How should I set up a web server?
I am using a non-standard port (85)
The only way I got it to work is going into Network Monitor and adding a rule
where source port is [any]
and remote port is 85
that seems backwards…
Also Im getting alot of these types of alerts…
Firefox is trying to act as a server. What would you like to do
Remote IP:Listen Port:1574-UDP
C:\WINDOWS\system32\rundll32.exe has modified the User interface of firefox.exe by sending special Window messages. Any program trying to modify another program using this method may be a sign of trojan activity.
This can be between any prgrams… even things that have nothing to do with each other, is this normal? Am I being paranoid or do I have a trojan? I have scanned with everything I could possibly find online and offline and all come up clean, but that doesnt make me feel safe.
I would change the “remote [any]” setting to “remote [specific ip of our web server]”.
Rules should be flexible enough to allow you to work the way you want, but tight enough that they restrict external access to only those resources you need.
Hope this helps,
can anyone help me with the second problem?
what does modified the User interface mean? and why would things like Firefox be modifying the user interface of Thunderbird?
I sent them screenshots…
heres another I just got in the logs
[attachment deleted by admin]
WGA.EXE that is attempting to go on the internet is Microsoft’s Windows Genuine Advantage tools phoning home. Extract from betanews.com below;
Microsoft acknowledged reports Wednesday that its latest update to Windows Genuine Advantage (WGA), an anti-piracy program implemented to detect counterfeit copies of Windows XP, phones home to the Redmond company on a daily basis.
News of the occurrence surfaced this week after privacy advocate Lauren Weinstein confirmed Internet murmuring that a connection was being made to Microsoft’s servers even after WGA had validated a Windows system as legit. Microsoft quickly responded to the issue, saying the feature was a “safety switch.”
How they can have “Microsoft” and “safety switch” in the same language, let alone the same sentence, is beyond me!!
I am more worried about photoshop.exe trying to use btvlibraryservice.exe through OLE automation whatever that means…
this is just an example of an unrelated peice of software trying to use another… It is happening all the time… and yet no worms, viruses or anything else are found on my system
CPF reports this activity as suspicious behavior but this does not have to be a hijack attempt at all. This alert means, photoshop.exe has tried to use a COM interface being hosted by your btvlibraryservice.exe. IF you have tried to copy/paste some screenshots from your TV program to photoshop or tried to capture video etc., this may be the reason for this alert.
You can select “Remember…” checkbox in the popup not to see this alert again.
I would not worry about this alert and select the remember option.
All I was doing was loading up photoshop. btv was just running in the background. Im worried because BTV has allowed internet access to get remote listings and what not, photoshop does not and should not have access.
If it was a worm wouldnt this be the same action it would take to try to get access, using an allowed program?
Yes a trojan would employ such a technique but since you have scanned your computer with latest anti virus scanners, this seems like a false alert to me. I dont think photoshop will use such a technique to connect to the internet.
But if you are really worried about some files, you can always submit them to Comodo Research Lab for further analysis. Just zip the files and send them to firstname.lastname@example.org.