On the main window of Comodo Internet Security Pro 2013, when I press ‘Enter’ key pointing ‘Get Help\Online Help’, it connects to Comodo Internet Security, Antivirus protection, Firewall Software |Security v6.3 to display a blank URL page. In background, queries for 'no-dns-yet.ccanet.co.uk (this one is an odd) and/or ‘help.comodo.com’ start. The DNS resolution for them is 199.66.205.230. The routing is 192.168.100.100 — DNS query → my local DNS address 192.168.100.254 —> a DNS name server 8.8.8.8 (a Google public server).
I found a cause of a blank screen is that the OS (Windows 7 Pro 64 bit) sends maliciously a bad IP packet which is Not set ‘acknowledgment (ACK)’ but ‘Reset (RST)’ flag is set. Besides, it forms with ‘Window Size’ is zero (no contents) in most cases.
As a workaround, when I manually connect to http://help.comodo.com/, contents are displayed nothing wrong. Then, selecting the Product\Comodo Iinternet Security\See Help menu… press enter key that links up to Comodo Internet Security Help Guide which I can see;
Help Guide Version Language
v. 6.0 English — However, pressing Enter key, also links up to a blank screen.
Does this issue occur on your PC, somebody? I am just investigating whether this relates with other critical problems caused by the evil hacker/s.
I can reproduce the blank browser screen using the method described, which looks like a bug with the UI. However, if the help option is selected with the mouse it works correctly. As far as the no-dns-yet.ccanet.co.uk, this is because help.comodo.com (199.66.205.230) has no PTR record. That’s a problem Comodo needs to fix.
I found a cause of a blank screen is that the OS (Windows 7 Pro 64 bit) sends maliciously a bad IP packet which is Not set 'acknowledgment (ACK)' but 'Reset (RST)' flag is set. Besides, it forms with 'Window Size' is zero (no contents) in most cases.
Without seeing the rest of the capture, it’s difficult to say whether the RST (reset) is malicious or not. There are many legitimate reason for receiving/sending these flags.
Snip…
Does this issue occur on your PC, somebody?
As noted above.
I am just investigating whether this relates with other critical problems caused by the evil hacker/s.
I don’t believe anything you’ve reported here sounds ‘suspicious’
Thank you for your help for the reproduce verification.
I cannot find the help option button(?) on any panes of my CIS Pro 2013 (v 6.0.260739.2674). Where is it? This original question is based on my experience that ‘Show Browers Pane’ of Widget is displayed as a blank, which also two GeekBuddy have confirmed it over a remote access sessions.
I don’t believe anything you’ve reported here sounds ‘suspicious’
To make things clear on my past posts, a basis of my post is merely to verify whether my issues has either a bug nor the specification not supporting the double byte Japanese platform. If all of you would not welcome me here, I will certainly never come back.
Viewing your pointing out implying as if I am a dishonor to the CIS forums, I described the root-kit issue but did not want to comment any further since the issue is a criminal matter as much as meaningful in a global point of view in which I have consulted with a FBI agent who stations/ed in the U.S. Embassy to Japan for an appropriate procedure/s.
I appreciate it very much if you would advise me of any practical skills that I can cope with an invisible root-kit (five of GeekBuddy could not find as well) residing in my PC systems which has privileges beyond Admin (myself) right. Especially, I am interested in knowing any effective know-how to stop before it starts any modification activities to Registry entries, Explorer layers and Users account profiles. Those modification are stealthily executed while I am as an Admin user working on my PCs I built up by a DIY-- needless to say, the root-kit bypasses or disables all protection features form of any third-party security applications.
The root-kit quite often do something in background for the next instructions by consuming several seconds or more shortly before a shutdown system process starts.
What would you do (you do not need to reply below;
if Windows Update server (before Akamai Technologies CDN business engaged in for Microsoft) sends a ‘Reset’ packet to your genuine approved Windows PC without any apparent advanced notification or warning while Windows Updates downloading is in the middle of progress and if the company ignore your complains over the telephone-- with no server technical problems reported at that time. Then the captured and the related logs were all erased from your PC, also to the fact that Microsoft used to redirect the rest of the downloading session to his other country’s server that were not yet opened to the public download at that time.
when Akamai Technologies CDN server for Microsooft Windows Update keep throwing different sizes of Updater recursively into my PCs which is 10 to 15% from ones (e.g. 60 items [user configuration dependency] at the first update attempt) that Microsoft provides standalone updates available to the public download (I had forwarded an evidence to Kaspersky analysis center, and received an appreciation letter describing as an invaluable information). This results in a machine start failure on the next PC start due to a modification and/or erase of Master Boot Record and/or Boot files (e.g. boot mgr), and other harassment such as modifying personalized setting to the opposite way.
the hacker can break BIOS Admin 8 digit password in two weeks attempts or so to tamper the configurations. Are you comfortable yourself to change password every week if it happens to you?
he/they used to intrude into my domestic telephone system bypassing an Internet fiber-optic line to tamper the built-in memory system and tapping or cutting off a live line conversation, a retail GPS unit data (latitude, longitude and more) used to be tampered via a GPS satellite, and intercepted e-mail contents in and out by using a filtering system placed in some number of bot hosts located a distance of 0 hop from my ISP, in order to forward them to hacker’s bot or a server after encrypted its header information with the destination IP addresses coverup. One day, I discovered a bot host temporarily created by this hacker shortly before port scanning to my PCs was unguard on his login ID which used my real name-- presumably they have multiple targets to know which is which and to whom they want to use for attack preparations.
February 12 (Feb. 13 on JST) 2013, Microsoft and/or Akamai Technologies server rejected the service for this month security updates auto download/installation-- It has been for a very long absence since the last attempt. I did 10 times during 09:35 and 12:35 and the last one at 18:05 because WindowUpdate.log shows “Setting AU scheduled install time to 2013-02-13 18:00:00”. My PC kept sending synchronize-‘SYN’ offers to the Akamai server resolved by DNS with validation disabled checksum and three no-operation flags.
The above are only a bit examples out of hundreds of hundreds of real world threats I have been struggling with. I think I should stop hackers subject from now on because it is complicated and insufficient to discuss here.
Unfortunately, the (?) help option has been removed in version 6 (there’s always a possibility it may come back…), however, on any UI element that you want context sensitive help, press F1 on the keyboard.
As far as the widget is concerned, it will only display registered browsers. If you’re using a portable version of any browser, unless it’s been configured as the default, i.e., creates the necessary registry entries, it won’t show in the widget. Try looking under:
>I don't believe anything you've reported here sounds 'suspicious'
To make things clear on my past posts, a basis of my post is merely to verify whether my issues has either a bug nor the specification not supporting the double byte Japanese platform. If all of you would not welcome me here, I will certainly never come back.
Viewing your pointing out implying as if I am a dishonor to the CIS forums, I described the root-kit issue but did not want to comment any further since the issue is a criminal matter as much as meaningful in a global point of view in which I have consulted with a FBI agent who stations/ed in the U.S. Embassy to Japan for an appropriate procedure/s.
I think there’s been a cultural misunderstanding here. I was simply indicating that nothing you reported in your post would lead me to suspect ‘hacker’ like activity. Obviously, there’s other factors in play that we’re not aware of. As far as not being welcome, someone will always try to assist with any issues you may have.
I appreciate it very much if you would advise me of any practical skills that I can cope with an invisible root-kit (five of GeekBuddy could not find as well) residing in my PC systems which has privileges beyond Admin (myself) right. Especially, I am interested in knowing any effective know-how to stop before it starts any modification activities to Registry entries, Explorer layers and Users account profiles. Those modification are stealthily executed while I am as an Admin user working on my PCs I built up by a DIY-- needless to say, the root-kit bypasses or disables all protection features form of any third-party security applications.
The root-kit quite often do something in background for the next instructions by consuming several seconds or more shortly before a shutdown system process starts.
If you suspect a rootkit on your PC, you would be better off posting in the Virus/Malware Removal Assistance forum with as much detail as you have. In all honesty, malware removal is not a speciality for me.
What would you do (you do not need to reply below;
if Windows Update server (before Akamai Technologies CDN business engaged in for Microsoft) sends a ‘Reset’ packet to your genuine approved Windows PC without any apparent advanced notification or warning while Windows Updates downloading is in the middle of progress and if the company ignore your complains over the telephone-- with no server technical problems reported at that time. Then the captured and the related logs were all erased from your PC, also to the fact that Microsoft used to redirect the rest of the downloading session to his other country’s server that were not yet opened to the public download at that time.
As I indicated earlier, there are many legitimate reasons for RST packets but without seeing the whole conversation it’s impossible to know why it happened in this instance. However, it’s not at all uncommon for MS to send an RST by way of ending a chat. Below is an example of Microsoft sending an RST to me, during Windows update. This simply ends that TCP session and is quicker than a FIN/ACK.
Source: 65.55.184.25 (65.55.184.25)
Destination: 192.168.1.107 (192.168.1.107)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: http (80), Dst Port: 49412 (49412), Seq: 793, Ack: 520, Len: 0
Source port: http (80)
Destination port: 49412 (49412)
[Stream index: 2]
Sequence number: 793 (relative sequence number)
Acknowledgement number: 520 (relative ack number)
Header length: 20 bytes
Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
- when Akamai Technologies CDN server for Microsooft Windows Update keep throwing different sizes of Updater recursively into my PCs which is 10 to 15% from ones (e.g. 60 items [user configuration dependency] at the first update attempt) that Microsoft provides standalone updates available to the public download (I had forwarded an evidence to Kaspersky analysis center, and received an appreciation letter describing as an invaluable information). This results in a machine start failure on the next PC start due to a modification and/or erase of Master Boot Record and/or Boot files (e.g. boot mgr), and other harassment such as modifying personalized setting to the opposite way.
Unfortunately, I don’t really understand the comments above?
- the hacker can break BIOS Admin 8 digit password in two weeks attempts or so to tamper the configurations. Are you comfortable yourself to change password every week if it happens to you?
he/they used to intrude into my domestic telephone system bypassing an Internet fiber-optic line to tamper the built-in memory system and tapping or cutting off a live line conversation, a retail GPS unit data (latitude, longitude and more) used to be tampered via a GPS satellite, and intercepted e-mail contents in and out by using a filtering system placed in some number of bot hosts located a distance of 0 hop from my ISP, in order to forward them to hacker’s bot or a server after encrypted its header information with the destination IP addresses coverup. One day, I discovered a bot host temporarily created by this hacker shortly before port scanning to my PCs was unguard on his login ID which used my real name-- presumably they have multiple targets to know which is which and to whom they want to use for attack preparations.
February 12 (Feb. 13 on JST) 2013, Microsoft and/or Akamai Technologies server rejected the service for this month security updates auto download/installation-- It has been for a very long absence since the last attempt. I did 10 times during 09:35 and 12:35 and the last one at 18:05 because WindowUpdate.log shows “Setting AU scheduled install time to 2013-02-13 18:00:00”. My PC kept sending synchronize-‘SYN’ offers to the Akamai server resolved by DNS with validation disabled checksum and three no-operation flags.
The above are only a bit examples out of hundreds of hundreds of real world threats I have been struggling with. I think I should stop hackers subject from now on because it is complicated and insufficient to discuss here.
It sound like you have some problems which are really beyond the scope of my involvement. However, I’ll be happy to help with any other problems you have regarding the use and configuration of CIS.
A copy of captured packet shows a quite normal conversation as such reasonable Sequence and Acknowledge numbers followed by Flags: 0x014 (RST, ACK) shed light on. I am actually not interested in good routine TCP/IP conversations. I thought people would understand about what is going on with my PC if I comment of a short phrases such as the (system) rootkit, beyond the Administrator’s privileges or access rights, and consulted with a FBI agent.
Apart from that example you show to help, an established active connection is cut off all sudden or after a certain interval. For example, a single assertive ‘RST’ flag packets are sent from an Akamai hosting server/s to my PC, if not that flag with, then ‘RST/ACK’ packets (NOT in the correct timing) with bad Sequence/Acknowledge numbers set such as ‘1’ send to my router-- this is an exploit trickly on a session in the TCPIP three way handshake.
Since my last post, I have never had any spare times to post my update messages at Comodo Forums because evil Akamai Technologies hacker/s who position at his CDN servers control center attack my PC remotely and locally (by rootkit) like storms every times/moments when I connect to the Internet. My PC attempts sends packets to Microsoft and Akamai servers at the first sessions [NOT for a network connection awareness implementation] when a WAN segment connection is established despite I disable the default all settings required for Windows Update. Whenever I connect to the Internet, all the various types attacks begin so I am driven to spend my whole time to troubleshoot and fix damages that befall sometimes hardware replacements. Because of such circumstance, I do not know when I’ll be able to back Comodo Forums.
I WANT TO BRING BACK MY PEACEFUL LIFE WITH MY FAMILY I USED TO SPEND BEFORE THE YEAR OF 2004.
If you’re working with the FBI, you’d be better letting them deal with the situation. Anything you do in isolation may hinder their investigation.
Apart from that example you show to help, an established active connection is cut off all sudden or after a certain interval. For example, a single assertive 'RST' flag packets are sent from an Akamai hosting server/s to my PC, if not that flag with, then 'RST/ACK' packets (NOT in the correct timing) with bad Sequence/Acknowledge numbers set such as '1' send to my router-- this is an exploit trickly on a session in the TCPIP three way handshake.
I’m simply pointing out that there’s nothing odd about receiving RST packets, at any point, in a TCP conversation. I can reproduce the aforementioned example virtually every time I connect to Akamai.
Since my last post, I have never had any spare times to post my update messages at Comodo Forums because evil Akamai Technologies hacker/s who position at his CDN servers control center attack my PC remotely and locally (by rootkit) like storms every times/moments when I connect to the Internet. My PC attempts sends packets to Microsoft and Akamai servers at the first sessions [NOT for a network connection awareness implementation] when a WAN segment connection is established despite I disable the default all settings required for Windows Update.
There are several default services, other than Windows update, that will make connections with Microsoft, Akamai - or both - every time you start windows. This is quit normal.
Whenever I connect to the Internet, all the various types attacks begin so I am driven to spend my whole time to troubleshoot and fix damages that befall sometimes hardware replacements. Because of such circumstance, I do not know when I'll be able to back Comodo Forums.
I WANT TO BRING BACK MY PEACEFUL LIFE WITH MY FAMILY I USED TO SPEND BEFORE THE YEAR OF 2004.