Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Wifi Sniff -> ein vermeintlicher Bot???

Wifi Sniff -> ein vermeintlicher Bot???


Plagegeister aller Art und deren Bekämpfung: Wifi Sniff -> ein vermeintlicher Bot???

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.07.2008, 12:07   #1
infernomercy
 
Wifi Sniff -> ein vermeintlicher Bot??? - Frage

Wifi Sniff -> ein vermeintlicher Bot???


Hi
Da ich denke dass ich iwie von nem Bot oder nem Trojaner oder so befallen bin hab mich heute mit Wireshark hingesetzt und mal meinen Network Adapter gesnifft und da ist mir etwas aufgefallen:
Und zwar tauchten immer mal TCP Verbindungen zu einer bestimmte IP auf und als ich dann mal dem TCP Stream gefolgt bin kamen folgende 2 Codes raus kann mir einer Sagen von was ich befallen bin?

Code:
ATTFilter
HTTP/1.1 200 OK

Date: Thu, 17 Jul 2008 15:30:54 GMT

Server: Apache

Last-Modified: Thu, 05 Jun 2008 13:43:52 GMT

ETag: "1cc006-3c2f-44eeb89249600"

Accept-Ranges: bytes

Content-Length: 15407

Connection: close

Content-Type: text/plain




;------------------------------------------------------------------------------------------------

; . ........ ....... .......... ...............

;--------------------------------------------------------------------------------------------------



;

; ... .. ......... ... issue . .... ...... .......... . ................ ..... 

; ...... issue ........... .... . .... ....... ...... ..... ......:

; [........]

; Detect=<...... ...........>:<......>

; ....... ...........:

; registry              - ........... .. ....... ...... . .......

; service               - ........... .. ....... ......

; driver                - ........... .. ....... ........

; process               - ........... .. ....... ........

;

; ........:

; disable_on_access     - ......... on-access .......

; disable_on_any_access - ........... ..... ...... on-access, ......... ...... ... ..........

; compatible_on_access  - ........... ..... ...... on-access, .. ......... .. ........ .....

; disable_sandbox       - .. ...........
.. sandbox ....... .....

; disable_wlhook        - .. ............. wl_hook .....

; sandbox_exclusion     - ......... .... . .......... sandbox (... .........)

; wl_hook_exclusion     - ......... .... . .......... wl_hook (.. ........)

; cancel_install.- ...... .......... .. ......... .......

; disable_attributes    - ......... ........... ........ (Smart Scan .....)

; disable_content    .- ......... .......... .......
.

;



[issues]

; checked antiviruses

nod32_integrity_issue=NOD32 Integrity Issue

nod32_on_access_issue=NOD32 On-Access Issue

klif_issue=Kaspersky On-Access Scanner Issue

kavavp_issue=Legacy Kaspersky Service Issue

drweb_issue=DrWeb Issue

avg_av_issue=AVG Anti-Virus Issue

avg_av_issue_v7=AVG Anti-Virus Issue

symantec_issue=Norton (Symantec) AntiVirus Issue

symantec_v10_issue=Norton (Symantec) AntiVirus Issue

symantec_autoprotect_issue=Symantec AntiVirus AutoProtect Issue

symantec_filtration_issue=Symantec AntiVirus content filtration Issue

avast_issue=avast! Issue

mcafee_issue=McAfee VirusScan Issue

avira_issue=Avira AntiVir Issue

avira_issue_v7_2000.32_issue=Avira AntiVir Issue

bitdefender_av_issue=BitDefender AntiVirus Issue

bitdefender_av_2008_issue=BitDefender Antivirus 2008 Issue

spysweeper_issue=Spy Sweeper Issue

ca_issue=CA Anti-Virus Issue

ca_av_v8_xp.32_issue=CA Anti-Virus Issue

gdata_avk_issue=GDATA AntiVirusKit Issue



; checked firewalls

lavasoft_firewall_issue=Lavasoft Fi
rewall Issue

quickheal_firewall_issue=Quick Heal Firewall Issue

buhl_firewall_issue=PC Firewall Issue

sophos_firewall_issue=Sophos Client Firewall Issue

agava_firewall_issue=AGAVA Firewall Issue

f-secure_firewall_issue=F-Secure Firewall Issue

jetico_firewall_issue=Jetico Firewall Issue

zonealarm_firewall_issue=ZoneAlarm Firewall Issue

checkpoint_firewall_issue=CheckPoint Firewall Issue

onlinearmor_firewall_issue=Onl
ine Armor Personal Firewall Issue

virusbuster_issue=VirusBuster Issue



; not checked

mcafee_framework_issue=McAffee Framework Self Protection Issue

mcafee_enterprise_issue=McAffee Enterprise Self Protection Issue

mcafee_scan_online=McAffee Online Scan Self Protection Issue

sophos_issue=Sophos Antivirus Issue

comodo.= Comodo Installation

za_inst.= Zone Alarm Installation





;----------------------------------------------------------------------------------------

; Antivirus

;----------------------------------------------------------------------------------------



[nod32_integrity_issue]

Product=nod32_product

Detect=service:nod32krn

Detect=service:ekrn

Action=wl_hook_exclusion ekrn.exe

Action=sandbox_exclusion ekrn.exe

Action=wl_hook_exclusion egui.exe

Action=wl_hook_exclusion nod32.exe

Action=wl_hook_exclusion nod32kui.exe

Action=wl_hook_exclusion nod32krn.exe

Action=disable_content vista



[nod32_on_access_issue]

Product=nod32_product

Detect=driver:amon

Detect=driver:eamon

Action
=disable_on_access



[klif_issue]

Detect=driver:klif

Action=disable_on_access

Product=kis_product



[kavavp_issue]

Detect=service:avp

Product=kis_product

Action=wl_hook_exclusion avp.exe

Action=sandbox_exclusion avp.exe

Action=kaspersky_av_exclusion_action

Action=kaspersky_suspend_protection_action

Action=disable_attributes

Action=disable_content vista



[drweb_issue]

Product=drweb_product

Detect=service:spid
ernt

Detect=driver:spider

Action=disable_on_access



[avg_av_issue]

Product=avg_product

Detect=service:Avg7Alrt

Action=wl_hook_exclusion avgemc.exe

Action=wl_hook_exclusion avgrssvc.exe



[avg_av_issue_v7]

Product=avg_product

Detect=driver:avg7rsxp

Detect=driver:avgmfx86

Detect=driver:avgmfx64

Action=disable_on_access



[symantec_issue]

Product=symantec_product

Detect=service:CLTNetCnService

Action=wl_hook_exclusion ccSvcHst.exe

Action=sandbox_exclusion ccSvcHst.exe

Action=wl_hook_exclusion CCPD-LC\symlcsvc.exe

Action=sandbox_exclusion CCPD-LC\symlcsvc.exe

Action=symantec_disable_auto_protect

Action=disable_attributes



[symantec_v10_issue]

Product=symantec_product

Detect=service:ccEvtMgr

Action=wl_hook_exclusion ccEvtMgr.exe

Action=sandbox_exclusion ccEvtMgr.exe

Action=disable_attributes



[symantec_autoprotect_issue]

Product=symantec_product

Detect=driver:eectrl

Detect=service:ccEvtMgr

Action=disable_on_access



[symantec_filtration_issue]

Product=symantec_product

Detect=
driver:SYMTDI

Action=disable_content



[avast_issue]

Product=avast_product

Detect=registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!:InstallLocation

Action=wl_hook_exclusion ashserv.exe

Action=sandbox_exclusion ashserv.exe

Action=wl_hook_exclusion ashwebsv.exe

Action=sandbox_exclusion ashwebsv.exe 

Action=wl_hook_exclusion ashmaisv.exe

Action=sandbox_exclusion ashmaisv.exe

Action=disable_on_
access

Action=disable_content vista



[avira_issue]

Product=avira_product

Detect=driver:avgio

Action=disable_on_access

Action=disable_content vista



[avira_issue_v7_2000.32_issue]

Product=avira_product

Detect=driver:avgntdd

Action=disable_on_access



[bitdefender_av_issue]

Product=bitdefender_product

Detect=driver:bdrsdrv

Action=disable_on_access

Action=disable_content vista

Action=bitdefender_product_turnoff



[bitdefender_av_2008_issue]

Product=bitdefender_product

Detect=service:vsserv

Action=wl_hook_exclusion vsserv.exe

Action=disable_on_access



[ca_issue]

Product=ca_product

Detect=service:InoRT

Detect=service:InoRPC

Detect=service:InoTask

Detect=service:InoNmSrv

Action=wl_hook_exclusion InoNmSrv.exe

Action=wl_hook_exclusion InoTask.exe

Action=wl_hook_exclusion InoRT.exe

Action=wl_hook_exclusion InoRpc.exe

Action=disable_on_access



[ca_av_v8_xp.32_issue]

Product=ca_product

Detect=service:vetmsgnt

Action=disable_on_access



[gdata_avk_issue]

Product=gdata_product

De
tect=service:AVKWCtl

Detect=service:AVKService

Action=disable_on_access

Action=wl_hook_exclusion avkwctl.exe

Action=sandbox_exclusion avkwctl.exe

Action=wl_hook_exclusion avkwctlx64.exe

Action=sandbox_exclusion avkwctlx64.exe

Action=wl_hook_exclusion avkservice.exe

Action=sandbox_exclusion avkservice.exe



[spysweeper_issue]

Product=spysweeper_product

Detect=service:WebrootSpySweeperService

Action=wl_hook_exclusi
on ssu.exe

Action=sandbox_exclusion ssu.exe

Action=wl_hook_exclusion spysweeper.exe

Action=sandbox_exclusion spysweeper.exe

Action=wl_hook_exclusion spysweeperui.exe

Action=wl_hook_exclusion safesweeper.exe

Action=disable_on_access



[mcafee_issue]

Product=mcafee_product



Detect=service:McShield

Action=wl_hook_exclusion mcshield.exe

Action=sandbox_exclusion mcshield.exe

Action=disable_on_any_access



;----------------------------------------------------------------------------------------

; Firewall

;----------------------------------------------------------------------------------------



[lavasoft_firewall_issue]

Product=lavasoft_product

Detect=service:LavasoftFirewall

Detect=registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lavasoft Firewall Pro_is1:InstallLocation

Action=cancel_install



[quickheal_firewall_issue]

Product=quickheal_product

Detect=service:QuickHealFirewall

Action=cancel_install



[buhl_firewall_issue]

Product=buhl_firewall_product

Detect=service:S
Firewall

Action=cancel_install



[sophos_firewall_issue]

Product=sophos_fw_product

Detect=service:SophosFirewall

Action=cancel_install



[agava_firewall_issue]

Product=agava_fw_product

Detect=service:fwservice

Action=cancel_install



[f-secure_firewall_issue]

Product=f-secure_fw_product

Detect=driver:fsfw

Action=cancel_install



[jetico_firewall_issue]

Product=jetico_fw_product

Detect=service:Jetico Personal 
Firewall server

Action=cancel_install



[zonealarm_firewall_issue]

Product=za

Detect=service:vsmon

Action=cancel_install



[checkpoint_firewall_issue]

Product=checkpoint_fw_product

Detect=service:FW1SVC

Action=cancel_install



[onlinearmor_firewall_issue]

Product=onlinearmor_fw_product

Detect=service:SvcOnlineArmor

Action=cancel_install



[virusbuster_issue]

Product=virusbuster_product

Detect=service:VBCompManService

Action=cancel_install



;----------------------------------------------------------------------------------------

;unchecked below

;----------------------------------------------------------------------------------------



[mcafee_framework_issue]

Product=mcafee_product

Detect=registry: HKLM\SOFTWARE\Network Associates\TVD\Shared Components\Framework:Installed Path

Action=wl_hook_exclusion frameworkservice.exe

Action=disable_on_access

Action=disable_content vista

Action=disable_mcafee_access_protection



[mcafee_enterprise_issue]

Product=mcafee_product

Detect=registr
y: HKLM\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion:szInstallDir

Action=wl_hook_exclusion vstskmgr.exe

Action=wl_hook_exclusion avf.exe

Action=disable_on_access



[mcafee_scan_online]

Product=mcafee_product

Detect=registry: HKLM\SOFTWARE\McAfee.com\Virusscan Online:Install Dir

Action=wl_hook_exclusion mcshield.exe

Action=wl_hook_exclusion mcvsrte.exe

Action=wl_hook_exclusion mcvsescn.exe

Act
ion=disable_on_access



[sophos_issue]

Product=sophos_product

Detect=service:savprogress.exe

Action=wl_hook_exclusion savprogress.exe



[comodo]

Detect=registry:HKLM\Software\Microsoft\Windows\Uninstall\Comodo Firewall

Action=cancel_install

Product=comodo_app



[za_inst]

Detect=registry:HKLM\Software\Microsoft\Windows\Uninstall\Zone Alarm

Action=cancel_install

Product=za



;--------------------------------------------------------------------------------------------------

; . ........ ....... ........ ....... ........... . ........ ........... ...............

;--------------------------------------------------------------------------------------------------



[msdev]

ProductName=Microsoft Developer Studio .NET

ProductVendor=Microsoft Corp



[suite20]

ProductName=Agnitum Security Suite 2008 or later

ProductVendor=Agnitum Ltd



[sysdrv]

ProductName=OS Hardware Drivers

ProductVendor=Hardware Vendors



[drv]

ProductName=Hardware kernel-mode Drivers

ProductVendor=Hardware Manufacturer




[za]

ProductName=Zone Alarm Firewall/Security Suite

ProductVendor=Zone Labs, LLC



[comodo_app]

ProductName=COMODO Firewall or Firewall Pro

ProductVendor=COMODO



;--- checked firewalls



[lavasoft_product]

ProductName=Lavasoft Personal Firewall

ProductVendor=Lavasoft AB



[quickheal_product]

ProductName=Quick Heal Firewall Pro

ProductVendor=Cat Computer Services Ltd.



[buhl_firewall_product]

ProductName=PC Fi
rewall

ProductVendor=Buhl Data Service GmbH



[sophos_fw_product]

ProductName=Sophos Client Firewall

ProductVendor=Sophos Plc.



[agava_fw_product]

ProductName=AGAVA Firewall

ProductVendor=AGAVA Software



[f-secure_fw_product]

ProductName=F-Secure Internet Security

ProductVendor=F-Secure Corporation.



[jetico_fw_product]

ProductName=Jetico Personal Firewall

ProductVendor=Jetico, Inc



[checkpoint_fw_product]

ProductName=Check Point Firewall

ProductVendor=Check Point Software Technologies Ltd.



[onlinearmor_fw_product]

ProductName=Online Armor Personal Firewall

ProductVendor=Tall Emu Pty Ltd



[virusbuster_product]

ProductName=VirusBuster

ProductVendor=VirusBuster Ltd.



;--- checked anti-viruses



[drweb_product]

ProductName=Dr.Web Antivirus

ProductVendor=Doctor Web, Ltd.



[avg_product]

ProductName=AVG Anti-Virus / AVG Internet Security

ProductVendor=GRISOFT Inc.



[symantec_product]

ProductName=Norton (Symantec) AntiVirus

ProductVendor=Symantec Corporation



[avast_produc
t]

ProductName=avast!

ProductVendor=ALWIL Software



[mcafee_product]

ProductName=McAfee VirusScan

ProductVendor=McAfee, Inc



[avira_product]

ProductName=Avira AntiVir / Avira Security Suite

ProductVendor=Avira GmbH



[nod32_product]

ProductName=NOD32 Antivirus

ProductVendor=ESET



[kis_product]

ProductName=Kaspersky Antivirus/Internet Security Suite

ProductVendor=Kaspersky Lab



[gdata_product]

ProductName=
GDATA Antivirus

ProductVendor=G DATA Software AG.



[bitdefender_product]

ProductName=BitDefender

ProductVendor=Softwin GmbH



[spysweeper_product]

ProductName=Spy Sweeper

ProductVendor=Webroot Software, Inc.



[ca_product]

ProductName=CA eTrust Antivirus

ProductVendor=CA



;--- ported from presets



[sophos_product]

ProductName=SOPHOS Antivirus

ProductVendor=SOPHOS





;--------------------------------------------------------------------------------------------------

; . ........ ....... ........ ....... ............ ...... ......... .............. . ...... GUI ......

; .........

;

; ........! ..... .... ActionCaption .. ...... ......... 70 ........!!!

;--------------------------------------------------------------------------------------------------



[cancel_install]

ActionCaption=Installation is impossible (incompatible product found)

ActionText=Please unsinstall the incompatible product to continue the installation.

Fatal=true



[kaspersky_av_exclusion_action]

ActionCaption=Add 
product installation folder to Kaspersky Antivirus Trusted Zone

ActionText=After product installation, please add its installation folder to Kaspersky Antivirus Trusted Zone.

ActionURL=http://www.agnitum.com/support/kb/article.php?id=1000030&lang=<LANG>#9



[kaspersky_suspend_protection_action]

ActionCaption=Suspend Kaspersky Antivirus protection during installation

ActionText=To avoid warning messages during installati
on, please suspend Kaspersky Antivirus protection using the system tray menu command.



[bitdefender_product_turnoff]

ActionCaption=Unload BitDefender before installation

ActionText=To avoid BitDefender BSODs during installation, please turn it off.



[symantec_disable_auto_protect]

ActionCaption=Disable Norton Antivirus Auto-Protect

ActionText=To avoid conflicts during product operation, please disable Norton Antivirus Auto-Protect feature: open Norton Antivirus main window, select the Norton Antivirus tab, select Settings and click Auto-Protect > Turn Off under Basic Security.



[disable_mcafee_access_protection]

ActionCaption=Disable McAfee VirusScan Access Protection 

ActionText=To avoid conflicts during product operation, please disable McAfee VirusScan Access Protection feature: open McAfee VirusScan console, right-click Access Protection and select Disable.
Der 2 Sniff ist hier zu finden mit ihm wäre der Thread zu lang
nopaste.com (beta)

Ich hoffe, dass ihr mir helfen könnt und mir sagen könnt wie ich den vermeintlichen Schädling bekämfen kann
greets infernomercy

 

Themen zu Wifi Sniff -> ein vermeintlicher Bot???
adapter, antivirus 2008, antivirus protection, avast!, bot, codes, components, computer, continue, defender, dr.web, folge, g data, helfen, internet, kaspersky, kis, microsoft, online armor, opera, registry, scan, schädling, security, security suite, sniff, software, studio, system, tcp, trojaner, virusscan, warning, windows, wireshark, zone alarm


« PC verschickt willkürlich E-Mails | winsys2.exe »


Ähnliche Themen: Wifi Sniff -> ein vermeintlicher Bot???


  1. l+f: Politiker, Militärs und Journalisten fallen auf Free-Wifi-Trick rein
    Nachrichten - 15.01.2015 (0)
  2. Wifi Protector entfernen
    Anleitungen, FAQs & Links - 26.06.2014 (2)
  3. Lollipop adware nach wifi remote installation
    Log-Analyse und Auswertung - 15.01.2014 (9)
  4. Win XP: Nach Protugal Hotel WIFI, permanente Werbung Popup
    Log-Analyse und Auswertung - 05.10.2013 (5)
  5. Virtuelles Wifi über WLAN Stick
    Alles rund um Windows - 19.09.2013 (0)
  6. Vermeintlicher Zero-Day-Exploit für Plesk
    Nachrichten - 06.06.2013 (0)
  7. Neuer GVU-Trojaner erpresst mit vermeintlicher Kinderpornografie
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (6)
  8. vermeintlicher BKA-Trojaner - wirklich weg?
    Log-Analyse und Auswertung - 08.04.2012 (17)
  9. vermeintlicher Bundestrojaner, wpbt0.dll[.ink]
    Log-Analyse und Auswertung - 29.12.2011 (11)
  10. Wifi und mein leerer Akku...
    Netzwerk und Hardware - 22.09.2009 (0)
  11. Vermeintlicher MBR RootKit (F-Secure)
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (5)
  12. Wifi AP Solo!
    Mülltonne - 31.08.2008 (0)
  13. Wifi Probleme mit der Verbindung..:-(
    Netzwerk und Hardware - 26.11.2005 (1)
  14. ...isolierter PC... *sniff*
    Netzwerk und Hardware - 18.12.2004 (3)
  15. WiFi-Server TOSHIBA Magnia SG20
    Netzwerk und Hardware - 01.05.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Wifi Sniff -> ein vermeintlicher Bot??? - Hi Da ich denke dass ich iwie von nem Bot oder nem Trojaner oder so befallen bin hab mich heute mit Wireshark hingesetzt und mal meinen Network Adapter gesnifft und - Wifi Sniff -> ein vermeintlicher Bot???...
Archiv
Du betrachtest: Wifi Sniff -> ein vermeintlicher Bot??? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58