xtent

Member
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About xtent

  • Rank
    New Member

Profile Information

  • Gender
    Male
  1. I might have done in the past. At the moment OA is not showing 'remove password', indicating that (it thinks) none has been set up, so I will try adding a new one. If I receive the error only when a password is not set, then I will stick to having a password for now. Perhaps a clean re-installation to a different program files directory might help solve it. My system after a thorough malware scan seems to be fine. Thanks
  2. I have had the free most recent version of Online Armor installed for some time, and only recently I have had a message pop up during startup to enter a password. The program has not been tampered with, and malwarebytes avast superantispyware etc detect no issues of infection on the system. Could it be a registry or related OA issue? If I enter a random password, I usually get 'password error' but I am certain that 'invalid password' has popped up before, similar to this old post from 2011:- http://support.emsisoft.com/topic/4147-oa-free-asking-for-a-password/ I could not work out which program was linked to the request for a password until I noted the same style for the frame of the blue window, and that when the error message appears, an OA shield is shown in the taskbar, as shown in my second image below. Thanks for any info. I might try and reinstall windows however as it is a fairly old laptop desperately running out of hdd space (2007 1.5Ghz dual laptop, intel gfx, 100GB hdd total). Thanks for any info. I just want to be sure that the message is legitimate or a likely infection.
  3. sorry, my fault-I may have been confusing "hosts file" above with 'prevhost.exe' in my first post. I also thought there might have been a way to read information from the 'prevhost.exe' service, that might indicate how/what/when communications to these websites might have taken place, but I think from your reply that is not how 'prevhost.exe' works, and probably isnt readable to a general viewer, unless they understand binary or whatever language is used, haha. I think I have more understanding of it now, and feel better in the knowledge that websites shown in brackets also show what websites or location the 127.0.0.1+exact port was used with beforehand, and not always at the current time. I thought the executables at first were ALWAYS connecting to these sites (or some other exe was, hidden, and pretending these exe's were starting the connection as some sort of cover up-without OA or my antivirus knowing). I thought the system was infected! paranoia, haha thanks
  4. I am using the latest free version of online armor. I have noticed that with certain known files that I believe are usually safe, such as C:/Program Files/Common Files/Java/Javaupdate/jusched.exe, I am getting the same website information next to it yet again: C:/Program Files/Common Files/Java/Javaupdate/jusched.exe Outgoing TCP access allowed to: (tpb.tracker.microsoftarecrazy.net;www.applemad.org) 127.0.0.1:12080 so I have some short questions, just a yes or no 1-is the 'tpb.tracker' website shown in brackets above, simply history, and only related to 'jusched.exe' or whatever exe is next to it... simply because they have both used 127.0.01:1280 in the past? 2-is the 'tpb.tracker' or website information shown only gathered from prevhost.exe? 3-is there a prevhost viewer? I have now been told that any tracker or web info in the OA pop ups, suspicious or not, may be related to installed software, but I cant find anything thanks
  5. thanks, thats a bit clearer I have malwarebytes,spywareblaster and avast antivirus installed, along with windows own (defender+UAC). Perhaps one of those added the website to the host file, but how can I find out what software on the system is attempting to connect to these websites or trackers? I have just received another similar message in the OA history, yet all the system is doing is browsing this website.
  6. II have cleared my online armor history.. but after a few hrs Im still getting the same odd messages in history, sometimes with the same random websites in brackets-its still 127.0.0.1:xxxx, but not the same googleupdate.exe and prevhost.exe files anymore. The rest of the time OA seems to be allowing temporary files to access the internet, for example: AppData/Local/Temp/TRPg9F9sA.exe.part was trusted automatically C:/Windows/Temp/Runboot-temp .5accd8tc-7b7evt7-22db7d8 Outgoing TCP access allowed to: (tpb.tracker.microsoftarecrazy.net;www.applemad.org) 127.0.0.1:12080 perhaps im worrying over nothing, but I might reinstall my firewall or change it completely to see if that makes a difference
  7. So my computer trying to connect to itself.. is a result of this pc trying to connect to bad addresses? ..and the websites listed in brackets in the OA pop up (below) are just a history, and not necessarily linked to the exe files themselves in the same OA window? Im not sure what a dns server is needed for, if its referring to my internet provider or the server hosting the 'bad' website my system has connected to.. but.. thanks. I havent received any more odd messages as of yet, in full they were odd, along the lines of Created 05/02/2012 16:26:01 Summary Firewall: Automatic decision Description C:\Windows\system32\prevhost.exe, Outgoing UDP access allowed to: (tpb.tracker.microsoftarecrazy.net;www.applemad.org) 127.0.0.1:61702 Event type Firewall: Automatic decision(17) Event action Allowed(2)
  8. Im not very technical and dont understand what is meant by 'udp' or a 'dns reply', so im not 100% clear on your reply-but thanks anyway I used to think that 127.0.0.1 was always a reference to any current computer that I use. I didnt think that 127.0.0.1 could be a reference to any other. So are the addresses or trackers listed in brackets, in-between "Outgoing UDP access allowed to:" and "127.0.0.1" ...are simply addresses that use the same 127.0.0.1... that my computer has connected to in the past? Slightly confused I still dont understand the relation between the prevhost.exe and googleupdate.exe applications. Sorry for the confusion LOL. From the OA message in my first post, I thought that the exe programs were actually connecting to the addresses in brackets, or allowing the connection. My other guess was that the system (inc OA) was infected, and the exe programs listed in the OA pop up window was just cover up to not tell me where the original 'bad' exe was, that may have been connecting to the addresses listed. I hope some of that makes sense! I thought some of these tdp.tracker addresses sounded questionable-I think the family may like to browse anywhere they want, so I may need some kind of safe monitoring software to make sure they are using the internet appropriately, but thats another story thanks
  9. I am using the freeware version of OA - it gave me 2 pop ups earlier today with "C:\Windows\system32\prevhost.exe" Outgoing UDP access allowed to: tdp.tracker.. 127.0.0.1: 61702" and "C\Program Files\Google\Update\GoogleUpdate.exe: Outgoing UDP access allowed to: tdp.tracker.. 127.0.0.1: 58610" The tracker is identical in both and the tracker address suggests an untrustworthy website, but I have scanned the system and also uploaded both prevhost.exe and GoogleUpdate.exe to various multiscan websites, which all suggest the files are clean. Is there a way I can find out through OA exactly why these files are allowing this outgoing UDP access to happen? This system is used by many users, Im thinking that the programs suggested above may be just a random choice (lies), if it is an infection on the system... but if all my antivirus programs suggest the system is clean, what can I do? thanks for any help