|
||
|
Title: Wierd Files loaded after loading your files Post by leathersmt on Apr 2nd, 2005, 3:23pm A few days after loading the trial version of your program, I got this stuff happening: First, it loaded this File Version :3.4.2.0 File Description :Advanced Anti Keylogger Lite shell (aak.exe) File Path :C:\Program Files\Advanced Anti Keylogger Lite\aak.exe Process ID :0x448 (Heximal) 1096 (Decimal) Connection origin :remote initiated Protocol :TCP Local Address : 192.168.1.100 Local Port :1036 Remote Name : Remote Address :66.197.143.198 Remote Port : 80 Ethernet packet details: Ethernet II (Packet Length: 60) Destination: 00-0c-6e-3a-6d-aa Source: 00-0c-41-4e-b5-ee Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 56 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x636c (Correct) Source: 66.197.143.198 Destination: 192.168.1.100 Transmission Control Protocol (TCP) Source port: 80 Destination port: 1036 Sequence number: 2457150353 Acknowledgment number: 32635530 Header length: 20 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Checksum: 0xe8e1 (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 0C 6E 3A 6D AA 00 0C : 41 4E B5 EE 08 00 45 00 | ..n:m...AN....E. 0010: 00 28 41 D5 40 00 38 06 : 6C 63 42 C5 8F C6 C0 A8 | .(A.@.8.lcB..... 0020: 01 64 00 50 04 0C 92 75 : 23 91 01 F1 FA 8A 50 11 | .d.P...u#.....P. 0030: 82 74 E1 E8 00 00 00 00 : 5D 71 0A 09 | .t......]q.. Then it loaded these dll's n my System 32 files, is this your program doing this? The new DLLs have been loaded: C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\system32\comres.dll C:\WINDOWS\system32\apphelp.dll To disable DLL Authentication go to the security tab under the Tools, Options menu. File Version :3.4.2.0 File Description :Advanced Anti Keylogger Lite shell File Path :C:\Program Files\Advanced Anti Keylogger Lite\aak.exe Process ID :0x448 (Heximal) 1096 (Decimal) Connection origin :remote initiated Protocol :TCP Local Address : 192.168.1.100 Local Port :1036 Remote Name : Remote Address :66.197.143.198 Remote Port : 80 Ethernet packet details: Ethernet II (Packet Length: 60) Destination: 00-0c-6e-3a-6d-aa Source: 00-0c-41-4e-b5-ee Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 56 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x4f27 (Correct) Source: 66.197.143.198 Destination: 192.168.1.100 Transmission Control Protocol (TCP) Source port: 80 Destination port: 1036 Sequence number: 2457150353 Acknowledgment number: 32635530 Header length: 20 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Checksum: 0xe8e1 (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 0C 6E 3A 6D AA 00 0C : 41 4E B5 EE 08 00 45 00 | ..n:m...AN....E. 0010: 00 28 86 E9 40 00 38 06 : 27 4F 42 C5 8F C6 C0 A8 | .(..@.8.'OB..... 0020: 01 64 00 50 04 0C 92 75 : 23 91 01 F1 FA 8A 50 11 | .d.P...u#.....P. 0030: 82 74 E1 E8 00 00 00 00 : 4D A3 39 09 | .t......M.9. Please advise so I know if I have a hacker or not. Greg |
||
|
Title: Re: Wierd Files loaded after loading your files Post by Eric on Apr 4th, 2005, 8:00am This usual request of Advanced Anti Keylogger to our web site for the new version accessibility. Program makes this request at each system startup because you have enabled this option during first program install. You can disable the check box of this option at any time if you wish. Please refer to: Options menu -> Preferences -> Check for new program versions at startup. |