From: Allan J. Ballard (aballard_at_ix.netcom.com)
Date: Tue Feb 19 2002 - 00:20:50 EST
I use the free app Ad-Aware, which routinely finds a few spyware apps
such as Doubleclick, etc. The for-pay version finds more, and I intend
to obtain it.
However this particular devil is persistant. Actually, there are two files
involved. One is a java app which I renamed *.old and that ended that.
The other, the Evtss.exe, is a Dos app residing in the System Directory.
I renamed it *.old as well, and things got interesting. Suddenly, a screen
flashed up stating that my firewall had a problem with this app and an
invalid long filename. (It does not reside in the firewall directory - maybe
it is legit for residence in the System directory?)
Then it tried to name the whole System directory as a 'replacement'
app; of course that request was denied.
This app Evtss.exe calls to TCP/IP addresses. I do not know how to
know what they are. I pinged a couple, but what good is that. I need
some sort of name in English, not TCP/IP numbers (still don't understand
all this).
I guess I will as the makers of Tiny Firewall if the app is one of theirs, and
hope for an answer.
Allan Ballard
NT sp6 (and missing OS/2 Warp more every day)
At 06:37 PM 2/15/02 -0500, Bill Morrow wrote:
>there is a free app or utility that will search a system for spyware and the
>like..
>i have the web site link someplace here and intend to use it to see what the
>#$$^%$! is going in and out with out my consent.. :-)
>
><------------------------------->
>Cordially, :-)
>Bill Morrow
>WEB page http://thinkpads.com
>thinkpads.com Open Forum
>http://www.afaonline.com:8080/webboard/$webb.exe/~2/login?
>or go to thinkpads.com and link from there
>E-Mail: bill at thinkpads dot com
>----- Original Message -----
>From: "Rob Bell" <RobDBell_at_netscape.net>
>To: "ThinkPad Mailing List" <thinkpad_at_cs.utk.edu>
>Sent: Friday, February 15, 2002 4:34 PM
>Subject: Re: off topic
>
>
>> I too would be very skeptical of what this program is doing. Obviously
>> something must be causing it to start when your system starts or when
>> some app starts. If you can't figure out what it belongs to by the
>> directory it resides in or by accessing the file's properties, then just
>> rename it or move it and see what (if anything) complains about not
>> finding it. It doesn't appear to be a normal WinNT/Win2K thing, so you
>> shouldn't crash your system by doing this.
>>
>> HTH,
>> Rob
>>
>> grahamj_at_virtue.cx wrote:
>>
>> > UDP is the non-connected form of TCP/IP.
>> >
>> > In other words when something is sent via UDP there's no built-in way
>for an
>> > application to insure delivery. It's used for applications like chat
>rooms
>> > where such things aren't neccecary or aren't as important as raw
>throughput.
>> >
>> > There's nothing inherently wrong with it but you might be careful.
>Check
>> > out where this file resides. It's not a standard part of Win2K that I
>know
>> > of.
>> >
>> > J.
>> > ----- Original Message -----
>> > From: "Allan J. Ballard" <aballard_at_ix.netcom.com>
>> > To: "Randal Whittle" <rwhittle_at_usa.net>; "Charles McDaniel"
>> > <acmcdaniel_at_cableone.net>; "TP List" <tp750_at_cs.utk.edu>
>> > Sent: Friday, February 15, 2002 3:52 PM
>> > Subject: off topic
>> >
>> >
>> >
>> >>I installed Tiny Firewall, which is free, and of course has weak to no
>> >>documentation, on NT4 sp6.
>> >>
>> >>Some program on my machine - EVTSS.EXE - wants to send and receive UDP
>> >>datagrams to various TCP/IP addresses.
>> >>
>> >>What the heck is a UDP datagram? Sounds evil.
>> >>
>> >>Allan Ballard
>> >>
>> >>
>> >
>> >
>>
>>
>>
>
>
>
This archive was generated by hypermail 2.1.3 : Thu Jan 23 2003 - 09:58:21 EST