Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got HAMMERED by FREEPROXY dowload program


  • Please log in to reply
10 replies to this topic

#1 ratso

ratso

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona
  • Local time:03:40 AM

Posted 14 January 2009 - 04:31 AM

I entered a question/post on NETWORKING regarding an "UNKNOWN LOCATION" on my network, and have since uncovered a monsterous mess that came about when I stupidly installed a free/shareware program called FREEPROXY. Long and short of it is I unistalled it shortly after installing because it didn't work worth a darn. I accidentally uncovered this "unknown device/IP address" on my LAN that was broadcasting like mad, when I installed the free version of Zone Alarm instead of the XP firewall default. Zone Alarm monitors inbound and outbound traffic. I suddenly was getting all these flags from a location that didn't exist, as far as I knew. As best as I can tell, FREEPROXY created a virtual device with an IP address and has been broadcasting to all kinds of real IP addresses running on very obscure ports like 49326, and the like. My gateway kept kicking me off when I'd sign in. I finally found a work-a-round to get on long enough to lock down the firewall (it's a real firewall Zywall 5 by ZyXEL-like a dope, I had quit monitoring my logs that it has been emailing me regularly-OOPPS! :thumbsup: )

Has anyone had any experience with this program? It could all be innocuous, but, by looking at the amount of packets it spit out, I doubt it. Fortunately the inbound attempts to connect with this phony IP address were dropped by my firewall, but I have no idea what info was sent outbound.

If anyone has any info about this please REPLY ASAP! I goofed bad on this one!!! Thanks.

ratso :flowers:
Nicodemus knew~! So should you~!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:40 AM

Posted 14 January 2009 - 07:27 AM

There are more than one program with similar name.
What site did you download this from and do you have a link to its home page?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:06:40 AM

Posted 14 January 2009 - 08:38 AM

Found this: http://spywarefiles.prevx.com/RRACJJ263564...EPROXY.EXE.html

but why not look at Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools

#4 ratso

ratso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona
  • Local time:03:40 AM

Posted 14 January 2009 - 02:04 PM

Thanks for the prompt responses. I downloaded it from Softpedia. I went back to their site and there are no reviews of the program, but they give their assurance that it's spyware free-BOLOGNA! I am a newbie to this or any forum for that matter and can use any help and suggestions about what to do. I've been monitoring the inbound traffic to this IP address-it's massive and from numerous different IPs, attempting to access my IP thru all sorts of odd-unused ports. My firewall, again is a Zywall 5 and is pretty robust, has picked off or dropped all attempts to communicate with this ficticious location on my network. How do I go about posting a Hijackthis report? I have the program and I have isolated the machine that's the culprit. What should I do?

Thanks again.

ratso :thumbsup:
Nicodemus knew~! So should you~!

#5 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:06:40 AM

Posted 14 January 2009 - 03:18 PM

Just click on the link http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ which is the

Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools and follow the instructions which include, among other instructions: downloading a tool, running this tool and then posting the information to the Hijackthis forum. Just follow the guidelines in the link and you'll be in good hands

Good luck and stay calm
tork

Edited by tork, 14 January 2009 - 03:19 PM.


#6 ratso

ratso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona
  • Local time:03:40 AM

Posted 14 January 2009 - 09:35 PM

Will do~much thanks!

ratso :thumbsup:
Nicodemus knew~! So should you~!

#7 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:06:40 AM

Posted 15 January 2009 - 07:33 AM

ratso

You're welcome and good luck

tork :thumbsup:

#8 gregrobson

gregrobson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 18 January 2009 - 10:47 PM

I entered a question/post on NETWORKING regarding an "UNKNOWN LOCATION" on my network, and have since uncovered a monsterous mess that came about when I stupidly installed a free/shareware program called FREEPROXY. Long and short of it is I unistalled it shortly after installing because it didn't work worth a darn. I accidentally uncovered this "unknown device/IP address" on my LAN that was broadcasting like mad, when I installed the free version of Zone Alarm instead of the XP firewall default. Zone Alarm monitors inbound and outbound traffic. I suddenly was getting all these flags from a location that didn't exist, as far as I knew. As best as I can tell, FREEPROXY created a virtual device with an IP address and has been broadcasting to all kinds of real IP addresses running on very obscure ports like 49326, and the like. My gateway kept kicking me off when I'd sign in. I finally found a work-a-round to get on long enough to lock down the firewall (it's a real firewall Zywall 5 by ZyXEL-like a dope, I had quit monitoring my logs that it has been emailing me regularly-OOPPS! :thumbsup: )

Has anyone had any experience with this program? It could all be innocuous, but, by looking at the amount of packets it spit out, I doubt it. Fortunately the inbound attempts to connect with this phony IP address were dropped by my firewall, but I have no idea what info was sent outbound.

If anyone has any info about this please REPLY ASAP! I goofed bad on this one!!! Thanks.

ratso :flowers:

Hi

For your information and everyone else's who reads this forum, I would like to state the following:
There is no spyware in FreeProxy
There are no trojans in FreeProxy
There is no malware in FreeProxy
It is a standard proxy and works the same way as other such proxies like, for example, squid
It is free
It does NOT open undefined ports
It will ONLY work with the configuration you have input
It will NOT "spontaneously" do ANYTHING
It does NOT create virtual IP addresses (?!)
It is being used successfully by hundreds of thousands of users across the world with no problem
I use it myself for work and home
I speak with some authority on this matter as I am the author of FreeProxy and there is simply no malware in the code. This has been verified by softpedia and others; which seems ridiculous to have to say because I did not write any malware.

The support forum is located at http://www.handcraftedsoftware.org


--Greg

#9 ratso

ratso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona
  • Local time:03:40 AM

Posted 29 January 2009 - 09:52 PM

Greg, I don't pretend to be any expert, but will be happy to post any one of numerous firewall logs that I have where the address, on my lan, which Freeproxy now holds as a static address, outside the scope of my dhcp server, that is being continuously bombarded by a ridiculous amount of wan traffic trying to access "Freeproxy" at a tons of obscure and unused ports. One of the posts in response to my original post points to a website where it is being reviewed as potential spyware (further back on this thread). If it is not spyware or has nothing malicious associated with it, can you tell me why an uncountable number of different IPs on the web are trying to access it from ports ranging from 1070 to 49310 and the like? It is 192.168.2.4 on my lan and in this log:

10|2009-01-28 16:27:41 |76.105.229.7:2936 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
11|2009-01-28 16:27:36 |76.105.229.7:2936 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
12|2009-01-28 16:27:33 |76.105.229.7:2936 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
13|2009-01-28 16:27:25 |125.65.165.139:12200 |192.168.2.4:8800 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
14|2009-01-28 16:27:23 |125.65.165.139:12200 |192.168.2.4:8000 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
15|2009-01-28 16:27:21 |125.65.165.139:12200 |192.168.2.4:3128 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
16|2009-01-28 16:25:17 |0.0.0.0 |224.0.0.1 |ACCESS DROPPED
Unsupported/out-of-order ICMP: ICMP(Normal router advertisement)
17|2009-01-28 16:24:45 |76.105.229.7:2818 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
18|2009-01-28 16:24:38 |76.105.229.7:2818 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
19|2009-01-28 16:24:35 |76.105.229.7:2818 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
20|2009-01-28 16:23:06 |76.105.229.7:44434 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
21|2009-01-28 16:22:56 |76.105.229.7:44434 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
22|2009-01-28 16:22:01 |76.105.229.7:48566 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
23|2009-01-28 16:19:24 |76.105.229.7:48566 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
24|2009-01-28 16:17:15 |76.105.229.7:48566 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
25|2009-01-28 16:15:25 |76.105.229.7:48566 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
26|2009-01-28 16:15:15 | | |
DHCP server assigns 192.168.2.33 to PS-1D505E(00:1B:11:1D:50:5E).
27|2009-01-28 16:15:07 |0.0.0.0 |224.0.0.1 |ACCESS DROPPED
Unsupported/out-of-order ICMP: ICMP(Normal router advertisement)
28|2009-01-28 16:12:25 |76.105.229.7:1795 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
29|2009-01-28 16:12:19 |76.105.229.7:1795 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
30|2009-01-28 16:12:15 |76.105.229.7:1795 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
31|2009-01-28 16:05:44 |76.105.229.7:24138 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
32|2009-01-28 16:04:57 |0.0.0.0 |224.0.0.1 |ACCESS DROPPED
Unsupported/out-of-order ICMP: ICMP(Normal router advertisement)
33|2009-01-28 15:59:13 |76.105.229.7:1362 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
34|2009-01-28 15:59:10 |76.105.229.7:1362 |192.168.2.4:38764 |ACCESS DROPPED
Firewall rule match: TCP (W to L, rule:1)
35|2009-01-28 15:58:02 |60.222.224.137:56535 |192.168.2.4:1026 |ACCESS DROPPED
Firewall rule match: UDP (W to L, rule:1)
36|2009-01-28 15:55:01 |76.105.229.7:24138 |192.168.2.4:38764 |ACCESS DROPPED

Like I said, I am no expert but I am getting hammered by all over the place. Please explain this...

ratso
Nicodemus knew~! So should you~!

#10 ratso

ratso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona
  • Local time:03:40 AM

Posted 29 January 2009 - 09:55 PM

Oh, btw, this is one small piece of 1 2 hour segment of 1 of my logs. I get hit by untold different IPs and ports trying to enter my lan thru FreeProxy. Please tell me what is happening, with all due respect!

John/ratso
Nicodemus knew~! So should you~!

#11 ratso

ratso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Arizona
  • Local time:03:40 AM

Posted 29 January 2009 - 10:12 PM

Greg, again, no offense intended. I said at the very beginning that I am a rookie to all of this, so when a forum regular directs me to a url that says it questionable, and though "hundreds of thousands of users across the world with no problems" Prevx isn't so sure nor are there any reviews of this program on Softpedia, so naturally I was suspicious when I started having problems...

http://spywarefiles.prevx.com/RRACJJ263564...EPROXY.EXE.html

ratso
Nicodemus knew~! So should you~!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users