We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Online Armor odd pop up messages-am I infected?


theDarkness

Likes # 0

two pop ups from Online Armor:-

Created 05/02/2012 16:26:01 Summary Firewall: Automatic decision Description C:\Windows\system32\prevhost.exe, Outgoing UDP access allowed to: (tpb.tracker.microsoftarecrazy.net;www.applemad.org) 127.0.0.1:61702 Event type Firewall: Automatic decision(17) Event action Allowed(2)

Created: 05/02/2012 20:01:01 Summary: Firewall: Automatic decision Description: C:\Program Files\Google\Update\GoogleUpdate.exe, Outgoing UDP access allowed to: (superduperkomputer.net;runforthehillz.com;vip.veryimportantmadman.org) 127.0.0.1:58610 Event type: Firewall: Automatic decision(17) Event action: Allowed(2)

I cleared my history at the last moment as I thought I was infected,but the above is just about correct in the way OA listed the info-any ideas? Could I have a virus in which the exe files listed above (prevhost.exe and googleupdate.exe) are connecting to the sites in brackets, or are these sites possibly unrelated, and simply some sort of history for '127.0.0.1:xxxx'? Im not entirely clear on UDP access or OA's questionable information window. I have tried a full scan and the system seems clean, aside from some dubiously named sites, lol. This has never appeared before and I have been using OA for months-any ideas? Thanks

Like this post
markd71

Likes # 0

Download Malwarebytes and run a scan

Like this post
lotvic

Likes # 0

127.0.0.1 is 'Home' - any computer you happen to be sitting in front of right now. It's the Home address of any computer (LocalHost). So if OA Firewall re-routed a URL to point to 127.0.0.1 it didn't go anywhere near the internet.

I'm not familiar with Online Armor so don't know why it has started displaying that info in popups now if it didn't previously.

Like this post
theDarkness

Likes # 0

I have cleared the history of OA and I havent had any more warnings, oddly enough. I have spywareblaster,malwarebytes,defender,uac+avast installed along with online armor, and they all pick up nothing suspicious.

What I dont understand is how the two executables in the OA pop ups (prevhost.exe and googleupdate.exe) are related to the websites or connections shown next to them? I know googleupdate.exe uses the net to update (lol-obviously) so I thought.. perhaps what is in brackets, is just a list of past history/connection attempts that used the exact same '127.0.0.1'+port number? I dont know, im not that technical so Ill need to get around understanding it all eventually-thanks

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Windows 9 launch event live: Windows 9 launch live blog - find out first as the new Windows is...

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here – HDR video, VR and 3D audio is coming

IDG UK Sites

Best iPhone 6, iPhone 6 Plus deals: iPhone 6, iPhone 6 Plus tariffs, contracts and prices UK