Panel and Add/Remove the program. More than likely, if it is a Trojan, it will try to mutate itself and change its name, and install itself all over the place. Either way, I wouldn't trust it, because it sounds like it is trying to be covert, and I am a control freak. Hunt it and kill it like the invader it is! Douglas Gullett, CCNA, CCDA, CCNP -Original Message- From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Just a question NES ! Hi Again thank you all for answering, but I've got some news I didn't use fport ( which was a proposition of someone of you ), but I tried to block this address by ZoneAlarm Pro that is installed and running. ZApro gave me then an alert every 20 seconds, and said that Microsoft outlook express tried to connect to www.myhost.com which resolves in the browser directly to weguardyou.com !! the alert is : Your computer was prevented from connecting to a restricted site (www.myhost.com). User: Bassam ALHUSSEIN Program: Microsoft Outlook Express . Time: 23/02/2002 03:34:20 PM the problem is that I never visited that site before or downloaded something from there ...!!! softwares that I use at startup are : some Norton utilities and AV, ZoneAlarmPro, and getright !! I have had these alerts even when outlook is not running ...!!! So when I passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 1)Outlook Express (which is the file msimn.exe) 2)Microsoft Outlook Express (which is support-http.exe ) and it is this one that was trying to connect to myhost.com ..but why ??? ( it exists even in the registry to run at the startup ..!! wow but with name of http tunnel ?? I remember ..http-tunnel is a program I used once to bypass my the proxy server of my ISP that blocks free email sites ...!!! ) what do you think ??? should I still block the address and have the alerts every 20 sec... should I delete that key from the registry ??? Do you know if support-http is really a program from microsoft ? ( cause it is in the system folder and http-tunnel that I used is just one exe file on another hard drive ) I am lost .help I sent email to [EMAIL PROTECTED] but got no answer . Bisso
RE: Just a question ........NEWWWWS !!!!!
This looks like a cleverly disguised trojan or spyware which tries to pass off as Outlook express. I suggest you run ad-aware (www.lavasoft.de). And see if itès a known spyware. Running fport might be a good idea to see if itès a trojan as previously suggested. In any event, remove this from your system, it is not in any way a Microsoft ot system file. -Original Message- From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]] Sent: February 23, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Just a question NES ! Hi Again thank you all for answering, but I've got some news I didn't use fport ( which was a proposition of someone of you ), but I tried to block this address by ZoneAlarm Pro that is installed and running. ZApro gave me then an alert every 20 seconds, and said that Microsoft outlook express tried to connect to www.myhost.com which resolves in the browser directly to weguardyou.com !! the alert is : Your computer was prevented from connecting to a restricted site (www.myhost.com). User: Bassam ALHUSSEIN Program: Microsoft Outlook Express . Time: 23/02/2002 03:34:20 PM the problem is that I never visited that site before or downloaded something from there ...!!! softwares that I use at startup are : some Norton utilities and AV, ZoneAlarmPro, and getright !! I have had these alerts even when outlook is not running ...!!! So when I passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 1)Outlook Express (which is the file msimn.exe) 2)Microsoft Outlook Express (which is support-http.exe ) and it is this one that was trying to connect to myhost.com ..but why ??? ( it exists even in the registry to run at the startup ..!! wow but with name of http tunnel ?? I remember ..http-tunnel is a program I used once to bypass my the proxy server of my ISP that blocks free email sites ...!!! ) what do you think ??? should I still block the address and have the alerts every 20 sec... should I delete that key from the registry ??? Do you know if support-http is really a program from microsoft ? ( cause it is in the system folder and http-tunnel that I used is just one exe file on another hard drive ) I am lost .help I sent email to [EMAIL PROTECTED] but got no answer . Bisso
Just a question ........NEWWWWS !!!!!
Hi Again thank you all for answering, but I've got some news I didn't use fport ( which was a proposition of someone of you ), but I tried to block this address by ZoneAlarm Pro that is installed and running. ZApro gave me then an alert every 20 seconds, and said that Microsoft outlook express tried to connect to www.myhost.com which resolves in the browser directly to weguardyou.com !! the alert is : Your computer was prevented from connecting to a restricted site (www.myhost.com). User: Bassam ALHUSSEIN Program: Microsoft Outlook Express . Time: 23/02/2002 03:34:20 PM the problem is that I never visited that site before or downloaded something from there ...!!! softwares that I use at startup are : some Norton utilities and AV, ZoneAlarmPro, and getright !! I have had these alerts even when outlook is not running ...!!! So when I passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 1)Outlook Express (which is the file msimn.exe) 2)Microsoft Outlook Express (which is support-http.exe ) and it is this one that was trying to connect to myhost.com ..but why ??? ( it exists even in the registry to run at the startup ..!! wow but with name of http tunnel ?? I remember ..http-tunnel is a program I used once to bypass my the proxy server of my ISP that blocks free email sites ...!!! ) what do you think ??? should I still block the address and have the alerts every 20 sec... should I delete that key from the registry ??? Do you know if support-http is really a program from microsoft ? ( cause it is in the system folder and http-tunnel that I used is just one exe file on another hard drive ) I am lost .help I sent email to [EMAIL PROTECTED] but got no answer . Bisso