Re: help with SyGate needed

From: curious (heyimjustcurious_at_yahoo.com)
Date: 01/30/04 

Date: 30 Jan 2004 00:24:55 -0800

"D McAuliffe" <DaveMcA@mailinator.com> wrote in message news:<bvce42$qpju9$1@ID-37006.news.uni-berlin.de>...
> "curious" <heyimjustcurious@yahoo.com> wrote in message
> news:ca3e516b.0401291509.41c33360@posting.google.com...
> > Question 1: Once installed, do I have to leave the Sygate window
> > opened to have the firewall be 'on'?
>
> No. Have it stay in the system tray for easy access to the logs and such -
> personal preferance.
>
> > Question 2:
> > After I installed Sygate and the computer restarted, the registration
> > window opened up and so I connected the PC to internet to do the
> > registration. Right after that, a message window popped up asking me
> > whether I want to say "yes" or "No" to this: "An application named
> > NDIS User mode I/O Driver (file name ndisuio.sys) is trying to access
> > Internet."
> >
> 2 things. Once installed you'll need to tell Sygate if it's OK for internet
> access on any application trying to connect. You have the option of saying
> yes or no for this time only in which case it will ask you again in a future
> session, or by checking the remember box, a yes or no for all future
> sessions until you physically edit the applications list.
> Go to
> http://www.iceteks.com/forums/index.php?showtopic=1290&st=40&#entry14302 to
> read about ndisuio.sys. It looks like you'll have to disable the program
> through Admin Services. This is only from a google search and not from
> first hand experiance.
>
> > Instead of choosing yes or no, I closed the window. Imediate, a window
> > popped up AT THE BOTTOM OF THE SCREEN saying that "An application
> > named NDIS User mode I/O Driver (file name ndisuio.sys) 'HAS BEEN
> > BLOCKED' from accessing the network.
> >
> > It disppeared on tis own and right away another window with the same
> > type of message appeared, this time for a different application with
> > file anme "svchost.exe" asking the same thing. I did the same thing
> > and experienced the same response.
> >
> > After that, it was for the application with file name "msmsgs.exe".
> > The same experience.
>
> See if this thread helps you decide: http://tinyurl.com/yur82
>
> >
> > Question 3:
> > Then, I would get messages like the ones shown below, which I do not
> > know what to answer sometimes.
> >
> > [NDIS User Mode I/O Driver (ndisuio.sys) is beign contacted from a
> > remote machine 1608.mail.yahoo.com (216.155.***.**) using local port
> > ####. Do you want to allow this program to access them?]; I said
> > "yes" to this one.
>
> Rule of thumb - if you don't know what the connection is for or why it is
> being made: Say NO.
>
> > {Generic Host Process for Win 32 services (svchost.exe) is trying to
> > broadcast to [239.255.255.250] using remote port 1**0 [SSDP - Simple
> > Service Directory Protocol0. Do you want to allow the program to
> > access the network?]; I moved this window to the bottom of the page
> > and then noticed that it disappeared.
>
> See if this thread helps you decide: http://tinyurl.com/2jng8
>
> > The results for other scans are shown below. Can any on guide me on
> > how things should be. I will read help section but I need to know what
> > the end results should be. I know that it I am asking a lot but I am
> > learning. I used to have my computer networked to my roommate which
> > has a firewalll.
> >
> > (i) Quick Scan; it said that I should see 'BLOCK' on all ports but
> > ports 21, 25, 80, 1307 are 'OPEN'. So, it said this: "You are not
> > fully protetced".
> >
>
> It actually said "ideally" they should show blocked. That said, the ones you
> show open I show blocked. Hopefully someone with a lot more savy on ports
> than I have will help you out.
>
> > Trojan 21 OPEN Back Construction, Blade Runner, Doly
> > Trojan, Fore,
>
> This does not mean you have those trojans on your machine, it only means
> those trojans use this port for communication.
>
> > We have determined that you have a firewall blocking UDP ports!
> > We are unable to scan any more UDP ports on IP: **.***.***.***. . .
> >
> >
> >
> > Another Question: Is the UDP scan results OK? Do I need to block
> > those OPEN ports in other scans? How bad is my Trojan scan results?
> > What to do?
> >
>
> UPD is fine. I block in/out UPD and ICMPs. (No problem with ISP ATT).
> Until you get another opinion, I'd run anti-virus and anti-trojan scans, and
> use the anti-spyware programs Sybot and Adaware.

 Thanks for the info. I did say "yes" only when I know the reason the
connection was being made.

 I went to Application List and set "ASK" for the file ndisuio.sys. I
will read the link you give too inscase I need to go to Admin
Services.

Those ports that are ON in mine (and BLOCK in yours), should be
BLOCKED, I believe.

Good to know that UDP results was OK (normal); I kind of thought so
too, i.e it's prottected well.

I couldn't do ICMP scan yet because it wasn't availabe to doo it yet.

I had run SpyBot S&D and AdAware today; I saw a post where somone
suggest this:

<< Run the "Big Four" - first, download and run CWShredder, then
SpyBot
S&D, Ad-Aware, and SpywareBlaster. If all else fails, you can run
HiJackThis! and post the results in alt.privacy.spyware if you have a
problem. Make sure you run their built-in updaters before doing a scan
so you have the most current signatures. No commercial product can
touch the Big Four in terms of the number of parasites they kill. For
that matter, no commercial anti-spyware product is better than even
any one of the Big Four! And the Big Four are all free, too. Some
commercial "anti-spyware" tools contain or are spyware themselves, so
you really have to watch those.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge.>>

 So I plan to get the other two.

I ran Norton Anti-virus yesterday but will run again.

Is there a separate scan for trojans? Wouldn't Norton Anti-virus take
care of that as well?

Again, thanks.

Relevant Pages

  • Re: Another "What Motherboard Should I Buy" question
    ... I'm looking for advice/recommendations on a new mobo and other parts. ... cruises there for several seconds while the window opens. ... The usual handful of USB, serial, parallel ports, Firewire ports for my ... make all of your drives SATA including the DVD. ...
    (comp.os.linux.hardware)
  • Re: Another "What Motherboard Should I Buy" question
    ... I'm looking for advice/recommendations on a new mobo and other parts. ... I'm running Mandriva 2007 and I just don't have enough horsepower to run ... cruises there for several seconds while the window opens. ... The usual handful of USB, serial, parallel ports, Firewire ports for my ...
    (comp.os.linux.hardware)
  • Re: Think Ive got trouble
    ... Some Trojans can be "adjusted" to listen on practically ANY port, ... rely on lists of known ports used by known Trojans. ... > You might wanna download the free LANGUARD Network scanner from GFI ... >>We began having trouble with our exchange server. ...
    (Focus-Microsoft)
  • RE: rooted NT/2K boxen?
    ... Hrmm, netstat -an comes to my mind quickly, as it lists all ports in use but ... > It is completely possible to take over a Windows NT/2K box... ... > control there are a bunch of remote administration trojans, ...
    (Focus-Microsoft)
  • help with SyGate needed
    ... do I have to leave the Sygate window ... I went to "tool" menu and did 'test your firewall' which took ... Service Ports Status Possible Trojans ... Trojan 21 OPEN Back Construction, Blade Runner, Doly ...
    (comp.security.firewalls)