×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lodsy
Contributor
Message 11 of 40

Re: netguard blocks risky connectio´n

I go the same message when I switched on my computer 15 minutes ago.

I too am in Australia - March 18th (did not use it at all on the 17th) 7pm

mewk
Former Member
Message 12 of 40

Re: netguard blocks risky connectio´n

ditto.

connection attempt: Sunday, March 18, 2012. 12:49:54 AM (PST)

Hayton
Reliable Contributor
Reliable Contributor
Message 13 of 40

Re: netguard blocks risky connectio´n

Status update : autoreply messages received from CyberTrust-Ubizen and from Verizon, both saying the same thing - "I am out of the office, back on Monday".

Nothing much to do then except wait until the recipients read their email.

Peacekeeper
Message 14 of 40

Re: netguard blocks risky connectio´n

So best we wait till Hayton can check it out. Leave it blocked for now.

hap1
Former Member
Message 15 of 40

Re: netguard blocks risky connectio´n

I also got this message.  The only online place I go to chat with strangers is tagged.com.  Wondering if anyone else who got this message is also a tagged user

revealdion
Contributor
Message 16 of 40

Re: netguard blocks risky connectio´n

@hayton  I ´have seen the pop up form netguard between 12:30 and 14:30 Amsterdam time.

I cant say the exact time.

Then the second time the ip was blocked 17:03 on 17 march

The third time this morning at 6:40 on 18 march.

I noticed that under the tab Traffic control active programm the host proces for windows services uses 30% normaly ist is around 10%

edwardjwlaunt
Former Member
Message 17 of 40

Re: netguard blocks risky connectio´n

Behavior Summary

Connects via WinSock

Creates Mutex

Starts EXE in Documents

Submission Info

          Submission Details       
Date3/18/2012 5:01:48 AM
Sandbox Version2.1.22
File NameC:\96506319.exe


C:\96506319.exe
start reasonAnalysisTarget
Termination reasonTimeout
Execution StatusOK
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
start reasonCreateProcess
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\services.exe
start reasonSCM
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\svchost.exe
start reasonDCOMService
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\msiexec.exe /V
start reasonCreateProcess
Termination reasonTimeout
Execution StatusOK
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
start reasonCreateProcess
Termination reasonTimeout
Execution StatusOK

Behavior Details

Filesystem

C:\96506319.exe
New Files (2)

Creates File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Creates File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\disk1.cab

Find Files (3)
Opened Files (2)
Chronological order (9)

Open File: C:\96506319.exe
Get File Attributes: %SystemRoot%\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc
Get File Attributes: C:\Documents and Settings\Dave\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS)
Find File: %SystemRoot%\system32\msi.dll
Find File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Create File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Find File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\disk1.cab
Create File: \\?\C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\disk1.cab

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
New Files (35)

Creates File: \Device\Tcp
Creates File: \Device\Ip
Creates File: \Device\Ip
Creates File: \Device\RasAcd
Creates File: \Device\Tcp6
Creates File: \Device\Ip6
Creates File: \Device\Ip6
Creates File: \Device\NetBT_Tcpip_{B2E755B6-7BE3-4F63-8743-9F6D66C034F5}
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636
Creates File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Up
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\tree1.bmp
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7facemoods.jpg
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Win7DDD.jpg_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\repairic
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7dialogbanner.jpg_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\New
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\completi
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7rkbanner.jpg_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\removico
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\exclamic
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\custicon
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\info
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\insticon
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_viewer.exe
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkinstaller.exe_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_aicustact.dll
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\lzmaextractor.dll
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkverify.exe_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\install.vbs_1
Creates File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\cmdlinkarrow

Find Files (4)
Opened Files (16)
Deleted Files (2)
Chronological order (72)

Open File: C:\96506319.exe
Get File Attributes: %SystemRoot%\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc
Get File Attributes: C:\Documents and Settings\Dave\Application Data\desktop.ini Flags: (SECURITY_ANONYMOUS)
Get File Attributes: %SystemRoot%\system32\msi.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:\autoexec.bat
Find File: C:\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\Certificates\*
Find File: C:\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\CRLs\*
Find File: C:\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Open File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810
Open File: \\.\PIPE\ROUTER
Create/Open File: \Device\Tcp
Create/Open File: \Device\Ip
Create/Open File: \Device\Ip
Open File: \\.\Ip
Create/Open File: \Device\RasAcd
Create/Open File: \Device\Tcp6
Create/Open File: \Device\Ip6
Create/Open File: \Device\Ip6
Open File: \\.\Ip6
Create/Open File: \Device\NetBT_Tcpip_{B2E755B6-7BE3-4F63-8743-9F6D66C034F5}
Open File: \\.\Ip6
Get File Attributes: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content Flags: (SECURITY_ANONYMOUS)
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810
Open File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53
Open File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636
Create File: C:\Documents and Settings\Dave\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636
Get File Attributes: %SystemRoot%\Registration Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\Registration\R000000000007.clb
Open File: %SystemRoot%\AppPatch\msimain.sdb
Open File: \Device\NamedPipe\ShimViewer
Get File Attributes: %SystemRoot%\system32\sxs.DLL Flags: (SECURITY_ANONYMOUS)
Find File: C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi
Get File Attributes: C:\DOCUME~1\Dave\LOCALS~1\Temp\ Flags: (SECURITY_ANONYMOUS)
Open File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSIC.tmp
Delete File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSIC.tmp
Get File Attributes: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864 Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Up
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\tree1.bmp
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7facemoods.jpg
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\Win7DDD.jpg_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\repairic
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7dialogbanner.jpg_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\New
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\completi
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7rkbanner.jpg_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\removico
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\exclamic
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\custicon
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\info
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\insticon
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_viewer.exe
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkinstaller.exe_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\AI_CUSTACTS_aicustact.dll
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\lzmaextractor.dll
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\rkverify.exe_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\install.vbs_1
Create File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\cmdlinkarrow
Open File: C:\DOCUME~1\Dave\LOCALS~1\Temp\AI_EXTUI_BIN_1864\win7dialogbanner.jpg_1
Get File Attributes: %ProgramFiles%\facemoods.com\facemoods\1.4.17.3 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: %ProgramFiles%\RelevantKnowledge Flags: (SECURITY_ANONYMOUS)
Open File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSI24.tmp
Delete File: C:\DOCUME~1\Dave\LOCALS~1\Temp\MSI24.tmp
Get File Attributes: %SystemRoot%\Installer\$PatchCache$\Managed\9FA66DB187700F749A7D30C1E7125C5B Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\MSI1ff79.tmp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\Dave\Local Settings\Application Data\Temp\camaro-grey.themepack Flags: (SECURITY_ANONYMOUS)

%SystemRoot%\system32\msiexec.exe /V
Find Files (1)
Opened Files (6)
Chronological order (9)

Open File: \\.\PIPE\lsarpc
Get File Attributes: %SystemRoot%\Registration Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\Registration\R000000000007.clb
Get File Attributes: %SystemRoot%\system32\MsiExec.exe Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\AppPatch\sysmain.sdb
Open File: %SystemRoot%\AppPatch\systest.sdb
Open File: \Device\NamedPipe\ShimViewer
Open File: %SystemRoot%\system32\
Find File: %SystemRoot%\system32\MsiExec.exe

%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Opened Files (3)
Chronological order (6)

Open File: \\.\PIPE\lsarpc
Get File Attributes: %SystemRoot%\Registration Flags: (SECURITY_ANONYMOUS)
Open File: %SystemRoot%\Registration\R000000000007.clb
Open File: \\.\PIPE\wkssvc
Get File Attributes: %SystemRoot%\ Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\Documents and Settings\All Users\Documents\desktop.ini Flags: (SECURITY_ANONYMOUS)

Mutex

C:\96506319.exe
Creates Mutex (7)
Opens Mutex (0)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
Creates Mutex (9)
Opens Mutex (1)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Creates Mutex (6)
Opens Mutex (0)

Process

C:\96506319.exeCreates Process - Filename (C:\96506319.exe) CommandLine: ( /i  "C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi"  AI_SETUPEXEPATH="C:\96506319.exe" SETUPEXEDIR="C:\") As User: () Creation Flags: (SW_HIDE)
Enum Modules (0)
Open Process (0)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
Enum Modules (0)
Open Process (2)
%SystemRoot%\system32\services.exeCreates Process - Filename () CommandLine: (%SystemRoot%\system32\msiexec.exe /V) As User: () Creation Flags: (SW_HIDE)
Enum Modules (0)
Open Process (0)
%SystemRoot%\system32\msiexec.exe /VCreate Process As User - Filename (%SystemRoot%\system32\MsiExec.exe) CommandLine: (%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C) Target PID: (1600) As User: (Dave) Creation Flags: (CREATE_UNICODE_ENVIRONMENT)
Enum Modules (0)
Open Process (0)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Enum Modules (0)
Open Process (1)

Registry

C:\96506319.exe
Reads (9)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
Changes (1)
Reads (203)
Enum Keys (15)
%SystemRoot%\system32\msiexec.exe /V
Reads (5)
Enum Keys (3)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 C
Reads (6)
Enum Keys (1)

Service

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\Open Service Manager - Name: "SCM"
Open Service (1)
Enum Service (0)
%SystemRoot%\system32\msiexec.exe /VOpen Service Manager - Name: "SCM"
Open Service (0)
Enum Service (0)

System

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\Sleep - Milliseconds (30000)
Sleep - Milliseconds (60000)
%SystemRoot%\system32\msiexec.exe /VSleep - Milliseconds (60000)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 CSleep - Milliseconds (60000)
Sleep - Milliseconds (250)

Window

C:\96506319.exeEnum Windows 1
Find Window - Class Name (Shell_TrayWnd) Window Name ()
Destroy Window - Class Name (#32770) Window Name (camaro-grey Setup)
Creates Window (11)
C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\Enum Windows 1
Find Window - Class Name (Shell_TrayWnd) Window Name ()
Find Window - Class Name (CicLoaderWndClass) Window Name ()
Destroy Window - Class Name (Static) Window Name (Property: RK, Signature: FileSearchSign_1)
Destroy Window - Class Name (Static) Window Name (Migrating feature states from related applications)
Destroy Window - Class Name (Button) Window Name (< &Back)
Destroy Window - Class Name (Static) Window Name (Please wait while the Setup Wizard prepares to guide you through the installation.)
Destroy Window - Class Name (Button) Window Name (&Next >)
Destroy Window - Class Name (Static) Window Name (This Windows 7 Theme is brought to you by Windows-7-Themes.com.)
Destroy Window - Class Name (Button) Window Name (Cancel)
Destroy Window - Class Name (Static) Window Name (Bitmap)
Creates Window ($00030150) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00060140) - Class Name (IME) Window Name (Default IME)
Creates Window ($00030134) - Class Name (GDI+ Hook Window Class) Window Name (GDI+ Window)
Creates Window ($00030136) - Class Name (IME) Window Name (Default IME)
Creates Window ($0004013C) - Class Name (MsiHiddenWindow) Window Name ()
Creates Window ($00030144) - Class Name (IME) Window Name (Default IME)
Creates Window ($00080148) - Class Name (#32770) Window Name (Dialog)
Creates Window ($00030138) - Class Name (MSCTFIME UI) Window Name (M)
Creates Window ($0006014A) - Class Name (CicMarshalWndClass) Window Name (CicMarshalWndEDC)
Shows Window (proc_2\hwnd_80148.jpg)
%SystemRoot%\system32\MsiExec.exe -Embedding DBC063F5B6125385B2D4336A3C18DF15 CEnum Windows 1
Creates Window ($00030148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00040148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00050148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00060148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)
Creates Window ($00070148) - Class Name (OleMainThreadWndClass) Window Name (OleMainThreadWndName)

Winsock

C:\96506319.exe /i  C:\Documents and Settings\Dave\Application Data\Windows-7-Themes.com\camaro-grey\install\camaro-grey.msi  AI_SETUPEXEPATH=C:\96506319.exe SETUPEXEDIR=C:\
DNS Lookup
Host NameIP Address

192.168.239.34
wpad.ssdsandbox.net.
crl.globalsign.net
crl.globalsign.net194.7.155.82
Download URLs
http://crl.globalsign.net/Root.crl
http://crl.globalsign.net/primobject.crl
http://crl.globalsign.net/ObjectSign.crl
Outgoing connection to remote server: crl.globalsign.net TCP port 80

Submit another sample for analysis

jamesspo
Former Member
Message 18 of 40

Re: netguard blocks risky connectio´n

I saw this this morning as well...blocked same adderess 194.7.155.82.   at  9:45:12 AM EDT, March 18th.   I'm generally not too concerned as usually the offending process for these blocked access attempts is my browser (and usually just some ad query embedded in a page that's been incorrectly flagged), but coming from "Host Process for Windows Services" raises my attention a bit.   I'll be following.

edwardjwlaunt
Former Member
Message 19 of 40

Re: netguard blocks risky connectio´n

I thought the same thing but running a current full scan I've picked up 1 infected file so far at 24%. The last time I scanned for viruses or anything was Friday (full scan every Friday for me). When the scan completes I will post any relevent files from this IP in question. Whatever it is, it caused one of my computers to lock up until I did a hard reboot. And it's not just some old clunker, the one that chugged is a 2.0ghz dual core with 8gb of ram onboard. I have a feeling it's more than just a simple McAfee updated file...

Message was edited by: edwardjwlaunt on 3/18/12 10:00:15 AM CDT
edwardjwlaunt
Former Member
Message 20 of 40

Re: netguard blocks risky connectio´n

I too do not have the latest firefox 11.0 update, I didn't even know there was a new release until you just mentioned it. Definitely don't think it's FF related. I'm at 67% scanned right now and have picked up 2 infected files (New since this past Friday was a clean bill of health)

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community