Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about 007guard


  • Please log in to reply
5 replies to this topic

#1 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:02:50 AM

Posted 14 February 2010 - 11:01 PM

Hi all!

I recently ran netstat in the command prompt.

I see some entries that I want an opinion on.

Before I begin, I want to mention I use malwarebytes and spybot search & destroy regulary and Microsofts Security Essentuals.

I have my hosts file controled by SB & D's host file to block suspisious/bad web sites. (which is found in Advance mode under TOOLS)

The host file lists 007guard.com and www.007guard.com and of course it lists the destination address as 127.0.0.1 (which I know is my own computer's IP address)

Ok in my netstat command window, I see two entries, which are listed below.

{Protocol} { Local Address} {Foreign Address} {state}
---------------------------------------------------------------------------
TCP ... 127.0.0.1:31416 ... 007guard:49157 ... ESTABLISHED
TCP ... 127.0.0.1:49157 ... 007guard:31416 ... ESTABLISHED


OK as long as those columns hold together, I want to ask if those look like some type of malicious activity/ backdoors or if that is from Spybot search & destroy's "block" HOST list file.

I have also noticed that the numbers 31416 and 49157 are shared in both addresses local and foreign on either line.

There is no www. or .com in the netstat logs under Foreign Address for those two entries.They show just as I listed above, I used 3 periods as place holders and seperators.

I have read that 007guard is a malicious connection.

Any advise out there on this?

As always, thank you in advance!

Edited by MrBruce1959, 15 February 2010 - 01:00 AM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

BC AdBot (Login to Remove)

 


#2 MrBruce1959

MrBruce1959

    My cat Oreo

  • Topic Starter

  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:02:50 AM

Posted 15 February 2010 - 12:55 AM

By the way here is a short example of my hosts file from C:\Windows\system32\Drivers\ect


# Copyright 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com



Although I am not having any real problems, sometimes it takes a while for my on-board Broadcom Gigabit LAN adaptor to connect to my Netgear router via a cat5 network cable. Sometimes it times out before attempting again, which it usually does. However the Windows 7 trouble shooters say there's no problem with the device.

Just looking for some feed back.

Edited by MrBruce1959, 15 February 2010 - 12:56 AM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:50 AM

Posted 15 February 2010 - 12:40 PM

I believe that 007guard to be part of Spybot take a lok at this.. http://overclockedtech.com/?tag=007guardcom

EDIT... Not treatimer but Host's my article and Quietman's whom I asked for assistance with this shou;d help.

Edited by boopme, 15 February 2010 - 04:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 15 February 2010 - 04:21 PM

See this HOSTS file Protection and 007guard.com discussion thread with explanation by Spybot Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 MrBruce1959

MrBruce1959

    My cat Oreo

  • Topic Starter

  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:02:50 AM

Posted 15 February 2010 - 11:29 PM

OMG! :flowers:

Yeah you're both right, I remember my Hosts file only having a few lines in it and 127.0.0.1 Localhost was the first entry, Now I see its omitted entirely.

I totally over looked that when I was looking at the list of entries in my hosts file.

To be truthful with you the only other entries I seen in netstat command window was BIONIC which is associated with SETI @ Home, So that means my allowed connections are secure :trumpet:

I did forget to mention I use windows built in firewall.

OK I am going to edit my hosts file to include localhost :thumbsup:

Thanks boopme and quietman7 for your input and advice!

Edited by MrBruce1959, 15 February 2010 - 11:32 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 16 February 2010 - 07:30 AM

You're welcome on behalf of the Bleeping Computer community. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users