Usenet Explorer

I was downloading with usenet explorer and everything was ok. Then i started winrar to unpack a dvd i downloaded. Then suddenly i got the message from sygate firewall (severity: critical according to sygate).



Sygate firewall says:
"
Application Hijacking has been detected
The application: C:\Program Files\WinRAR\WinRAR.exe try to launch another application: D:\usenetexplorerprogramma\UE.exe to go to remote host unlimited.newshosting.com
"
When i said "no do not allow" it kept on repeating. Then i said: always block and now it is not downloading anymore from newshosting.

Could it be that winrar has been hacked or something? I doubt about allowing it, could be dangerous to allow?

I can't believe that winrar needs to start ue, so this looks at least suspicious?

and when winrar has finished,

newshosting starts to download again.

Where did you get your copy of WinRAR from? Even then, I can't see if you have a badly or maliciously cracked copy that it would attempt to manipulate UE. It would be more likely to be a keylogger or similar.

Try redownloading WinRAR from the official site and try again. You can always reinstall your usual copy if it makes no difference. Maybe also try a different firewall - I would recommend ZoneAlarm but that's personal preference.

It only happened 5 times quickly on a row, also with my other server.
After that it did not happen anymore.
all my virus software nor all my antispyware software could find anything related. Also when i opened the same rar files the second time it did not happen.

I deinstalled sygate and try zonealarm 6 suite. I was no fan of zonealarm in the past, because some updates could totally mess up my internet experience. Like certain files disappeared after download, no internet at all was possible, for example.

i will give this suite a change (without the antivirus part because i already have antivirus program). But i must say zonealarm also gives anouncements i cannot understand. Like: " should i allow CLI.exe to connect?" or something like that. Well, like in the sygate case i don't know, i would say:" zonealarm you are the expert on this, give me advice."
I don't know what this program is, nor some others....

bassie wrote:I deinstalled sygate and try zonealarm 6 suite. I was no fan of zonealarm in the past, because some updates could totally mess up my internet experience. Like certain files disappeared after download, no internet at all was possible, for example.

ZoneAlarm does have an annoying habit whereby it stops certain email attachments/downloads from saving properly. That's not a bad thing but I think it's a bit too protective. Go to ZoneAlarm's Email Protection tab and disable Inbound and Outbound protection. As long as you have decent antivirus and you check regularly with antispyware then you will be fine.

To make sure you haven't disabled too much, go to grc.com, specifically Shields Up and run the tests there to make sure you're safe. The best way, though, is to have a hardware firewall and use ZoneAlarm to stop programs from calling home. This has the benefit of not tying up resources on a software firewall and it's a further layer of protection (hardware firewall->software firewall = two layers to get through). On my setup, my router has blocked every single attempt to connect to my machine - there are no entries in ZoneAlarm's log.

If you find ZA seems to have stopped your connection dead, make sure you haven't accidentally engaged Internet Lock. The keys for this are CTRL+L but you can right-click the icon in the taskbar to change it from locked->unlocked and vice versa.

bassie wrote:i will give this suite a change (without the antivirus part because i already have antivirus program). But i must say zonealarm also gives anouncements i cannot understand. Like: " should i allow CLI.exe to connect?" or something like that. Well, like in the sygate case i don't know, i would say:" zonealarm you are the expert on this, give me advice."
I don't know what this program is, nor some others....

I'm guessing you have an ATI card in your system. Check here for more information. If you're unsure of what a file is, just put the filename into Google and it should come up with any number of sites telling you what it is. I bet a lot of people have blocked their Norton antivirus as well - the component that checks emails is called ccapp.exe, hardly a descriptive name. The newer ZoneAlarms call up the ZA database to check on particular files and give a recommendation as to whether or not you should allow or disallow them. You should see a traffic light with a green or red light to help guide you (unless ZA can't connect to the database). In the end, though, the choice is left to you on what action you'd like to take.

CLI is a program that runs a proces for your ATI videoboard.

Since it has no business connecting to the internet, I would not allow it (although it's probably harmless).

There are many programs that don't have any business connecting to the internet, but apparently are trying anyway.

You can disallow the connection, and if you encounter problems later on you can change the setting in Zonealarm so it can connect.

thanks josef k and jaapf for the answers.
i also don't get inbound block messages because i also have a hardware router with firewall i guess. So in principle i could shut off the zonealarm for inbound direction, however yet i don't know how, that will i find out.

I put off email protection inbound and outbound. also put off spam filter, i never get spam at home.

i will experiment more with the firewall, now i am not surre if ZA is allowing a lot of products to look at the internet or not. Smartdefense says "auto" and i don't know what it means. Well i just see.

thanks again for the help, it is much appreciated.

bassie wrote:So in principle i could shut off the zonealarm for inbound direction, however yet i don't know how, that will i find out.

I'm not sure it's all that simple. You'd probably have to set up a rule in the expert section of the firewall tab. I'm thinking that that is probably more hassle than it's worth unless you are sure you know what you're doing as regards to rules. All you really need since you have the hardware is for a software firewall to pick up where the hardware one leaves off, i.e. hardware firewalls don't check for outgoing traffic. At least not unless you set up complex rules and/or the hardware is fairly expensive.

bassie wrote:i will experiment more with the firewall, now i am not surre if ZA is allowing a lot of products to look at the internet or not. Smartdefense says "auto" and i don't know what it means. Well i just see.

ZoneAlarm will immediately pick up anything new that is trying to connect to the outside. If a program has changed, for example you might download the latest version of UE, ZA will alert you to that fact also. To get around that if you are certain a program you update often is safe, as in UE's case, go to the Program Control tab and right-click on the UE entry and select Changes Frequently. This is a good safety feature for cases where viruses or spyware attempt to patch programs to bypass security software.

Be aware that certain software will use other components to connect to the outside. For example, there is a lot of software that uses IE internally for web browsing features. In this case, if you expect ZA to pick up a new program but doesn't, it's likely that it's using IE or something else that you already allowed or disallowed.

I don't know what Smart Defense is (but I can guess) since I use an older version of ZA (not broken - don't need to fix it). Like all software, though, experimentation is the best way to see if a product is for you so just see how it goes and unless you hit a major stumbling block with ZA then most defaults should be fine.

i also removed my version of spysweeper.

maybe it is part of the trouble. I must confess the version was downloaded somewhere on the internet, and maybe it was not a trustable version.

Now i stick to the trusted spywareblaster, lavasoft adaware, and spybot search and destroy and to hitman pro. That programs are for free and can be trusted.
I will see if the strange things disappeared.