ZoneAlarm firewall and generic host process for win32 services. plshelp - Firewalls

This is a discussion on ZoneAlarm firewall and generic host process for win32 services. plshelp - Firewalls ; zonealarm firewall shows that its letting generic host process for win32 services access internet, even though i have not allowed it. i basically use FF, Opera, emule. can somebody please explain why generic host process for win32 services wants to ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: ZoneAlarm firewall and generic host process for win32 services. plshelp

  1. ZoneAlarm firewall and generic host process for win32 services. plshelp

    zonealarm firewall shows that its letting generic host process for
    win32 services access internet, even though i have not allowed it. i
    basically use FF, Opera, emule.

    can somebody please explain why generic host process for win32
    services wants to access the net

    also yesterday when i was browsing the net, a command prompt appeared
    for 2-3 seconds and disappeared by itself.

  2. Re: ZoneAlarm firewall and generic host process for win32 services. pls help

    On Tue, 15 Jul 2008 05:53:36 -0700 (PDT), mkh
    wrote:

    >zonealarm firewall shows that its letting generic host process for
    >win32 services access internet, even though i have not allowed it. i
    >basically use FF, Opera, emule.
    >
    >can somebody please explain why generic host process for win32
    >services wants to access the net
    >
    >also yesterday when i was browsing the net, a command prompt appeared
    >for 2-3 seconds and disappeared by itself.


    You're hacked. Get rid of ZA, and get Agnitum Outpost.

  3. Re: ZoneAlarm firewall and generic host process for win32 services. pls help

    mkh wrote:
    >zonealarm firewall shows that its letting generic host process for
    >win32 services access internet, even though i have not allowed it. i
    >basically use FF, Opera, emule.
    >
    >can somebody please explain why generic host process for win32
    >services wants to access the net
    >
    >also yesterday when i was browsing the net, a command prompt appeared
    >for 2-3 seconds and disappeared by itself.


    That was your 'owned' system dropping to DOS so your botmaster could
    accomplish something windows wouldn't let it do in broad daylight.

  4. Re: ZoneAlarm firewall and generic host process for win32 services. pls help

    Cunnilingus wrote:
    > On Tue, 15 Jul 2008 05:53:36 -0700 (PDT), mkh wrote:
    >> zonealarm firewall shows that its letting generic host process for
    >> win32 services access internet, even though i have not allowed it. i
    >> basically use FF, Opera, emule.
    >>
    >> can somebody please explain why generic host process for win32
    >> services wants to access the net
    >>
    >> also yesterday when i was browsing the net, a command prompt appeared
    >> for 2-3 seconds and disappeared by itself.

    >
    > You're hacked. Get rid of ZA, and get Agnitum Outpost.


    Which will somehow magically remove the supposed infection? Yeah, right.

    http://technet.microsoft.com/en-us/l.../cc512587.aspx

    First one should exiamine the system if there's some actual evidence for
    an infection (the described symptoms can mean anything or nothing). Some
    tools to start with are:

    - netstat or TCPView [1] to show listening sockets and established
    connections
    - Process Explorer [2] to show information about the running processes
    (Windows' Task Manager doesn't provide enough information to be useful
    here)
    - Autoruns [3] to show what's automatically started
    - HijackThis! [4] to check for browser hijacking (use [5] to analyze the
    log)

    Further steps could be:

    - check for rootkits (e.g. with RootkitRevealer [6] or Rootkit Hook
    Analyzer [7])
    - run a portscan against the system to check if there are open ports
    that netstat or TCPview don't report (which would hint at a rootkit)
    - Dump the memory (before you reboot/shutdown the computer) for later
    analysis with a debugger
    - Run a virus scan after booting the computer from some other medium
    (e.g. UBCD [8] or TRK [9])
    - inspect traffic with a protocol analyzer (e.g. Wireshark [10])

    Yes, computer forensics do require quite some knowledge, why do you ask?

    [1] http://technet.microsoft.com/en-us/s.../bb897437.aspx
    [2] http://technet.microsoft.com/en-us/s.../bb896653.aspx
    [3] http://technet.microsoft.com/en-us/s.../bb963902.aspx
    [4] http://www.merijn.org/programs.php#hijackthis
    [5] http://www.hijackthis.de/
    [6] http://technet.microsoft.com/en-us/s.../bb897445.aspx
    [7] http://www.resplendence.com/hookanalyzer
    [8] http://www.ultimatebootcd.com/
    [9] http://trinityhome.org/Home/index.ph...=1&front_id=12
    [10] http://www.wireshark.org/

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. Re: ZoneAlarm firewall and generic host process for win32 services. pls ?help

    mkh wrote:
    > zonealarm firewall shows that its letting generic host process for
    > win32 services access internet, even though i have not allowed it. i
    > basically use FF, Opera, emule.


    This is, because Zonealarm is crap, and you better should not depend on
    it.

    Fortunately, you don't need a "Personal Firewall".

    Yours,
    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

  6. Re: ZoneAlarm firewall and generic host process for win32 services. pls help

    Cunnilingus wrote:
    > Agnitum Outpost.


    Outpost? HAHAHAHA!

    VB.
    --
    Bitte beachten Sie auch die Rückseite dieses Schreibens!

+ Reply to Thread