comp keeps timing out.

thank you.

S/C

We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...


Hello Meb.

Okay, I just read all your last post. (got called away for an hour.) I
have done search for a decent forum, and even though there are lots, am
not sure which is appropiate,, some even say "Hijack This Log
(inactive)". Do you know of the correct one to use?

I didnt like the bit in Pa's post that you pasted where he says to
re-format, nothing can save you etc,, I dont mind last-resorts but feel
it is way too early for that yet.

S/C

thank you.

S/C

We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...


Hello Meb.

Okay, I just read all your last post. (got called away for an hour.) I
have done search for a decent forum, and even though there are lots, am
not sure which is appropiate,, some even say "Hijack This Log
(inactive)". Do you know of the correct one to use?

I didnt like the bit in Pa's post that you pasted where he says to
re-format, nothing can save you etc,, I dont mind last-resorts but feel
it is way too early for that yet.

S/C

Holy crap!!

Hello again Meb,,

I was in the middle of looking around MDX's site trying to find the
hosts file you mentioned, when I had a thought about going to my windows
folder to see if anything there had changed,,,,, sure has@@!!
There are now 6 new Hosts files with hundreds upon hundreds of address's
to untoward sites; and at the bottom, each states that it is a list
inserted by SpyBot S&D. They also state they are from 'safer
networking', which is the one I choose when I d/load updates from
SpyBot, I have always used that one for as long as I can remember.
Also, those 6 claim to be back-ups. There are two other Host files
there, one simply called 'Host'(no extension) which has the same
information in it, and the other is 'Hosts.Sam'. The latter one seems
to be the original that came with win98.

Should I be concerned about this Meb? Are they really SpyBot
logs/back-ups? I have never ever seen anything like this before.

I will now go back to MDX's site and try to locate the Hosts file, but
will keep this newsgroup open for any reply.

S/C

Holy crap!!

Hello again Meb,,

I was in the middle of looking around MDX's site trying to find the
hosts file you mentioned, when I had a thought about going to my windows
folder to see if anything there had changed,,,,, sure has@@!!
There are now 6 new Hosts files with hundreds upon hundreds of address's
to untoward sites; and at the bottom, each states that it is a list
inserted by SpyBot S&D. They also state they are from 'safer
networking', which is the one I choose when I d/load updates from
SpyBot, I have always used that one for as long as I can remember.
Also, those 6 claim to be back-ups. There are two other Host files
there, one simply called 'Host'(no extension) which has the same
information in it, and the other is 'Hosts.Sam'. The latter one seems
to be the original that came with win98.

Should I be concerned about this Meb? Are they really SpyBot
logs/back-ups? I have never ever seen anything like this before.

I will now go back to MDX's site and try to locate the Hosts file, but
will keep this newsgroup open for any reply.

S/C

thank you.

S/C

We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...

Ahhhh, now I think I understand what a Hosts File is.(after reading lots
at Mdx's site.)

Hello Meb,

If I am correct, then you can disregard the last post; this is how I see
it;; the files that SpyBot put there are actually full of information
that screen out the bad stuff... yes? Sure hope I am right, because I
did hit the Panic button there for a while.

Just as an adjunct, my computer 'seems' to be travelling nicely right
now, and I have not encountered any ill effects since SpyBot found and
'fixed' the problem, naturally, I hope this is so. In fact, I havent as
yet found anything that isnt running well. The original problem
regarding my connection shutting me out has even seemed to rectify
itself, not that I will stop doing all things mentioned in this thread,
I would rather be sure than sorry.
Also, I can use the 'scanreg /restore' if necessary. what do you think?
(I once did it going back as far as a year,, this being possible because
I do scanregw manually from time to time.)

S/C

thank you.

S/C

We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...

Ahhhh, now I think I understand what a Hosts File is.(after reading lots
at Mdx's site.)

Hello Meb,

If I am correct, then you can disregard the last post; this is how I see
it;; the files that SpyBot put there are actually full of information
that screen out the bad stuff... yes? Sure hope I am right, because I
did hit the Panic button there for a while.

Just as an adjunct, my computer 'seems' to be travelling nicely right
now, and I have not encountered any ill effects since SpyBot found and
'fixed' the problem, naturally, I hope this is so. In fact, I havent as
yet found anything that isnt running well. The original problem
regarding my connection shutting me out has even seemed to rectify
itself, not that I will stop doing all things mentioned in this thread,
I would rather be sure than sorry.
Also, I can use the 'scanreg /restore' if necessary. what do you think?
(I once did it going back as far as a year,, this being possible because
I do scanregw manually from time to time.)

S/C

square/circle wrote:

thank you.

S/C

We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...

Ahhhh, now I think I understand what a Hosts File is.(after reading lots
at Mdx's site.)

Hello Meb,

If I am correct, then you can disregard the last post; this is how I see
it;; the files that SpyBot put there are actually full of information
that screen out the bad stuff... yes? Sure hope I am right, because I
did hit the Panic button there for a while.

Just as an adjunct, my computer 'seems' to be travelling nicely right
now, and I have not encountered any ill effects since SpyBot found and
'fixed' the problem, naturally, I hope this is so. In fact, I havent as
yet found anything that isnt running well. The original problem
regarding my connection shutting me out has even seemed to rectify
itself, not that I will stop doing all things mentioned in this thread,
I would rather be sure than sorry.
Also, I can use the 'scanreg /restore' if necessary. what do you think?
(I once did it going back as far as a year,, this being possible because
I do scanregw manually from time to time.)

S/C



WHOA ... hang on there, you're jumping ahead of where you may be... a
REALLY short explanation of HOSTS files:

Yes, the HOSTS file can be used to block untoward sites from access
[though not what it was originally designed for]. It can also readily be
used [for good or bad] by hackers or network administrators to force
automatic/invisible redirection to sites/IPs they want used, what they
are named, where the IP/host/named *place* is in the local or external
network structure, and several other functions.
So, as example of bad usage, even though a hacker site is in China or
the US, it could be added into your *local* network structure by-passing
some or all of your other protections.
As example of good usage, addresses and names can be forced to null or
local reference [DNS, etc..] ONLY, negating searches externally [which
is what these HOSTS files offered from the reputable services are doing].
NOTE that the HOSTS or LMHOSTS files are parsed with each access
[alright, there is some caching involved but I'll ignore this for a
short explanation], which on REALLY slow computers or with extremely
large HOSTS/LMHOSTS files can impact access times, but its negligible
compared with the benefit of the additional protections which can be
found with the usage of a good, SAFELY configured file.. I personally
have used a HOSTS file of about 4 megs in size with little system impact...

EVEN THOUGH your access seems to have corrected itself, do yourself a
favor and check for any other malware. Many/most will cause negligible
impact once installed/used and after whatever other hack involved has
been downloaded and fully installed within a system. The whole idea of
well formed hacks is to NOT show substantial system impact while hiding
what IS actually going on from your applications monitoring for the
activity. Rootkits, certain BHOs, and hard drive hacks [MBR, SCSI layer,
boot re-direction, etc..] are excellent examples of invisible or
essentially invisible styles of well formed hacks. So would be the
malicious HOSTS hacked re-directions...

Your primary issues are no firewall and the apparent hack or hacks
which you may still have within your system. Work on those issues.

As for PA's IE discussion recommendation to re-install, it was directed
towards a *specific* issue not a general application for *all systems*
or problems.

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

square/circle wrote:

thank you.

S/C

We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...

Ahhhh, now I think I understand what a Hosts File is.(after reading lots
at Mdx's site.)

Hello Meb,

If I am correct, then you can disregard the last post; this is how I see
it;; the files that SpyBot put there are actually full of information
that screen out the bad stuff... yes? Sure hope I am right, because I
did hit the Panic button there for a while.

Just as an adjunct, my computer 'seems' to be travelling nicely right
now, and I have not encountered any ill effects since SpyBot found and
'fixed' the problem, naturally, I hope this is so. In fact, I havent as
yet found anything that isnt running well. The original problem
regarding my connection shutting me out has even seemed to rectify
itself, not that I will stop doing all things mentioned in this thread,
I would rather be sure than sorry.
Also, I can use the 'scanreg /restore' if necessary. what do you think?
(I once did it going back as far as a year,, this being possible because
I do scanregw manually from time to time.)

S/C



WHOA ... hang on there, you're jumping ahead of where you may be... a
REALLY short explanation of HOSTS files:

Yes, the HOSTS file can be used to block untoward sites from access
[though not what it was originally designed for]. It can also readily be
used [for good or bad] by hackers or network administrators to force
automatic/invisible redirection to sites/IPs they want used, what they
are named, where the IP/host/named *place* is in the local or external
network structure, and several other functions.
So, as example of bad usage, even though a hacker site is in China or
the US, it could be added into your *local* network structure by-passing
some or all of your other protections.
As example of good usage, addresses and names can be forced to null or
local reference [DNS, etc..] ONLY, negating searches externally [which
is what these HOSTS files offered from the reputable services are doing].
NOTE that the HOSTS or LMHOSTS files are parsed with each access
[alright, there is some caching involved but I'll ignore this for a
short explanation], which on REALLY slow computers or with extremely
large HOSTS/LMHOSTS files can impact access times, but its negligible
compared with the benefit of the additional protections which can be
found with the usage of a good, SAFELY configured file.. I personally
have used a HOSTS file of about 4 megs in size with little system impact...

EVEN THOUGH your access seems to have corrected itself, do yourself a
favor and check for any other malware. Many/most will cause negligible
impact once installed/used and after whatever other hack involved has
been downloaded and fully installed within a system. The whole idea of
well formed hacks is to NOT show substantial system impact while hiding
what IS actually going on from your applications monitoring for the
activity. Rootkits, certain BHOs, and hard drive hacks [MBR, SCSI layer,
boot re-direction, etc..] are excellent examples of invisible or
essentially invisible styles of well formed hacks. So would be the
malicious HOSTS hacked re-directions...

Your primary issues are no firewall and the apparent hack or hacks
which you may still have within your system. Work on those issues.

As for PA's IE discussion recommendation to re-install, it was directed
towards a *specific* issue not a general application for *all systems*
or problems.

--
MEB
Windows Networking, Diagnostics, and other materials
http://peoplescounsel.org/ref/windows-main.htm
The "real world" of Law, Justice, and government
http://peoplescounsel.org
-------

MEB wrote:
square/circle wrote:
thank you.

S/C
We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...
Ahhhh, now I think I understand what a Hosts File is.(after reading lots
at Mdx's site.)

Hello Meb,

If I am correct, then you can disregard the last post; this is how I see
it;; the files that SpyBot put there are actually full of information
that screen out the bad stuff... yes? Sure hope I am right, because I
did hit the Panic button there for a while.

Just as an adjunct, my computer 'seems' to be travelling nicely right
now, and I have not encountered any ill effects since SpyBot found and
'fixed' the problem, naturally, I hope this is so. In fact, I havent as
yet found anything that isnt running well. The original problem
regarding my connection shutting me out has even seemed to rectify
itself, not that I will stop doing all things mentioned in this thread,
I would rather be sure than sorry.
Also, I can use the 'scanreg /restore' if necessary. what do you think?
(I once did it going back as far as a year,, this being possible because
I do scanregw manually from time to time.)

S/C



WHOA ... hang on there, you're jumping ahead of where you may be... a
REALLY short explanation of HOSTS files:

Yes, the HOSTS file can be used to block untoward sites from access
[though not what it was originally designed for]. It can also readily be
used [for good or bad] by hackers or network administrators to force
automatic/invisible redirection to sites/IPs they want used, what they
are named, where the IP/host/named *place* is in the local or external
network structure, and several other functions.

--------

Okay, I am with you so far.

----------
So, as example of bad usage, even though a hacker site is in China or
the US, it could be added into your *local* network structure by-passing
some or all of your other protections.\

--------

Okay..... lead on.

--------
As example of good usage, addresses and names can be forced to null or
local reference [DNS, etc..] ONLY, negating searches externally [which
is what these HOSTS files offered from the reputable services are doing].

----------

Isnt this the same as what SpyBot has proffered/offered by way of
placing known nasty sites into the Host back-up files in my windows folder?
Also, in a prior post, I said there were 'hundreds' of sites in those
back-ups, turns out there are thousands;; and are the same ones that
SpyBot has within its file base.

----------------
NOTE that the HOSTS or LMHOSTS files are parsed with each access
[alright, there is some caching involved but I'll ignore this for a
short explanation], which on REALLY slow computers or with extremely
large HOSTS/LMHOSTS files can impact access times, but its negligible
compared with the benefit of the additional protections which can be
found with the usage of a good, SAFELY configured file.. I personally
have used a HOSTS file of about 4 megs in size with little system impact...

--------

The LMHosts file on my computer has nothing but information that is all
'Rem-ed' out via '#'s,, its simply a standard information file.
The last entry of SpyBots back-up is 309KB's.. with each prior one
being smaller as the latter one gets more information. (ps, can I delete
the prior entries and just keep each new one?)

--------------------

EVEN THOUGH your access seems to have corrected itself, do yourself a
favor and check for any other malware.
-------------

Have done diddly un done done. (sorry 'bout that, Ned is sitting next
to me) (am still not going to give him his bbq back)

------------


Many/most will cause negligible
impact once installed/used and after whatever other hack involved has
been downloaded and fully installed within a system. The whole idea of
well formed hacks is to NOT show substantial system impact while hiding
what IS actually going on from your applications monitoring for the
activity.

-------------

Yes,, I understand. why would a hacker show me his aces?

----------
Rootkits, certain BHOs, and hard drive hacks [MBR, SCSI layer,
boot re-direction, etc..] are excellent examples of invisible or
essentially invisible styles of well formed hacks. So would be the
malicious HOSTS hacked re-directions...

---------

This is a problem, and I guess none of us ever know when the damn things
spring into action,, could be three tuesdays from now at 6.49am for all
we know,, Yes Meb, I do appreciate what you are saying.
I dont fully understand RootKits, but from what I have read, it is not
good, even to the point of full re-instal,, and even then and after
formatting the damn thing is still there. (furnace time for H/D is what
I have read.)

Your primary issues are no firewall and the apparent hack or hacks
which you may still have within your system. Work on those issues.

----------

I am Meb, I am. Will be going up to see my computer guy in two days,
and will ask if he has a second hand Router; he gets all sorts of
stuff come into his shop. (He is one of da good guys.)
As for the Software Firewall Meb, am going to go out on a limb and ask
if you would be willing to help me understand it and help me set it up.
Remember I told you I had Kerio stashed in a folder?,, I went there
yesterday and all I found was 'Patch.Exe'. Have no friggin' idea how
that got there or even what it is. As far as I knew, I had d/l'd Kerio
a few years back and placed it in a folder called Kerio.
Anyway, after reading the posts in the other link regarding firewalls, I
clicked on the 'Tiny' and managed to get Kerio 2.1.5 of which is now in
the same folder as Patch. (btw, after reading stuff at that link and
another, it turns out that the creators of Kerio2 were the same as the
creators of Tiny2, but they left that company and produced Kerio2
instead of Tiny2.... confusing,,,,, yes.
So, bottom line to installing Kerio, and also the reason I have never
done it, is simply, I Dont Understand How To Set-Up a Fire-Wall, and I
dont have anyone around me who can assist. I realy soul-lee on what I
read in n/g's as a lurker. I am not up to speed on Ports and which to
set to what. will you help?

----------------

Now, just to go off track a bit. I still havent found a 'Hijack This'
forum from Google searches that seem appropiate,, has PA chimed in yet
anywhere with the best www?

Secondly, Do you think that the Hosts File provided by SpyBot is as good
and up to date as it gets? Mdx's is probably similar, but maybe not
quite as up to date.... am not sure as I am still learning.

Lastly,, in the Registy address I gave you I told of seeing an entry
called 'win32 Fraudloader.exe', but after another look, there are
actually 3 entries in that folder/hive. (am getting better, even calling
it by its proper name, learning learning learning.)
What exactly does this 'hive' do? It seems to me that it says it lists
the "Most Recently Used" (mru's),, does Fraud actually do anything from
here, or is just to scare me.

Thanks for riding this problem out with me Meb, I really do appreciate
it, and I do want to learn more and perhaps help others too.
I do know lots about some things, but not all about other things.

S/C



As for PA's IE discussion recommendation to re-install, it was directed
towards a *specific* issue not a general application for *all systems*
or problems.

-------

ha ha,,,, I sorta figured that.

MEB wrote:
square/circle wrote:
thank you.

S/C
We'll be here when you get back, or as long as possible anyway

Try to use this same discussion, or you may end up running through some
things again...
Ahhhh, now I think I understand what a Hosts File is.(after reading lots
at Mdx's site.)

Hello Meb,

If I am correct, then you can disregard the last post; this is how I see
it;; the files that SpyBot put there are actually full of information
that screen out the bad stuff... yes? Sure hope I am right, because I
did hit the Panic button there for a while.

Just as an adjunct, my computer 'seems' to be travelling nicely right
now, and I have not encountered any ill effects since SpyBot found and
'fixed' the problem, naturally, I hope this is so. In fact, I havent as
yet found anything that isnt running well. The original problem
regarding my connection shutting me out has even seemed to rectify
itself, not that I will stop doing all things mentioned in this thread,
I would rather be sure than sorry.
Also, I can use the 'scanreg /restore' if necessary. what do you think?
(I once did it going back as far as a year,, this being possible because
I do scanregw manually from time to time.)

S/C



WHOA ... hang on there, you're jumping ahead of where you may be... a
REALLY short explanation of HOSTS files:

Yes, the HOSTS file can be used to block untoward sites from access
[though not what it was originally designed for]. It can also readily be
used [for good or bad] by hackers or network administrators to force
automatic/invisible redirection to sites/IPs they want used, what they
are named, where the IP/host/named *place* is in the local or external
network structure, and several other functions.

--------

Okay, I am with you so far.

----------
So, as example of bad usage, even though a hacker site is in China or
the US, it could be added into your *local* network structure by-passing
some or all of your other protections.\

--------

Okay..... lead on.

--------
As example of good usage, addresses and names can be forced to null or
local reference [DNS, etc..] ONLY, negating searches externally [which
is what these HOSTS files offered from the reputable services are doing].

----------

Isnt this the same as what SpyBot has proffered/offered by way of
placing known nasty sites into the Host back-up files in my windows folder?
Also, in a prior post, I said there were 'hundreds' of sites in those
back-ups, turns out there are thousands;; and are the same ones that
SpyBot has within its file base.

----------------
NOTE that the HOSTS or LMHOSTS files are parsed with each access
[alright, there is some caching involved but I'll ignore this for a
short explanation], which on REALLY slow computers or with extremely
large HOSTS/LMHOSTS files can impact access times, but its negligible
compared with the benefit of the additional protections which can be
found with the usage of a good, SAFELY configured file.. I personally
have used a HOSTS file of about 4 megs in size with little system impact...

--------

The LMHosts file on my computer has nothing but information that is all
'Rem-ed' out via '#'s,, its simply a standard information file.
The last entry of SpyBots back-up is 309KB's.. with each prior one
being smaller as the latter one gets more information. (ps, can I delete
the prior entries and just keep each new one?)

--------------------

EVEN THOUGH your access seems to have corrected itself, do yourself a
favor and check for any other malware.
-------------

Have done diddly un done done. (sorry 'bout that, Ned is sitting next
to me) (am still not going to give him his bbq back)

------------


Many/most will cause negligible
impact once installed/used and after whatever other hack involved has
been downloaded and fully installed within a system. The whole idea of
well formed hacks is to NOT show substantial system impact while hiding
what IS actually going on from your applications monitoring for the
activity.

-------------

Yes,, I understand. why would a hacker show me his aces?

----------
Rootkits, certain BHOs, and hard drive hacks [MBR, SCSI layer,
boot re-direction, etc..] are excellent examples of invisible or
essentially invisible styles of well formed hacks. So would be the
malicious HOSTS hacked re-directions...

---------

This is a problem, and I guess none of us ever know when the damn things
spring into action,, could be three tuesdays from now at 6.49am for all
we know,, Yes Meb, I do appreciate what you are saying.
I dont fully understand RootKits, but from what I have read, it is not
good, even to the point of full re-instal,, and even then and after
formatting the damn thing is still there. (furnace time for H/D is what
I have read.)

Your primary issues are no firewall and the apparent hack or hacks
which you may still have within your system. Work on those issues.

----------

I am Meb, I am. Will be going up to see my computer guy in two days,
and will ask if he has a second hand Router; he gets all sorts of
stuff come into his shop. (He is one of da good guys.)
As for the Software Firewall Meb, am going to go out on a limb and ask
if you would be willing to help me understand it and help me set it up.
Remember I told you I had Kerio stashed in a folder?,, I went there
yesterday and all I found was 'Patch.Exe'. Have no friggin' idea how
that got there or even what it is. As far as I knew, I had d/l'd Kerio
a few years back and placed it in a folder called Kerio.
Anyway, after reading the posts in the other link regarding firewalls, I
clicked on the 'Tiny' and managed to get Kerio 2.1.5 of which is now in
the same folder as Patch. (btw, after reading stuff at that link and
another, it turns out that the creators of Kerio2 were the same as the
creators of Tiny2, but they left that company and produced Kerio2
instead of Tiny2.... confusing,,,,, yes.
So, bottom line to installing Kerio, and also the reason I have never
done it, is simply, I Dont Understand How To Set-Up a Fire-Wall, and I
dont have anyone around me who can assist. I realy soul-lee on what I
read in n/g's as a lurker. I am not up to speed on Ports and which to
set to what. will you help?

----------------

Now, just to go off track a bit. I still havent found a 'Hijack This'
forum from Google searches that seem appropiate,, has PA chimed in yet
anywhere with the best www?

Secondly, Do you think that the Hosts File provided by SpyBot is as good
and up to date as it gets? Mdx's is probably similar, but maybe not
quite as up to date.... am not sure as I am still learning.

Lastly,, in the Registy address I gave you I told of seeing an entry
called 'win32 Fraudloader.exe', but after another look, there are
actually 3 entries in that folder/hive. (am getting better, even calling
it by its proper name, learning learning learning.)
What exactly does this 'hive' do? It seems to me that it says it lists
the "Most Recently Used" (mru's),, does Fraud actually do anything from
here, or is just to scare me.

Thanks for riding this problem out with me Meb, I really do appreciate
it, and I do want to learn more and perhaps help others too.
I do know lots about some things, but not all about other things.

S/C



As for PA's IE discussion recommendation to re-install, it was directed
towards a *specific* issue not a general application for *all systems*
or problems.

-------

ha ha,,,, I sorta figured that.