Jump to content


Immunet Insiders
  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Bambo

  • Rank

Profile Information

  • Gender
    Not Telling
  1. The reason you don't see warning in Windows is probably because firewall did not register correctly. Another old bug with firewalls. You have to reset those values Windows believe are real I think. Been through that while testing Outpost long time ago. Google "firewall, Comodo not recognized security center" or similar. Called "action center" in W7 I guess. Add "+reset" perhaps. They get better, bugs get fixed but 3rd party firewalls are still mighty troublemakers when something is wrong. Disable = in Windows Firewall setings or also turning off service? And is choice the same on all Windows versions? Matter of having useful documentation from vendor or not
  2. One of the problems with Windows 7 is there still are no GUI for outbound control. A feature available since Vista was born. That is what those not digging in to details of advanced firewalls can see as a potential "problem"/risk - so we can conclude it blows! And so they install Comodo, Outpost, Online Armor etc. or even buy a security suite since they claim firewall prevent theft of whatever. That view of Windows firewall is not dead yet, ask most not associated with MS security "experts". Used to be worse though. Windows 7 has changed opinions but "Firewall" is also a buzzword known by many people so is used in marketing. Windows 7/Vista/(XP) firewall control to the rescue http://www.sphinx-soft.com/Vista/order.html Free version does not do anything but application control. Everyone can understand and what firewalls like in suites typically are used for, by majority at least. More or less just a nice GUI on top of Windows firewall, what Microsoft don't want to confuse people with. I can think of some valid reasons to use "better" firewall but they shall remain unmoderated. Seems to me there are 2 groups who actually use and understand software firewalls, the paranoid or network/security hobbyists and then those on the other side of the fence. Majority in between just use what is installed or rely on maximum ease of use from Norton and friends.
  3. Well you must remember that "layered" idea is not the same as stuffing computer with protection. If X and Y exclude each other or collide something is wrong. If that is the case or not depends on particular setup, not old or variations of old ideas. Default is Windows Firewall regardless of 3rd party name - so 3rd party should provide relevant info. If not all is automated through installation and you are not supposed to tinker on your own, (if it works correctly that is). Basically, do as they tell you. Problem or concern solved. I forgot the links but you can search Avast forum for "disable Windows Firewall" look for Avast employees PK and VLK. From what I remember they see no reason to turn it off, was advised by Microsoft not to, extensive testing has shown blah blah. The link I gave to MS article is also mentioned. That was Avast. Of little use to Comodo users so check them. Do Avast only leave Windows Firewall alone because their own does not support ipv6? Don´t know but what they want users to do is clear enough. Clear? Check security center in Vista or 7, don´t know about XP. "Note: Two or more firewalls running at the same time can cause conflicts with each other" Keyword is "can" if you happen to come from Avast forum. Fixed message everyone will see so forget about clear There is more. If you check latest beta of MSE 2 you will see a window saying. "In order to optimize your computer´s protection, you should turn on Windows Firewall. If you use another firewall solution, clear this option" Then a tickbox with "Turn on Windows Firewall (recommended). Oh really, back to Avast then, heh. Another fixed message I think everyone will see.
  4. Leaving it alone only goes for Windows 7 and Windows Server 2008 RS - and 3rd party firewall should be programmed to this as well. You can hope for clear information from that maker. Old advise will take years to change so might as well post something about it. For a long time to come it will be correct for some to turn it off on every Windows version, if not installation of 3rd party firewall did it already, and correct for others to leave it alone if on Windows 7/Server 2008 (why 3rd party firewall did not disable if we can assume installer is good). There probably are more exceptions, here is one from Comodo http://forums.comodo.com/install-setup-configuration-help-cis/comodo-did-not-disable-windows-xp-firewall-t36599.0.html;msg260430#msg260430 Just a matter of getting the right information and good luck with that
  5. Oh damn I did not even see you used Moo0 - also nifty and even easier. But I thought it would be clear when things have finally settled down and you looked at this monitor. You can add columns as well. Like "Duration", right click column line, see under Event Details. Something must stand out, too logical perhaps. I dont use Outlook so am guessing.
  6. May be you could use Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx and easily see what is holding up start. Norman Antivirus has a description of it here http://www.norman.com/support/support_issue_archive/67824/en Attached pic show how you find PID numbers in task manager for the 2 Immunet processes. Filter anything but those 2 out. I also included some registry action. May be not a good idea if Immunet is polling registry 11111111 times. Just let it run as is with those 2 Immunet PIDs. Then evaluate result if you have not already gotten a hint. Very easy to use. To see PID in task manager, click "Select Columns..." under View menu. Tick off PID (Process Identifier) and there it is. You can also just use name of files/processes in Process Monitor. You know it is agent.exe and iptray.exe here. PID is easier perhaps.
  7. Bambo


    Nice. I had another one, PhotoFilmStrip http://www.photofilmstrip.org/1-1-Home.html 2 Files unins000.exe PhotoFilmStrip-cli.exe Virustotal is clean for unins000.exe - pratically clean for the other http://www.virustotal.com/file-scan/report.html?id=63669e46e63bbe5ab186e87690c251a066c8154ffd5246ea5783280bf4ef6b2c-1291158804 But now I scan again they are both clean so something must have fixed those as well. Dont even remember what caught them, does not say in history.
  8. Bambo


    Thanks, I take full virtual responsibilty If it matters then I am also running PrevX 3.0 and Mamutu right now. All clear.
  9. Bambo


    Yes, doing 1st full scan after a reinstall. Not done yet because problems with Nirsoft tools overwhelmed me
  10. Bambo


    Well that was popsel but I am 99.9999% sure that dude will never do something wrong. Not even ads on site. I think it has to do with his programming language, some PureBasic stuff. There is a rundemo.exe in the popsel one, that is what trigger alarms http://www.virustotal.com/file-scan/report.html?id=5b5bcfa87294d256da37ff8f954ba63474aa68f8059a80fed45fe1f78c8f9c68-1291152077 Popsel.exe itself is clean - except for Rising and Cat http://www.virustotal.com/file-scan/report.html?id=c6240abe05abae9ec3c1d96f5c4ba1a8516db0854f09ade7ab340729c5e3e685-1291152165. I assume macro something features look suspicious. Also a very old site and all that. Good old tools. But we will see. I consider it total theory there is anything wrong for real.
  11. Using Immunet Plus. 2 files from ScreenSteps are seen as W32.Invictus http://www.bluemangolearning.com/screensteps/ unins000.exe altNTLM.dll Virustotal is clean for both http://www.virustotal.com/file-scan/report.html?id=3dc4c6bcb041231b37c833f0d3abf0ea0bae4c8750ee2535503c5e99d902d0bf-1291148848 http://www.virustotal.com/file-scan/report.html?id=44b5909fd6186bbbf2e2af28fe823e7e4a916808216fbe3a20e4c08f6e3674be-1291148873
  12. Bambo


    Using Immunet Plus. Synergy files are detected as W32.Invictus http://synergy-foss.org/pm/projects/synergy/tabs/download I am using 1.41 beta for Windows. synrgyhk.dll synergyc.exe synergys.exe launcher.exe qsynergy.exe A well know tool for Linux, Windows - FOSS and what not. Web site is fairly new but they just moved from old project site, is also on Google Code.
  13. Bambo


    Using Immunet Plus. Qsel is victim of W32.Invictus http://home.mnet-online.de/horst.muc/wpop.htm#qsel Virustotal is almost clean http://www.virustotal.com/file-scan/report.html?id=8c5cb4dad0ee34b09e23be0a1af8d447e3f9e0d15c6dcbdef6930ee55a4525be-1291147570 Guess no one has reported false positives to Rising and CAT.
  14. Using Immunet Plus. http://fishcodelib.com/Capture.htm'>http://fishcodelib.com/Capture.htm is detected as W32.SPERO.Allaple.08 Virustotal is clean. Program and author has been around for 8 years or so. Actually it seems all his programs are detected as W32.SPERO.Allaple.08, http://fishcodelib.com I tried 4 of them. A .net problem I guess.
  15. Using Immunet Plus. Old thread but W32.Invictus sure don´t like poor Nirsoft and many of his programs. The ones which extract passwords and such are handled already (as is typical for AVs - why Nirsoft hates them, see his blog) but all these must be FP of some sort. winlister.exe whoistd.exe UserAssistView.exe URLStringGrabber.exe TagsRep.exe shexview.exe SearchMyFiles.exe SearchFilterView.exe OutlookStatView.exe OutlookAttachView.exe NTFSLinksView.exe NK2Edit.exe Nircmd.exe Nircmdc.exe MyLastSearch.exe mpk.exe mweather.exe MozillaHistoryView.exe MIMEView.exe MonitorInfoView.exe MACAddressView.exe jsae.exe jrview.exe InsideClipboard.exe IECompo.exe idenswitch.exe grankcmd.exe HashMyFiles.exe faview.exe folrep.exe GDIView.exe DriverView.exe empv.exe DotNetResourcesExtract.exe DumpEDID.exe DeviceIOView.exe BlueToothCL.exe acm.exe AddrView.exe May be you could test one of them, like MetaWeather http://nirsoft.net/utils/mweather.html Fix one, fix them all perhaps. He also make 64 bit versions and here evil Invictus does not complain about: shexview.exe nircmd.exe nircmdc.exe GDIView.exe DriverView.exe So ok in 64bit but not 32. Strangely enough 64bit version of netpass.exe is W32.Trojan.daa9 while 32bit is clean! Download all his stuff via NirLauncher http://launcher.nirsoft.net/download.html which has both 32 and 64 bit versions or WSCC http://www.kls-soft.com/wscc/index.php which only has 32 bit.
  • Create New...