Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Lode

  1. Hi!

    I see that my laptop makes contact with Facebook. I've no Facebook account, and the only reason I see for this might be that a friend of mine has added me to her Facebook friends list, which she confessed she had. Although even then I don't understand why this is happening.

    Anyway, how can I block this?

    Not that I have anything to hide or am paranoid. I just don't like this possible spying out of principle. Especially not after seeing this:


  2. PS:

    It also looks like not allowing those items interferes with automatic Windows updates. I checked for those, and there were a number I had not received. I looked in OA's program list last night and found one of the 2 items as blocked, but could not find the other one -don't remember which one I found and which one I didn't- so to start all over again I un-installed OA and installed it again. This morning when I checked for Windows updates again there were 4 more essential ones, and after installing them OA again asked about "dwmapi.dll" and "inetcpl.cpl", so this time I allowed them and let OA remember my decision.

  3. Hi!

    For the first time since I have enjoyed OA Premium these last years, I just got some OA popups, asking me to allow or block the following 3 items when I used my IE9 browser after not having done that for a long time (Opera is my default, Firefox my second choice):

    inetcpl.cpl -> explorer.exe

    iexplore.exe -> dwmapi.dll


    When I opened IE9 -which I set to make of Google the home page- an IE9 message appeared asking me for permission to have the keystrokes be send to MS through Bing. That is when those OA popups showed up. I allowed it, not knowing what to do yet.

    I removed the Bing bar and everything related to it using RevoUnistaller free, then I opened IE9 again, but the MS message asking me to have my keystrokes send on through Bing appeared again. The OA popups also appeared again, and this time I had it block the above mentioned items and remember my decisions.

    OA reported that MS wanted to have my browser history, favorites, and HP (brand of my notebook) info send to them.

    Before that I had noticed OA showing that something called "seaport" was constantly very active sending and receiving data. I googled it and found out that it is a MS feature taking up a lot of memory. It is part of Windows Live which I don't use, so I had RevoUnistaller remove that as well.

    Although I have nothing to hide, just out of principle I congratulate OA for making me aware of these issues, and offering to block the MS spyware.

    Some very unflattering info on Seaport:


  4. Update:

    Hurray! After a few more reboots the handy little green square is back again. I did not have to reset my machine to the system backup I made 3 weeks ago, and then have to go through downloading/installing all the updates etc. that occurred since then again.

    I'll make a new complete system backup of this current situation now.

    Problem solved.

  5. Hi!

    For reasons unknown to me since today the above mentioned icon does not show up anymore on the list of pictograms when I click on "Properties" on the tray bar.

    I can still call up the Firewall Status monitor, but not get the handy little green square back on the tray.

    At first even the OA shield icon was also gone. In the Start list I could call OA up, but only make the OA shield icon appear on the tray bar properties list by clicking on OA's update (there was no newer update, as I knew, but I did it to see if I could get the OA shield icon back, and it worked.)

    So I have the OA shield icon back on the tray. But not the green square.

    I wonder if this has to do with the latest recent new update/version of OA, or with the right after that following Windows updates, among which was the usual program for searching for malicious software.

    It was only just now after the required reboot for Windows updates that this problem appeared. But it might have been caused by the equally recent OA new version/update. I don't remember if I had already rebooted for the latter.

    I'm thinking of using a complete Windows System backup I made a few weeks ago, and this time make sure I don't get Windows "Searching for malicious software" update on my machine. But I would like to check here first, in case it is caused by the new OA version that was automatically downloaded/installed yesterday.

  6. Thank you.

    I have not seen that facebook thing anymore lately, but when I see it again -I sometimes check when I awaken my notebook, or after a reboot, just to see what it is connecting to- I'll follow your instructions, using the 'Restrictions' field.

    I mostly use Opera, Firefox, and sporadically IE9. Not Chrome. And googling to find out what 'Trusteer Rapport' is, I think my bank might be using something like that, as it doesn't allow my browsers to remember my username and password.

    I always have OA in 'Advanced' mode. Can't remember why. :)

    Thanks again. :thumbs:

  7. Thank you.

    I'm probably just being paranoid after having seen this clip once: "Do you have Facebook?": http://www.youtube.com/watch?v=ZMWz3G_gPhU

    As I have nothing to hide, I have nothing to worry about, but it's just the principle.

    Anyway, when I see that IP again, can I just copy it and paste it in 'Restrictions'? (I don't understand the difference between that and the 'Blacklist.')

    I have OA Premium.

  8. Hi!

    Lately I have seen on OA's Status screen that there is a connection to this: www-13-01-ash4.facebook.com:80

    I have no Facebook account, nor anything to do with Facebook, so I wonder what this might be, and if it even really is Facebook.

    This brings me to my question: Is it possible to prevent my notebook from connecting to an IP? Any 'blocklist' or something like that in OA?

  9. Would be interesting to see this as a potential future option, kind of like what Linux does. IE a program wants to install and you get prompted to enter a password prior to allowing or blocking it.

    Exactly. I brought this topic up because I once had something happening on my laptop that in the end only reformatting got rid of. It was partly my fault:

    I had gone to Windows' update site unsandboxed not to let Sandboxie interfere with the downloading/installing of updates, and from there gone to a Russian site -still unsandboxed- to read an article in English. This was my first error.

    A few days later my laptop was nearly out of my control. My AV and ASW did nothing to stop it.

    But I scanned with SAS and MBAM and they both found a trojan. But instead of letting it be removed I wanted to see if my AV would also find it, and scanned with my top AV (according to AV-Comparatives) and it did not detect it. I scanned again with SAS -nothing found now- and MBAM -same- so I suppose I had prodded it to change itself. So this was my second error.

    Even the experts on the original (Dutch) HijackThis forum could not help me get rid of it. The one trying posted that it was a know hacker attack and gave a link to an article about it. But half of the time I could not even go online, receiving error messages. And it would take minutes to move the scroll bar or save a document. In the mean time my screen would blink off for a second once every minute.

    The OA IP monitor showed tons of connections to the Russian Republic. And as soon as I blocked them as fast as I could, new connections were made.

    So I wondered if this would have happened if OA had password protection for new installations and settings or something like that... I still don't understand how this could have taken place. But that's old water under the bridge now.

  10. Thank you.

    I had a little problem -I could not get to my router- and asked for help on the Opera forum. It turned out that I was typing in 168.192.01 and Opera was automatically changing it to

    So I though Opera was preventing me from getting to my router interface.

    Luckily someone on that forum noted that the address should be And Opera is so good as to correct it to that even when I typed in the address without the last dot:


    On my router interface I under "Firewall" I see:

    "Enable": "Enable" is checked.

    "DMZ": "Disabled."

    Under "DoS":

    "Ping of Death": checked.

    "Discarding Ping on WAN": checked.

    "Port Scan": checked.

    "Sync Flood": checked.

    Under "Access":

    "Enable MAC filtering": unchecked.

    Under "URL Block":

    "Enable URL Blocking": unchecked.

    That's all under "Firewall."

  11. Speaking of echo replies, could having "Echo request" checked as Allowed in OA's ICPM not be related to this ping reply?

    My router is a Sitecom 300N. I can get to its interface by typing 168.192.01 in my browser, and know how to set WPA2. But beyond that it's all Greek to me.

    Normally only a non-wireless modem is given by my provider, but luckily they also offered this wireless router for free as a special offer for a short while for new clients. There is only one pc -my laptop- connected to it.

  12. Are you using a router? Most likely your router reporting in. You can check under firewall/icmp to see that echo replies are not allowed by OA.

    Thank you.

    I already found it hard to believe that OA would allow a thing like that.

    And yes, I'm using a router.

    In "firewall/icmp" I see checked in Allowed only these 4:

    8. Echo request.

    13. Timestamp request.

    15. Information request.

    18. Address mask reply.

    All the others are unchecked under Allowed.

    Under "Logged" all are checked.

    I had never even looked into this ICMP.

  13. Hi!

    I suppose this has been addressed already, but I could find no reference to it.

    This is what the test site Shields Up just reported:

    "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

    I wonder if this is a false positive, or if it would not be a fp, can I configure OA Premium to prevent the mentioned ping reply?

  14. Thank you.

    I have no malware on my laptop as far as I know, nor according to my av and anti-spyware scanners. Everything works fast and normal.

    I was thinking that with password protection it would be even more hacker-safe. But I guess if a hacker or cracker would enter and begin to change OA settings -or even disable OA- I would somehow see it.

    Still password protection might not be a bad idea. It's just that I would still have to be able to see popups, and then use my password to allow or block the action.

  15. Hi!

    I have 2 questions:

    I understand one can use password protection to prevent someone using one's pc to change OA settings.

    1. But could that also be utilized to prevent a hacker or cracker from making changes to disable enough of OA to do his thing?

    I still don't understand the settings of a password for OA. It gives 2 options (I translate from my Dutch version):

    A. Enable automatic protection.

    B. Lock GUI.

    2. What exactly does each of these options do?

    I had a severe cracker problem on my laptop some time ago, and I imagine that somehow the settings of my OA were tampered with by the culprit.

    I posted about the problem I had then: "Some Russian guests on my laptop...": http://support.online-armor.com/showthread.php?t=12735&highlight=Lode

  16. PS:

    A dear friend mailed me from the US:

    "I sent you a fairly short email this morning 9:32 my time with a bunch of questions in it, but it looks like it might not have gone through. Did you receive it? I've got it in my "Sent" box but it doesn't show up in our correspondence. I was just curious. Also I notice that your name is now showing up as "L. Langeweg" now, not with your full first name. Did you change something?"

    So it was the change I made by making that gmail account. If I ever make one again I will make sure to not tie it in with my regular e-mail address.

    Video about Google and gmail removed. Interesting, but nothing to do with CLOSE_WAIT

  17. Thank you. :)

    After having let a night pass now in the morning my e-mail comes in normally again.

    Maybe it was a problem with my provider, or because for the first time I made a gmail account, using my regular e-mail address, and thus created a conflict, or something else, I don't know. Right after posting the above and scanning for malware -nothing found- I canceled both my Google/YouTube and gmail accounts to make sure there was no conflict. I can always make new ones if I would need them.

    I am glad it is solved, and now also understand what CLOSE_WAIT stands for. I had seen that many times before over the years of course, but it was only now that I started to worry about it because of the e-mail problem. Not really logical to connect those two, but feeling even slightly upset can interfere with logical thinking... :blush:

    Oh well, all's well that ends well. :D

  18. Hi!

    Sometimes I see "CLOSE_WAIT" as the Status of an IP in the addresses list on the Firewall Status panel. What does that mean?

    The reason I am asking is that since a day or so when I try to get my e-mail using my Opera browser with its e-mail program I don't receive it. I now always get a "No new messages for..." which now takes about a whole minute vs the few seconds it took before. And the following appears on OA's panel:

    proxy.alice.nl:pop3 / CLOSE_WAIT

    I can still get to my e-mail going to the site of my provider -alice.nl- but the e-mails I see there that normally are always send to my laptop are not being send on now. Even when I send a test e-mail to my own address it stays on the site of my provider. This has not happened before in the years I am with this provider.

    (In the mean time I'll scan for malware...)

  19. I have a laptop with wireless connection to a router, which is connected to a modem. So that other connection (pc_van_Hans) must be of a neighbor who is -was- somehow connected to my wireless signal and laptop. I have no other connections.

    That Windows connections list of those 12 signals are the totality of signals in my vicinity, but mine is accessible only to me now because I have applied WPA2 since my above post.

    On the OA Interfaces list only appears 192.168.100, which includes only mine and hans' connections.

    I just changed his connection on my Computers list to "Not trusted."

    Rests only one question: If I remove "pc_van_hans" from my Domains list, does that only remove it from that list or also from my laptop?

    (For now I blocked it also on my Domains list.)

  20. Thank you! I had not thought of checking there.

    It does indeed appear in that list besides my own router. This is the info (sitecom is mine):

    -, CO-CB-38-2F-46-63 - Wireless networkconnection

    ... 192.168.001, 00-0C-F6-51-18-BB (sitecomwl312.sitecomwl312) <networkpoint/router> (Status: ? Unknown -light bulb)

    ... 192.168.101, 00-19-D2-83-54-40 (pc_van_hans) (Status: ? Unknown -no light bulb)

  • Create New...