ow7iee

Member
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ow7iee

  • Rank
    Member

Profile Information

  • Gender
    Male
  1. Thank you.. Those screenshots and your explanation meant a lot. Now I can calm down knowing it's not some nasty malware hiding itself
  2. ok.. just uploaded the one in SysWOW64 and here's the link: https://www.virustotal.com/sv/file/e9bc87e0c90d1a5469cc2b3fe68e555480dfb3fc807d5a0a0232db25e7a21a35/analysis/1374528381/ Looks clean to me...
  3. I would be happy to do that, the only problem is that it doesn't exist No explorer.exe in system32 at all, no autostart entries in the registry points to that either! But if I delete the entry in OA.... Online Armor ads the system32/exlorer.exe entry again after reboot... I think this is not a virus or anything, maybe OA just registers the explorer.exe in 64-bit windows wrongly?
  4. Yes.. But why doesn't OA detect the real path instead of /system32 ... It's well known that many trojans places a false explorer.exe in system32. If I didn't know that I wouldn't have spent a whole day inspecting my computers files and registry entries...
  5. Why does online armor re-add these entries after every windows startup??? Also in autoruns section it detects: explorer.exe, 0.0.0.0, (0.0.0.0) C:\Windows\System32\explorer.exe Hash(MD5): 219E677B3CC4BDE37251CD3F6FA2702A There is no explorer.exe in system32. If I understand correctly from what I've read on several tech forums 64-bit windows automatically redirects a call from a 32-bit binary for explorer.exe at the C:\Windows\System32\ location to C:\Windows\sysWOW64\Explorer.exe .. since that is the 32-bit version and the 64-bit version of Explorer.exe is in C:\windows\ The reason I'm posting this is because I spent almost a whole day with several security apps and inspecting hijackthis logs over and over again like a maniac, trying to figure out if my computer had been infected with malware... I can't understand why online armor doesn't recognise the correct path, it would've saved me from a lot of headache...
  6. I'm a long time Online Armor & NOD32 user... excluding nod32 in OA and vice versa has always been enough and having HIPS enabled in both applications have never caused any problems. However, since Windows 8, their honeymoon is definitely over I had huge problems yesterday since my computer locked up completely for the 3 rd time in just one week!!!. This time I couldn't even uninstall OA, I couldn't open task manager either because it locked up the whole os before it fully loaded up . Was also trying to restart into the new service mode in windows 8 pro (old safe mode) or whatever it's called but since my computer froze during logging out there was no way, had to hold the Power button and force my computer to shut down over and over again... Regedit froze so I could't delete the autorun entries... cmd.exe froze ... etc etc... Well you get the point I finally found the solution, disabling HIPS in Eset NOD32 V6 released my computer from this uber-mess... Apparenty, since Windows 8, exluding online armor and nod32 from each other isn't enough anymore... I also tried disabling HIPS in online armor and enabling it in NOD32 and it worked just fine aswell.... However I decided to have HIPS enabled in online armor instead since it offers more control over things... I hope this warning prevents other people from having to go trough the same computer hell as I did
  7. Wow! I never seen customer support as great as here anywhere else... Many thanks for all your efforts trying to help No I don't have active subnet scanning enabled. My computer is connected directly to the broadband wall socket (temporarly until I'll get a new wireless router) About the sniffer... Many thanks for your offering your help.. I know exactly what it is and how to use such software... I played a practical joke on a neighbour friend a few years ago, he laughed when I told him to change from WEP to WPA because of the weak security in wep.. This was before facebook supported the secure server protocol, I called him and told him to come over to my house, I showed him so he could se with his own eyes, I had captured just about 100 megs of data, I revealed his wep password just in a few seconds with aircrack, also he is a great friend so I didn't want to look at the data in the packets so I asked first and when he saw that his latest facebook status update was visible right there in clear text in commview he understood. Afterwards he thanked me I would never use a sniffer for illegal activities, people that doesn't respect our laws makes me angry! I do like to experiment and try stuff, to learn more and improve my computer skills... Since I know a little more than the average Joe about network security and related stuff and how a person with bad intentions can use a sniffer to steal passwords and other private data I got a little worried when I saw all the computers appearing in online armor. That's why I started this topic, also thats why I'd never accept using anything else than online armor for firewall protection. A million thanks for your efforts... And for the best firewall software aswell... I don't really know what problem can be, can an ISP really be so incompetent that they let us customers access and view their own router interface? But now when I think about it, I guess you're right... It can't be anybody elses, especially since I'm connected via wire and don't have a wireless router atm... If you get some new ideas what can be causing this I'm happy if you can post more info here. Thanks again Oh btw... maybe I'm a bit stupid and this feauture is already available in OA. An option / setting that automatically sets all future computers that pops-up in the "Computers List" into "Not Trusted" state. Would be a great option when weird stuff like these happens...
  8. Hi again... The female on the phone didn't really get what I was trying to explain and I was in a hurry so I we didn't solve this issue... However... today I got an idea, I downloaded a network scanner, I thought it would show the name of the computers, just like OA always done for me in the past until I got the new ISP. Here .... This picture might explain it? Every http;// found in there goes to a "WEB LOGIN" page... different ip:s but always the same page!!! That means it CAN NOT be computers that is filling the "computers" list in my Online Armor... Is it a server that is acting weird, changing ip:s all the time?? I tought it might be easier for you now after this, to solve it and tell me what's wrong? I hope you can see what's wrong now... Many thanks
  9. This started after I had switched to a new ISP a few days ago... Before that the list was almost empty, only my smartphones were in the list if they were connected. I don't get this... new computers all the time now in my list... At least 10-20 unknown computers / day, I give them all the "Distrust" status... I'm not running a network, I live alone with my kids... We only have 1 computer atm.... Any ideas whats going on here???
  10. Thanks for the answer, I'll uninstall OA and do a fresh install now
  11. Since the upgrade to version 6.0.0.1736 I've been wondering if it's recommended to completely uninstall OA and do a fresh installation instead? Is there anything to gain in a clean installation of OA, better performance or anything compared to the normal automatic upgrade???
  12. For some strange reason it's not even listed in firewall settings. I added it manually and "allowed".. In Programs settings it's trusted. Same thing happened again so I checked firewall settings and consent.exe wasn't there anymore. Hmmm, tried it one time again, added consent.exe to firewall settings and made it "allowed", it was removed only a few seconds later and automatically blocked by online armor again. This isn't a super big issue after all, but I'm a problem solver and I can't give up until I've solved the problem, even if it's a really small problem like this... Hm, I should've re-installed online armor hours ago, that would probably have solved sorted it out and saved me a few hours Thanks for trying to help, if you got any more ideas on how to fix this I'd very happy to know... If not I'll probably have to uninstall / re-install OA tomorrow and se if that helps...
  13. It keeps blocking consent.exe (the regular CLEAN file in c:\windows\system32\) ... Check this text below: Created: 9/24/2012 10:20:55 PM Summary: Firewall: Automatic decision Description: C:\windows\system32\consent.exe, Outgoing TCP access blocked to: (ocsp.verisign.com;ocsp.verisign.net;ocsp.thawte.com;evsecure-ocsp.verisign.com) 199.7.57.72:80 Event type: Firewall: Automatic decision(17) Event action: Blocked(3) It doesn't matter how many times I remove it from online armor or set it to "ask" and the allowing it. A few minutes later it's blocked again! What's going on here??? I'm running Online Armor Free on Windows 7 Home Premium 64-bit btw...
  14. I see that this post is a bit old now but I just thought I'd post my tip anyway... I solved the problem by excluding oa in nod32, like this: C:\Program Files (x86)\Online Armor\*