Nortd
2010-08-13, 14:07
Hi, anyway I have SpyBot installed on my system, I update, scan and immunize on a regular base and just today I noticed while using the Windows 7 Task Manager's "Resource Monitor" under Networking that every time I open my Firefox a connection is established with the (www)007guard.comwhich is a reported malware site.
Now, since I immunize every time I update the software, I know how it works. It basically binds the badware site to a loop which is redirected to the host local address.
Or something like that.
This is what it says in my host file:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
Everything fine there?
Here is a picture of my netstat:
http://img40.imageshack.us/img40/9936/netstat.png
So why is there a connection established to this site?
Even after I open firefox every once in a while there are again a couple of bits send to this site.
So why are bits send to that site all the time? even if its just 1 or 3 bits,sometimes more.
Now, since I immunize every time I update the software, I know how it works. It basically binds the badware site to a loop which is redirected to the host local address.
Or something like that.
This is what it says in my host file:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
Everything fine there?
Here is a picture of my netstat:
http://img40.imageshack.us/img40/9936/netstat.png
So why is there a connection established to this site?
Even after I open firefox every once in a while there are again a couple of bits send to this site.
So why are bits send to that site all the time? even if its just 1 or 3 bits,sometimes more.