I deleted every single Java and Adobe file I could find. And I don't know if I want to download the latest versions. Are they REALLY safe this time?
Most vendors try to update their programs when vulnerabilities are discovered so the latest versions are normally the safest to use. However, there is no guarantee an attacker will not look for new ways to circumvent security and exploit any program to achieve their goals.
I am getting alot communication blocks from my firewall from the same three isp's, all located in China (within 10 minutes apart all day long).
controls network traffic and serves two basics purposes
- Prevent incoming communications that you did not request from entering your computer;
- Monitor what programs on your computer are allowed to communicate out.
The firewall does this by enforcing an access control policy
to permit or block (allow or deny) inbound and outbound traffice. Thus, the firewall acts as a central gateway for such traffic by denying illegitimate transfers and facilitatint access which is deemed legitimate. The goal
of the firewall is to prevent remote computers from accessing yours and provide notification of any unrequested traffic that was blocked along with the IP address
. keep in mind however, that a firewall is not a panacea to solve all of your security problems. If you will open ports through your firewall to allow access to an infected machine, then the firewall is no longer relevant.
If your firewall provides an alert
which indicates it has blocked access to a port that does not necessarily mean your system has been compromised. These alert messages are a response to unrequested traffic from remote computers
(an external host) to access a port on your computer.
Alerts are often classified by the network port they arrive on, and they allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer. Even if the port is open, the alert message indicates that your firewall has blocked the attempt to access itIt is not unusual for a firewall to provide numerous alerts regarding such attempted access
and Zombie computers
scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports
- commonly probed ports
and make repeated attempts to access them. Your firewall is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there, so you may need to investigate an attempted intrusion. If your computer is sending out large amounts of data, that can indicate that your system may have a virus or a Trojan.
If the alerts become too annoying, you should be able to go into your firewall settings and turn them off (Hide notification messages).
To check whether or not the port in question is open on your system you can use netstat
from a command prompt
to obtain Local/Foreign Addresses, PID and listening state.
- netstat /? lists all available parameters that can be used.
- netstat -a lists all active TCP connections and the TCP and UDP ports on which the computer is listening.
- netstat -b lists all active TCP connections, Foreign Address, State and process ID (PID) for each connection.
- netstat -n lists active TCP connections. Addresses and port numbers are expressed numerically and no attempt is made to determine names.
- netstat -o lists active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p (example: netstat -ano).
You can use Process Monitor
, an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity or various network traffic monitoring tools
for troubleshooting and malware investigation.
You can investigate IP addresses and gather additional information at:
Rasphone is related to Remote Access Phonebook -> see here
tabiconcache.dat and frameiconcache.dat are often seen in the C:/Documents and Settings/username/Local Settings/Application Data/Microsoft/Internet Explorer folder. I cannot find any information on either of those data files. I see a lot of helpers remove WKLNHST.dat but no information to indicate it is bad or what program was responsible for creating that file. Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.