Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comodo Firewall


  • Please log in to reply
5 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:46 PM

Posted 31 January 2008 - 04:56 AM

Hi Everyone,

I have just recently installed the Comodo firewall to see how it worked. Everything seems to be working as it should, however, I've started getting an alert that has me wondering.

It says --> abcxyz.exe is trying to obtain elevated privileges and is about to obtain System Time Privileges.
[EDIT: Please note that 'abcxyz.exe' is NOT the actual name of the files that I am talking about here.]

I've gotten that alert on several different programs. Can someone tell me what the heck "System Time Privileges" are and whether it's safe to let a program get them?

Another alert that has popped up on several programs says --> abcxyz.exe is attempting to access a2service.exe and tells me that --> this will allow the parent application to fully control the target.
[EDIT: Please note that 'abcxyz.exe' is NOT the actual name of the files that I am talking about here.]

I know what the abcxyz.exe programs are BUT I don't understand why they would want to access the a2services.exe thingy. I think that the a2 thing is part of my anti-dialer program.


Thanks for any insight into this stuff.

Wendy

Edited by Wendy K. Walker, 31 January 2008 - 05:10 PM.

TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:46 PM

Posted 31 January 2008 - 06:33 AM

Hi Wendy

abcxyz.exe Is a part of the Wareout infection See here:

http://www.bleepingcomputer.com/startups/A....exe-14237.html

I suggest you post a HijackThis log for examination.

A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Please read, and follow, all directions carefully!!!

Read Preparation Guide for use before posting a HijackThis Log.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out. It may take a while to get a response, because the HJT Team are very busy. Please, be patient.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team.
The first thing they look for, when looking for logs to reply to, is 0 replies.
If you make another post, there will be 1 reply.

The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

#3 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:46 PM

Posted 31 January 2008 - 05:02 PM

Hi DASOS, Thanks for the reply.

DRAT & DOUBLE DRAT!! :flowers: Now who the heck woulda thunk that there was actually such a thing as a file named abcxyz.exe ?

I will be editing my original post to indicate that abcxyz.exe is not the actual name of the files that are wanting to up-grade their status. I just used that designation instead of listing the actual files by name. :thumbsup:

I know that the .exe's that are trying to get more privileges are safe as I've been running them for a couple of years. I actually think that I may need to change a setting or two in COMODO to stop that from happening because I had opened them previously with no such alert being generated.

Then in a moment of blondness, and while acting like I knew what I was doing, I went click happy in some of the settings and changed some things and that was when those alerts started popping up.

I'm mostly curious as to what the System Time Privilege thing is and whether or not .exe's should have it.

Thanks again for your reply, and I'm sorry about the confusion too.


Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:46 PM

Posted 01 February 2008 - 08:33 AM

You hit the jack pot!!! :thumbsup:

Anyway I’m glad your comp is not infected!!

I believe almost every program .exe (looks) at the time and synchronize with the system, e.g. AVG anti Spyware 30 day trial, needs to know time date, to tell you hm… you forget to pay I’m going to stop the real time protection, and update. Your antivirus can’t do a scheduled scan if it doesn’t know the time. Also windows monitors the time that every exe is running.

Probably someone else can explain the above with better terms, but I believe you got the main picture!

#5 Drewcat

Drewcat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 01 February 2008 - 10:54 AM

Comodo has a support forum you can use. Id go over there and ask. Also having the specifics written down will help. Might not be a bad idea to also have a HJT log looked at here to check for any malware. I have comodo firewall and havent had any issues with it. Only thing maybe is your protection settings somehow got set too high?

Really, they'd know more about this over at Comodo if it is a false alarm of some sort. Until then I would deny it and see if it caused any problems.

#6 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:46 PM

Posted 02 February 2008 - 04:58 AM

Hi DASOS, Thanks for the reply.

OK, I can understand things needing to know the time in that respect. I denied it though and things seemed to work fine. But I couldn't figure out what I had done wrong so I had disconnected from the Internet and un-installed COMODO.

Then reinstalled Zone Alarm, got back on the Internet, downloaded COMODO and started the install wizard. I stopped at the Zone Alarm incompatibility notice and had started un-installing Zone Alarm.

That was when the SpyBot S&D resident kicked up an alert > Category: System Startup Global Entry, Change: Value Added, but the Entry and New Data fields were both blank.

Me being nosy, I clicked the Info button and found > Current File Name, it was blank and followed by; Database Status: Not Required-Virus, SpyWare, malware, or other Resource hog. Value: was blank, Filename: System32.exe, Description: Added by the AGOBOT-KU WORM! Note- has blank entry under the Startup Item/Name field. Source: Paul Collins Startup List.

Needless to say I denied that operation and ran my AV program and sure enough it found that Trojan hiding in two different places. I was able to quarantine one instance of it but had to delete the other instance for some reason.

The file where that thing was hiding has BEEN in my PC since at least 22 May 07 but for some reason my AV has never picked it up before.


Hi Drewcat, Thanks for the reply.

Yeah, I went over there and opened an account, now I'll be doing a lot of reading over there too. But now I'm off to post a HJT just to make sure that I got all of that Trojan.


Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users