Annie

Thank you, Tom, but I still don't know how to disable the port. I'm not that
experienced a computer person. I want it disabled as long as it won't
interfere with my wireless internet connection.

Dan, I ran disk cleanup, defrag, Adaware, Spybot, Avast and HJT. I thought
HJT was supposed to be the one that told me if I had anything bad on my
computer. ??? If these programs don't pick up the RootKit/Virus combo,
you're saying Microsoft will?

The computer is running fine except for the incoming, from my IP, to my 2869
port. No outsiders. What will happen if I 'do' have a RootKit/Virus combo?
What should I look for in terms of odd behavior?



"Tom [Pepper] Willett" wrote:

> http://www.wilderssecurity.com/archi...p/t-59493.html
>
> "Annie" <Annie@discussions.microsoft.com> wrote in message
> news:5121917C-5F58-4F61-8300-5853E7AD2F79@microsoft.com...
> : post too long...deleted some.
> :
> :
> : Thought I had the problem fixed. No such luck.
> :
> : ZA is still blocking to port 2869. Constant incoming alerts are driving
> me
> : crazy. Do I need to have this port open? If not, how do I close it? I
> : don't have anything networked such as wireless printers,
> : computer-to-computer, palm, etc. I do, however, have a router. Does this
> : make a difference?
> :
> : Again...would love your advice. Maybe I should start a new thread?
> :
> :
> :
> :
> :
> :
> : "Annie" wrote:
> :
> : > Just called BrightHouse and they had to reset my router. This seemed to
> take
> : > care of my ZA messages. I think my computer is clean according to HJT
> : > people...so...I'm logging off.
> : >
> : > Thanks to everyone who helped. You guys are amazing!
> : >
> : >
> : >
> : >
> : > "Annie" wrote:
> : >
> : > > Thanks, Root Kit.
> : > >
> : > > A response from the other site regarding my HJ logs said he thinks I'm
> : > > actually pretty clean at the time. No malware.
> : > >
> : > > So now I'm thinking my issue is with ZA. Maybe I'll hold off on
> : > > reformatting/reinstalling. ?? Will try to figure out what would be
> : > > comparable to ZA in regards to security and try a new program.
> : > >
> : > > I took off all personal data from my computer and backed everything
> up. I
> : > > do have the recovery disk if needed.
> : > >
> : > > Thanks again.
> : > >
> : > >
> : >
>
>
>

Tom [Pepper] Willett

If it's in your modem, contact your ISP to find out how.

"Annie" <Annie@discussions.microsoft.com> wrote in message
news:49799E98-B053-4FDF-8000-62B970D4A2FE@microsoft.com...
: Thank you, Tom, but I still don't know how to disable the port. I'm not
that
: experienced a computer person. I want it disabled as long as it won't
: interfere with my wireless internet connection.
:
: Dan, I ran disk cleanup, defrag, Adaware, Spybot, Avast and HJT. I
thought
: HJT was supposed to be the one that told me if I had anything bad on my
: computer. ??? If these programs don't pick up the RootKit/Virus combo,
: you're saying Microsoft will?
:
: The computer is running fine except for the incoming, from my IP, to my
2869
: port. No outsiders. What will happen if I 'do' have a RootKit/Virus
combo?
: What should I look for in terms of odd behavior?
:
:
:
: "Tom [Pepper] Willett" wrote:
:
: > http://www.wilderssecurity.com/archi...p/t-59493.html
: >
: > "Annie" <Annie@discussions.microsoft.com> wrote in message
: > news:5121917C-5F58-4F61-8300-5853E7AD2F79@microsoft.com...
: > : post too long...deleted some.
: > :
: > :
: > : Thought I had the problem fixed. No such luck.
: > :
: > : ZA is still blocking to port 2869. Constant incoming alerts are
driving
: > me
: > : crazy. Do I need to have this port open? If not, how do I close it?
I
: > : don't have anything networked such as wireless printers,
: > : computer-to-computer, palm, etc. I do, however, have a router. Does
this
: > : make a difference?
: > :
: > : Again...would love your advice. Maybe I should start a new thread?
: > :
: > :
: > :
: > :
: > :
: > :
: > : "Annie" wrote:
: > :
: > : > Just called BrightHouse and they had to reset my router. This
seemed to
: > take
: > : > care of my ZA messages. I think my computer is clean according to
HJT
: > : > people...so...I'm logging off.
: > : >
: > : > Thanks to everyone who helped. You guys are amazing!
: > : >
: > : >
: > : >
: > : >
: > : > "Annie" wrote:
: > : >
: > : > > Thanks, Root Kit.
: > : > >
: > : > > A response from the other site regarding my HJ logs said he thinks
I'm
: > : > > actually pretty clean at the time. No malware.
: > : > >
: > : > > So now I'm thinking my issue is with ZA. Maybe I'll hold off on
: > : > > reformatting/reinstalling. ?? Will try to figure out what would
be
: > : > > comparable to ZA in regards to security and try a new program.
: > : > >
: > : > > I took off all personal data from my computer and backed
everything
: > up. I
: > : > > do have the recovery disk if needed.
: > : > >
: > : > > Thanks again.
: > : > >
: > : > >
: > : >
: >
: >
: >

PA Bear [MS MVP]

Stick with http://aumha.net/viewtopic.php?f=30&t=34821, Annie.

Annie wrote:
> post too long...deleted some.
>
> Thought I had the problem fixed. No such luck.
>
> ZA is still blocking to port 2869. Constant incoming alerts are driving
> me
> crazy. Do I need to have this port open? If not, how do I close it? I
> don't have anything networked such as wireless printers,
> computer-to-computer, palm, etc. I do, however, have a router. Does this
> make a difference?
>
> Again...would love your advice. Maybe I should start a new thread?
>
>> Just called BrightHouse and they had to reset my router. This seemed to
>> take care of my ZA messages. I think my computer is clean according to
>> HJT
>> people...so...I'm logging off.
>>
>> Thanks to everyone who helped. You guys are amazing!
<snip>

Shenan Stanley

<snipped>

Annie wrote:
> post too long...deleted some.
>
> Thought I had the problem fixed. No such luck.
>
> ZA is still blocking to port 2869. Constant incoming alerts are
> driving me crazy. Do I need to have this port open? If not, how
> do I close it? I don't have anything networked such as wireless
> printers, computer-to-computer, palm, etc. I do, however, have a
> router. Does this make a difference?
>
> Again...would love your advice. Maybe I should start a new thread?

Personally - I think if you are going to continue trying to fix this
yourself - you are going to be better off backing up your important data
(documents, pictures, emails, contacts, etc) and wiping the computer and
installing from scratch.

I don't recommend that lightly - but...

http://groups.google.com/group/micro...2fc976519c105d

and

http://groups.google.com/group/micro...fe465138260bcb

Essentially you have gotten to a point where you are unsure what you have
and whether or not what you might have is good or bad. It is at that point
that the wisest thing to do is (IMHO) start afresh.

- Hook up some external hard disk drive or burn DVDs/CDs of your important
sstuff (keep that machine off the network.) Copy everything you need.
Pictures, documents, spreadsheets, images, emails, contacts, text files,
serial keys, installation files, etc. If you can - get an imaging
application (Norton Ghost, Acronis TrueImage, BootItNG, etc) and make a
complete image of your hard disk drive onto an external device and you can
go back later for anything you did not back up.

- Install Belarc Advisor on the machine (from an external drive or
something) and run it - print the results. That should have your Windows
Product Key, other software with Product keys that register on the machine,
a list of stuff you have installed and a list of the hardware installed on
your machine.

- Break out all of your installation media and keys/etc (Windows XP
installation CD, any office suites/products you have - etc...) Any program
you need to have installed on the computer, find its installation media
(even if it is an installation executable file and a text file with the
serial number in it) and get it onto media seperated from the machine so you
can install using it later.

- Now that you have everything backed up and everything ready to install...
Clean install Windows XP:
http://www.michaelstevenstech.com/cleanxpinstall.html

- Update the hardware drievrs...

- Get Windows XP SP3 from another computer onto CD or thumb drive or
somehting to the newly formatted drive... Install it.

- Install your other software (AV and such).

- THEN connect to the Internet and get updates from
http://windowsupdate.microsoft.com/ ...

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Root Kit

On Thu, 24 Jul 2008 09:22:02 -0700, Annie
<Annie@discussions.microsoft.com> wrote:

>Just called BrightHouse and they had to reset my router.

So afterwards, did you make the basic router securing as suggested?

Root Kit

On Thu, 24 Jul 2008 10:32:01 -0700, Annie
<Annie@discussions.microsoft.com> wrote:

>post too long...deleted some.
>
>
>Thought I had the problem fixed. No such luck.
>
>ZA is still blocking to port 2869.

If it's blocked there's not that much to worry about.

> Constant incoming alerts are driving me crazy.

Yes, but you asked for that yourself by installing ZA.

> Do I need to have this port open? If not, how do I close it? I
>don't have anything networked such as wireless printers,
>computer-to-computer, palm, etc.

Any peer-to-peer app's?

Skype?

Anyway, download and run CurrPorts from NirSoft to try and identify if
some app is using the port mentioned.
http://www.nirsoft.net/utils/cports.html

Root Kit

On Thu, 24 Jul 2008 13:03:01 -0700, Annie
<Annie@discussions.microsoft.com> wrote:

>Thank you, Tom, but I still don't know how to disable the port.

I think Tom is suggesting that UPnP is enabled in your router. And he
may very well be right. Did you make the basic router securing as
suggested?

Root Kit

On Thu, 24 Jul 2008 23:06:31 GMT, Root Kit <b__nice@hotmail.com>
wrote:

>Yes, but you asked for that yourself by installing ZA.

Windows firewall would just have silently blocked it.

Root Kit

On Thu, 24 Jul 2008 10:32:00 -0700, Dan
<Dan@discussions.microsoft.com> wrote:

>Annie, the key word you used is that you Think your Machine is Clean (TMC)
>and unless you run anti-virus programs like Windows Live One Care, Spybot
>Search and Destroy, Kaspersky, and AVG 7.5, and others then how will not be
>sure.

The app's mentioned cannot in any way guarantee that a machine is
clean. Only a thorough comparison of relevant system files to a known
safe baseline can give a trustworthy hint about a systems state. This
is not a task for Joe Average.

>Please make sure only one antivirus program is installed at a time and
>beware of false positives because anti-virus programs like Avast have gotten
>much worse over time. For example, Avast Antivirus thought that Yahoo web
>portal had malware when it did not.

Anti-malware products often cause more problems than they solve.

Annie

I disabled UPnP in the router settings. Also disabled UPnP and SSDP
Discovery Service on my computer. No more messages since I did this.
Everything seems to be running smoothly right now.

In doing this, I found a file I don't recognize. B's Recorder GOLD Library
General Service. bgsvcgen.exe Is this something that should be uninstalled?
(it's not in my add and remove folder) I have no idea what it's doing on my
machine.
The HJT guy said he didn't find any malware so I'm guessing it's OK to leave
on.





"Root Kit" wrote:

> On Thu, 24 Jul 2008 09:22:02 -0700, Annie
> <Annie@discussions.microsoft.com> wrote:
>
> >Just called BrightHouse and they had to reset my router.
>
> So afterwards, did you make the basic router securing as suggested?
>