Prev: CHX Packet Filter - Sample ruleset
Next: Watchdog timeout
From: macdaddy on 21 Nov 2006 11:46

Mark,

I too just had this happen to me. Most of my HTTP requests were being
sent to 209.87.208.60:8083. Oddly enough I had a few that were not
such as my brokerage accounts (which BTW will have new passwords in a
few minutes). Googling for the IP above I found this very thread as
well as this other thread with useful info:

'SWI Forums > Hijack; sp.html; Spybot affected'
(http://forums.spywareinfo.com/lofiversion/index.php/t9447.html)

I'm working on following the steps in that thread right now. I had
ZoneAlarm on this laptop before dropping it during a maintenance
window. That killed my HD. So no I can honestly say that I've never
had ZoneAlarm installed on this hard drive. The link above eludes to a
toolbar. I'm wondering if it's something more sinister. I had to sit
on the public Internet yesterday afternoon with no FW. I wonder if
that did it. I am fully patched but what does that mean nowadays.

J


--
macdaddy
------------------------------------------------------------------------
macdaddy's Profile: http://unixadmintalk.com/512
View this thread: http://unixadmintalk.com/showthread.php?t=176230

 | 
Pages: 1
Prev: CHX Packet Filter - Sample ruleset
Next: Watchdog timeout