CCMUA2009

Honorary Members
  • Content count

    116
  • Joined

  • Last visited

About CCMUA2009

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0
  1. It seems like the logging with this firewall log shows all the ports as ( ) rather than : It is the log of the antivirus/firewall program from Norton. Even on the internet connection logs it will show for example 12.34.56.78 (443) or (80)
  2. Thanks all- Before I go through those steps, I"d like to throw something out there first. I decided to do a little further exploration. I use Vista Home Premium 32 bit with vista service pack 2 I went to Settings> Control Panel> Network and internet> Network and Sharing center (this of course just showed my 1 PC as the only computer on the network) Under network, I clicked the "view status" button/link. This brought up local area connection status When I clicked on the details of this, there was a heading "Lease Expires" referring to the Ip assigned by my ISP I notice that here the lease shows to expire just about every 5 minutes and then resets for another 5 minute interval. Does it sound like this would be the answer as to why the 192.168.0.1 (80 seems to log in the firewall log every 5 minutes or so?
  3. Hi all. Thanks to Wide Glide for posting my concern. Sometimes I'm not able to access the forums from work, they don't allow forums/message boards Let me give some specs Windows Vista 32bit home premium with vista service pack 2 HP desk top using Norton as realtime ( AV and firewall ) protection with on demand free version of malwarebytes, spybot S&D, and windows defender Anyway the issue I have involves entries in my firewall log that show Unused port blocking has allowed 192.168.0.1 (8) this logs every 5 minutes or so Now my firewall does show other IP addresses that are blocked for one reason or another, so I know the firewall is working I also know that 192.168.0.1 is the assigned number to my DSL modem. Two things throw me/have questions about: 1. Why is (8) at the end of 192.168.0.1? Does the (8) at the end of 192.168.0.1 mean that it is connecting to my machine on port 8? My DSL modem is a Siemans speed stream 4100, so could it just be that the DSL Modem is randomly assigned to the port 8? 2. why does the entry show every 5 minutes in my firewall activity log? In some ways it makes sense that the logging is just showing that my DSL modem is connecting to my machine (as I'm on DSL my computer is connected to the internet everytime its turned on). And for some reason the logging refreshes itself every 5 minutes? Now let me also point out that my security logs also note any outbound connections from my computer and there are no outbounds that strictly coincide with every inbound firewall entry of 192.168.0.1 I have also checked my "network" set up and it just shows 1 pc, mine (checked this both throw Vista control and my Norton network security configuration) So there are no other computers connected to mine. Also all scans, only show tracking cookie, no spyware, virus, etc. so if anyone can help me make sense of this, I'd be greatly appreciative. If I need to post this elsewhere, let me know THANKS
  4. ok went to C:\Windows\System32\drivers|etc Opened the etc folder saw the host file. Clicked to open and 1.It asked what I wanted to use to open it. I chose notepad, was that correct choice?? 2. When I opened it I just saw the samples/examples they gave, nothing else, except near the bottom there was the 127.0.0.1 3. there was also another file lmhosts which was a SAM file iopened that with notepad too and it just seemed to have examples listed, nothing more
  5. sorry I know I'm an annoying dunsky, but not seeing how to do the HJT log, even from ShanOws link
  6. quick scan- Normal mode? quick scan- safe mode? full scan- normal mode? full scan- safe mode? in the Norton forums, there are lots of people there recommending folks scan Full scan in safe mode. But I have always heard the best way is quick san normal mode
  7. not finding on here where to get the HJT log?
  8. thanks again So then that is where things like intrusion prevention (by my Norton) and the spyware scans like with malwarebytes come into play to either stop ( intrusion prevention) or detect (malwarebytes, spybot, windows defender) So again if those scans are all rather clean, then chances are pretty good ( nothing is 100%) that all is ok
  9. thanks all So the fact that I use my computer as a limited user account where I can't even update malwarebytes with out running as admin, or I can't even delete programs without using the admin passcode ( so what I'm saying is as the limited user i can't make any changes without the admin pass code) So that fact, would that alos keep changes from happening to the host files?
  10. No not the ad links on facebook, but like friends pages, etc
  11. So does windows defender monitor the host files in Vista?
  12. Cool thanks all we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open?
  13. Chimpy- what do you mean by check your hosts and make sure that the web addys in there have this IP 127.0.0.1 thats your local one that everyone has, that addys loops back to your computer so you do not get a redirect. so if I went in the host files would there be all the web addresses that I recently visited? hope you don't mind me asking, But woudl these be considered a browser redirect: 1.You go to a web page that you intend to visit, but then get one of those rouge antivirus pop ups? 2. you go to a web page you intended to visit then you get what appears to be a Windows box pop up tha says "Internet Explorer cannot open this page"
  14. yes, what I was wondering is if one accidentally visits a malicous or unsafe website, can that cause the host files to get messed with? I think we may have accidentally visisted a malicious website. But all my security scans ( Norton my real time security, SpyBOT, Malwarebytes, and windows defender - all on demand scanners) all scan clean so if there were something that messed with my hostfiles, the scans would detect that right?
  15. so can spyware, malware, virus, and other assorted nasties hang out in there? Can a malicious IP address be placed in there?