Redirecting and stuff

Status
Not open for further replies.
Stuff about "Stuff"

"Best way I can think of, people who have accounts with Nortons is to keep reporting it."
-Oh, I'm "all over" that advice. After 3+ hours of remote... Lets just say they are keeping in touch and listening. I'll keep you updated on how that goes.

The two links you posted previously on proxy settings wouldn't load from the link in the post, I'll play around with them and see what I can do about finding the site pages. As for the noscript... that is one awesome program, can't thank you enough for that. I'm just learning the basics of it and already I love what it does!

If I can ask just one more question, I would like to know what you make of the screen shots I have attached with this reply, I believe they are associated with the winphone I dumped from my system. They aren't mine and I wouldn't use that number of characters in a password even if I did create them. I wasn't able to change the password, although I would love to have been able to... I settled for removing them and I'll keep an eye on that in the future.
No hurries, no worries on a quick response, enjoy the weekend.

About that "POP" in the screen shots, did I see somewhere in the scans a POP detection? I'll go over the logs I have available and will let you know what I find.
 

Attachments

  • 5-25 credentials manage account issue - Copy redacted.jpg
    5-25 credentials manage account issue - Copy redacted.jpg
    54.2 KB · Views: 1
  • 5-25 SSO POP user equals sgwhotmail - Copy redacted.jpg
    5-25 SSO POP user equals sgwhotmail - Copy redacted.jpg
    56.6 KB · Views: 1
  • 5-25 virtualapp didlogical - Copy redacted.jpg
    5-25 virtualapp didlogical - Copy redacted.jpg
    56.5 KB · Views: 1
I have to login in daily since I work on multiple forums...but, a couple of months ago I was retired from teaching malware removal at a different site so that did kinda give me comfort. (Not old enough to retire in real life dang it)

Let me answer a couple of questions here.


SSO POP user/s
Point of presence (POP) is the point at which two or more different networks or communication devices build a connection with each other. POP mainly refers to an access point, location or facility that connects to and helps other devices establish a connection with the Internet.


In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. .

Device single sign-on (SSO) Single sign-on (SSO) enables users to access multiple resources (that is, applications and adapter procedures) by authenticating only once.

The two links you posted previously on proxy settings wouldn't load from the link in the post,
Click to expand...
By chance was NoScript enabled?
 
POPS and stuff

(Not old enough to retire in real life dang it) - It ain't all it's cracked up to be in the brochures, I recommend a significant lottery win or other substantial windfall first.
The noscript is awesome, just what I needed, thanks so much. still getting the hang of it but I love it already.
About the POP info, who creates these and why would It be Password protected from me?
I'm trying to understand just what their function was in my case, just curious.
:cool:
 
1oldman said:
(Not old enough to retire in real life dang it) - It ain't all it's cracked up to be in the brochures, I recommend a significant lottery win or other substantial windfall first.
The noscript is awesome, just what I needed, thanks so much. still getting the hang of it but I love it already.
About the POP info, who creates these and why would It be Password protected from me?
I'm trying to understand just what their function was in my case, just curious.
:cool:
Click to expand...
lottery win......LOL!

NoScript is a must have and after you've worked with it a short while it's like something you don't want to be without.

Let me show you a couple of links defining POP info

When you use Office 365 applications such as Outlook 2016, Skype for Business, Word, Excel and others Single Sign On (SSO)
The sso pop user and device are part of the Credentials Manager components of the Single Sign-On portion of Microsoft accounts which are used on current versions of Windows.


https://answers.microsoft.com/en-us...s-ssopop/aceb7c7b-7444-46b0-88f8-c306641f1573

https://www.bleepingcomputer.com/forums/t/665247/how-to-identify-sso-pop-device/
https://www.reddit.com/r/Windows10/comments/3unf28/why_is_sso_pop_device_listed_under_windows/
 
noscript, should be standard equipment on any browser.

Thanks for keeping the thread open while I continue my education. I'm loving the noscript, learning fast and I'll never surf without it again. The links to POP and related stuff were much appreciated, a great way to share info, that cleared up one mystery, one less thing to worry about. I've been working on securing things on this computer, making some progress but I ran into an issue that I didn't see coming. Yesterday the wireshark was having some display problems, I think OK, no problem and do an un-re-install of the program (life should be so easy). Anyway, I notice a usbcap option, that was new to the updated version I had... Long story short, as soon as I rebooted and logged in I discovered that my wireless mouse had decided to quit working, same for my corded razor super deluxe gaming mouse, although the power to the cooling pad still worked through a usb port that was otherwise useless. I played around with settings, drivers etc. ran Mbam, came up clean. To me, in the moment, it seemed like I had messed up something on the reinstall and just needed to sort it out. I'm thinking, just do a system restore and save a little time since I'm not making any ground, (being digitally challenged can be challenging as that's where I found that I had no restore points saved). At one point, while giving my wife a hand, I decide to run Nortons rootscan (PE) I'll attach a shot of the detections, copying the log is eluding my skill set at the moment, but the detections were interesting. Although the dates on the files were 5-26 I'm thinking either that was misnamed on purpose or I had a virus just waiting for a trigger. Of course that would be a "Lottery winning longshot" considering the point at which my usb problem surfaced. I always try to not confuse correlational with causation but as soon as I fixed those two detections and rebooted, you guessed it, the mouses and usb situation returned to nominal, (nominal, I love that word). Afterwards, I also ran the Mbar out of curiosity, but that one came up clean.
I'm still seeing connections in the wireshark that I don't prefer to see, I'll attach a shot of a couple packets as an example, just in case you have any thoughts on what I'm looking at. I hate seeing redirector mentioned but I realize that could be legit.
I'm working on learning how to use the shark and VT, hoping to get some pointers from those communities as I go as there is a lot of information to filter out to find what your looking for. I'll follow up after I run a full system scan and hear back from Norton.
:bigthumb: The noscript caught my wifes facebook trying to run script on our banking page as soon as it loaded, that seemed beyond intrusive and it was a pleasure to block it.:)
 

Attachments

  • WS 5-29 packets.PNG
    WS 5-29 packets.PNG
    101.8 KB · Views: 1
  • 5-29 PE detections.PNG
    5-29 PE detections.PNG
    20.9 KB · Views: 1
What your seeing through the wireshark tool I can't help with. Myself I've never used it but one thing I noticed
I notice a usbcap option, that was new to the updated version I had... Long story short, as soon as I rebooted and logged in I discovered that my wireless mouse had decided to quit working, same for my corded razor super deluxe gaming mouse, although the power to the cooling pad still worked through a usb port that was otherwise useless.
Click to expand...
Anyway to go into tool settings to allow access for the USB's that were blocked?
I'm not sure exactly how to proceed here other then posting questions at the wireshark help forums?
https://ask.wireshark.org/questions/
I feel sure you would have to register as a user to use or ask questions at this forum or read over the pages of questions already asked.

Now for what Nortons captured, if you google the exe's that were found, they are also legit.
Couple of things here
Could be a false detection, join/register at their web site to ask why those legit Microsoft processes were considered viruses.
https://community.norton.com/
 
will do

Thanks for the updated info, I couldn't find any way to manually get the usb system working, they just returned to normal after the PE fix. I do have an account with wireshark community, just need to figure out phrasing my questions so as not to sound confusing, one of the hazards of learning new games. As for Norton community, I'll give that another shot but I haven't had a lot of luck, your reply gives me a particular angle to try. wish me luck. Again, your help is priceless, thanks so much. :cool:
 
Let's remove tools and quarantine folders.

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete    ).
***************

Your good to go, safe surfing.
 
Glad we could help.
SakDYGv.gif

Since this issue appears resolved ... this Topic is closed.
 
Status
Not open for further replies.
Back
Top