Strange address blocked by Nod AV

Discussion in 'ESET NOD32 Antivirus' started by JohnnyDollar, Aug 13, 2009.

Thread Status:
Not open for further replies.
  1. JohnnyDollar
    Online

    JohnnyDollar Guest

    A couple of times the past few days while I have had my browser (FF) open but not surfing, Nod popped up saying an address had been blocked. It just did it again as I am writing this message.

    It says: Address has been blocked
    www(dot)google(dot)com/url?sa=Tsource=webct=rescd...
    208.69.36.230:80

    Does anyone have any idea what this is? o_O

    I have a router and was using OpenDNS but turned OpenDNS off yesterday thinking it may have had something to do with it, but Nod just blocked it again a couple of minutes ago.
    Last edited by a moderator: Aug 13, 2009
  2. Marcos
    Offline

    Marcos Eset Staff Account

    It sounds like a fake DNS record. Google has IP addresses 74.125.77.xxx. I'd suggest creating a log from SysInspector and checking it for suspicious files. You can also contact customer care and provide them the log for perusal (by default, it's attached to a support request when filling in the built-in support query form).
  3. Marcos
    Offline

    Marcos Eset Staff Account

  4. JohnnyDollar
    Online

    JohnnyDollar Guest

    Ok thanks Marcos. I'll check out the log. Like you said it may be normal behavior.
  5. Marcos
    Offline

    Marcos Eset Staff Account

    google.com resolves to a different IP address also here when I change the DNS server to that provided by the OpenDNS service. Unfortunately, I'm not familiar with OpenDNS enough to answer why it is happening and why not when resolving other addresses.
  6. JohnnyDollar
    Online

    JohnnyDollar Guest

    I guess I am not familiar enough with it either. I am going to quit OpenDNS service for the time being till I find out what is going on.

    I just realized that I had it turned off in the router but not on my pc network internet protocol properties, so that is probably why Nod blocked it again a few minutes ago.
    Last edited by a moderator: Aug 13, 2009
  7. Brambb
    Offline

    Brambb Registered Member

    Never had troubles with OpenDNS and NOD32 here. My google.com resolves to: 74.125.127.100 and google.nl to: 216.239.59.104

    I don't have troubles connecting to 208.69.36.230 either with NOD32.
  8. bornconfuzd
    Offline

    bornconfuzd Registered Member

    Hi All,

    FWIW I had the same kind of thing happen to me the other day on an Amazon page. I tried loading the page in both FF and IE and kept getting a pop up, (sorry I don't have the exact wording), from Nod32 4.0.437 that a web address had been blocked. I finally figured out that it was a small ad on the bottom left of the page that was being blocked.

    Larry
  9. JohnnyDollar
    Online

    JohnnyDollar Guest

    I didn't realize that Nod blocked ads.
  10. bornconfuzd
    Offline

    bornconfuzd Registered Member

    Hi JohnnyDollar,

    Neither did I, but this particular ad appeared to contain a link/url that Nod did not like! If I can find that particular page again I'll get a screen shot etc and post it here.

    Also, the Amazon page itself was fully functional. Only the small ad contained a note "Blocked by Nod32".

    Larry
  11. JohnnyDollar
    Online

    JohnnyDollar Guest

    Oh ok I see what you mean. I figured out that while using OpenDNS that the url with the IP address that Nod was telling me it was blocking was google. http://208.69.36.230/
    I tried to get some answers at the OpenDNS forum, but didn't get a whole lot. One member told me it was google invading our privacy http://forums.opendns.com/comments.php?DiscussionID=4579&page=1#Item_6

    So through the process of trying to figure it out I quit using OpenDNS, and will probably keep it that way. Nothing against them, but I did fine before I used them and I am doing fine now. I am a FF user. I don't know, I use better privacy and track me not to try to keep google off track. No script is good but was too much for my taste.
Thread Status:
Not open for further replies.