Good PCI Wireless LAN for HP PC?

On Fri, 20 Jan 2012 23:25:57 -0200, Shadow <(E-Mail Removed)> wrote:

>On Thu, 19 Jan 2012 09:45:42 -0800, Jeff Liebermann <(E-Mail Removed)>
>wrote:
>
>>On Thu, 19 Jan 2012 15:18:40 -0200, Shadow <(E-Mail Removed)> wrote:
>>
>>> I got an immediate :
>>>"'Application Layer Gateway Service' from your computer wants to
>>>connect to 211.154.151.147, port 21" from my firewall
>>>
>>> From that address. Never happened before, while browsing. Any
>>>ideas ?
>>> []'s
>>
>>Your browser has been hijacked. Port 21 is FTP. Something on your
>>computer is trying to send your saved passwords, or keylogger capture
>>file to China.
>>
>>Assuming Windoze, look in c:\windows\system32\drivers\etc\hosts file.
>>Download, install, and run Malwarebytes (free version). Do the quick
>>scan. If you have another virus scanner, use it assuming it's still
>>working.
> I've done all that. Kaspersky iso boot=clean, Avira iso boot
>=clean, Avast (from linux) = clean, Mbam = clean. My firewall still
>screeches with that one page, but not any other ebay pages.
> <hxxp://www.ebay.com/itm/320819067357>
> So I disabled the alg.exe service and deleted the executables
>(the backup too), even though virustotal showed nothing. I'll wait for
>a new def file to delete the maybe trojan.
> Tnx
> []'s

Sigh. Look a the page source code. Buried among the images is:
<a href="http://item.ebay.com/330661092208" target="_blank">
<img src="ftp://211.154.151.147/load/102-1003-1019_u.jpg"
width="200px" border="0"></a><br><br>
(blah-blah-blah)
<a href="http://item.ebay.com/320817328410" target="_blank">
<img src="ftp://211.154.151.147/load/102-1003-1020_j.jpg"
width="200px" border="0"></a><br><br>

Note that the ftp is for a download, not an upload. The person that
scribbled this web page used ftp instead http to download the images
onto the page. There's no upload, so there's nothing to worry about.

The original message is vague in that it doesn't bother to mention if
the ftp is upload or download. You might want to email some nasty
comments to your firewall vendor.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Fri, 20 Jan 2012 23:04:29 -0800, Jeff Liebermann <(E-Mail Removed)>
wrote:

>> I've done all that. Kaspersky iso boot=clean, Avira iso boot
>>=clean, Avast (from linux) = clean, Mbam = clean. My firewall still
>>screeches with that one page, but not any other ebay pages.
>> <hxxp://www.ebay.com/itm/320819067357>
>> So I disabled the alg.exe service and deleted the executables
>>(the backup too), even though virustotal showed nothing. I'll wait for
>>a new def file to delete the maybe trojan.
>> Tnx
>> []'s
>
>Sigh. Look a the page source code. Buried among the images is:
> <a href="http://item.ebay.com/330661092208" target="_blank">
> <img src="ftp://211.154.151.147/load/102-1003-1019_u.jpg"
> width="200px" border="0"></a><br><br>
>(blah-blah-blah)
> <a href="http://item.ebay.com/320817328410" target="_blank">
> <img src="ftp://211.154.151.147/load/102-1003-1020_j.jpg"
> width="200px" border="0"></a><br><br>
>
>Note that the ftp is for a download, not an upload. The person that
>scribbled this web page used ftp instead http to download the images
>onto the page. There's no upload, so there's nothing to worry about.
>
>The original message is vague in that it doesn't bother to mention if
>the ftp is upload or download. You might want to email some nasty
>comments to your firewall vendor.

Sorry about that. If I had some sleep I probably would have
got there, eventually. I'm rather fond of my firewall .... saved me
from trojans twice. Not the firewall's fault, was a classical PBKAC.
Tnx once again.
[]'s

So nice to visit here its really a nice thread. good hard work, you are doing good work good luck, keep it up..