cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lodsy
Contributor
Message 11 of 40
‎03-18-2012 01:08 AM

Re: netguard blocks risky connectio´n

I go the same message when I switched on my computer 15 minutes ago.

I too am in Australia - March 18th (did not use it at all on the 17th) 7pm

0 Kudos
Reply
mewk
Former Member
Message 12 of 40
‎03-18-2012 01:24 AM

Re: netguard blocks risky connectio´n

ditto.

connection attempt: Sunday, March 18, 2012. 12:49:54 AM (PST)

0 Kudos
Reply
Hayton
Honored Contributor III
Message 13 of 40
‎03-18-2012 01:46 AM

Re: netguard blocks risky connectio´n

Status update : autoreply messages received from CyberTrust-Ubizen and from Verizon, both saying the same thing - "I am out of the office, back on Monday".

Nothing much to do then except wait until the recipients read their email.

0 Kudos
Reply
Peacekeeper
MVP
Message 14 of 40
‎03-18-2012 02:35 AM

Re: netguard blocks risky connectio´n

So best we wait till Hayton can check it out. Leave it blocked for now.

0 Kudos
Reply
hap1
Former Member
Message 15 of 40
‎03-18-2012 04:05 AM

Re: netguard blocks risky connectio´n

I also got this message.  The only online place I go to chat with strangers is tagged.com.  Wondering if anyone else who got this message is also a tagged user

0 Kudos
Reply
revealdion
Contributor
Message 16 of 40
‎03-18-2012 04:45 AM

Re: netguard blocks risky connectio´n

@hayton  I ´have seen the pop up form netguard between 12:30 and 14:30 Amsterdam time.

I cant say the exact time.

Then the second time the ip was blocked 17:03 on 17 march

The third time this morning at 6:40 on 18 march.

I noticed that under the tab Traffic control active programm the host proces for windows services uses 30% normaly ist is around 10%

0 Kudos
Reply
edwardjwlaunt
Former Member
Message 17 of 40
‎03-18-2012 06:14 AM

Re: netguard blocks risky connectio´n

Behavior Summary

Connects via WinSock

Creates Mutex

Starts EXE in Documents

Submission Info

          Submission Details       
Date3/18/2012 5:01:48 AM
Sandbox Version2.1.22
File NameC:\96506319.exe


C:\96506319.exe
start reasonAnalysisTarget
Termination reasonTimeout
Execution StatusOK
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
start reasonCreateProcess
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\services.exe
start reasonSCM
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\svchost.exe
start reasonDCOMService
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\msiexec.exe /V
start reasonCreateProcess
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
start reasonCreateProcess
Termination reasonTimeout
Execution StatusOK

Behavior Details

Filesystem

C:\96506319.exe
New Files (2)

Creates File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Creates File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\disk1.cab

Find Files (3)
Opened Files (2)
Chronological order (9)

Open File: C:\96506319.exe
Get File Attributes: %SystemRoot%\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc
Get File Attributes: C:\Documents and Settings\Dave\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS)
Find File: %SystemRoot%\system32\msi.dll
Find File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Create File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Find File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\disk1.cab
Create File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\disk1.cab

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
New Files (35)

Creates File: \Device\Tcp
Creates File: \Device\Ip
Creates File: \Device\Ip
Creates File: \Device\RasAcd
Creates File: \Device\Tcp6
Creates File: \Device\Ip6
Creates File: \Device\Ip6
Creates File: \Device\NetBT_Tcpip_{B2E755B6-7BE3-4F63-8743-9F6D66C034F5}
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Up
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\tree1.bmp
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7facemoods.jpg
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Win7DDD.jpg_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\repairic
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7dialogbanner.jpg_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\New
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\completi
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7rkbanner.jpg_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\removico
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\exclamic
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\custicon
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\info
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\insticon
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_viewer.exe
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkinstaller.exe_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_aicustact.dll
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\lzmaextractor.dll
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkverify.exe_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\install.vbs_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\cmdlinkarrow

Find Files (4)
Opened Files (16)
Deleted Files (2)
Chronological order (72)

Open File: C:\96506319.exe
Get File Attributes: %SystemRoot%\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc
Get File Attributes: C:\Documents and Settings\Dave\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: %SystemRoot%\system32\msi.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:\autoexec.bat
Find File: C:\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Find File: C:\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Find File: C:\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Open File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810
Open File: \\.\PIPE\ROUTER
Create/Open File: \Device\Tcp
Create/Open File: \Device\Ip
Create/Open File: \Device\Ip
Open File: \\.\Ip
Create/Open File: \Device\RasAcd
Create/Open File: \Device\Tcp6
Create/Open File: \Device\Ip6
Create/Open File: \Device\Ip6
Open File: \\.\Ip6
Create/Open File: \Device\NetBT_Tcpip_{B2E755B6-7BE3-4F63-8743-9F6D66C034F5}
Open File: \\.\Ip6
Get File Attributes: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content Flags: (SECURITY_ANONYMOUS)
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810
Open File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53
Open File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636
Get File Attributes: %SystemRoot%\Registration Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\Registration\R000000000007.clb
Open File: %SystemRoot%\AppPatch\msimain.sdb
Open File: \Device\NamedPipe\ShimViewer
Get File Attributes: %SystemRoot%\system32\sxs.DLL Flags: (SECURITY_ANONYMOUS)
Find File: C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Get File Attributes: C:\DOCUME~1\Dave\LOCALS~1\Temp\ Flags: (SECURITY_ANONYMOUS)
Open File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSIC.tmp
Delete File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSIC.tmp
Get File Attributes: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864 Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Up
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\tree1.bmp
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7facemoods.jpg
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Win7DDD.jpg_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\repairic
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7dialogbanner.jpg_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\New
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\completi
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7rkbanner.jpg_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\removico
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\exclamic
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\custicon
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\info
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\insticon
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_viewer.exe
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkinstaller.exe_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_aicustact.dll
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\lzmaextractor.dll
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkverify.exe_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\install.vbs_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\cmdlinkarrow
Open File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7dialogbanner.jpg_1
Get File Attributes: %ProgramFiles%\facemoods.com\facemoods\1.4.17.3 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: %ProgramFiles%\RelevantKnowledge Flags: (SECURITY_ANONYMOUS)
Open File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSI24.tmp
Delete File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSI24.tmp
Get File Attributes: %SystemRoot%\Installer\$PatchCache$\Managed\9FA66DB187700F749A7D30C1E7125C5B Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\MSI1ff79.tmp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\Dave\Local Settings\Application Data\Temp\camaro-grey.themepack Flags: (SECURITY_ANONYMOUS)

%SystemRoot%\system32\msiexec.exe /V
Find Files (1)
Opened Files (6)
Chronological order (9)

Open File: \\.\PIPE\lsarpc
Get File Attributes: %SystemRoot%\Registration Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\Registration\R000000000007.clb
Get File Attributes: %SystemRoot%\system32\MsiExec.exe Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\AppPatch\sysmain.sdb
Open File: %SystemRoot%\AppPatch\systest.sdb
Open File: \Device\NamedPipe\ShimViewer
Open File: %SystemRoot%\system32\
Find File: %SystemRoot%\system32\MsiExec.exe

%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Opened Files (3)
Chronological order (6)

Open File: \\.\PIPE\lsarpc
Get File Attributes: %SystemRoot%\Registration Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\Registration\R000000000007.clb
Open File: \\.\PIPE\wkssvc
Get File Attributes: %SystemRoot%\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\All Users\Documents\desktop.ini Flags: (SECURITY_ANONYMOUS)

Mutex

C:\96506319.exe
Creates Mutex (7)
Opens Mutex (0)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
Creates Mutex (9)
Opens Mutex (1)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Creates Mutex (6)
Opens Mutex (0)

Process

C:\96506319.exeCreates Process - Filename (C:\96506319.exe) CommandLine: ( /i  "C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi"  AI_SETUPEXEPATH="C:\96506319.exe" SETUPEXEDIR="C:\") As User: () Creation Flags: (SW_HIDE)
Enum Modules (0)
Open Process (0)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
Enum Modules (0)
Open Process (2)
%SystemRoot%\system32\services.exeCreates Process - Filename () CommandLine: (%SystemRoot%\system32\msiexec.exe /V) As User: () Creation Flags: (SW_HIDE)
Enum Modules (0)
Open Process (0)
%SystemRoot%\system32\msiexec.exe /VCreate Process As User - Filename (%SystemRoot%\system32\MsiExec.exe) CommandLine: (%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C) Target PID: (1600) As User: (Dave) Creation Flags: (CREATE_UNICODE_ENVIRONMENT)
Enum Modules (0)
Open Process (0)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Enum Modules (0)
Open Process (1)

Registry

C:\96506319.exe
Reads (9)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
Changes (1)
Reads (203)
Enum Keys (15)
%SystemRoot%\system32\msiexec.exe /V
Reads (5)
Enum Keys (3)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Reads (6)
Enum Keys (1)

Service

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\Open Service Manager - Name: "SCM"
Open Service (1)
Enum Service (0)
%SystemRoot%\system32\msiexec.exe /VOpen Service Manager - Name: "SCM"
Open Service (0)
Enum Service (0)

System

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\Sleep - Milliseconds (30000)
Sleep - Milliseconds (60000)
%SystemRoot%\system32\msiexec.exe /VSleep - Milliseconds (60000)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 CSleep - Milliseconds (60000)
Sleep - Milliseconds (250)

Window

C:\96506319.exeEnum Windows 1
Find Window - Class Name (Shell_TrayWnd) Window Name ()
Destroy Window - Class Name (#32770) Window Name (camaro-grey Setup)
Creates Window (11)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\Enum Windows 1
Find Window - Class Name (Shell_TrayWnd) Window Name ()
Find Window - Class Name (CicLoaderWndClass) Window Name ()
Destroy Window - Class Name (Static) Window Name (Property: RK, Signature: FileSearchSign_1)
Destroy Window - Class Name (Static) Window Name (Migrating feature states from related applications)
Destroy Window - Class Name (Button) Window Name (< &Back)
Destroy Window - Class Name (Static) Window Name (Please wait while the Setup Wizard prepares to guide you through the installation.)
Destroy Window - Class Name (Button) Window Name (&Next >)
Destroy Window - Class Name (Static) Window Name (This Windows 7 Theme is brought to you by Windows-7-Themes.com.)
Destroy Window - Class Name (Button) Window Name (Cancel)
Destroy Window - Class Name (Static) Window Name (Bitmap)
Creates Window ($00030150) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00060140) - Class Name (IME) Window Name (Default IME)
Creates Window ($00030134) - Class Name (GDI+ Hook Window Class) Window Name (GDI+ Window)
Creates Window ($00030136) - Class Name (IME) Window Name (Default IME)
Creates Window ($0004013C) - Class Name (MsiHiddenWindow) Window Name ()
Creates Window ($00030144) - Class Name (IME) Window Name (Default IME)
Creates Window ($00080148) - Class Name (#32770) Window Name (Dialog)
Creates Window ($00030138) - Class Name (MSCTFIME UI) Window Name (M)
Creates Window ($0006014A) - Class Name (CicMarshalWndClass) Window Name (CicMarshalWndEDC)
Shows Window (proc_2\hwnd_80148.jpg)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 CEnum Windows 1
Creates Window ($00030148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00040148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00050148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00060148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00070148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)

Winsock

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
DNS Lookup
Host NameIP Address

192.168.239.34
wpad.ssdsandbox.net.
crl.globalsign.net
crl.globalsign.net194.7.155.82
Download URLs
http://crl.globalsign.net/Root.crl
http://crl.globalsign.net/primobject.crl
http://crl.globalsign.net/ObjectSign.crl
Outgoing connection to remote server: crl.globalsign.net TCP port 80

Submit another sample for analysis

0 Kudos
Reply
jamesspo
Former Member
Message 18 of 40
‎03-18-2012 07:34 AM

Re: netguard blocks risky connectio´n

I saw this this morning as well...blocked same adderess 194.7.155.82.   at  9:45:12 AM EDT, March 18th.   I'm generally not too concerned as usually the offending process for these blocked access attempts is my browser (and usually just some ad query embedded in a page that's been incorrectly flagged), but coming from "Host Process for Windows Services" raises my attention a bit.   I'll be following.

0 Kudos
Reply
edwardjwlaunt
Former Member
Message 19 of 40
‎03-18-2012 07:48 AM

Re: netguard blocks risky connectio´n

I thought the same thing but running a current full scan I've picked up 1 infected file so far at 24%. The last time I scanned for viruses or anything was Friday (full scan every Friday for me). When the scan completes I will post any relevent files from this IP in question. Whatever it is, it caused one of my computers to lock up until I did a hard reboot. And it's not just some old clunker, the one that chugged is a 2.0ghz dual core with 8gb of ram onboard. I have a feeling it's more than just a simple McAfee updated file...

Message was edited by: edwardjwlaunt on 3/18/12 10:00:15 AM CDT
0 Kudos
Reply
edwardjwlaunt
Former Member
Message 20 of 40
‎03-18-2012 09:16 AM

Re: netguard blocks risky connectio´n

I too do not have the latest firefox 11.0 update, I didn't even know there was a new release until you just mentioned it. Definitely don't think it's FF related. I'm at 67% scanned right now and have picked up 2 infected files (New since this past Friday was a clean bill of health)

0 Kudos
Reply
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community

* Important Terms and Offer Details:

  Subscription, Free Trial, Pricing and Automatic Renewal Terms:

  • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection (e.g. 1 month or 1 year).  Once your first term is expired, your subscription will be automatically renewed on an annual basis (with the exception of monthly subscriptions, which will renew monthly) and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
  • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
  • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
  • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
  • You may request a refund by contacting Customer Support within 30 days of initial purchase or within 60 days of automatic renewal (for 1 year terms or longer).
  • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
  • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $124.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​

 **Free Benefits With Auto-Renewal:

  • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
  • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.
  • Safe Connect VPN:  You will receive free, unlimited access to our VPN wireless on supported devices. Users not on auto-renewal have access to 500 MB/month of bandwidth.

   Additional Terms Specific to Identity Monitoring Service:

  • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee Total Protection and McAfee LiveSafe subscriptions with identity monitoring for up to 10 unique emails. Phone number monitoring is enabled upon activation of Automatic Renewal. Not all identity monitoring elements are available in all countries. See Product Terms of Service for more information. 
  • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
  • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
  • US Only:
    Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
  • Identity theft coverage is not available in New York due to regulatory requirements.


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Products

McAfee® Total Protection
McAfee® Gamer Security
McAfee® Identity Monitoring Service
McAfee® Security Scan Plus
McAfee® WebAdvisor
McAfee® Techmaster Concierge
McAfee® Virus Removal Service

Resources

Antivirus
Free Downloads
Parental Controls
Malware
Firewall
 Blogs
Activate Retail Card
Threat Center
McAfee Enterprise

Support

Consumer Support
FAQs
Renewals
Support Community

About

About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap

Copyright © 2022 McAfee, LLC
Copyright © 2022 McAfee, LLC