| Author |
Message |
hetzer
Guest
|
 Posted:
Sat Oct 22, 2005 8:21 am Post subject:
chatty wab |
|
|
I have recently replaced Zonealarm with a copy of Sygate Personal
Firewall. Today it stopped wab.exe, the XP addressbook applet, from
attempting an outgoing connection to aus.mozilla.org via Firefox (my
default browser). I usually use the Thunderbird addressbook but had
opened wab to check an old address.
Is this normal behaviour for wab? Sygate labelled it as "application
hijacking" and I wonder is some email virus or Trojan is at work. Avast
antivirus reports nothing but a scan with antivir did find a "trace" of
a virus in one of my Java files. I let antivir delete the file and all
seems to be running fine. |
|
| Back to top |
|
 |
Casey Klc
Guest
|
| Posted:
Sun Oct 23, 2005 1:24 am Post subject:
Re: chatty wab |
|
|
In article <sTl6f.163301$RW.152093@fe2.news.blueyonder.co.uk>,
hetzer@blueyonder.co.uk says...
| Quote: | I have recently replaced Zonealarm with a copy of Sygate Personal
Firewall. Today it stopped wab.exe, the XP addressbook applet, from
attempting an outgoing connection to aus.mozilla.org via Firefox (my
default browser). I usually use the Thunderbird addressbook but had
opened wab to check an old address.
Is this normal behaviour for wab? Sygate labelled it as "application
hijacking" and I wonder is some email virus or Trojan is at work. Avast
antivirus reports nothing but a scan with antivir did find a "trace" of
a virus in one of my Java files. I let antivir delete the file and all
seems to be running fine.
It is probably not a virus or trojan. Anytime one of your valid |
applications causes another of your valid applications to connect
to internet, Sygate recognizes it as a hijacking. The Sygate
warning window ususlly tells you what is happening and lists the
two applications.
Casey |
|
| Back to top |
|
|
hetzer
Guest
|
| Posted:
Sun Oct 23, 2005 7:00 am Post subject:
Re: chatty wab |
|
|
Casey Klc wrote:
| Quote: | In article <sTl6f.163301$RW.152093@fe2.news.blueyonder.co.uk>,
hetzer@blueyonder.co.uk says...
I have recently replaced Zonealarm with a copy of Sygate Personal
Firewall. Today it stopped wab.exe, the XP addressbook applet, from
attempting an outgoing connection to aus.mozilla.org via Firefox (my
default browser). I usually use the Thunderbird addressbook but had
opened wab to check an old address.
Is this normal behaviour for wab? Sygate labelled it as "application
hijacking" and I wonder is some email virus or Trojan is at work. Avast
antivirus reports nothing but a scan with antivir did find a "trace" of
a virus in one of my Java files. I let antivir delete the file and all
seems to be running fine.
It is probably not a virus or trojan. Anytime one of your valid
applications causes another of your valid applications to connect
to internet, Sygate recognizes it as a hijacking. The Sygate
warning window ususlly tells you what is happening and lists the
two applications.
Casey
Thanks for your prompt reply, Casey! I am somewhat reassured, though I |
shall also be keeping an eye on wab.exe's ins & outs! |
|
| Back to top |
|
|
Guest
|
| Posted:
Mon Oct 24, 2005 4:21 pm Post subject:
Re: chatty wab |
|
|
On Sat, 22 Oct 2005 07:29:28 GMT, hetzer <hetzer@blueyonder.co.uk>
wrote:
| Quote: | I have recently replaced Zonealarm with a copy of Sygate Personal
Firewall. Today it stopped wab.exe, the XP addressbook applet, from
attempting an outgoing connection to aus.mozilla.org via Firefox (my
default browser). I usually use the Thunderbird addressbook but had
opened wab to check an old address.
Is this normal behaviour for wab? Sygate labelled it as "application
hijacking" and I wonder is some email virus or Trojan is at work. Avast
antivirus reports nothing but a scan with antivir did find a "trace" of
a virus in one of my Java files. I let antivir delete the file and all
seems to be running fine.
|
I found this information, which might be of some help. I would at the
least look for a removal tool for this worm and follow the guidance on
this site to see if the registry has been compromise.
http://securityresponse.symantec.com/avcenter/venc/data/w32.leave.worm.html
Good luck. |
|
| Back to top |
|
|
Guest
|
| Posted:
Mon Oct 24, 2005 4:21 pm Post subject:
Re: chatty wab |
|
|
On Sat, 22 Oct 2005 07:29:28 GMT, hetzer <hetzer@blueyonder.co.uk>
wrote:
| Quote: | I have recently replaced Zonealarm with a copy of Sygate Personal
Firewall. Today it stopped wab.exe, the XP addressbook applet, from
attempting an outgoing connection to aus.mozilla.org via Firefox (my
default browser). I usually use the Thunderbird addressbook but had
opened wab to check an old address.
Is this normal behaviour for wab? Sygate labelled it as "application
hijacking" and I wonder is some email virus or Trojan is at work. Avast
antivirus reports nothing but a scan with antivir did find a "trace" of
a virus in one of my Java files. I let antivir delete the file and all
seems to be running fine.
|
I share your concern on this issue. While the file appears to be a
legitmate MS file, I'd be concerned why it's "calling home." I use
Sygate with XP and have never seen this issue. I did a quick search
and did not find anything to help. I'd suggest some additional
research. |
|
| Back to top |
|
|
hetzer
Guest
|
| Posted:
Thu Oct 27, 2005 4:34 am Post subject:
Re: chatty wab |
|
|
<----- Which Way -----> wrote:
| Quote: | On Sat, 22 Oct 2005 07:29:28 GMT, hetzer <hetzer@blueyonder.co.uk
wrote:
I have recently replaced Zonealarm with a copy of Sygate Personal
Firewall. Today it stopped wab.exe, the XP addressbook applet, from
attempting an outgoing connection to aus.mozilla.org via Firefox (my
default browser). I usually use the Thunderbird addressbook but had
opened wab to check an old address.
Is this normal behaviour for wab? Sygate labelled it as "application
hijacking" and I wonder is some email virus or Trojan is at work. Avast
antivirus reports nothing but a scan with antivir did find a "trace" of
a virus in one of my Java files. I let antivir delete the file and all
seems to be running fine.
I found this information, which might be of some help. I would at the
least look for a removal tool for this worm and follow the guidance on
this site to see if the registry has been compromise.
http://securityresponse.symantec.com/avcenter/venc/data/w32.leave.worm.html
Good luck.
Thank you for the URL. |
Sorry for not replying sooner but I have been elsewhere engaged.
So far no signs of infection in Registry etc
Like you I wonder what business wab.exe has in contacting
aus.mozilla.org with Firefox!!?? Unless I specifically tell it to do so
for some reason, wab.exe should not be making internet calls at all!!
I do not consult or keep any data on MSN or any other Internet data
bases, address books etc.
hetzer |
|
| Back to top |
|
|
david
Guest
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in