Over 1 million tech questions and answers.

Iframe And Arp Spoofing

Q: Iframe And Arp Spoofing

Description of my problem:We determine in our local network an instability, this is due to spread of malware through in it.The malware uses the method of attack based ARP to the local network Gateway ( machine "A" owner of the MAC address "MacA" send packages ARP broadcast on the network indicating that the bridge is the machine A ( right address of Gateway) is at "MacA"), so many machines in our network used a wrong ARP i(I mean MACA of infected machines by this malware)After a long check on them to identify this malware. we found : these machines were infected by:svchost.exe" (175 KO, 179200 Bytes) uses the DLL Packet.dll and wpcap.dll and wanpacket.dll ... \ drivers \ npf.sys.- There realize a scan of all networks 192.168- and 172.16- and 10.0-- It has a "80-port insert" in the svchost paquet-at last we have another problem; when we open web page (as IE or Firefox) before we get the response and taking two or three seconds, the page displays a little gray bare (even we use windows or Linux system) and the view page source return this hxxp:// and this are included in the svchost.exe paquet but it was crypted.- Can somebody help me and explain me haw can we resolve this and clean our local network from this malwre? Thank's in advance

Preferred Solution: Iframe And Arp Spoofing

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Iframe And Arp Spoofing

Please can somebody help me, nobody has an idea about this problem ?

Read other 4 answers

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

A:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers

Hello guys,
I have a MT RB450G, IPSec tunnel is set up on it. thus aside from regular internal internet usage, vpn connection comes on the router.
But lately I noticed sometimes loading a site takes like forever, checked with my ISP and I was informed everything was fine, checked my AP for unknown device and knocked them off by MAC.
In quest for a solution, I connected the ISP cable directly to my machine on which I have Kaspersky Internet Security and blaaaah! I get this info:
THE NETWORK ATTACK DoS.Generic.SYNFlood has been blocked.
TCP from to port 8080
The attacking computer has not been blocked: its address is possibly been spoofed.
The application kept dropping this message/alert with different IP addresses. I quickly check up my bandwidth monitoring page and discovered that usage graph dropped by more than 60% thus releasing my bandwidth.
I really need help on how block off spoofing to my network , as I have been experiencing DOS a lot.
Please help!!!

A:IP spoofing

Talk to your ISP about it.

Read other 1 answers

Hi, our cisco router has dns spoofing enabled. It referrences a private ip address that is present on all our windows workstation's dns settings. An odd thing is occuring, our Anti Virus updates are not working. The address it requests is : www.my-etrust.com, is not reachable. Yet outside of our lan the updates work fine. If I plug in a sprint public dns server address on my workstation, the updates work. I would rather not have to add another address to all workstatron since I'm getting no complaints about other web sites. Any suggestions?



A:dns spoofing

DNS spoofing?

You don't mean fixup, do you?

Read other 1 answers

could some plz tel me what mac spoofing is?!

A:mac spoofing

Not sure but SOUNDS like spoofing a computer mac address to conceal one's identity. Common in times where someone has a wireless device and attempts to connect to an unsecure wireless network.

ie. using a fake name so no one will know who you are.

Read other 10 answers

I live outside of the US and want to watch the new shows on NBC over the internet. When I try, I get a message that the clip is not available in my area. Is there a way to spoof my IP address so it looks like I am in the US or is that illegal. If Illegal, does anyone have any suggestions on how to do this? This is our only TV option!!


A:IP Spoofing

Read other 8 answers

For years and years i have been looking for a program or even a fresh tutorial that can help spoof your IP allowing anonymous surfing, but every thing seems to be too old.

What I mean exactly, is how do you make your self invisible, so your ISP will have your wrong IP logged. Make your self unknown and untrackable. I want to surf the web leaving no thinger prints.

My details:
XP Pro
ASDL Broadband
I am a home user and using a Tiscali internet connection on 150Kb.

This is for pure educational use and has been on my mind since i got into advanced computing.

I have heard many answers that tell me i should use proxy servers, but i dont understand how i should go about doin this. Please help me.

I would much appreciate it if this thought finally comes to a satisfying end, thank you very much.

A:Ip Spoofing!

Read other 7 answers

does anyone know how i can get the real ip address this guy that uses a spoofer to attack me . i'm gettting tired of his Dos attacks and im ready to report him however with him using a spoofer i cant seem to find his real ip address. thanks:)


to look up the sender's IP address, the four numbers separated by dots in the Received line. For argument's sake, let's say that the sender's IP address is 555.666.777.888. At Windows command prompt (Start, Programs, Accessories, Command Prompt) type:

Nslookup 555.666.777.888

This will likely tell you the name of their SMTP server. Another tool you can use is ?

Tracert 555.666.777.888

? which shows the network route from your computer to the IP address indicated. Look for suspicious server names or clues to geographical locations (e.g., SFO for San Francisco). Again, you're looking for discontinuities. (Don't be surprised if the spoofer does some Internet magic to make the IP address useless to you, though.)

You can continue with this sort of detective work up through the different Received fields. If you are lucky you can track down the ISP of the true sender and at least get them kicked off their ISP.

Read other 5 answers

hello, yes i had a question. I was wondering if somebody could tell me how to spoof my ip to any specific one i want, without actually changing my own ip at the same time. is this possible?

A:spoofing ip

Easy to think of illegal reasons for doing that. Not so easy to think of a legitimate reason. Since we cannot determine the intent I am closing this. By now you should be getting the idea that we do not support "shady" activities even though the rules do not list every possible activity.

Read other 1 answers

Hey i need a little help on something. ok lets say i got this competition with a friend. We each need to get the most number of people visiting a website. But each person can only add points once only. The Site knows the Ip address that the person came from. How is it possible that i can raise the points by visiting the site over and over again but not getting disabled by the site? Please help

A:Ip spoofing?


Read the Rules for TSG here: http://www.techguy.org/rules.html

IpSpoofing is a technique employed by spammers, and you will not get any joy back regarding your question from TSG!

-- Tom

Read other 3 answers

Greetings. I'm interested in learning more about spoofing with referrers. Namely how to determine which referrers sites will accept, etc.. If anyone has detailed knowledge on this subject and is willing to speak with me about it, please post it here or e-mail me at [email protected]

Thank you.

Read other answers


Linux Mandriva LTD 2005, KDE 3.3
Firefox (1.0.4/5) and Konqueror browsers
Java JRE
Earthlink dial-up service using kppp dialer

I have a dualboot (Win98/Mandriva) system, but this
problem only exists on my Mandriva system.


The following phrase: /isapi.dll?c=home&htx=loginfrontmember

is being appended to urls, which direct the intended site
to the site for MyFamily.com. The process first loads from the
a1356g.kamai.net site, then loads from additional sites that are
featured on the home page.

For example:
refdesk.com becomes refdesk.com/isapi.dll?c=home&htx=loginfrontmember
and the site for MyFamily.com comes up instead of Refdesk.com

This action appears to affect only (but not all) *.com urls.
For example, yahoo.com and sun.com have not been affected so far,
Also *.net, and *.org urls seem not to be affected.


This problem first occurred around the end of June.
It first appeared while using Firefox 1.0.4 (with various extensions).

I performed various diagnostics to eliminate it.
I cleared out everything in Firefox (cache, cookies, history, etc.),
and checked my system for suspicious files, and deleted some stuff.
At first that didn't work.

I then installed F-prot virus program and ran it, after which the
problem seemed to be eliminated.

After about a week of normal use, however, the problem reappeared.
I feel asleep at the keyboard while on the Net, and when I looked up
the problem had returned. So I don't know if... Read more

Read other answers

I have been noticing the use of "spoof" when reading about spam and phishers in the E-mail systems. My limited understanding: When a link is shown on the HTML document saying "click here for entry to E-bay (for instance)" the actual HTML coded HREF attribute (not shown) is the site of the spammer. Please, anyone chip in and elaborate. Especially show how to detect the actual site that they are trying to entice you to go to as well as any reading and info concerning this Thanks--


See if this helps, please click HERE

Read other 3 answers

How do you stop IP Spoofing?

A:IP spoofing


Read other 3 answers

Hello would appreciate any help
I get dns spoofing frequently according to "WorldIP."  This has been going on for some time.  I'm not sure how reliable WorldIP is?  I've changed my dns servers a couple of times without success.  I've tried using ipconfig /flushdns before, after, and while using a browser with limited success.  Sometimes it fends off the "spoofers" as it were and sometimes not. 

A:dns spoofing

Download and run wipe  and system ninja,
Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.
Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.
Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.To do this:
Hit options.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.
Reboot your machine and then follow the  instructions below.
Step 1: eScanAV.
Disable your antivirus prior to this scan.
Download the eScanAV Anti-Virus Toolkit (MWAV)http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
http://www.escanav.com/english/content/products/downloadlink/downloadp... Read more

Read other 24 answers

Well I took the time to write a paragraph about my problem and pasted/attached the FRST files.  When I clicked 'post' bleeping apparently timed out.  My new topic was posted to my surprise, but didn't have the paragraph I wrote??  So here goes again:
I've been getting spoofed for a while now and I recently posted the problem on bleeping,  http://www.bleepingcomputer.com/forums/t/578189/dns-spoofing/ .  I decided to do a completely new win7 install to bring an end to it.  It didn't seem to make a difference as the spoofing continues.  Here are the FRST files:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by TripR Admin (administrator) on TRIPRADMIN-PC on 19-06-2015 19:55:33
Running from C:\Users\TripR Admin\Desktop
Loaded Profiles: TripR Admin (Available Profiles: TripR Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.ex... Read more

A:Keep getting DNS spoofing

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/580029 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 32 answers

I hope this is the right forum. Recently I received a bunch (4-6 over 2 days) of "returned" undeliverable e-mails from a variety of servers. They all contained the same, vile e-mail that I did not send. I spoke to my ISP CSR- he did not know what the issue was. I spoke to a friend, who assured me it was backscattering and told me not to worry. I found this on the web:

"If your inbox is full of those “Delivery Failure Notification” messages then you are likely seeing backscatter. Check the email headers and if the header nearest the bottom is not your server, then it is definitely backscatter."

I checked the header, and this was the case. I e-mailed my ISP to advise them of this apparent backscattering, and this was their reply:

"It is more likely that your email could be spoofed and a virus is
sending out messages as originating from your email account. You may
wish to run an antivirus scan at your earliest convenience. I recommend simply deleted the bouncebank emails."

My question is: Is my ISP simply wrong? Is there any chance my e-mail address could be blacklisted? I now have a MacBook pro and a router, and considering my ISP's track record, I find their answer lacking in credibility.

Can anyone ease my anxiety? Thank you.

A:Backscattering vs. Spoofing

It never hurts to run a check with an antivirus program.

Are your emails getting through to the people you email?
If yes, then everything is OK.

You seem to have confirmed for yourself that these emails,
in question, were not sent by you.

Read other 1 answers


Gonna sticky this for a week

Eudora is a Windows-based email client, developed by Qualcomm, for Microsoft Windows. Eudora version could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in the status bar. A remote attacker could add multiple characters in the middle of the URL, which would cause only part of the URL to be displayed in the status bar. An attacker could use this vulnerability to gain sensitive information from unsuspecting users, if they could be convinced to visit the spoofed site.
Platforms Affected:

Microsoft Corporation: Windows Any version
Qualcomm: Eudora



A:Eudora URL spoofing

Hmm. Is Outlook any better? At least Eudora gives some hint of where the link will URL to (in the Status Bar), however Outlook doesn't give any indication whatsoever (no Status Bar). At least the version I have, Outlook 2002, doesn't seem to do this. One has to actually go into the source code to see where the link goes when using Outlook, unless someone else has discovered a better way.

It almost seems that MS products WANTS to keep the door open for security risks.

Read other 1 answers

I have had over 80 attack attempts from various Verizon DSL Tampa IPs the past month. I live in Tampa and use DSL. Most hackers come from various carriers and worldwide locations.

I am thinking the person is spoofing their IP and they could be any country or carrier. Would that be correct? For some reason I was not sure you could spoof cable or DSL IP's. Each time it's a different Tampa DSL IP.

And if the person is "spoofing" all these how would they know I am in Tampa using Verizon DSL? It can't be a coincidence. All I can think of is signing someone's guestbook, which would only be someone I know. If there are other ways inform me. Thanks!

Read other answers

My Brother-in-law has had some peculiar symptoms recently...

He has up-to-date Norton Anti-Virus as well as up-to-date Spybot, both of which are run every 2-3 days... nothing major reported by either. He is also running BlackIce Defender, and it is this program which is producing all the weird symptoms of a possible hack / bug?

Whilst logged on to a file-sharing site he recently has been getting an increasing amount of port probing from one IP address. We've ascertained that the address as reported by BlackIce is his own IP address. These probes are becoming more and more frequent... approx every 10-15 minutes, hundreds per day. This has only been happening for the last week or so, and nothing untoward was detected by BlackIce previously.

I'm thinking it's either someone spoofing and attempting to attack his computer, or there's a piece of malware / a bug that's causing the problem.

Any ideas ?


Read other answers

I have started receiving Spam emails with my own email address in the "From.." area.

I have no experience with this but guess that my email address has been spoofed. I have raised a support call with my ISP but have not as yet had a reply. I have also done a deep scan of my entire system using 2 separate scanners but have not found anything suspicious on my system.

I would appreciate some guidance from someone who is knowledgable about this type of issue. In particular I have the following quesions: -

1. Are other people (e.g. those in my address book) also receiving these spam emails, supposedly from me?

2. Can I do anything to fix this problem?

3. Can my ISP do anything to fix this problem?

4. Is there any way that I (or my ISP) can run a trace that will identify the person or organisation that has spoofed by email?

Thanks for your help.


A:Email spoofing

Read other 6 answers

I started getting lots of these things. When I do get them massively my internet becomes slower, sometimes leading to "no connection" and wireless signal is halfway slower.

I noticed that I sarted getting spam in my Gmail inbox (usually 1 per day), its strange because im using Gmail for a couple of years now and these are the first spam that I've got directly to my inbox.

Some other things I noticed (might not be a problem) like the internet connection icon,properties (running windows xp sp3) doesnt show it "firewalled" like it used to, and there are lots of sent packets (almost as much sent packets as received)

Router logs:

03/02/2011 15:21:49 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:21:14 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:21:12 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:21:08 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:21:01 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:20:53 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:20:47 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:20:19 **IP Spoofing**, 67->>, 68 (from WAN Inbound)
03/02/2011 15:19:23 **IP ... Read more

A:Constant IP spoofing

What brand router are you using?

Read other 48 answers

I am getting email returned to me with the doom virus which appears to have been sent from my domain name ( except that the addresses are for people who do not exist. eg if my domain was bloggs. dom, and I used only [email protected] com, these appear to have been sent by [email protected] etc ) Anyone know how this is done?

A:spoofing my address

Welcome to the club..your now with millions of others..

Read other 1 answers

This is the log from my Belkin F5D6231-4 Router.

Can someone tell me:

Am I being hacked?
Where it says "IP Spoofing". Is my router blocking this?
If not, what can I do?

Log File
Mon Apr 24 22:31:44 2006 : Enable DayLight Saving : 01/01 ~ 12/31
Mon Apr 24 21:31:44 2006 : Disable DayLight Saving : 01/01 ~ 12/31
Mon Apr 24 22:24:09 2006 : login successfully
Mon Apr 24 22:10:10 2006 : login successfully
Mon Apr 24 22:08:55 2006 : login successfully
Mon Apr 24 22:07:39 2006 : login successfully
Mon Apr 24 22:06:24 2006 : login successfully
Mon Apr 24 08:48:58 2006 : **IP Spoofing** Source IP: Port:0 Dest IP: Port:1026
Sat Apr 22 11:51:27 2006 : **IP Spoofing** Source IP: Port:50244 Dest IP:x.x.x.x Port:1029
Sat Apr 22 11:51:27 2006 : **IP Spoofing** Source IP: Port:50244 Dest IP:x.x.x.x Port:1028
Sat Apr 22 11:51:27 2006 : **IP Spoofing** Source IP: Port:50244 Dest IP:x.x.x.x Port:1027
Sat Apr 22 11:51:27 2006 : **IP Spoofing** Source IP: Port:50244 Dest IP:x.x.x.x Port:1026
Sat Apr 22 11:51:27 2006 : **IP Spoofing** Source IP: Port:50244 Dest IP:x.x.x.x Port:1025
Thu Jan 01 00:00:16 1970 : Secondary DNS address
Thu Jan 01 00:00:16 1970 : Primary DNS address
Thu Jan 01 00:00:16 1970 : local Secondary DNS address
Thu Jan 01 00:00:1... Read more

A:Am I being hacked? IP Spoofing

I would be more worried about the "login succesfully" messages. No one should be able to log in to your router from the internet. Are you sure you have disabled remote administration from the web?

I edited out your IP address.. If you think you have security issues, then it is not a good idea to let everyone know where a security hole is.

Read other 4 answers

I've installed a Zalman quiet CPU Heatsink/fan for a friend's 2002 MSI mobo, but when the power comes on, the CPU alarm kicks in. No BIOS bypass possible.

Because the fan spins at such a slow speed, the BIOS thinks there's no fan attached.

Anyone know how I can trick the header into thinking there's a full speed fan running? Perhaps a resistor that goes from the red to the yellow on the header?


Read other answers

Hi, I have Windows 7 build 7022 and I cannot spoof my mac address.

I have a wireless card, and programs such as SMAC and other things just aren't working. Is this possible?

A:MAC address spoofing

Try this

Read other 9 answers

HI Bleeping Computer,
it appears someone may have spoofed my email address and is sending spam to users who were in my address book plus to addresses in others address books.
The email is showing coming from someone else but the reply email is my emai.
Here is a kickback email I received from an email that doesn't exist anymore.Mod Edit: Removed email content reflecting email addresses, moved topic to appropriate forum - Hamluis.
Is there a way to determine where the source of this is as my internet provider says they are not able to do anything about it.

A:Possible email spoofing

can a moderater edit my first message and remove the email addresses from it?  I can't seem to edit my message.

Read other 4 answers

I had problems with spoofing my mac address on Windows 7022, but eventually somehow(I have no idea how) it eventually worked. I upgraded to 7068, and it will not change.

I've tried everything, registry keys, programs, everything.

I have a Linksys WUSB600N Wireless-N USB Network adapter with Dual-Band v2.

What can I do?

A:MAC Address Spoofing

In the device manager, go to your adapter. Right click on it, choose properties. There then should be an advanced tab with network address choice. Fill in what you want there. If you don't have this, your driver doesn't support it. There then may be a 3rd party driver for you adapter.

Read other 5 answers


A:ARP spoofing attack - What is it?

Enable anti-ARP spoofing - A gratuitous Address Resolution Protocol (ARP) frame is an ARP Reply that is broadcast to all machines in a network and is not in response to any ARP Request. When an ARP Reply is broadcast, all hosts are required to update their local ARP caches, whether or not the ARP Reply was in response to an ARP Request they had issued. Gratuitous ARP frames are important as they update your machine's ARP cache whenever there is a change to another machine on the network (for example, if a network card is replaced in a machine on the network, then a gratuitous ARP frame informs your machine of this change and requests to update your ARP cache so that data can be correctly routed). However, while ARP calls might be relevant to an ever shifting office network comprising many machines that need to keep each other updated , it is of far less relevance to, say, a single computer in your home network. Enabling this setting helps to block such requests - protecting the ARP cache from potentially malicious updates (Default = Disabled).
Click to expand...

From here
Firewall Behavior Settings, PC Firewall, Firewall Protection | Internet Security v6.2

Read other 2 answers

Hey, we are facing problem regarding spam and spoofing in our company. we get email messages from each other and from our own email address. can some assist what can be the coz and how to fix it.

A:How to stop spam and spoofing?

You may first want to check the headers of the spoofed messages to make sure that they are not coming from users' within your company that have virus infected computers.

Not sure if or how you could set up a spam filter on your mail server to block outside incoming messages whose headers claim they came from that server.

Read other 2 answers

Hi everyone,

I am trying to load a Windows 2003 security patch - KB941672. When I try to load it, I get an error and load shown below. Anyone know what the prereq is for this patch?

0.641: ================================================================================
0.641: 2008/01/28 20:33:21.046 (local)
0.641: c:\b91b2915f51b54b53443\update\update.exe (version
0.641: Hotfix started with following command line:
0.641: In Function GetBuildType, line 1170, RegQueryValueEx failed with error 0x2
0.657: dns is Present
0.657: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents\dns is Not Equal To Specified Value
0.657: Second Condition in PreReq.CheckRegistry.Section Failed
0.657: Condition Check for Line 1 of PreRequisite returned FALSE
0.657: ReadStringFromInf: UpdSpGetLineText failed: 0xe0000102
0.657: KB941672 Setup encountered an error: Setup cannot continue because one or more prerequisites required to install KB941672 failed. For More details check the Log File c:\windows\KB941672.log
0.672: ReadStringFromInf: UpdSpGetLineText failed: 0xe0000102
0.672: Setup cannot continue because one or more prerequisites required to install KB941672 failed. For More details check the Log File c:\windows\KB941672.log
1.579: Message displayed to the user: Setup cannot continue because one or more prerequisites required to install KB941672 failed. For More details check the Log File c:\windows\KB941672.log
1.579: User Input: OK
1.579: Upda... Read more

Read other answers

For months now I have been receiving messages from people using my name and email address. It is as if the messages were sent by me. This has been very frustrating and worrisome since they are probably using me to spam others as well.
I was advised to scan my system and post the files here so attached is a zipped folder containing these files.
I hope you can help me stop these depraved people.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Owner at 13:21:46 on 2013-07-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.201 [GMT -4:00]
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
============== Running Processes ================
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\27.0... Read more

Read other answers


I'm the victim of spoof which appears to use HOST-style spoofing. When I'm on the eBay homepage, everything is fine, it IS eBay. I click MyEbay to signin, it appears to still be ebay, once I log in, however, it takes me to a very obviously fake and amateurly designed page where I'm supposed to fill out my info. This is NOT a fake email link type scam, this is a severe virus-type scam and I cannot get rid of it for the life of me. I've ran spybot search & destroy, adaware, multiple anti-virus programs, hijackthis, as well as executed other system cleanup tools (like smitfraud removal tool) and checked my Host files. I cannot fix it unless I'm missing something here. Attached is a screenshot. I feel sick about all this.

Here is the page where I got the virus

http://www.ericzhang(dot com)/mp3.php?sub=download

(dot com) = .com ... Removed for obvious reasons. (ENTER AT OWN RISK)

If I were in Firefox at the time of clicking the above link I would've not probably been infected it seems as though its an internet explorer vulnerbility .

This is what shows up in the address bar when I see the scam: https://signin.ebay.com/ws/eBayISAPI.dll?co_partnerid=2&siteid=0&UsingSSL=1 (SAFE LINK)

Which is spoofed on the ebay domain, obviously.

By the way, this all applies to Paypal.com as well.... Attached is the screenshot of that too. And the spoofed link: https://www.paypal.com/us/cgi-bin/w...80d546411d7f8a8350c132bc41e0934cfc023d4e8f9e5 (... Read more

A:eBay + PayPal spoofing

Once again I find an article here http://www.theregister.co.uk/2007/05/25/strange_spoofing_technique/

but still no solution.

Thanks guys

Read other 2 answers

So for the past several months, I've been getting a few spam e-mails from a few contacts (subject is their name message body is a single link). I always ignore them and delete them. I also use Windows Live Mail exclusively. Now, today, I noticed that I've become the victim of this spam e-mail attack. When looking further into it. I see that the spam is not actually sent from me, but from another address (spoofing I assume). So as harmless as it appears, they still did send out their spam email spoofing my address, but to all of my contacts (or at least many of them). I know the e-mails did not originate from my account, so I'm not too worried but I am confused as to how they have my contact's e-mails without getting accessing my e-mail account directly. Are there any explanations that would help me understand the situation better?

A:E-mail Spoofing to My Contacts

If you want this to stop, change your password.

Read other 3 answers

i want to download windows 7 sniiping tool and windows 7 search agent for other operating systems like xp seperately. is that possible ? if yes, can u guys send me the Link ? will be much appreciated if it is possible

A:windows 7 spoofing tool

Ryan there is no actaul snipping tool for XP but you can try this Windows XP Snipping Tool - Home
and this XP Snipping Tool Free Download (it is beta so be careful) or SnagIt Download - JoyDownload.com

for starters - if you Google XP snipping tool you will find loads of refs as well

Read other 1 answers

First, I am not subscribed to Linkedin, nor have I been in the past.

Periodically, I get invitations to join, some by people I recognize, some not recognizable. I have not taken them up on the invitation. About month ago, I recieved a Linkedin invitation from a colleague, which I did not reply to. About two days later, I recieved an automated followup invitation, which I also did not reply to. About an hour after that message, I got an email from that colleage asking if I had sent her two spam messages (some off shore pharmacy) that had my return address. I told her I didnt, but in the mean time looked this topic up and found that it was very similar to the ZeusS problem in the fall of 2010. One other thing: no one else in my contacts has said they recieved spam from me - only the one Linkedin colleague (and I have asked around).

I got some help from my IT guy: he said to run TDSS Killer, Malwarebytes, and Combofix, in that order. I ran the first two (in safe mode, full scan) and they came up clean, as did my other program Adaware. Prior to running Combofix, Bleeping said I needed to get a tutor here. That's why I am writing.

1) Does this appear to be a Zeus issue?
2) Will Combofix find it, or are there other scans I should run?
3) Do I need a tutor to interpret what Combofix does?
4) Help!


Read other answers

I wasnt sure exactly what forum to post this under, but I was wondering if anybody could shed some light on this topic. Im using mediaring voip services, i like it its free. however I was wondering if it was possible to spoof the number you are calling from to fool the caller id of the phone accepting the call. currently I dont it always shows as an unknown number or 999999999 number or something similar. I know caller id spoofing has been done before but ive never heard of it being done with VOIP services. Does anybody have any idea on how to do this? I know its perfectly legal too, i checked that out already.

A:ID spoofing with VOIP service

it may be legal, but I don't think we are going to assist you with it.

closing thread.

Read other 1 answers

I am fighting a virus that I have run into this problem a few times before on customer machines.

It spoofs rkill and mbam by using its own copy and then filling the report with info it generates from the regsitry or browser history.

A virus of some sort infects the machine and creates folders in the \localsettings\temp folder with the folder name RarSFX0 and then RarSFX1 and so on.
In the folder there other folders called Nird, h, and procs.

As well there are files called nircmdc, prep, rkill, s, serv, swreg, winlogon, nircmd, pev, proxycheck, rkill.reg, sed, sh, userinit, and wl

The 'h' folder contains a copy of
explorer and iexplorer

The Nird folder contains a copy of

The procs folder contains a copy of
explorer, 2 copies of iexplore, and proc.dat

When I run Rkill from a thumb drive I am watching Windows Task Manager and see that additional instances of Iexplore and explorer popup and disappear.
Rkill then gives me an installation error dialog box. The CMD window opens and closes quickly multiple times during this process
Then the CMD box pops up as if it is running Rkill.
It finds nothing and closes explorer then there is a pause while explorer restarts.

There is nothing unusual running in the processes under task manager except the occasional explorer or iexplore popping in and out

It then adds another folder to the temp folder called RarSFX3 or 4 or whatever the next number is.

When running mbam it comes up with nothing.

In so... Read more

A:Virus is spoofing rkill

I will ask the Tools creator to look.

Read other 6 answers

Anyone else have a problem where you can't spoof a mac in 7? (I've heard some people have the same problem in Vista) It works for me in XP on the same laptop, and works in Linux, but in W7 directly adding NetworkAddress key to the registry, or using a mac changing prog only works if the first pair of HEX is 0A or higher. It simply doesn't recognise 00 as the first pair (which is the value in most hardware adapters....). This makes it difficult to test IDS systems, firewalls, etc...

The MAC of the intel wired NIC on the same machine (in W7) changes just fine using all available methods.

Anyone found a solution to this, other than using 0A, etc? Is there an older driver (im using that works correctly? Or is this a W7/Vista + Intel issue?


A:MAC Spoofing w Intel 3945

Had the same problem. Solved it my installing an older driver (ver Now all my mac spoofing apps work perfectly

Read other 2 answers

I've been through countless forums, tutorials, tricks, tips, you name it to try and find out how to change my MAC on vista. But none work, is there any possible way?

Will dual booting XP and changing it in there and then using vista work?

Looking for any possible solution.

Dell Wireless 1395 WLAN Mini-card
Dell XPS M1530

A:Spoofing mac address in Vista?

Read other 8 answers

The more I research spoofing and masking the more confused I am. Also another point i'm not too sure about is..anyone spoofing/masking their IP can only send information not receive it as they are not using their real IP, so then information packets can't come back to their computer..right??

A:Whats The Difference Between IP Spoofing And IP Masking

For the latter part, you are correct (at least to my knowledge).

To answer the former, I have to rely on simple English to be honest. Masking: Hiding the IP from view, Spoofing: Forging or changing it.

Read other 3 answers

Anyone know if the patch released by Openwares to address this vulnerability is safe and effective to use??




A:Internet Explorer URL Spoofing Vulnerability

They probably are safe and effective, but no personal expereince with them. I know this one works:


Read other 2 answers

Hello, so I attempted mac spoofing by adding an ip to the arp cache; however it did not allow me to access the internet. I attempted to delete the entry with arp -d which worked and then allowed me to use the internet.

My problem is that whenever I restart my computer, the arp entry is back and I need to redo the arp -d.

Is there any permenent fix for this issue? I can provide the command I used if necessary.

A:Fix Mac spoofing (trying to revert back to normal)

Read other 7 answers

While most of the members here are pretty experienced and savvy about spam, I thought this might be useful information for those who are still fairly new to the internet.I've been getting some spam at my Yahoo address the last few weeks from someone trying to sell "replicas," "finest replicas," "replica watches," etc. No big deal - they automatically go into my bulk mail folder.But today I received one that spoofed my ID, which is not an uncommon event for spammers on Yahoo and other free sites. That in and of itself is no big deal either, because the spammer is obviously using an automated system to spoof these usernames, and Yahoo undoubtedly knows this since it happens with a fair amount of regularity and has been for years. Nonetheless, for two reasons, I think it's a good idea to report this spam (and, in the case of spoofing your ID, fraud) to Yahoo. First, I don't know how Yahoo ultimately handles such spam/spammers, but my concern is that my account might be blocked automatically simply because my ID was spoofed. Second, the more reports Yahoo receives - especially about the same spammer - the better their chances of tracking him or her down.Here's a link to the page that gives you instructions on how to handle this: "Someone is pretending to be me on Yahoo!. What can I do?" When filling out the incident form, you'll find that the e-mail's full header is requested. For those not familiar with the process, here are the instru... Read more

A:Yahoo Spam, And Spammers Spoofing Ids

my question would be; have you ever replied TO any spam e mail, or told anyone to NOT send any more of the spam? do you download any mails to your computer and have you got sufficient and up to date antivirus protection on the computer and other appropriate protection?I guess you do not use mailwasher?some readers also doubtless even open and read the spoof e mails not a good practice ; just chuck them from server and do NOT reply to any spam; I learnt that lesson the hard way by telling someone to NOT send any more ;THAT e mail addy , (now 'infected') gets constant spam

Read other 2 answers

Hey guys,

I was asked by my dad to sort out an issue with this babylon search engine which took over firefox. I did my best and all seemed fine, but its all come back.

I noticed some other weird things, but the one that scares me the most is when I went to download CCleaner, I clicked a link from google and I saw the browser redirecting all over the place until I saw a download page but not from the CCleaner URL.

I tried Chrome, and it took me to another website with a search of the word CCleaner so I copied the url from google and went directly to that url and it looked fine.

That is scary because I have never been this deep in malware before!

Anyways, here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:27:40, on 06/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Progra... Read more

A:Babylon h and malicious link spoofing?

Read other 15 answers