Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Log Viewer blocked items

  1. #1
    snagglegrain Guest

    Default Log Viewer blocked items

    Hello everyone!
    I tried to find help for this question via search but was unsuccessful.
    I am currently running ZAP version 7.0.462.000.
    Sometime back I wrote 2 rules to block a couple sites that I figured were adservers.
    It was long enough ago that I forget the details of why I did it, but what I blocked was google-analytics.com & adopt.specificclick.net.
    ** See Edit below **
    Recently I started checking log files again
    (something I tried not to do because I figured it would drive me nuts!), and guess what?
    I'm going nuts again!
    I see multiple (as in many, many... 12 an hour approximately) blocked entries wherein both
    explorer.exe and winlogon.exe
    make unsuccessful outgoing attempts (because I wrote those rules awhile back)
    to connect to both
    www-google-analytics.l.google (64.233.161.99:53)
    and to adopt.specificclick.net (64.79.161.90:53).

    These are Program alerts with Medium ratings.

    Here are
    my questions ...

    Is this out of the ordinary?
    Can someone please try writing these two rules and seeing if your machines are constantly trying to connect to those two sites?
    I sure need to hear from others whether this is acceptable/normail behavior, or if I have some malware
    onboard trying to call home.
    I just don't understand the need for these two processes to be trying to connect all the time.
    My computers are running fine.
    I run
    security programs (**bleep**!, BOClean, ThreatFire, SpywareBlaster, Spybot, a-squared Anti-Malware) and have run ARK scans
    like GMER and RootkitRevealer, F-Secure and others.
    I never get any trojans or spyware.
    I keep Windows updated religiously.
    Thanks for any help!
    --> Edit!
    When creating the rule, do not write the
    site as
    www-google-analytics.l.google . Instead, write it as google-analytics.com .
    The Destination DNS will then show www-google-analytics.l.google in the Log Viewer.


    Operating System:
    Windows XP Home Edition
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Pro


    Message Edited by Snagglegrain on 04-20-2008 09:06 PM

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Log Viewer blocked items

    Just to check something, turn off those rules you made, and see if your browser gets hijacked. I think maybe it will.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    snagglegrain Guest

    Default Re: Log Viewer blocked items

    Okay, will do.
    But how will I know it's hijacked, and also, with the security tools I mentioned, I doubt that it will.
    But I'll turn off rules and tell you what's what.
    Thanks

  4. #4
    snagglegrain Guest

    Default Re: Log Viewer blocked items

    I don't think it got hijacked, but I'll let you tell me how I'd know.
    I noticed an instant Program alert in Log Viewer... Type: Changed module explorer.exe made an outgoing connection to 199.7.54.190:80 Destination DNS crl.verisign.net
    This must mean something, like new certificates or something?
    I should now turn those rules back on and see if I am still getting the constant alerts?

  5. #5
    snagglegrain Guest

    Default Re: Log Viewer blocked items

    Hoov
    To the best of my knowledge, no browser hijack happened.
    Please try creating the rules yourself if you would (or anyone else who wants to help) and see if suddenly your Log Viewer is showing this type of Program connection attempt.
    I have to be away from the computer for a while but I will check in again, of course.
    Thanks for any assistance!

  6. #6
    snagglegrain Guest

    Default Re: Log Viewer blocked items

    I got it taken care of, Hoov.
    Thanks anyway.
    I had no idea that "today, more that 200,000 websites use Google Analytics" and that "41 of the 100 most popular sites are tracked by Google".
    Anyway, after a little more research, I determined to add a few entries to my Host file as follows...
    127.0.0.1 www.google-analytics.com
    127.0.0.1 google-analytics.com
    127.0.0.1 ssl.google-analytics.com
    127.0.0.1 *.google-analytics.com
    Then I checked into adopt.specificclick.net and found out where it comes from, so I added...
    127.0.0.1 www.savvis.net
    to my Hosts file.
    All of the outgoing contact attempts I posted about
    have stopped.


  7. #7
    snagglegrain Guest

    Default Re: Log Viewer blocked items

    Everything worked swell for about 1/2 an hour, then I was unable to connect to load any web pages.
    Log Viewer said that all Destination DNS was a Loopback.
    As soon as I deleted the Host file entries, I was back in business.
    So, I am right back where I started from.
    Zap is blocking outgoing attempts to connect to google-analyitics and specificclick.net because of my rules.
    I also think I am having a conversation with myself right now
    <smile> so I'll keep looking trying to find my answers.

    Message Edited by Snagglegrain on 04-21-2008 12:04 PM

    Message Edited by Snagglegrain on 04-21-2008 12:06 PM

  8. #8
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Log Viewer blocked items

    Sorry, for personal reasons, I no longer spend long hours helping people. I spend a few hours a day. Partially from burnout, and partially from other reasons, it is no longer prudent for me to do as I used to do.

    As for the hijack, If you try to go to one page and you end up at another site, then it got hijacked.

    Are you using any third party toolbars? Like the google toolbar?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  9. #9
    snagglegrain Guest

    Default Re: Log Viewer blocked items


    <blockquote><hr>Hoov wrote:
    As for the hijack, If you try to go to one page and you end up at another site, then it got hijacked.
    <hr></blockquote>








    Definitely was not hijacked.
    <blockquote><hr>Hoov wrote:

    Are you using any third party toolbars? Like the google toolbar?
    <hr>
    Not now, not never.
    Sure is bugging me how explorer.exe and winlogon.exe
    are trying to connect to these two sites.
    On my other computer, it is svchost.exe that is trying to connect to them.

    </blockquote>

  10. #10
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Log Viewer blocked items

    Download the HijackThis Setup Program


    Save HJTsetup.exe to to folder of your choice, then navigate to that folder and double-click HJTsetup.exe to start the installation.

    Accept all default options by clicking Next or Install during the setup process.

    HijackThis (HJT) will be installed in the C:\Program Files\Hijackthis folder by default and a desktop shortcut will be created.

    Upon clicking Finish, HJT will automatically open. Do a system scan and save a logfile. Once it opens the log, copy it and paste it here.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •