Re: Had some strange happenings...

pmj wrote:
"mothy" <mothy@xxxxxxxxxxxx> wrote in message
news:44744484$0$18260$ed2619ec@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
snip.
I opened my firewall to view my activity log to see if there was
anything obvious, there was nothing.

But what counts as "obvious" in those sort of circumstances?...

Well anything trying to access the Internet. Zone Alarm logs all
incoming and outgoing attempts but also has a list of applications and
the rules set for them. Only applications given explicit access to the
Internet will be allowed to connect. (I hope). You can see what is
active at any one instance but I didn't find anything obvious. Just the
stuff I expected like my email client my browser and a few services.
I've gone though the list of applications that are allowed server access
and the list is all recognisable stuff.

... I use Zone Alarm Pro (paid for) and the firewall log, which
is activated from a drop down box changed back to the anti-spyware
option in the drop down.
Since I installed my router Zone Alarm has gone quiet on the
incoming stuff which is to be expected.

Yep.
BUT...
If there actually was some sort of "Remote Control" type thing
Running on your PC (& I'm not suggesting for oine moment that there
is), then it wouldn't (necessaril;y) actually need an *incoming*
Connection for the PC to be Remotely Controlled!!!...


Sorry, my misleading statement, I just happened to notice that the
incoming rubbish had stopped and mentioned it. I scanned my computer for
any known items that might have got 'infused' on to my PC and all
four, that I use, didn't find anything of any significance. I also employ a programme called BHODemon to monitor for any BHO's surreptitiously added to my PC.

That's something that many people fail to realise...
They get all paranoid & "hung up" about *Incoming* Connection
Attempts (which as you have found out, a Router deals with very well,
by just dropping them), but then don't realise that it's perfectly possible for Software *on the PC* to make an *Outbound* Connection
Attempt & for it to be (unwittingly) allowed.

I've been paranoid about both incoming and outgoing connections ever since I went on broadband and often review what is allowed access to the Internet.
I'm also have an irrational hate for all things Ebay, I see it as
another portal for criminal activity, so I've even blocked access to
it's web sites. Thunderbird keeps wanting to access Ebay, something I've
never done on this PC, I will investigate that further one day.

I know very many people who (as a matter of course, & without any
thinking about it allow *loads* of *Outbound* Connection Attempts
from all sorts of stuff on their PC, not just their Web Browser
& eMail/News Clients.

see above

& once a Connection has been established (it doesn't matter whether
it's an Inbound or Outbound) Connection!), then that is a *2* Way thing!..

Of course

Stuff can come in through an Outbound Connection - That's how POP3
& IMAP4 Mail (& NNTP News) works, after all, isn't it?

That's the way the Internet is *designed* to work.

Again my start menu opened then closed.

Ok so now I'm paranoid so I've done a full scan with AdAware and
Spybot and found nothing save a couple of tracking cookies.

& Cookies aren't really likely to be involved in anything sinister, are they?

No I just mentioned what the scan found I get rid of them every
day anyway. I find it easier to do that than block them as that seems to
slow things down a bit on some web sites.
I must say I keep my hosts file full of unwanted sites too all on loopback but it can slow things down but then what's a few seconds more compared to the time to clean up a mess.

I was looking for accommodation the other day and went on a B&B site which wanted to check my computer for spyware. I had a dialogue box up which stole the whole show so I was thinking about the best way to close it down. I opted for the close dialog cross only to find it went off to do something (or pretend to do something) anyway. I shut it down pretty smartish using Alt-F4. It's about time some of these people writing this stuff got clapped up in prison. I must also remember that, as FN suggested, to stop Internet activity through Zone Alarm is an option although if your mouse is off on walk about I couldn't get to it, so I've just set up a keyboard shortcut to it so I can get at it (hands together in prayer). :-)


The really dodgy stuff doesn't need to bother with (or about) Cookies

They would have been from this morning's activity as I clean them
out daily.
Zone Alarm scans my PC for SpyWare daily as does Windows Defender.

This has happened previously but I put it down to a conflict between
my Pen Tablet and the mouse that time.

Yep, that sounds a perfectly good explanation.
:-)

It may be, last time I connected my tablet to a powered USB port and it
got very upset and sent my mouse pointer intermittently all over the
place.


I've rebooted in the mean time and there is no more activity.

Are there any other conspiracy theories out there?

Yep!
Plenty!!!

Of course it *could* be something like some kind of RAT (Remote
Access Trojan) - but that would be dead easy to suss out, using
things like Process Explorer, TCPView (or even good old Command Line Netstat! that comes with windoze) & AutoRuns, all available for Free
from the SysInternals.com Website.

Have you got those?
Run them & have a look & see what's what on your Machine.

Yes, and all seems to be as expected or as it was the last time I did this.


But (as the others have already said) I reckon it's prolly *far*
more likely to be something to do with the Mouse (&/or Keyboard).

I reckon it probably was, but I did think I'd resolved that issue by
removing my Pen Tablet from the powered USB port.

Don't forget that the Keyboard can be used to Operate most parts
of the windoze GUI (Graphical User Interface)

LOL yes funny how you forget that when things start to go wrong and I
use it a lot under normal circumstances, I reckon I don't handle fear at
all well! :-)


I would suggest leaving TCPView (& also Process Explorer Running on
your PC (even Setting them to Load at Boot up?)

Thanks I done that, it's always a good idea to have a snapshot of what
should be running on ones PC isn't it? I keep a look out in my Winsock
LSP so that I'm familiar of what should be there, just in case I get
some rogue interlopers.
SpyBot has a tool for saving what is in this list as a text file so you
can refer back to it if the invaders strike.

& then, periodically have a look at them to see what's happening.

& next time you have this weird behaviour from your PC/Mouse/Keyboard,
just have a quick look in TCPView to see what Connections are
Established (what Ports, both Local & Remote & what IP Addresses)

& also *Save* the Output of it, as a Text File, using...

Menu>File>Save As...

So you can refer back to it.

Thanks, I'll do it for that too.

& then just *Disconnect* the Internet Connection (&/or WiFi Connection
if you use a WiFi thingy)

Ok, can't think why I never thought of doing that. (taps own head)

Just tried it and saved both a Connect and a Disconnect although I had to let that settle while the activity I interrupted timed out.

Then have a look at what Process Explorer shows you is Running.

Done, it all seems to be things I have set up or known services.

& also, in the meantime, use AutoRuns to see what's actually Set up
to Automatically Load & Run, when the Machine Boots up.

I've got a few of these applications showing what is up and running, I
use them all at some point. Autoruns seems to be the easiest to follow, but I have Hijack This, Codestuff Starter, good ole MSconfig as well.

Thanks for taking the time to comment and offer advice it is much appreciated.

.

Relevant Pages

  • Re: Why does XP answer the phone when no RAS is enabled?
    ... I know that I have no applications defined, ... and nothing in network connections to look for incoming. ... thing of note is that this computer has been used for internet connection ...
    (microsoft.public.windowsxp.general)
  • Mpd-4.2 released.
    ... I'm glad to present version 4.2 of MPD. ... performance improvements and fixes. ... It allows mpd to accept incoming connection of ... accepting incoming PPPoE connection from client and forwarding it using ...
    (freebsd-net)
  • Re: Accessing remote desktop
    ... now i am trying to connect to remote computer through highspeed DSL internet ... forward the incoming packets to the inside computer. ... remote desktop connection is) ...
    (microsoft.public.internet.netmeeting)
  • Re: Traffic going through wrong interface
    ... The whole system can have an idea that a packet is a response thanks to the connection tracking built in Netfilter, and tell the routing subsystem to do something special with it. ... Cf. the connmark and mark iptables matches and the CONNMARK and MARK iptables targets. ... Use secondary addresses for incoming connections. ... Use the source port to identify response packets and mark them with an iptables rule: ...
    (comp.os.linux.networking)
  • Telneting to The Cottonwood BBs
    ... incoming baud rate correctly. ... Simply setup ANOTHER, dial up connection, to your ISP, and configure ... the modem THAT connection will use, ...
    (comp.sys.cbm)