subject:"RE\: Just a question ........NEWWWWS \!\!\!\!\!"

RE: Just a question ........NEWWWWS !!!!!

2002-02-28 Thread Douglas Gullett


Windows 98 machine?

Run "msconfig" and remove the support-http.exe program from start up and
remove it from the startup list in the System Registry.  Also go to the file
and left-click on it and look at it's properties.  It might have some more
company information that will might jog your memory about it being something
you installed or something someone else has tricked you into installing.

Also, see if you can go to your "Control Panel" and "Add/Remove" the
program.  More than likely, if it is a Trojan, it will try to mutate itself
and change its name, and install itself all over the place.

Either way, I wouldn't trust it, because it sounds like it is trying to be
covert, and I am a control freak.  Hunt it and kill it like the invader it
is!


Douglas Gullett, CCNA, CCDA, CCNP

-Original Message-
From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 23, 2002 10:32 AM
To: [EMAIL PROTECTED]
Subject: Just a question NES !


Hi Again  thank you all for answering, but I've got some news 
I didn't use fport ( which was a proposition of someone of you ), but I
tried to block this address by ZoneAlarm Pro that is installed and running.
ZApro gave me then an alert every 20 seconds, and said that Microsoft
outlook express
tried to connect to
www.myhost.com  which resolves in the browser directly to weguardyou.com
!!
the alert is :
"Your computer was prevented from connecting to a restricted site
(www.myhost.com).
User: Bassam ALHUSSEIN
Program: Microsoft Outlook Express .
Time: 23/02/2002 03:34:20 PM  "

the problem is that I never visited that site before or downloaded something
from there ...!!!
softwares that I use at startup are : some Norton utilities and AV,
ZoneAlarmPro, and getright !!
I have had these alerts even when outlook is not running ...!!! So when I
passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 
1)Outlook Express (which is the file msimn.exe)
2)Microsoft Outlook Express  (which is  support-http.exe ) and it is
this one that was trying to connect to myhost.com ..but why ???
( it exists even in the registry to run at the startup ..!!  wow but with
name of http tunnel ??
I remember ..http-tunnel is a program I used once to bypass my the proxy
server of my ISP that blocks free email sites ...!!! )


what do you think ??? should I still block the address and have the alerts
every 20 sec...
should  I delete that key from the registry ???  Do you know if support-http
is really a program from microsoft ? ( cause it is in the system folder
and http-tunnel that I used is just one exe file on another hard drive )
I am lost .help

I sent email to [EMAIL PROTECTED] but got no answer .

Bisso

RE: Just a question ........NEWWWWS !!!!!

2002-02-27 Thread Jean-François Asselin


This looks like a cleverly disguised trojan or spyware which tries to
pass off as Outlook express. I suggest you run ad-aware
(www.lavasoft.de). And see if itès a known spyware. Running fport might
be a good idea to see if itès a trojan as previously suggested. In any
event, remove this from your system, it is not in any way a Microsoft ot
system file.

> -Original Message-
> From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]] 
> Sent: February 23, 2002 10:32 AM
> To: [EMAIL PROTECTED]
> Subject: Just a question NES !
> 
> 
> Hi Again  thank you all for answering, but I've got 
> some news  I didn't use fport ( which was a proposition 
> of someone of you ), but I tried to block this address by 
> ZoneAlarm Pro that is installed and running. ZApro gave me 
> then an alert every 20 seconds, and said that Microsoft 
> outlook express tried to connect to www.myhost.com  which 
> resolves in the browser directly to weguardyou.com !! the 
> alert is :
> "Your computer was prevented from connecting to a restricted site
> (www.myhost.com).
> User: Bassam ALHUSSEIN
> Program: Microsoft Outlook Express .
> Time: 23/02/2002 03:34:20 PM  "
> 
> the problem is that I never visited that site before or 
> downloaded something from there ...!!! softwares that I use 
> at startup are : some Norton utilities and AV, ZoneAlarmPro, 
> and getright !! I have had these alerts even when outlook is 
> not running ...!!! So when I passed on PROGRAMS SETTINGS in 
> ZApro I found TWO outlooks 
> 1)Outlook Express (which is the file msimn.exe)
> 2)Microsoft Outlook Express  (which is  support-http.exe 
> ) and it is
> this one that was trying to connect to myhost.com 
> ..but why ??? ( it exists even in the registry to 
> run at the startup ..!!  wow but with name of http tunnel ??
> I remember ..http-tunnel is a program I used once to 
> bypass my the proxy server of my ISP that blocks free email 
> sites ...!!! )
> 
> 
> what do you think ??? should I still block the address and 
> have the alerts every 20 sec... should  I delete that key 
> from the registry ???  Do you know if support-http is really 
> a program from microsoft ? ( cause it is in the system folder 
> and http-tunnel that I used is just one exe file on another 
> hard drive ) I am lost .help
> 
> I sent email to [EMAIL PROTECTED] but got no answer .
> 
> Bisso
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>

RE: Just a question ........NEWWWWS !!!!!

RE: Just a question ........NEWWWWS !!!!!

2 matches

Site Navigation

Mail list logo

Footer information