NIISUIO.SYS, allow or disallow?

After I installed Sygate and the computer restarted, the registration
window opened up and so I connected the PC to internet to do the
registration. Right after that, a message window popped up asking me
whether I want to say "yes" or "No" to this: "An application named
NDIS User mode I/O Driver (file name ndisuio.sys) is trying to access
Internet."

Instead of choosing yes or no, I closed the window. Imediate, a window
popped up AT THE BOTTOM OF THE SCREEN saying that "An application
named NDIS User mode I/O Driver (file name ndisuio.sys) 'HAS BEEN
BLOCKED' from accessing the network.

It disppeared on tis own and right away another window with the same
type of message appeared, this time for a different application with
file anme "svchost.exe" asking the same thing. I did the same thing
and experienced the same response.

NT Kernel and system, same thing.

Generic Hosts

and Application layer??

do i allow these?

Do I allow this file to be accessed?

 

because after looking up the problem through GOOGLE, i found this, and this is exactly what is happening to ME!!!

i couldnt remember all of the things happening, so I copied and pastied the problem.

But I didnt trust the source, so I came here because I trust you guys.

I am having the SAME PROBLEMS.

ALso last night, Sygate alert popped up stating "someone is scanning your UDP PORTS on your computer" and it gave port numbers. I know there is a way to fix this in the advanced options but I do not understand enough about ports and which ones to allow and disallow, or about TCP, UDP, etc. All I know is that my computer ports were scanned over 6 times last night and it showed over 100 different IP addresses and they are very odd IP addresses. One backtraced to this: rwhois://rwhois.verio.net:4321/

Im only trying to understand more about computer security, as I have SYgate installed, and AVAST, and I am constantly being hijacked, and having to restore my computer, or spend countless hours here.

Im only a beginner here. No funny business intended by using the information I found on the net Google search upon trying to learn and resolve the problem by myself but I do not understand it.

Thanks, can you help me?

 

also upon doing the security scan at Sygate this is what I got.

Does this mean I am okay, and can ignore the port scanning attacks?

here is what it said.

This is the public IP address that is visible to the internet.
Note: this may not be your IP address if you are connecting through a router, proxy or firewall.



Trying to gather information from your web browser...

Operating System = Windows XP
Browser = Microsoft Internet Explorer 6.0

Trying to find out your computer name...

Unable to determine your computer name!


Trying to find out what services you are running...

Unable to detect any running services!

SORRY but i am sooooo confused. I read somewhere that Sygate is a great program but not for a beginner because it needs to be configured properly.
If it saves you headache, as this configuration may be out of my knowledge spectrum, would you recommend another firewall please???? Please note I have cable internet though and i have been hijacked 3 times in the last 6 weeks. I work on a secure site all day for a local hospital so it does not have any viruses or anything lingering around (so I am told), the website address even begins with secure. instead of http.

HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

Port scan at Hacker Watch RESULTS: The first port scan showed 443, 143, 139, 110, 80, 79, 25, 23 and 21 completely invisible to the outside world using ZONE ALARM. (I uninstalled Sygate.

PCFLANK Advanced port scan RESULTS: Port: Status Service Description
21 stealthed FTP File Transfer Protocol is used to transfer files between computers
23 stealthed TELNET Telnet is used to remotely create a shell (dos prompt)
80 stealthed HTTP HTTP web services publish web pages
1080 stealthed SOCKS PROXY Socks Proxy is an internet proxy service
1243 stealthed SubSeven SubSeven is one of the most widespread trojans
3128 stealthed Masters Paradise and RingZero Trojan horses
12345 stealthed NetBus NetBus is one of the most widespread trojans
12348 stealthed BioNet BioNet is one of the most widespread trojan
27374 stealthed SubSeven SubSeven is one of the most widespread trojans
31337 stealthed Back Orifice Back Orifice is one of the most widespread trojans
135 closed RPC Remote Procedure Call (RPC) is used in client/server applications based on MS Windows operating systems
137 closed NETBIOS Name Service NetBios is used to share files through your Network Neighborhood
138 closed NETBIOS Datagram Service NetBios is used to share files through your Network Neighborhood
139 closed NETBIOS Session Service NetBios is used to share files through your Network Neighborhood


PC FLANK Recommendation: Install personal firewall software. PC Flank recommends Outpost Firewall Pro. ( DO I NEED TO DO THIS?)

NOTE: ALSO, how do i verify my TRUE IP ADDRESS?????

thanks so much.

 

chas

i also noticed that since i got rid of the virtumundo virus that my IP changed.

I noticed that today when I was doing the scans. Totally different IP.

As I asked in the prior post, I need some information on how to verify my TRUE IP address and I am wondering if this is something to be concerned about?

thanks

 

because the scans at the various sites I have been referred to are now giving me a different IP address than I had before the virtumundo virus.

Is this possible because I had to restore windows, and reinstall my cable software and because I am using a new router?

Also, I know have 2185 access attempts blocked by Zone Alarm. Isnt this awfully high?? Or should I just be glad that Zone Alarm blocked them and not worry about it?

Just seems like since all of my attacks over the last 6 months, I am being singled out by some hackers. what do you think?

Last question, should I pay and upgrade to the full version of Zone Alarm SECURITY SUITE, when it expires??? I am afraid of going back to the free version of ZOne alarm. I just want to be safe. I cant afford to be hacked again and lost more time from work.

Thanks Chas.

 

the attacks were INCOMING and are now up to 3815 in a period of less than 7 days.

This is what I am talking about changing......and YES I did stop using a ROUTER, and then it changed.

my internet trusted zone first off was ALWAYS to be 192.168.00 and the subnet was 255.255.255.0 which showed in Zone Alarm as Trusted INTERNET. THis is no longer showing up at all.

NOW, I have the following:

NEW NETWORK: 69.174.144.0 with a subnet of 255.255.240.0 showing as ZONE INTERNET.

and I also have something showing up as LOOPBACK ADAPTOR, which I never saw before for 127.0.0.1 showing as TRUSTED IP ADDRESS.

What are these??? I hope you are following what I am trying to say. Sorry, Im a beginner and learning.

 

so how do i get rid of the NEW NETWORK?? settings?

when I try to remove them or block them in ZONE ALARM

its says you cannot delete an ACTIVE NETWORK!!

im afraid i will lose connection to thet net.

 

CHAS -

3 questions please.

I bought the ZOne Alarm Security Suite. As i told you i am up to NOW over 5,000 incoming attemptes and 139 outgoing, so I bought it.

1. Since Zone alarm Security has Anti-Virus, can i just run this alone? Or do you I still need to run AVAST TOO??

2. I have a Linksys Broadband B router, that I have lost the disk for. Linksys doesnt have this link ACTIVE on their site at all anymore for this B router. Do you have any idea where i can get it? and do you recommend using a router instead of just going straight into the broadband connection without one?

3. My IPCONFIG /RENEW will not work. I just get a blank screen and nothing happens. Im still confused on why Zone Alarm continues to show that I am on a Network, which is ONE that I do not recognize.

Thanks so much for your troubles with me.

 

there is NOTHING showing up My Network Places.

I am assuming from the other poster here, that I should connect the Router back up (even without a disk, and note that windows is not finding this hardware), but go ahead and reconnect the router

then type in the following: normally, with the router connected, if you goto start then run and type in cmd, press enter
then type ipconfig and press enter

you will see a gateway with an ipaddress
write that number down and open your browser (internet explorer will work)
type in that same number you wrote down into your address bar and press enter
it should ask for user name and pasword and after you enter that information it'll let you into the routers configuration.