PeterEl

Member
  • Content count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About PeterEl

Profile Information

  • OS
    none specified
  1. I tryed to make Partition two different programs, name of one something like this: partition manager pro, and another one names like something Totalcommander Partition Manager, and in both case PRIMARY disc makes like NETWORKS disc. So i think, that the any partition program will do the same. And i think that the problem is NOT in Partition program, problem is in something else..
  2. In special program for partition Disk I make two or more PRIMARY disks (for system windows) and they makes NETWORKS DISK with some files (about 4.5mb total), that cannot be deleted and after FORMAT disks they still there. And there are exist some BOOT directories or files, and its all not readable, and not delete-able. I think that it is not normal. Maybe it's a virus. Please help me, how i can be out of it?
  3. gays, what firewall you use?
  4. the guy does not get excited, calmer. thanks for your variant of troubleshooting, i'll make it.... some later... thanks again. Nice pic! just to the point!
  5. I did it and got the same false positive for the downloaded svchost from XP SP3. I did try also with the one from my running OS and this one didn't get the false positive but it is because it is in another language. Thanks. Another language? what language you downloaded from XP SP3? and what language in your runnig OS?
  6. I thought about it just like you. and that's why I asked you to try to download svchost.exe from microsoft.com and check it for viruses through virustotal. and check your own svchost.exe from their computers. and tell me results... allen2, maybe you do this? please, it's not hard.
  7. I carefully pay attention to viruses in SVCHOST.EXE file becouse FIREWALL permanently registers OUTgoing connections to different IP-addresses (some of whom are belong GOOGLE, YANDEX(searchengine), and some unknown people, I checked IP's on whois service) Here is screenshot of this:
  8. 1) Ok. Tell me please, if you get your SVCHOST.EXE file and check it out on VIRUSTOTAL.COM - is there will be virus? 2) <<"HashMyFiles" doesn't give SHA256>> It sounds strange... in my HashMyFiles what i downloaded it is got SHA256 if choose VIEW SETTINGS and choose SELECT COLUMNS there will be SHA256. By the way, in "HashMyFiles" that I downloaded VIRUSTOTAL found a virus too!!! but another one.
  9. In addition, if YOU did not upload it and are DEPENDING ON OTHER VERSIONS and ONLY looking at OTHERS results - THOSE are YES because there IS one going around! Get a program "Hashmyfiles" and CHECK THE HASH! I will BET that YOUR file will NOT be listed! Results of MY XP-SP3: Name / MD5 / Sha-1 / CRC32 / Date /Size / Version svchost.exe 27c6d03bcdb8cfeb96b716f3d8be3e18 49083ae3725a0488e0a8fbbe1335c745f70c4667 6ef02438 2008-04-14 10:00:00 AM 14,336 5.1.2600.5512 (xpsp.080413-2111) NO VIRUS! (and I FOUND the "analysis" - McAfee is a POS!) TRY THIS ANALYSIS, DUDE! edit - the SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5 Appears that THERE IS NO VIRUS (last "analysis" link I gave IS the one) (sheesh!) Thank for answers. I get "Hashmyfiles" and there you are: svchost.exe e948a9079d0e6350be92d4d3e0077f81(MD5) 82379592eca1117386e97f7a0500b3f34204d92e(SHA1) 77e6bc31(CRC32) 399d4b8eed157c15e93eaab7b6f9ba523bb768b8fd49d66c1450eb310a813ade(SHA256) 15.04.2008 12:00:00(modified) 27.08.2012 13:30:00(created) 14 336(file size) 5.1.2600.5512 (xpsp.080413-2111) Maybe I'm not good understanding..(sorry) but MY SHA-256 is different from your link SHA-256 where is no found malware "THIS". This mean, that my svchost is virus?
  10. 1) So, probably, better is leave the default settings... 2) Today I noticed a strange thing, when my computer was turned off and no one LAN port is no worked (not light) and no used, and WI-FI is turned off also, the WAN-port (internet) is BLINKED, but not often. I use DHCP connect to internet - dynamic ip. Is it normal? that WAN is blinked when i not use internet???? Why it could be? Thanks everybody fo answers.
  11. ya, ya ))) I know... I first began to verify the file that already exists in my windows. When I discovered by the above method a virus in it, I decided to download svchost.exe from microsoft.com - assuming that there will not be a virus. But virus was there, too.
  12. I will try again, are your settings EXACTLY like the ones on this page? http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0 Does you router has other pages/settings? How are they set? Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc). Good. BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind: http://www.backtrack-linux.org/ This way you could have maybe an idea of what's going on. jaclaz All the same like this page http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0, but Filter Multicast is ON and Filter Internet NAT Redirection... - is ON. Other settings in attached file ->router-settings-pic.rar
  13. I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... @PeterEl I mean how exactly is NAT (or any other similar setting) set to? From what I can see (not from the E1500 manual here: http://homesupport.cisco.com/en-eu/support/routers/E1500 which is pretty much "useless") but from the more "generic" one: http://www.manualowl.com/m/Cisco/E1500/Manual/236876?page=40 There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ. The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also: http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=349c2ccc3fb44e1b8878369cc84a56bb_KB_EN_v1.xml&pid=80&converted=0 See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"): http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0 jaclaz All security options on my router are turned on. And i not use DMZ, it's disabled.
  14. Hello anybody! I found a virus in svchost.exe file that i download from microsoft.com. Tell the order: I went to the website microsoft.com and download the update ServicePack3 for XP windows, then I found file "svchost.ex_" and extract it to a file "svchost.exe", and then I checked this file on VIRUSTOTAL.COM and it found a VIRUS!!! - McAfee-GW-Edition (antivirus program) Heuristic.LooksLike.Win32.Suspicious.I So... Microsoft sells products with viruses ?????? What are you think about it?
  15. I looked, all processes are known. The question is still valid.