ATN:Sponge---Re: What the hell is "Object:80000259" ?? ( ZA alert..)--thanks, very informative..!!
From: 3ChordGuitarist (chair@computer.desk)
Date: 01/26/03
- Next message: sidewinder: "Re: cygwin ssh server?"
- Previous message: Vlad Tsyrklevich: "Re: last 24 hour port scan log"
- In reply to: sponge: "Re: What the hell is "Object:80000259" ?? ( ZA alert..)"
- Next in thread: Stupified: "Re: What the hell is "Object:80000259" ?? ( ZA alert..)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: 3ChordGuitarist <chair@computer.desk> Date: Sun, 26 Jan 2003 06:17:37 GMT
On 25 Jan 2003 16:52:22 -0800, yosponge@yahoo.com (sponge) wrote:
>On Sat, 25 Jan 2003 18:37:34 GMT, 3ChordGuitarist
><chair@computer.desk> wrote:
>
>>Object:80000259 wanted to acces 207.188.24.150:http
>>
>>Whois can't find that IP. Ping just times out. Win2K task manager
>>called it process 964.
>>When I try to check it's properties in ZA it barfs " Access to
>>specified device, path or file is denied" It 's date in ZA ( when it
>>tried to connect, says "invalid". ) I found nothing matching this
>when
>>I did a Find.
>
>
>You are running RealPlayer, RealJukebox, or some other
>RealNetworks/Progressive Networks product. It's trying to phone home
>for whatever reason.
>I suppose ZA is flagging this alert this way due to the "enhanced"
>security features; in the past, it only knew about applications, like
>EXE and DLL files accessing the net. Now it knows about threads/tasks
>running within threads/tasks. I don't know why ZA "barfs" but that is
>more likely to be an issue with ZA.
>In any case, I would deny it access. If you need to have your
>RealNetwork's product access the Internet, I suggest either using at a
>minimum the RealNetwork's-related rules from my original Spyware
>Blocklist to block Realwhatever from phoning home, or downloading
>Kerio and using one of the filter files at my page.
>I could not tell you exactly what Realsomething is trying to send home
>without a packet dump. It could be checking for updates or uploading
>something it shouldn't. Who knows. RealNetwork's products were among
>the first identified kinds of spyware.
>It is worthwhile to run SpyBot and a good anti-virus scanner like
>Kaspersky's in the off chance you got some kind of infection, though
>given what is known about RealNetworks I think it genuinely IS a
>problem with their products.
>
>Sponge
>Sponge's Anti-Spyware Source
>www.geocities.com/yosponge
>Another new sig...
- Next message: sidewinder: "Re: cygwin ssh server?"
- Previous message: Vlad Tsyrklevich: "Re: last 24 hour port scan log"
- In reply to: sponge: "Re: What the hell is "Object:80000259" ?? ( ZA alert..)"
- Next in thread: Stupified: "Re: What the hell is "Object:80000259" ?? ( ZA alert..)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
