Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by pds324

  1. I was using Sandboxie and RunSafer; I never use Firefox without Sandboxie. I was in the process of upgrading Sandboxie, which is an overstore operation. The upgrade went fine, but upon re-starting Firefox I received the questions about key and screen logging from Online Armor, which I answered incorrectly. Since I posted the question I was able to get back somewhat to where I was by removing the entries for Firefox from Online Armor; that solved the keyboard shortcut issues. Currently all entries for Firefox are listed as Allowed and Trusted and RunSafer, and are shown in the bright blue under the Programs Tab, which is the indication that RunSafer has been selected. However, Firefox no longer runs in RunSafer mode -- the bright green border is missing. Yesterday, in an attempt to get RunSafer working again, I unselected Trust and clicked on Ask. Unfortunately, upon re-starting Firefox my computer locked up tight and I had to hard reboot, so I stopped experimenting with that. All is ok except I would really like to get RunSafer working correctly again with Firefox. Sandboxie is very good but not 100% secure, and I always use RunSafer with a program when possible, and RunSafer mode, Sandboxie and Firefox have co-existed beautifully on my computer for a long time. I think RunSafer is one of the best features of Online Armor. And I guess I need to understand, in case I make a similar mistake in the future, how to reverse a wrong answer when Online Armor prompts me to make a decision regarding keyboard or screen logging. Thanks so much for your help.
  2. I am running the latest version of Online Armor (free) under Windows XP SP3. I've been running Online Armor for years now without a problem, but I messed up yesterday. I run Firefox portable in safe mode (green border around the application frame), and also under Sandboxie. Yesterday, I upgraded Sandboxie, and when I started Firefox portable again I received 2 prompts: Keylogger detected and Screen Logger detected. For both prompts I chose "block remember." That was a mistake on my part, as when I tried to do various functions in Firefox (for example, close a tab with Control-W), I was unable to. So I realized it was a false positive and I chose the wrong option. That's where my problem lies. I searched everywhere to undo my mistaken choice of "block remember" for Keylogger and Screen Logger, but couldn't figure out how to do it. Finally, I went into Online Armor's Programs Tab and deleted the Firefox portable entry. Now Firefox worked fine, but when I switched it back to Run Safer mode, again I lost the ability to do keyboard shortcuts again. How can I undo my mistake and allow keylogger and screen logger AND run in Run Safer mode again? Thanks for your help.
  3. Thanks for the additional help, ctrlaltdelete With regard to "More Reply Options," when I click on it Firefox 15 portable (sandboxed) I get this message: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information." Two buttons are displayed: continue and cancel. If I click continue, frustratingly Firefox returns me to the main Forum page, rather than giving me More Reply Options. I have a Firefox addon that enforces https connections, and indeed my connection to this topic begins "https" so I am unsure if that is the issue. Fortunately, as you have resolved my current problem it's unimportant, but if you know of any solution to get the "more reply options" to appear instead of being returned to the main Forum page, that would be great. And thanks for the addtional detailed response about what going under "under the hood" re The Pirate Bay and I see I have nothing to worry about. Many thanks for the great support.
  4. Thank you for the help. I reviewed the link you provided. I will change the defaults as suggested. I would like to attach one more .png for your review, but unfortunately I cannot as I do not see the attachment option. Weirdly, if I click on the "Start New Topic" button I see the file attachment option but not here. For future reference, can you let me know what the "trick" is to attach a file in a reply? If I click on "More Reply Options" that only returns me to the previous page. Meanwhile, I will describe one more popup I received this morning: I was updating Roboform password manager. When it asked me if I wanted to verify the password identities, Online Armor gave me the green popup, again with and The Pirate Bay, saying that Roboform was trying to make a connection. You can imagine how unnerving it was for that to happen at the moment Roboform was trying to verify my passwords! Is this truly nothing to worry about? Thanks again for your help.
  5. Greetings, I am using Online Armor and Firefox 15 portable, running under Sandboxie. When I fired up Firefox, Online Armor gave me a green message with Connection Details as follows: Protocol: TCP. Remote: (tracker.thepiratebay.org) Port: 1363 Country: Localhost. "Create rule" was already checked, and I checked "Current Session Only" because I don't understand the message. I have attached it here in .png format. Could someone interpret this message for me? Thanks for your help.
  6. Thanks, Andrey; I just sent you a pm, with an important additional detail.
  7. I had Online Armor 5.1 free installed (Windows XP sp 3) and running fine. I then had a system problem, thought it might have something to do with Online Armor, so I uninstalled it (turns out the system problem was my CMOS battery dying). Now, I am trying to reinstall Online Armor 5.1 free but I'm getting this message after the registration section, where it asks me for my name and email address: "You've entered incorrect registration data. Please check if the email address is correct." The email address *is* correct. What can I do to finish installation? Thanks!
  8. UPDATE: Despite having only SP2 on XP, my update to Online Armor went flawlessly. After the update, I elected to run the safety check wizard and everything was fine. Meanwhile, the Facebook association with svchost.exe *still* appears in the Firewall Status window. And I now know it's not the HOSTS file, because the only entry is still just, and it's read-only for good measure. The really weird thing is, the Facebook entries (the ones shown in my first jpeg attachment at the beginning of this thread) only appear when my computer is first turned on in the morning. After a couple of minutes, they're gone and never reappear until the next day's start-up. Can anyone recommend a forum where I can take it further, as I certainly don't think it's an issue with Online Armor. I *try* to run a secure computer, as I surf in Sandboxie, use a variety of Firefox add-ons -- Adblock Plus, Roboform, BetterPrivacy (a "super cookie" safeguard), CookieKiller, Ghostery, KeyScrambler, and Noscript -- and in addition to all that use Avast for antivirus, have the full version of Malwarebytes running (realtime website blocking and other protection enabled), Zemana Antilogger in realtime, and just did an very deep search for malware using Malwarebytes (took almost 3 hours to complete -- hundreds of thousands of files), Hitman Pro, and Norton PowerEraser, all of which didn't find a thing. I even fire up X-NetStat Professional occasionally and if I see a Facebook connection, I make a kill rule so it doesn't reappear. (X-NetStat can't help my startup problem in the morning as there's no active connection to Facebook, it's just "listening.") And I've never experienced a browser hijack. So with all that security, and no sign of infection anywhere, I still face 6 or so Facebook entries every morning, for a few minutes at least. Any thoughts as to what to do (including, possibly, doing nothing) would be most welcome. Thanks!
  9. I thought was "normal" for localhost, but the localhost you suggested is working fine. I'll keep it unless you think I should switch back to Also, I made the HOSTS file read only and there are no further problems. I'll bite the proverbial bullet and upgrade to the most recent version of Online Armor, in a few days, after I have run Acronis for my C drive, in case things go seriously wrong on the update. Hopefully, you won't hear back from me! Thanks so much for your great support, catprincess.
  10. Hello, Andrey, Yes, my version is out of date. I have version I looked into updating to what I think is now version 4.5, but I see a requirement is Service Pack 3 with XP. I don't know if you recall this, as it's now a long time ago, but when SP3 was released there was a flurry of discussion about broken apps. I use my computer for work, and there's numerous, fairly esoteric video production applications, that if they broke upon installation of Service Pack 3, I'd be in huge trouble. (I do maintain all the latest Windows Updates, though.) If you think I can upgrade to the 4.5 version on SP2, please let me know as I'd certainly like the latest release of Online Armor -- I really love it.
  11. Thanks for the clarification on the purpose and operation of the HOSTS file. It *was* my understanding that entries in the file were blocked, but that understanding was undermined by the linkage of the svchost.exe and the Facebook ip address being linked together in the Firewall Status window. I did a lot of research and couldn't figure out why svchost.exe and Facebook were linked there, especially since Facebook was in the HOSTS file. And then, when I removed the Facebook entry from HOSTS, the linkage to svchost.exe disappeared. I would think that *no* entry in HOSTS would make it more likely for a linkage between the two, so I'm still puzzled on that one. Meanwhile, as I previously said, I had removed the Facebook HOSTS entry, and all others except the localhost, but when I just checked it, the Facebook entry was back in the HOSTS file, so a program is putting it back in. I thought Online Armor could lock my HOSTS file, but I couldn't find the setting if it can, so I fired up a program called WinPatrol, which will monitor my HOSTS file for any changes. I don't like running WinPatrol because it's a resource hog, and if you know of any way of locking the HOSTS file, please let me know. (Can I set the attribute for the HOSTSFILE to "read only" without intefering with its function?) You mention the Websites list, but it's grayed-out on my version, probably because I have the free version. I'd like to update, but there's a reason I haven't (see my response to Andrey, who posted immediately below your reply).
  12. Hi, stapp. File sharing wasn't the issue. All is o.k. now. I went into Online Armor and deleted out the entries related to Facebook from the hosts file. I thought I was *blocking* those entries via the hosts file, but instead they were being allowed. Now, the Firewall Status window shows no connection between Facebook and svchost and System/UDP and TCP. Big thanks catprincess for pointing me in the direction of the hosts file for the source of the problem.
  13. I made the change and rebooted. Unfortunately, the problem's still there -- in the Firewall Status window there are 3 associations listed between my svchost.exe and Facebook, and 1 association each for System/TCP and System/UDP and Facebook. I've attached a screen capture to show you. I've also attached the hosts file to show you the change I made per your instructions. Did I do it wrong? Should I manually delete the hosts file entries below the localhost entry? Thanks again.
  14. catprincess, I see why you're listed as a malware expert -- the first entry in my hosts file is the one I'm concerned about. Those entries in hosts got there via the hosts option in Online Armor, but I thought I was *blocking* those sites, not allowing them. Anyway, I'm confused about whether those entries in the hosts file are blocked or allowed, and await further direction from you. Thanks for getting to the heart of the problem so quickly.
  15. I have never (knowingly) installed any kind of proxy tool. To be honest, I don't even know what a proxy tool is. As far as Facebook, I joined a long time ago, never participated, and haven't visited their site in ages, which is why I'm so concerned that an address associated with Facebook is "listening." I work at home for myself so there's no school or employer blocking anything. You mention a proxy tool. Hitman Pro, when I run it, says my computer contains a proxy server, but when I went through a *long* and *thorough* analysis of my computer for a proxy server with a volunteer at Bleeping Computer, no proxy server could be found. I unticked Resolve Addresses in the Firewall Status Window, and have attached a jpeg to show you the results. THANKS for your help -- all those Facebook entries listening really has me worried.
  16. I noticed today in my Firewall Status Window (Online Armor Free Firewall) several entries relating to Facebook.com -- there are 6 of them. Rather than list them here, I have attached a jpeg to show the entries directly. In researching this on Google, I have been able to find out very little, other than the entries for Facebook appear to be proxies. There are no Facebook cookies on my computer, and I haven't visited the site for over a year. What do these svchost.exe/TCP and the System/TCP associations with Facebook mean? I am concerned it is indicative of malware of some sort. Thanks very much.
  • Create New...