actxproxy.dll

Discussion in 'other firewalls' started by Arup, Apr 8, 2005.

Thread Status:
Not open for further replies.
  1. Arup

    Arup Guest

    This is the dll responsible for most the the leaks based with IE, by blocking it, many of the tests can be effectively passed.

    Anyone else tries this out, please post your feedback.

    c:\windows\system32\actxproxy.dll
     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    When you click on a link in a help file, will you get the internet page that you are supposed to get? Will Windows update work? If you have to disable your system to pass leak tests, all you have accomplished is disabling your system. It is like saying my system will pass all leak tests when power to the modem is off.

    Some people use Maxthon to pass the leak tests. Iexplore.exe is deleted.

    Just remember, when you are running those tests, you know you are running a test. What any user, even an experienced one would do during an actual exploit is less certain. For some reason anecdotal reports of persons discovering, via a firewall warning, their PC is infected are lacking. Either they said yes the first time the firewall asked and forgot about it, or it just is not happening that way, or the trojans are using communications drivers, or terminating the firewalls. What I do see frequently are persons who changed AV brands and found an infection, or a lot of them. I wonder if the trojan disabled their brain, AV, firewall, or all three?
     
  3. Quote from Diver
    For some
    reason anecdotal reports of persons discovering, via a firewall warning, their PC is infected are lacking. Either they said yes the first time the firewall asked and forgot about it, or it just is not happening that way, or the trojans are using communications drivers, or terminating the firewalls. What I do see frequently are persons who changed AV brands and found an infection, or a lot of them. I wonder if the trojan disabled their brain, AV, firewall, or all three?

    What exactly are you trying to say...I notice quite often, I can understand most
    of what you say..but then you get to a point, to me anyway, you your logic
    gets muddled....and you are very hard to follow.
     
  4. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    There is nothing about what I wrote that is hard to understand or of muddled logic. You don't see it because you do not want to.

    Your statement is a crude attempt to discredit someone without actually having any thing to say, and it borders on being a personal attack.
     
  5. Arup

    Arup Guest

    Diver,

    This is just my observation and recommendation based on my experiment, I have IE set to ask mode with either Kerio 2.15 or NetVeda, I am not concerned about leak tests, but am seriously concerned about IE exploits.

    I have been using Opera since version 2 and continue to do so with version 8 and my only other alternate browser is FF.
     
  6. No I did not understand what you were trying to say in that passage I quoted
    Thats why I wanted you to clarify. I understood the first part fine.

    And yes, for the most part ....The only thing we seem to agree on.....

    ...............................IS TO DISAGREE...............................
     
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Just Wondering

    It is OK to disagree. I can understand you without the caps turned on, which is considered to be impolite.

    Will be no further explanation what you quoted, as none is needed. You ought to register for the board.

    Arup-

    What class of IE exploits requires a block on the program other than one where the trojan that could start IE is already on your machine because any other kind of exploit requires you to use IE first. That gets back to the old bit about why did it get there undetectd by your AV, how did it get activated without you realizing it, and so forth.
     
  8. Arup

    Arup Guest

    Diver,

    To my knowledge, there are no AVs out there that can truly detect and brand new virus, by chance if one gets it, the block is a good protection as IE is the platform they use to launch it.

    http://www.ebcvg.com/articles.php?id=666

    Read the above link and see what I mean exactly.
     
    Last edited by a moderator: Apr 9, 2005
  9. I would still be the same person....registered or not.

    I wasn't trying to be rude....just stressing a point.

    I really don't understand your point.....It makes no difference...if your defences
    are none...minimal...or a tank. A virus say...somehow got on any machine.

    "the old bit about why did it get there undetectd by your AV, how did it get activated without you realizing it, and so forth."

    How are you saying that you, me or anyone is immune from that happening.
    or a sure fire way to prevent that.
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Just curious, but how many of us here have actually been the victim of an IE exploit? I have been using IE for many years (except for a period when I used FF), and I have never had any IE exploits happen here, save for an infected file popping up in my IE cache once, but that can happen in FF too. What exactly are we afraid of happening? I would like to know, because I admit that I too am a little wary of things that MIGHT happen when using IE. Yet, in all this time, I have never once had anything happen. Are we just living in fear all the time, using numerous security apps, trying to protect against the event that will never occur?
     
  11. Good question Kerado

    About the same time as I started reading Wilders and getting DSL

    I had a nasty little exploit called 5sec biz that used explorer.exe.
    I've googled on it and found very very little info on it....it seemed to mess with
    the FW...and wasn't so noticable on dial up...if I booted up with a FW..any FW
    I would get the msg...explorer.exe was having problems..and did I want to send
    MS a report....yada yada ...then when I got DSL the problem got worse...since
    I was online all the time....it seemed to pulse all the time...Outpost seemed to
    keep it in check....it blew right thru Sygate...I forget where it was sending to.
    Every few secs...sending, sending, sending. I tried every tool and then some.
    Kav,TDS etc. Nothing found it.

    So yes I am leery what is being send out on my machine, and to whom.
    I want to....when things settle down....to use this machine for light bookkeeping..my G/Fs occasional foray to ebay...state taxes...etc.

    My weekest area....is FW's and correct settings...most security apps are
    pretty EZ to figure out....But yipes...me and FW's.

    I figure if I can nail down even 1 known exploit...that is 1 less thing for me to
    worry about...be it windows...explorer.exe. IEexplorer.

    I rarely get any alerts....just an occassional...Windows wants to do some sort
    of housecleaning....which I deny until I can get some info on it

    Ye gads....seems like everything is sending something out...I feel ....they
    have to "need to know"
     
  12. Arup

    Arup Guest

    Long time back when I was using Kerio 2.15, I got affected with a worm, probably from someone who kindly bought me his collection of MP3, this would turn of my Kerio and also make svchost.exe crash from time to time, I was running AntiVir which at that time did not detect the worm, it was only after few months that Google had information on this worm, I had to format and reinstall my OS, my current installation of Win2K is almost 21/2 years old, one of the reasons this OS went so long is due to MS's implementation of patches as well as good FW rule setting and vigilant practices.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    I was wondering mostly about IE exploits.. If anyone had ever had something happen as a result of using IE.
     
  14. Arup

    Arup Guest

    Spanner,

    Thats the right one, sorry for the typo, this dll allows any program to access port 80 via IE.
     
  15. Arup

    Arup Guest

    Spanner,

    Don't rename it, just block it in your firewall.
     
  16. Arup

    Arup Guest

    Spanner,

    I never use IE, only Opera and Firefox but if you like IE, there is a very good and free browser using IE engine called Maxthon which has none of the bugs or loopholes of IE and is quite fast, almost as fast as Opera.
     
  17. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    One side-effect of blocking actxprxy.dll (in my case with Outpost) is that when you use "Open in New Window" and then block it when prompted, the new window loads but you will then no longer be able to browse until you restart IE.

    Nick
     

    Attached Files:

  18. Arup

    Arup Guest

    Absolutely right, it is the same process of opening new IE windows that also allows other programs like Wallbreaker, PC Audit etc. to spawn through IE.
     
  19. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Arup,

    I also see svchost.exe uses actxprxy.dll at XP startup. Blocking causes no apparent loss of functionality yet. (I rarely use IE; just playing around.)

    10:02:45 PM svchost.exe OUT REFUSED UDP localhost 1028 Blocked by Component Control
    10:02:45 PM svchost.exe OUT REFUSED UDP localhost 1027 Blocked by Component Control
    10:02:36 PM svchost.exe OUT REFUSED UDP 239.255.255.250 1900 Blocked by Component Control
    10:02:36 PM svchost.exe OUT REFUSED UDP 239.255.255.250 1900 Blocked by Component Control


    Nick
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Thanks JW... that's the kind of thing I'm interested in learning about... I have switched back to Firefox for now...
     
  21. Arup

    Arup Guest

    One of the reasons I have been relatively hack and virus free over the years is due to my my using Opera as main and only browser and have always set IE to ask mode in my firewall. Now with Avast adding the web shield, things are even better.
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    So Avast's web shield works ok with Opera? So far I've only tested IE and Firefox with Avast, and both work fine. I do have Opera here also though..
     
Thread Status:
Not open for further replies.