In recent weeks, I become aware of a new recurring connection attempting to start an outbound connection, every 4 to 17 seconds, all day long.
I am been unable to figure out if my ISP (Telus) is to blame, or my custom DNS settings.
Both my laptops show this blocked connection.
Do Comodo DNS use the services of “Barefruit Ltd” ?
I did a bit of searching and found information suggesting that Comodo DNS is using Barefruit to show a page when a non existent page is asked.
Understood.
Is there a reason though, why BAREFRUIT (92.242.144.50), bombarding my connection on startup and while my computer is idle (I do not have a browser open), as frequently as every 4 to 17 seconds ?
Is there a setting that Comodo DNS can alter ? Slow it down ?
Do you mean if you can disable the BareFruit advertising? I don’t think Comodo DNS has a control panel to start with.
I am not aware of any Barefruit advertising.
The frequency of Barefruit attempting to create a connection, reminds me of a virus I removed from my company’s computer network.
The aggressive behaviour made me wonder if I something is being copied from my computer to Barefruit’s servers. Barefruit shows up the second, I boot up, no browsers open.
07:00:22; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:00:23; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:00:25; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:00:29; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:00:37; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:00:53; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:03:40; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:03:54; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:04:10; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:07:06; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:07:07; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:07:09; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:07:13; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:07:21; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:07:37; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:10:04; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:10:05; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:10:11; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:10:19; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:10:35; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:12:28; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:12:32; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:12:36; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:12:36; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:12:40; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:12:44; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:12:48; Barefruit Ltd; 92.242.144.50; no port specified; Blocked
07:13:31; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:13:33; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:13:35; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:13:39; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:13:47; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:14:03; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:16:50; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:16:51; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:16:53; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:16:57; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:17:05; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:17:21; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:18:00; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:18:01; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:18:03; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:18:15; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:18:31; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:19:22; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:19:23; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:19:25; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:19:29; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:19:37; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
07:19:53; Barefruit Ltd; 92.242.144.50:3544; UDP; Blocked
May be this is not related to Comodo DNS. As far as I understand the possible hook up with Barefruit it will only show ads on the page you are being redirected to when you asked for a non existing domain.
Scan your computer with Hitman Pro, Malwarebytes Antimalware, Super Antispyware. Adwcleaner and TDSS Killer and see if that helps.
I have been scanning my laptop with the tools mentioned. My systems are clean.
I took my laptop to another work site, out of town. Monitored my firewall for nine hours. Barefruit is still there, aggressively attempting to open ports.
I changed my DNS servers to OpenDNS, rebooted and waited for 6 hours. No more Barefruit. Therefore, Comodo DNS was the reason, for my two laptops are reporting “Barefruit Ltd” being blocked.
I can confirm that Comodo DNS is using Barefruit because each time an invalid URL message page is displayed by Comodo DNS it connects to unallocated.barefruit.co.uk address. This should change because Barefruit aim is to “display ads” and its not trustworthy. It should not be used by a DNS Server which focus on security. There are privacy risks associated with Barefruit.
Please Comodo, change that. Do not associate your name with untrustworthy things like Barefruit.
Apologies for high jacking this thread but is this anything to be worried about? (both Dragon and Explorer connections). I’m not seeing the Barefruit IP myself.
[attachment deleted by admin]
The Explorer.exe connection is probably related to Microsoft Diagnostics Tracking Service. You can disable this service automatic startup in Windows Services list and this connection should be gone.
The Dragon.exe connections seem to be Google servers, so basically nothing to worry about. Run a HitmanPro scan just to be sure.