Tech Support Team

danjmilos · #1 (**permalink**) **Top** 21st March 2009, 05:44 PM

2 days after restoring the fake driver from the MBAM quarantine I had a Windows tray balloon pop-up saying new hardware found click here for more info. Cliccked and got a window saying install cd driver or have windows search for driver. The search only looked on my computer after 20 or so seconds it said driver not found. So I checked do not show again. Today doing my cleaning and maintaince I looked at my list of installed programs I find a new program, WinPcap 4.0.2, something I did not install searched for it and found it. It deals with networking and such. Since I didn't install it I unstalled. Any ideas? Or was it related to my to my MBAM fake driver report?

Dan

Work gets in the way of life.

**evilfantasy** · #2 (**permalink**) **Top** 21st March 2009, 10:23 PM

WinPcap, The Packet Capture and Network Monitoring Library for Windows

Do you use any P2P software and what firewall do you use?

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

Double-click on HJTInstall.
Click on the Install button.
It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
Upon install, HijackThis should open for you.
Click on the Do a system scan and save a log file button
HijackThis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your post.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

danjmilos · #3 (**permalink**) **Top** 21st March 2009, 11:26 PM

EF

At work again, I have no P2P's other than MS messenger which I have never used, Can't type fast enough to do anything with it. I have all 3 programs on the computer and will run them sometime Sunday night as I work tomorrow morning, again. I ran quick scans today with both, nothing found. I have Filseclab Free Firewall installed. I'm off work at 4:00pm (EDT) I will post sometime after that.

Dan

Work gets in the way of life.

**evilfantasy** · #4 (**permalink**) **Top** 21st March 2009, 11:30 PM

No problem.

It's kind of odd that it just appeared. Hopefully it's nothing but a good looking over never hurts!

danjmilos · #5 (**permalink**) **Top** 22nd March 2009, 12:01 AM

EF,

Forgot to ask do you want quick scans or full scans?

Dan

**evilfantasy** · #6 (**permalink**) **Top** 22nd March 2009, 12:13 AM

Just need a HijackThis scan to start with. I don't think we will use MBAM since you have already been using it.

danjmilos · #7 (**permalink**) **Top** 22nd March 2009, 01:34 AM

EF

Still looking around at work found this.
Public Advisory: 11.12.07 // iDefense Labs
Think a hacker may have a way to use WinPcap remotely?

Dan

**evilfantasy** · #8 (**permalink**) **Top** 22nd March 2009, 01:41 AM

It's possible.

danjmilos · #9 (**permalink**) **Top** 22nd March 2009, 01:52 AM

EF,

And a more recent one,
bug in winpcap | Security Researchs .
I'm stumped as to where I got WinPcap in the first place!

Dan

danjmilos · #10 (**permalink**) **Top** 22nd March 2009, 02:03 AM

EF,

One more for you,
winpcap.exe | ThreatExpert statistics ,
back to work.

Dan