Suspect Modem Activity

Discussion in 'Virus Information' started by Jacko, Mar 30, 2009.

  1. Jacko

    jen Guest

    Turn off javascript (try out NoScript addon). That is the Google
    Suggest "feature".
    See here:
    Google Suggest, Enabled by Default:
    http://googlesystem.blogspot.com/2008/08/google-suggest-enabled-by-default.html

    -jen
     
    jen, Apr 2, 2009
    #21
    1. Advertisements

  2. Jacko

    Jacko Guest

    Hi Andrew

    Your reply seems logically correct, but the fact still remains that i do not
    use any of the google apps or widgets etc.

    I searched my HD and did not find any file resembling google*.*

    But i did find an entry in my registry
    http://clients1.google.com

    TIA
     
    Jacko, Apr 2, 2009
    #22
    1. Advertisements

  3. Jacko

    Jacko Guest

    Is it possible that http://clients1.google.com is not related to google at
    all??

    Note: the above urls is visible for less then a second when i start the
    browser, maybe many others have this but are not aware of it.

    I too did miss it the first time i posted this message.
     
    Jacko, Apr 2, 2009
    #23
  4. Jacko

    Peter Foldes Guest

    You posted different. Look back on your posts here in this thread. You DO HAVE
    Google installed and running
     
    Peter Foldes, Apr 2, 2009
    #24
  5. Jacko

    Jacko Guest

    Now i am confused, how did you know i have google installed??

    Can you please paste that here
     
    Jacko, Apr 2, 2009
    #25
  6. Jacko

    John Guest

    Not suspicious at all because OP is in Mumbai, India.
     
    John, Apr 2, 2009
    #26
  7. Jacko

    jen Guest

    Read the entire content of the link below for *all* instances...

    Connections established on startup - Firefox
    Firefox makes unrequested connections:
    Home page loading
    Your home page may be loading. To change your home page to something
    that doesn't generate connections to the internet:
    1. At the top of the Firefox windowOn the menu bar, click on the
    ToolsFirefoxEdit menu, and select Options...Preferences....
    2. Select the Main icon.
    3. Set When Firefox starts to Show a blank page...
    http://support.mozilla.com/en-US/kb/Firefox+makes+unrequested+connections

    Re: "clients1.google.com"
    Turn off javascript (try out NoScript addon). That is the Google
    Suggest "feature".
    See here:
    Google Suggest, Enabled by Default:
    http://googlesystem.blogspot.com/2008/08/google-suggest-enabled-by-default.html

    -jen
     
    jen, Apr 3, 2009
    #27
  8. Jacko

    Jacko Guest

    Setting Firefox to start with a blank page, just seems to be the way out of
    this issue.

    When i start Firefox with google as the startup page. or even if i click on
    the search icon with google as the site, my Modem and even HD seem to overly
    active, not a very good sign.
     
    Jacko, Apr 4, 2009
    #28
  9. From: "Jacko" <>

    | Setting Firefox to start with a blank page, just seems to be the way out of
    | this issue.

    | When i start Firefox with google as the startup page. or even if i click on
    | the search icon with google as the site, my Modem and even HD seem to overly
    | active, not a very good sign.


    Look, saying "...my Modem and even HD seem to overly active..." are mere symptoms.

    Your modem lights flicker based upon Internet activity. Use Wireshark and other programs
    to actually see the IP activity.

    The same goes for hard disk activity. Use disk monitoring software.

    The fact is normal opertion will cause both disk and modem light activity and stating you
    have or don't have either activity is frankly.... meaningless.

    Even the topic of this subject is vague. "Suspect Modem Activity" becaus eyou see the
    light flashing.
    "When i start my browser, it goes to google, i find that the modem's adsl light flicker
    for about 12-15 seconds."

    Big deal. This is a security/virus news group. We don't care if your lights flash
    because that's NORMAL and I haven't seen anything indicative of malicious activity in your
    posts. Nor have I seen you do ANYTHING to help identify possible malicious activity.
     
    David H. Lipman, Apr 4, 2009
    #29
  10. Jacko

    Jacko Guest

    I mentioned in one of my earlier posting that my registry had an entry
    clients1.google.com

    I deleted the entry, how did it get into my registry in the first place?

    It has not appeared again in the registry even 3 day later

    I know that this is a security/virus news group, thats the reason i posted
    this message here.

    I generally ignore all messages which direct to some webpages or talk about
    installing some software, there is no way i will do that, HijackThis this
    was an exception, since it comes from a well-known firm.

    But what HijackThis display is way beyond my capacity to understand.
     
    Jacko, Apr 4, 2009
    #30
  11. From: "Jacko" <>



    | I mentioned in one of my earlier posting that my registry had an entry
    | clients1.google.com

    | I deleted the entry, how did it get into my registry in the first place?

    | It has not appeared again in the registry even 3 day later

    | I know that this is a security/virus news group, thats the reason i posted
    | this message here.

    | I generally ignore all messages which direct to some webpages or talk about
    | installing some software, there is no way i will do that, HijackThis this
    | was an exception, since it comes from a well-known firm.

    | But what HijackThis display is way beyond my capacity to understand.


    There is NO WAY that anything can be deduced just hard disk activity and modem light
    activity.

    The fact that clients1.google.com was in the Registry is meaningless.

    You WILL have to install some sort of software to investigate the problem or drop the
    paranoid thought process or disconnevt the PC from the Internet.

    In any case you provide no information and therefore there is NOTHING that can be done to
    assist you.

    Since you have HJT.

    Forums where you can get expert advice for HiJack This! (HJT) Logs.

    NOTE: Registration is REQUIRED in any of the below before posting a log

    Suggested primary:
    http://www.thespykiller.co.uk/index.php?board=3.0

    Suggested secondary:
    http://www.bleepingcomputer.com/forums/forum22.html
    http://www.malwarebytes.org/forums/index.php?showforum=7

    Suggested tertiary:
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.atribune.org/forums/index.php?showforum=9
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://forum.networktechs.com/forumdisplay.php?f=130
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://www.5starsupport.com/ipboard/index.php?showforum=18
    http://aumha.net/viewforum.php?f=30
    http://makephpbb.com/phpbb/viewforum.php?f=2
    http://forums.techguy.org/54-security/
    http://forums.security-central.us/forumdisplay.php?f=13
     
    David H. Lipman, Apr 4, 2009
    #31
  12. Jacko

    Jacko Guest

    If you find that my posting are meaningless, please do not waste you time
    posting replies. I have not specifically asked you for your views. If
    someone finds it worthwhile replying to my post they are welcome.

    Disconnecting from the Internet is for me to decide.

    Who knows tomorrow you might suggest "throw out the PC"
     
    Jacko, Apr 4, 2009
    #32
  13. Jacko

    ~BD~ Guest

    I understand your frustration, Jacko!

    If you are able to run HJT and save a log file, try putting it into the
    facility you will find here www.hijackthis.de

    "HijackThis opens you a possibility to find and fix nasty entries on
    your computer easier.
    Therefore it will scan special parts in the registry and on your hard
    disk and compare them with the default settings. If there is some
    abnormality detected on your computer HijackThis will save them into a
    logfile. In order to find out what entries are nasty and what are
    installed by the user, you need some background information.
    A logfile is not so easy to analyze. Even for an advanced computer user.
    With the help of this automatic analyzer you are able to get some
    additional support".

    That is what it says at the link I provided. I've spent many hours
    experimenting with this facility, picking out HJT logs from numerous
    malware forums (such as those posted here by David H. Lipman)

    Have fun - and come back and tell us how you get on!

    Good luck!
     
    ~BD~, Apr 4, 2009
    #33
  14. From: "Jacko" <>

    | If you find that my posting are meaningless, please do not waste you time
    | posting replies. I have not specifically asked you for your views. If
    | someone finds it worthwhile replying to my post they are welcome.


    No I stated the quality of the information you are providing is meaningless.


    | Disconnecting from the Internet is for me to decide.


    If you are goin to be paranoid over lights and HD activity and fail to provide
    substantiating information or fail to use investagative tools then that may be your nest
    options becuase just being connected to the 'net laeves you at risk.

    Yesterday WWW stood for "World Wide Web".
    Today WWW stans for "Wild Wild West" refering to the often dangerous and lawless
    propensity of the 'net.


    | Who knows tomorrow you might suggest "throw out the PC"


    If that was the case, I'd tell you to return it to the place of puchase not throw it out.
     
    David H. Lipman, Apr 4, 2009
    #34
  15. Jacko

    Peter Foldes Guest

    < PLONK>
     
    Peter Foldes, Apr 4, 2009
    #35
  16. Nothing that drastic is necessary. Just take some black electrical tape
    and apply it to the lights.
     
    FromTheRafters, Apr 5, 2009
    #36
  17. Jacko

    Jacko Guest

    :)


     
    Jacko, Apr 5, 2009
    #37
  18. Jacko

    Jacko Guest

    Search google for
    "clients1.google.com"

    Install "BlockSite" add-on for Firefox 3.

    Amen
     
    Jacko, Apr 5, 2009
    #38
  19. Jacko

    Jacko Guest

    This misery does not seem to end with "BlockSite" add-of of Firefox 3.0

    I now have the txt/csv files generated by Wireshark during such activity,
    can send it to anyone who is interested and want to take a look at the log
    files.

    For me this is all greek and latin.
     
    Jacko, Apr 5, 2009
    #39
  20. Jacko

    ~BD~ Guest


    I understand your frustration, Jacko!

    If you are able to run HJT and save a log file, try putting it into the
    facility you will find here www.hijackthis.de

    "HijackThis opens you a possibility to find and fix nasty entries on
    your computer easier.
    Therefore it will scan special parts in the registry and on your hard
    disk and compare them with the default settings. If there is some
    abnormality detected on your computer HijackThis will save them into a
    logfile. In order to find out what entries are nasty and what are
    installed by the user, you need some background information.
    A logfile is not so easy to analyze. Even for an advanced computer user.
    With the help of this automatic analyzer you are able to get some
    additional support".

    That is what it says at the link I provided. I've spent many hours
    experimenting with this facility, picking out HJT logs from numerous
    malware forums (such as those posted here by David H. Lipman)

    Have fun - and come back and tell us how you get on!

    Good luck!
     
    ~BD~, Apr 5, 2009
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.