Jump to content

Bakken Hood

  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Hey, it's good to hear from someone else with the same experience. I wouldn't call it a thread hijack. Good eye; my History only has one "l" in oawatch.dl, but after I clicked "block" (with "create rule" checked) when the prompt came up, oawatch.dll (located in the OA program folder) turned up in the Programs tab with a rule to block it automatically. Not wanting to cripple my firewall, I changed "block" to "ask" in the rule, but it hasn't raised its head again. What I really find disturbing about all this is that the OASIS database knows that OA has been blocking the file, and I'd think by now Emsisoft would have 1) identified a bug in its software that caused OA to stymie its own components, or 2) realized that there's a hack out there that specifically targets OA users. I'm assuming it's either a minor software bug or a hack, but Emsi doesn't seem to have addressed it.
  2. The digital signature seems ok, though I'm not nearly savvy enough to know how to spot a fake one. I do remember than when I got the prompt, it didn't show a digital signature in green, like it does for googleupdate.exe and whatnot, although it did identify it as an Emsisoft product. It looked like a well-done fake at the time. It doesn't look like I'm alone in this. Via my right mouse button, Windows seems to think the signature is valid, but I don't trust anything that guy says.
  3. I can't make sense out of this one. Out of some quixtotic sense of honor, I'm moderating a bankrupt, spammer-infested web forum that hardly anyone goes to anymore. I have an unproven suspicion that this forum gave me a bug last year that forced me to reformat, so now I'm only visiting it using Chrome with plugins disabled. Still, when doing my spam check earlier today, I got a popup from OA urging me to block OAwatch.dll and identifying Chrome as the parent program or something to that effect (OA apparently doesn't log these details, so I can't check). Figuring that OA knows how to keep track of its own processes, I assumed it was an impostor and blocked it. Now, though, I look at the "Programs" section in OA and it claims to be blocking one of its own components. At least, the file is in the OA program folder and EAM's scanner doesn't think it's harmful. Am I crippling my firewall by stopping OAwatch, or am I rightfully subduing something dangerous?
  4. Many thanks to ProPain and everyone who gave him advice. This thread saved me a lot of trouble. But not all trouble... My gaming setup is similar to ProPain's, except I'm running Windows XP and an Xbox 360. After initially failing to connect with Xbox Live (henceforth XBL), I opened port 53 to outbound UDP traffic, as described above, and the Xbox was able to connect to the internet. Then, new problems started showing up. -The Xbox gave me an error message about an insufficient MTU (Maximum Transmission Unit). I found the Xbox support page for that error message, and one of the solutions mentioned four ports that have to be open. In addition to port 53, it needs port 80 (HTTP), Port 88 (Kerberos authentication protocol), and port 3074 (used exclusively by Microsoft's gaming services). -I found I could access XBL if I opened all four ports to all traffic (gulp), or disabled OA entirely and reverted to Windows firewall (bigger gulp). Needless to say, I don't want to do either of those permanently. -The internets said that port 3074 is only used by XBL and its PC equivalent, so I figured I could safely unshackle that one. Upon doing so, I stopped getting the MTU error message. In its place, it said it could connect to the internet but not to XBL. -I finally got online by opening port 88 to all UDP traffic (I didn't need to do anything with port 80). Seeing as how I think a "network port" is the hole my LAN cable goes in, I ran this by a more computer-savvy friend, and he said it was safe to do so. I'm all but clueless on networking. Am I taking any risks by opening ports 3074 and 88? There aren't that many people using laptops as Xbox wifi adapters, so it seems like it would be pointless to attack 3074, and I can't imagine a trojan would bother with authentication, so 88 seems safe as well. Am I wrong about any of this? Thanks to everyone who's already posted here. If anyone else reads this on account of the same problem, I hope it helps.
  • Create New...