kerio firewall..... how do i stop alerts

  mrwoowoo 16:23 06 Sep 07
Locked

My sunbelt personal firewall (kerio) constantly displays an intrusion attempt blocked window.
the intruder is C:\windows\system32\qmyykcob.exe
which to me is from within my own machine/o.s (xp)
If i close the window it just comes straight back up again,so how do i alter the settings so i don't get any alerts?
At the mo it is on advanced setting.
Also,what is the file that it is refering too,as i can find nothing on google.

  RicScott 16:33 06 Sep 07

I wouldn't be so worried about the pop-ups from your firewall, I'd be running a full virus scan on your PC as it seems that something is trying to transmit. I cannot find anything that the exe is related to. If it was a system file, then google would show something up for it.

  mrwoowoo 16:54 06 Sep 07

had a trojan which i have removed .Done 2 safe mode scans since and all clean,but since then i am getting this alert.
Found the offending files in my windows system folder.Do you think it would be safe to just delete these after first creating a system restore point?
If anyone could do a search on their system (xp)for qmyykcob.exe to see if it was legit i would be most grateful.

  mrwoowoo 17:12 06 Sep 07

Deleted the files(one was also in the prefetch),but still getting a constant alert.

  skidzy 17:59 06 Sep 07

Just searched through one of my xp machines and no sign of the file.

If this alert is recent,i would first have a look at what you have downloaded recently,this could be a renamed file.

For example,downloading something like Messenger Plus carries a sponsor that includes spyware/malware,a while back this used to be called LOP and was reknown for renaming files and reproducing upon reboot after scans and deletion had been made.

I would first try scanning in safemode with System restore disabled....beaware you will lose all restore points. Try running SAS in safe mode with SR disabled
click here dont forget the usual apps also,Spybot / SD asquared etc click here

  Technotiger 18:19 06 Sep 07

Though not sure if this is exactly what you want ...

Network Intrusion Prevention System (NIPS)
Sunbelt Personal Firewall detects and blocks many types of network intrusions. It uses an internal intrusion database that is automatically updated each time a new version of the firewall is installed or updated. This is one reason you should update Sunbelt Personal Firewall after receiving an alert that an update is available. The Sunbelt Personal Firewall uses the Network Intrusion Detection and Prevention System (NIPS) to scan network traffic and block attacks based on a database of known attack signatures.

Note: NIPS rules are stored in the config\IDSRules subdirectory of the installation directory (C:\Program Files\Sunbelt\Personal Firewall 4\config\IDSRules by default).

NIPS Parameters
NIPS parameters enable you to set specific actions for high, medium, and low priority intrusions, as well as whether or not the intrusions will be recorded in the NIPS log.

  mrwoowoo 19:52 06 Sep 07

scanned yet again,but this time with super antispyware proffesional which showed 10 adware items.
Deleted these,which spyware terminator didn't pick up and it seems to have done the trick.
thanks again for the link skidzy.
Technotiger, thanks for the reply. No. I wanted to go from advanced mode to normal mode(i think),with no alerts.
Still,no need now as all seems fine

  Technotiger 19:54 06 Sep 07

OK - hope it stays that way. Thanks for the feedback.

  skidzy 20:23 06 Sep 07

have you rebooted since the last scan ? if so,hopefully you are clean.

  mrwoowoo 21:21 06 Sep 07

scanned in safemode, so had to use restart afterwards. (newbie question alert),I assume this is the same as a reboot.

  skidzy 21:48 06 Sep 07

yes it is woowoo.
Any further problems,come back to us.

This thread is now locked and can not be replied to.

Intel Coffee Lake 8th-gen Core processors release date rumours

1995-2015: How technology has changed the world in 20 years

Framestore’s haunting post-WWII title sequence for new BBC series SS-GB

How to install MacOS Sierra on an older Mac: Get Sierra running on Macs & MacBooks from before 2009