It actually sending data out before the visible window is created, as a matter of fact - that’s what I mean.
And that can be considered as a sign of a malicious behaviour.
That is going a bit !ot! and in addition here is almost 3AM 
So c ya 2 morrow & I hope that the situation with keylogger/Zemana will be sorted out
Cheers!
I am blocking loopback networking for firefox. It always try to connect to localhost before a window opens
here is almost 3AMare you from Far East? or Australia (Oceania) or New Zeland?
I’m not sure what this is all about, Siber has given me some information, which I’ll investigate tomorrow. Personally, I believe this is a false positive. I’ve been using firefox since there was a firefox and firebird before that. It doesn’t send any data out, at all upon start-up, in fact it doesn’t even try and connect unless I request a url.
The only thing I can think of is firefox live bookmarks, which will automatically connect to their respective RSS feeds upon start-up. These I don’t use.
Another possibility, an infected system, or as already mentioned, an additional toolbar, such as google or some other nasty item, maybe even a rogue addon.
Do the test. download wireshark, run it, launch firefox and see what happens…
Scary_bearFor this
Zemana dont use database so this activity is precisely suspicious (and № 23, by the way)You need to go to the zemana forum and inquire about this
I’d recommend making a copy of that file in question, upload it to (rapidshare.com or some site like that) and have the link available for THEM. That way they can examine the file from their end and look up “№ 23” and compare it.
It doesn't send any data out, at all upon start-up, in fact it doesn't even try and connect unless I request a url.Then I must reach total anonymity by means ofusing anonymous http proxy. But I cant.
Do the test. download wireshark, run it, launch firefox and see what happens...Can I use SmartSniff?
just from reading a couple of your posts, you may like this
http://www.torproject.org/
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
also based on your posts, you seems to follow a certain carefull security protocol on how you do things, (basicly, being carefull)
why did you download a portable version of firefox at http://portableappz.blogspot.com/
and not from Mozilla Firefox, Portable (browser) | PortableApps.com and then put in the plug-ins you want???
Ami I missing something here???
Look below
Then I must reach total anonymity by means ofusing anonymous http proxy. But I cant.Go go through this much trouble to do that (see quote above), but you don't download "portable firefox from a more reputable place. Somethings not right here
Also
Isn’t it more common knowledge, that when a security software flags something as suspicious, you would go to that site to THEM checked out.
http://www.torproject.org/I know this net. But I cant understand how it works. According, for example, Auditmypc.com anonymity depends on many things such as javascripts or plugins for example and
Not all proxy servers do as they claim and in fact, there are a ton of junk proxy servers out there that give people a false sense of security or worse, record everything you do in hopes to score a password or two!
Firefox isn’t a keylogger or a backdoor…
That’s assuming you get the download from Mozilla. I’m unsure of the portable version. Is this an official Mozilla product? If not, then I would suggest not using it.
Not all proxy servers do as they claim and in fact, there are a ton of junk proxy serversI agree, but tor is not one of them
Auditmypc.com anonymity depends on many things such as javascripts or plugins for example andYou amaze me, You go through that much trouble to learn stuff like that(above, and my last post too) ,but you download and use a portable firefox version from portableappZ
HeffeD
That's assuming you get the download from Mozilla. I'm unsure of the portable version. Is this an official Mozilla product?There is no official version of "portable firefox"
Mozilla Firefox, Portable (browser) | PortableApps.com <—(consider this as the unofficial version)
Scary_bear
Unless there is something your not telling us. As far as I'm concerned, you need to talk to zemana about this
The reason firefox is flagged as a backdoor by mamutu is simply because it uses a fairly unique method of interprocess communication (NSPR semaphores) which are uncommon on the Windows platform. This has been shown to be a false positive on the EMSI forums.
http://forum.emsisoft.com/Default.aspx?g=posts&t=5525
Can I use SmartSniff?
You could try, but smartsniff is a very basic tool, Wireshark would be more useful, but I really don’t think it will tell you anything we haven’t already discussed, here and it your other thread.
Just out of interest, are you running firefox from a flash drive, is this why you need portable version?
Good morning all
Yes , you are right, Quill.
and Fabian’s comment was
… the detection is normal…
When we are talking about FPs we usually thinking negatively about that, which is true and that could be dangerous thing
at the same time, that is not always the case. Say flagging something as a Riskware may be considered FP, but in most cases that is not and you have to whitelist because you are going to use the flagged for the legitimate purposes.
=======
“Replying to other replies”
The guarantied site for download; testing the “pure” portable, submitting to the vendor, etc. was discussed already.
Let’s hope Scar_Bear will do that … Most likely he is sleeping now
We do that “in shifts” ;D and yes. Scary_bear - I am in Australia
the “FP” by Zemana is kinda understandable as it was pointed above as well, but not completely, though. “Windowless yet on startup and sending something out”… but there shouldn’t be input intercepting yet at that moment, I presume(?)
Cheers!
Just out of interest, are you running firefox from a flash drive, is this why you need portable version?Im too lazy to backup firefox profile by means of Moz backup tool
1st - you did not answer Quill’s question
Then, you can run it from flash or you can install it on a hard drive as portable… doesn’t really matter - it will not touch your system (no changes to the system /registry, etc.)
The point was - have you tried to download & install from the “legit site” and test without any add- ons & stuff?
The profile backup has nothing to do with the matter - moreover you should not bother about it in order to find out about keylogger flagging by Zemana which is again and again should be an FP!
Have you submitted the report to Zemana developers?
My regards
again and again should be an FP!I suppose you are right. But there are some strange things... Zemana alerts me (keylogger, type 23) when I starts not only firefox, but Opera 10 and IE8. All of them are keyloggers, type 23. The levels of [b]risk[/b] are different for firefox/opera and IE8. For IE8 it is much lower. :) [i]It couldnt smoke without fire[/i]. I must ask Zemana
It seems like making some sense
I must ask Zemana
Indeed. When you find out what type 23 is, perhaps you would let us know, as it seems very odd that all your browsers exhibit the same activity.
perhaps you would let us know[i]If I will receive the answear[/i] (it is not securely to receive aswers by e-mail) then I tell you
And you still think Zemana is cool? 88) Sounds like it’s pretty heavy on the false positives to me…
???
If you’re worried about receiving email due to insecurity, perhaps the internet isn’t for you.
If you're worried about receiving email due to insecurity, perhaps the internet isn't for you.If the e-mail server is located in Russian Federation there are can be some special problems
I did nor receive the answear from Zemana
By the way - http://www.comodo.com/home/internet-security/secure-email.php
Why Use SecureEmail Email Security Software?;DUnencrypted, plain-text emails can easily be intercepted, read, and edited. In fact, sending an unencrypted email is a bit like sending a postcard written in pencil: whoever intercepts it can read it with ease. Until now, the process of encrypting email messages was lengthy, difficult, and cumbersome, even to the most tech-savvy PC user. Of course, security systems that, however necessary, are a chore to use will never be adopted on a large scale. That’s why we created SecureEmail: it’s total secure email without the hassle. Unlike conventional email security software, we make it easy.
I just look at another links on the homepage… 88)
What?! :o
What difference does it make where the server is located?
The encrypted emails make sense only if the same encryption method is used by the addressee site.
In this respect what you quoted is just an advertising that is not different to any similar offered solutions (commercial or free)
… and I tell you what (a secret) that is anyway possible to know any single word you posted ever
Should that be the reason for stopping using Internet and existing methods of communication?
Please do not be over-paranoid about the security
There were few servers shut down in US recently.
Those were responsible for delivering fake security, ransom-ware and so on, where for a long time nobody had any doubts that they were located in Russia…
Communicate / send e-mails / find info and the truth / learn / you have nothing to hide
/ all is fine and normal / enjoy!
Cheers!
Should that be the reason for stopping using Internet and existing methods of communication?Tor could help us. Join it!
What difference does it make where the server is located?Russia has rogue (or maybe hijacked) law machinery. It is not a secret. It is a big rootkit. :)