CCMUA2009
-
Posts
116 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by CCMUA2009
-
-
Thanks all- Before I go through those steps, I"d like to throw something out there first.
I decided to do a little further exploration. I use Vista Home Premium 32 bit with vista service pack 2
I went to
Settings> Control Panel> Network and internet> Network and Sharing center
(this of course just showed my 1 PC as the only computer on the network)
Under network, I clicked the "view status" button/link. This brought up local area connection status
When I clicked on the details of this, there was a heading "Lease Expires" referring to the Ip assigned by my ISP
I notice that here the lease shows to expire just about every 5 minutes and then resets for another 5 minute interval.
Does it sound like this would be the answer as to why the 192.168.0.1 (80 seems to log in the firewall log every 5 minutes or so?
-
Hi all. Thanks to Wide Glide for posting my concern. Sometimes I'm not able to access the forums from work, they don't allow forums/message boards
Let me give some specs
Windows Vista 32bit home premium with vista service pack 2
HP desk top using Norton as realtime ( AV and firewall ) protection with on demand free version of malwarebytes, spybot S&D, and windows defender
Anyway the issue I have involves entries in my firewall log that show
Unused port blocking has allowed 192.168.0.1 (8)
this logs every 5 minutes or so
Now my firewall does show other IP addresses that are blocked for one reason or another, so I know the firewall is working
I also know that 192.168.0.1 is the assigned number to my DSL modem.
Two things throw me/have questions about:
1. Why is (8) at the end of 192.168.0.1?
Does the (8) at the end of 192.168.0.1 mean that it is connecting to my machine on port 8? My DSL modem is a Siemans speed stream 4100, so could it just be that the DSL Modem is randomly assigned to the port 8?
2. why does the entry show every 5 minutes in my firewall activity log?
In some ways it makes sense that the logging is just showing that my DSL modem is connecting to my machine (as I'm on DSL my computer is connected to the internet everytime its turned on). And for some reason the logging refreshes itself every 5 minutes?
Now let me also point out that my security logs also note any outbound connections from my computer and there are no outbounds that strictly coincide with every inbound firewall entry of 192.168.0.1
I have also checked my "network" set up and it just shows 1 pc, mine (checked this both throw Vista control and my Norton network security configuration) So there are no
other computers connected to mine.
Also all scans, only show tracking cookie, no spyware, virus, etc.
so if anyone can help me make sense of this, I'd be greatly appreciative. If I need to post this elsewhere, let me know
THANKS
-
ok went to C:\Windows\System32\drivers|etc
Opened the etc folder saw the host file. Clicked to open and
1.It asked what I wanted to use to open it. I chose notepad, was that correct choice??
2. When I opened it I just saw the samples/examples they gave, nothing else, except near the bottom there was the
127.0.0.1
3. there was also another file
lmhosts which was a SAM file
iopened that with notepad too and it just seemed to have examples listed, nothing more
-
sorry I know I'm an annoying dunsky, but not seeing how to do the HJT log, even from ShanOws link
-
quick scan- Normal mode?
quick scan- safe mode?
full scan- normal mode?
full scan- safe mode?
in the Norton forums, there are lots of people there recommending folks scan Full scan in safe mode. But I have always heard the best way is quick san normal mode
-
not finding on here where to get the HJT log?
-
thanks again
So then that is where things like intrusion prevention (by my Norton) and the spyware scans like with malwarebytes come into play to either stop ( intrusion prevention) or detect (malwarebytes, spybot, windows defender)
So again if those scans are all rather clean, then chances are pretty good ( nothing is 100%) that all is ok
-
thanks all
So the fact that I use my computer as a limited user account where I can't even update malwarebytes with out running as admin, or I can't even delete programs without using the admin passcode ( so what I'm saying is as the limited user i can't make any changes without the admin pass code)
So that fact, would that alos keep changes from happening to the host files?
-
Cool thanks all
we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open?
No not the ad links on facebook, but like friends pages, etc
-
So does windows defender monitor the host files in Vista?
-
Cool thanks all
we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open?
-
Chimpy- what do you mean by
check your hosts and make sure that the web addys in there have this IP 127.0.0.1 thats your local one that everyone has, that addys loops back to your computer so you do not get a redirect.
so if I went in the host files would there be all the web addresses that I recently visited?
hope you don't mind me asking, But woudl these be considered a browser redirect:
1.You go to a web page that you intend to visit, but then get one of those rouge antivirus pop ups?
2. you go to a web page you intended to visit then you get what appears to be a Windows box pop up tha says
"Internet Explorer cannot open this page"
-
yes, what I was wondering is if one accidentally visits a malicous or unsafe website, can that cause the host files to get messed with? I think we may have accidentally visisted a malicious website. But all my security scans ( Norton my real time security, SpyBOT, Malwarebytes, and windows defender - all on demand scanners) all scan clean
so if there were something that messed with my hostfiles, the scans would detect that right?
-
so can spyware, malware, virus, and other assorted nasties hang out in there? Can a malicious IP address be placed in there?
-
How does one access to see what are in the host files on one's computer?
Is this something that one should not mess with?
-
hello- this question may have been answered before. If so accept my appology for my ignorance.
I use Vista Home premium 32 OS with malewarebytes as an on demand scanner
I almost always log on to my computer under a limited user account. Doing this requires me to put in the Admin account password when I run an update for Malwarebytes defs.
But can I run the malwarebytes scan on the limited user account? In other words if I run the scan when logged in on the limited user account, am I still getting the same scan as I woudl if I ran the scan loggged in on the Admin account?
-
This is similar to my other post, but I
-
Hi CCMUA2009 -
If you want to be sure that you have a clean system then post your logs etc, in the HiJack This area -
Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
One of the expert helpers there will give you one-on-one assistance - This is the best way to ensure you are clean -
If you wish to, and the system is reasonably stable, then keep using it as you follow the experts instructions (unless told otherwise) -
Thank You -
Would you say from what I have written that there is a very strong chance I'm NOT infected, given the various scans that come up clean?
-
Seems I may have gone to a malicious website that contained a PDF exploit (it has been verified by MYWOT ( site is getsabout.com)
I went to the website and it opened like if one was opening an adobe reader item. However, there was noting in the content ofthis adobe reader like shell. I use ADOBE Reader 9.3 which is to have taken care of recent vulnerabilities.
So is the reason that I saw nothing on the webpage because it was an exploit and the reader version 9.3 did not allow the content?
-
a little more research shows this is a pdf exploit out of Russia
So the fact that the ADOBE Reader 9.3 showed nothing when I clicked the website, would it be a good conclusion to reach from that that the reader 9.3 did not allow the exploit?
-
thanks for the reply. When I say my Norton blocked it, I meant Did my Norton block it? Because there was nothing on the screen when I clicked that website. So I was wondering if that is why i saw nothing on the screen.
However, there was noting in my Norton logs to show any type of malicious activity.
So in short, wonderingt it nothing ever got a chance to hit me to start with?
-
sorry should have been more succinct
I guess bottom line, can I consider that I did not get infected? Since all scans came up clean?
-
I was able to find out more about the site www. getsabout.com
on this link here
http://www.malwareurl.com/listing.php?domain=getsabout.com
it showed that
Domain name
getsabout.com
IP Address
213.108.56.18
Description
Exploit kit / Rogue Antivirus
registrant
Pat Casey / patcasey@xhotmail.net
so it looks like it was one of those fake antivirus things. But it never showed any thing to download and scans come up clean
-
Yesterday a family member was on facebook. Somehow there was a pop up something about explorer needing to close. The family member being smart used task manager to close out.
However, another family member not so smart went into the history, and clicked on a history something like rysbabyc which took them to www. getsabout .com ( I spaced out the name here so nobody would accidentally click on it) The web page looked like an adobe reader format page, you know like when you open something
IP Address Question
in General Windows PC Help
Posted
It seems like the logging with this firewall log shows all the ports as ( ) rather than :
It is the log of the antivirus/firewall program from Norton. Even on the internet connection logs it will show
for example
12.34.56.78 (443) or (80)