ESET keeps blocking ip addresses on google

Discussion in 'ESET NOD32 Antivirus' started by Engineeringfun, Apr 13, 2011.

Thread Status:
Not open for further replies.
  1. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    Ever since I have downloaded Firefox 4, when searching on google, nod32 has blocked a lot of websites that supposedly use browser hijacking etc. It keeps popping up with Nod32 blocked this IP address. It has happened about 5 times, but didn't seem to happen on Internet Explorer.

    What is going on as I have scanned with Malwarebytes, and there have been no infections and ESET does not detect anything, so I don't think it's malware. Why is this occurring? o_O

    Thanks
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you please post 2-3 screenshots with examples of warnings on blocked sites?
     
  3. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    The thing is it only seems to occur when searching particular things on firefox. For instance, I searched for Dr web cure it and didn't click on anything and nod32 said it blocked an ip address and then I searched spyware in google images and it blocked something, although I didn't click on any of the images. It always seems to block anything relevant to antivirus, even without clicking on the actual link. Is it possible that rogue websites are attempting to hijack my browser through google searches, because every time I scan with Nod32, there are no infections, and Malwarebytes found nothing.

    Thanks :)
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  5. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    I will run sysinspector and upload the file for analysis, but I just found out some information on another forum that suggested that this could be the issue. I am unsure if this could actually be the issue or not though. The person suggested:

    When you are searching with Google it does not filter search results. Links most\any search engine provide are a click-on\visit at your own risk proposition. The sites themselves may be malicious or at the least contain malicious software.

    I think what you are seeing is a combination of FF`s prefetch and Nod32 detecting some of the links FF is prefetching from your Google search.

    How to disable it is included in the above article if you wish to check my theory.

    Could this also be a reason, as there have not been any pop ups with fake scanners and no slowness or anything suspicious, and I am able to access all security websites, Nod32 just occasionally blocks website when searching on google which is curious.

    Thank you ^.^
     
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I think not, since you have seen these blocked IP's by NOD too many times already.

    So be sure to upload the Sysinspector analysis ASAP so ESET staff can check it.
     
  7. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    I will, but I don't know if there is any significant problem as it only happened when I typed in spyware to google images, and anything that relates to spyware would be malicious. I think that a rogue website that links to spyware tried to do something but wasn't able to. It also happened when looking up Dr web cure it, where wot rated a few sites red that posed to be legitimate, so Nod32 blocked a few of those attempts and also when I typed in bitdefender, there were also a few fake websites (which I didn't click on) and Nod seemed to detect a browse hijacker, but this only happens in firefox. When actually clicking on the links in google, I am never redirected to any weird sites. When searching for normal things on google, it never appears.
     
  8. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I tried typing "spyware" into a Google images search and got many images, but no complaints from NOD32 when using Firefox 4. I also tried a regular Google search for "bitdefender" and got plenty of links and no complaints from NOD32. I think you have something unique going on. Using NOD32 4.2.71.2 on XP SP3.
     
  9. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    Yes I am using Nod32 4.2.35.0 on Windows XP. Is there any way I can find out what is going on as it only happens occasionally and malwarebytes and Nod32 don't find anything? Another forum said:

    This is where I believe Firefox`s prefetch is part of the situation.

    It is looking ahead to links off of the page you are currently viewing. Meaning it is initiating contact with those sites in an effort to speed up their loading should you decide to view one of them.
    It is these pre-made connections, without your consent, that I think Nod is detecting.
    One of the reasons I disabled the prefetch function in FF.
     
    Last edited: Apr 17, 2011
  10. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I had to check in about:config to remember how I have it set. I have network.prefetch-next false and also weboftrust.prefetch is false. Perhaps that is why I don't see the problem you saw. If disabling prefetch helps, then do it. It doesn't seem to hurt Firefox that much. Other than that, I see you are using an earlier version of NOD32 than I, but maybe that doesn't make much difference.

    OK, I just changed the setting for network.prefetch-next to "true" and I still don't get any warning from NOD32 when searching for "bitdefender" in a normal Google search. I did the same Google images search for "spyware" and not a peep from NOD32. Maybe an update to the newer version of NOD is in order. Maybe there is something else going on with your system.
     
  11. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    I will try to disable prefetch and see what happens. Also I don't know if this makes a difference, but I have adblock, WOT and NoScript installed in Firefox. It might also have come up because windows updates were not fully up to date at the time, now they are. Also our computer engineer guy installed Nod32 for us a few years ago and he comes every year, do you know how to install the latest Nod32 version?

    Thanks for your input
     
  12. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I always download the latest version from the Eset website. Many recommend uninstalling the previous version prior to installing a new version. I have done so a couple of times but also have installed a new version over the previous version. Either way works, so far as I can tell. NOD32 can export settings so that you can import them to a new version. You should have a copy of your Eset license message or something from the box NOD32 came in. Whenever you renew the license, you get a message that contains your user name and password. You need those in order to download an updated version. If someone is installing or updating NOD32 for you yearly, then that person may have your license information.

    Oh, by the way, I also use Adblock, WOT, and NoScript in Firefox 4.

    As for Windows updates, they can cure problems and they can also cause problems. I know someone who steadfastly refuses to install Service Pack 3 for XP on one of their systems because it has a conflict with hardware on that system. I personally found a particular HP software suite that would not install on my own system when I updated to SP3. The printer drivers only without the fancy front end worked fine, but the suite would not install.
     
    Last edited: Apr 17, 2011
  13. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    Thanks for the info. I will update Nod32 and hopefully it will work. It doesn't seem to happening much since I have disabled prefetch and updated windows xp. I will just continue to use on demand scanners which will hopefully deter any viruses from executing or look for any suspicious files. Nothing much else is happening which is good. Someone suggested that the difference between the results we were getting could be due to Location Aware Browsing, but I don't know.

    Will post again if something happens, but thanks for your time and energy. :)
     
  14. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    You might try disabling location aware browsing. I recall doing that some time ago, but only because I did not want it. That option in about:config is "geo.enabled" and can be set to false. I think we are getting into a lot about Firefox rather than NOD32 and the Mozilla site has plenty of information on various options in the browser. Oh, and I re-enabled location aware browsing, and, once more, it seems to make no difference in the way NOD32 behaves when doing the previously mentioned searches.
     
  15. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    Yeah, the issue itself may be in the updating or configuration of Nod32 as it is a different version from yours, so it may be solved if I update Nod32 to the most recent version. Mozilla may not, like you suggested, be the actual issue. Maybe it was the windows updates that supported the issue, but more investigation into the matter is required, especially after Nod32 is updated.

    Thanks :cool:
     
  16. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    OK. Good luck. If you are concerned about the configuration you have been using, you could just uninstall the old version and install the new one using the default settings.
     
    Last edited: Apr 18, 2011
Thread Status:
Not open for further replies.