Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 1.2.2025 / 17:34
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > digital video > video playback problems > spyware on "stargate - children of the gods" dvd
Show topics
 
Forums
Forums
Spyware on "Stargate - Children of the Gods" DVD
  Jump to:
 
Posted Message
spliffim
Newbie
_ 		11. August 2009 @ 08:06 _ Link to this message    Send private message to this user   
This (my first post on Afterdawn) is part question, part warning.

When I insert the (legit) DVD "Stargate SG-1 - Children of the Gods (Final Cut 2009)" on my Windows machine my Comodo Firewall reports a process with a random, single letter name (seemingly a letter in unicode) attempting to do one of the following (it seems random which):

* listen on 0.0.0.0:0
* listen on 0.0.0.0:30
* listen on 0.0.0.0:60
* connect to 166.84.48.97:230
* connect to 62.136.230.97:196
* connect to 164.205.72.98:120
* do nothing

I suspect these attempts are actually tests to probe or bypass my firewall. I have not allowed it past this point because I have no idea what it intends to do once it connects.

The process has hidden itself from Task Manager (which is not unusual) but surprisingly it is also able to hide from the MSDN "Process Explorer" which I understood to be much more thorough.

I tried Googling for "Children of the Gods" +spyware and found nothing.

Does anyone out there have more information on this probable spyware/malware/rootkit?
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. August 2009 @ 09:17
Advertisement
_ 		__
davexnet
Senior Member
_ 		11. August 2009 @ 16:46 _ Link to this message    Send private message to this user   
If it happened recently, use system restore to revert your system
back to before you first inserted the DVD.
After the restore, insert the DVD while holding the left shift key down.
Keep it held for at least 30 seconds after the disk goes in.

Release the shift key and use Windows Explorer to navigate the
DVD's folders. Look for any suspicious folders/files.

For what it's worth, I would NEVER let a commercial DVD autoplay - you
never know what it's going to do. Same with commercial CD's.
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. August 2009 @ 16:47
varnull
Suspended permanently
_ 		11. August 2009 @ 20:56 _ Link to this message    Send private message to this user   
Did you use WMP to play this disk? .. that's an app that's full of spyware.
[ + quote]
spliffim
Newbie
_ 		11. August 2009 @ 20:58 _ Link to this message    Send private message to this user   
I don't have much confidence in system restore. Most spyware seems to install itself in the restore snapshots as well.

I can add some additional information since I posted:

* The issue is not limited to the Stargate movie. I am now seeing the alert for other discs. Whatever it is has installed itself between the drive and the system.

* Another potential culprit could be the movie "Blindness" (another new release - pretty boring too) which I watched last night.

* I haven't installed any software lately, I use FF with noscript, I have no email on this PC and my LAN connection is firewalled so the most likely means of infection is still a rootkit DVD (especially since the primary symptom appears to be an attempt to report DVD viewing. I only hired "Blindness" and it's gone back now so I cannot check that disc.

EDIT: On second thoughts I watched Blindness at a friends house, I don't believe I ever put it in this PC (I can't remember).

* I checked the SG1 disc on linux and it appears to be a simple UDF volume with no strange files however I'm unsure how to check for multitrack discs.

* Other addresses contacted are:
146.112.212.108 (Alcatel-Lucent Austria AG) Vienna
194.109.38.109 (XS4ALL Internet BV) Amsterdam
160.139.208.106:78 (Another DoD NIC address)

I'm about to try spybot and hijackthis.

@varnell: no I use VLC and Media Player Classic. I wouldn't touch WMP if you paid me.
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. August 2009 @ 21:01
Advertisement
_ 		__
 
_
varnull
Suspended permanently
_ 		11. August 2009 @ 21:56 _ Link to this message    Send private message to this user   
Don't think those are anything that could be associated with a disk.. more likely some other spyware.

Run a full spyware/malware scan in safe mode and see what it turns up.. if it finds nothing then start looking for a rootkit..

http://kareldjag.over-blog.com/article-1232492.html
[ + quote]

This message has been edited since posting. Last time this message was edited on 11. August 2009 @ 21:59
afterdawn.com > forums > digital video > video playback problems > spyware on "stargate - children of the gods" dvd
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork