Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nod32 keeps blocking IP addresses


  • Please log in to reply
11 replies to this topic

#1 Curiousp

Curiousp

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 13 April 2011 - 12:15 AM

Ever since I have downloaded Firefox 4, when searching on google, nod32 has blocked a lot of websites that supposedly use browser hijacking etc. It keeps popping up with Nod32 blocked this IP address. It has happened about 5 times, but didn't seem to happen on Internet Explorer.

What is going on as I have scanned with Malwarebytes, and there have been no infections and ESET does not detect anything, so I don't think it's malware. Why is this occurring?

Thanks

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:44 AM

Posted 13 April 2011 - 12:22 AM

What are some of the IP's?

#3 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 13 April 2011 - 12:38 AM

What are some of the IP's?


I didn't take any screenshots, but it seems to happen a lot when typing in something to do with antivirus in google. I was searching for drweb cure and I didn't click on any sites and the alert came up, and then I searched Bitdefender and it seemed to block something on google, without going into a site, and one time it happened when I typed spyware into google images. It then blocked an ip address. I am quite confused as to why it keeps blocking different websites and ips. I will try to take a screenshot next time it happens though.

#4 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 13 April 2011 - 06:31 PM

When you are searching with Google it does not filter search results. Links most\any search engine provide are a click-on\visit at your own risk proposition. The sites themselves may be malicious or at the least contain malicious software.

I think what you are seeing is a combination of FF`s prefetch and Nod32 detecting some of the links FF is prefetching from your Google search.

How to disable it is included in the above article if you wish to check my theroy.

#5 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 16 April 2011 - 02:55 AM

Thanks ThunderZ for your input, and the prefetch theory may be right, I will look into it for more details. I seem to be receiving these alerts without actually pressing on the site itself. It comes up when general searches are made, but without clicking on any site. So is it actually possible for Nod32 to block information from some sites without actually clicking on them, as Nod says that it is blocking some ip address that attempts to activate browser hijacking and other activity. Sometimes no info is provided as to why the ip addresses are actually blocked, they just are..

Could there be any reason for this?

Thanks :)

#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 17 April 2011 - 07:54 AM

Not only does Nod32 use Heuristics as part of their defense, I believe it also use`s a Black list. Known malicious\attack websites, domains. I`m guessing this is why you are seeing blocks without reasons being listed.

#7 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 17 April 2011 - 08:11 AM

Is it weird that I am not actually going into these "malicious domains" or is it normal for an Antivirus to block information without actually clicking on the link?

Thanks

#8 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 17 April 2011 - 08:19 AM

This is where I believe Firefox`s prefetch is part of the situation.

It is looking ahead to links off of the page you are currently viewing. Meaning it is initiating contact with those sites in an effort to speed up their loading should you decide to view one of them.
It is these pre-made connections, without your consent, that I think Nod is detecting.
One of the reasons I disabled the prefetch function in FF.

#9 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 17 April 2011 - 07:23 PM

Yes, I think you're right. It is strange though, as I asked on another forum and a person said they tried searching on Google Images for spyware and the same things I searched for in Firefox 4 and nothing came up for him. It might have been a result of not having Windows Updates up to date at that time or maybe he has prefetch disabled. I will try disabling Prefetch for a while and see what happens.

He also said this:

I had to check in about:config to remember how I have it set. I have network.prefetch-next false and also weboftrust.prefetch is false. Perhaps that is why I don't see the problem you saw. If disabling prefetch helps, then do it. It doesn't seem to hurt Firefox that much. Other than that, I see you are using an earlier version of NOD32 than I, but maybe that doesn't make much difference.

OK, I just changed the setting for network.prefetch-next to "true" and I still don't get any warning from NOD32 when searching for "bitdefender" in a normal Google search. I did the same Google images search for "spyware" and not a peep from NOD32. Maybe an update to the newer version of NOD is in order. Maybe there is something else going on with your system.
Reply With Quote

Edited by Curiousp, 17 April 2011 - 08:25 PM.


#10 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 18 April 2011 - 01:17 AM

One other thing comes to mind that may alter results between the two of you, and others. Location Aware Browsing

But that is a real shot in the dark.

#11 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 18 April 2011 - 02:44 AM

Ah well, this doesn't pose a significant problem, and it doesn't seem to be occurring now since prefetch was disabled and updating windows. I also turned autorun off to stop getting annoying autorun.inf viruses. I think it's all clear now, and I'll just continue to scan with on demand scanners.

Thank you so much for your help and your time and energy!

:cool:

#12 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 18 April 2011 - 05:46 AM

Glad it seem`s to be straightened out.

That`s what BC is here for. Your very :welcome:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users