What got snuck past my firewall???

  • Thread starter Thread starter system changes
  • Start date Start date
S

system changes

Suddenly, the "you must restart your computer for system
changes to take affect" screen pops up, and I have not
accepted any requests to permit downloads. There have also
been no messages from symantic or ms concerning waiting
updates, and the firewall is on. So I use the search
feature limited to today, and discover that besides the
two live update activities, a dll file in c/program
files/comet has been accessed, and without my permission.
And i cannot delete dmserver.exe (in comet) because it
is "in use." (I closed everything to free this file, and
am now afraid to restart my machine for fear i cannot stop
what happens next!!!)
would ms or symantic use their permissions to pass my
firewall and insert programming without telling me??
How can i find out what is "pending" on my machine??
 
You should have firewall logs that tell you where you got it.
I have several little utilities that I downloaded from www.sysinternals.com
processexplorer shows ALL active processess and allows you to kill them.
tcpview shows all network connections.
autoruns shows all programs that are started automatically...

You will be able to delete the new program after you stop it.
 
Sounds like spyware/parasite. AdAware should be able to take care of it. Be sure to
update it before running it. The link below has some information on it including
manual removal. Be careful what you open as far as email attachments and what you hit
OK for when on the internet when asked to install a add on, etc. --- Steve

http://www.pestpatrol.com/PestInfo/c/comet_dmserver.asp
 
You can examine HKLM\System\CurrentControlSet\Control\Session
Manager\PendingFileRenameOperations to see what pending file copies are
waiting.

You must use regedt32, not regedit, on Win2K and earlier, to examine this
value.

The value is not designed to be human-readable, but you'll see both the
existing file to be replaced and the current temp file that will be copied
over the existing file.

And no, Microsoft won't "use their permissions" (we really have none) to
put software on your machine without your consent. I doubt Symantec would
either.

-Matt

===
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Back
Top