Ewido Update Suggestion

Discussion in 'ewido anti-spyware forum' started by DaDude, Jul 3, 2006.

Thread Status:
Not open for further replies.
  1. DaDude

    DaDude Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    22
    Last week my Norton Internet Security 2005 flagged this Ip address
    205.188.146.145
    as an attacker and was put on the
    RESTRICTED Communications List
    of Norton's Personal Firewall

    I was not been able update Ewido v3.5 for a few days and
    started to investigate as to why.

    After looking at what addresses NIS was blocking
    and then removing the address 205.188.146.145
    from the restricted list I was able to update again today.

    As a true test I manually added the address
    205.188.146.145
    back into the restricted list of NIS Firewall and
    again was not able to connect to the EWIDO update server
    all I was getting was
    update.ewido.net not found

    If you are having trouble updating Ewido v3.5
    then I suggest you look at what your firewall is blocking
    by Ip Address numbers and
    look for this number to unblock ..205.188.146.145
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hmmm....that's an AOL associated IP and also appears to be associated with a traffic redirect virus :doubt:

    Have you noticed any odd peculiarities while browsing....like banner ads not working properly ?

    Also....if you are comfortable searching in the registry....do you have that IP in the below area of the registry ?

    HKLM\System\CCS\Services\Tcpip\
     
  3. vinzenz.ewido

    vinzenz.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    425
    Location:
    Brno, Czech Republic
    @DaDude

    The update.ewido.net IP is 85.10.237.9

    BR
     
  4. DaDude

    DaDude Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    22
    Please explain more
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    There may be nothing more to explain other than NIS has that IP in it's database as a known problem. In fact if you do a Google search of the IP there are numerous hits....most of which regard an entry location of the registry that could be related to re-directs.

    Why removing that IP in NIS let's you succesfully update ewido I have no answer nor can I explain :doubt:
     
    Last edited: Jul 3, 2006
  6. DaDude

    DaDude Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    22
    >>>>
    All I know is that if the address 205.188.146.145 is blocked by Norton
    Ewido will not connect to it's update site ...Should/when I find out more I'll repost any news.... Thanks for the reply though
     
  7. DaDude

    DaDude Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    22
    Here is what I found
    Results of a WHOIS search

    http://www.networksolutions.com/who...76669d8bc0d620d0f61b7443293:vyx8?whoistoken=0

    IP address look up for
    205.188.146.145
    .......................................................
    205.188.146.145
    Record Type: IP Address


    OrgName: America Online, Inc
    OrgID: AMERIC-59
    Address: 22080 Pacific Blvd
    City: Sterling
    StateProv: VA
    PostalCode: 20166
    Country: US

    NetRange: 205.188.0.0 - 205.188.255.255
    CIDR: 205.188.0.0/16
    NetName: AOL-DTC
    NetHandle: NET-205-188-0-0-1
    Parent: NET-205-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS-01.NS.AOL.COM
    NameServer: DNS-02.NS.AOL.COM
    Comment:
    RegDate: 1998-04-18
    Updated: 1998-04-27

    RTechHandle: AOL-NOC-ARIN
    RTechName: America Online, Inc.
    RTechPhone: +1-703-265-4670
    RTechEmail: domains@aol.net

    Also more info was found at
    CastleCops on IP Address 205.188.146.145
    For conformation purposes
    http://www.castlecops.com/p658890-Hijack_This_Log_Only_2_Curious_Entries_PC_running_OK.html

    This looks to be legitimate AoL Address
    I do use AoL


     
  8. pwillener

    pwillener Registered Member

    Joined:
    Apr 24, 2006
    Posts:
    133
    Location:
    Tokyo, Japan
    That's what I thought - it's probably an AOL internal name server or something. Just allow it.
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    That's how I determined it was an "AOL associated IP" mentioned in my initial post.

    Very legitimate and quite possibly an "AOL internal name server"....which is why there should be an IP entry that's part of this registry key....HKLM\System\CCS\Services\Tcpip....that was asked about earlier :doubt:

    Also....if that IP is indeed associated with your AOL account....which it probably is....you possibly should be seeing other programs experiencing update problems also :doubt:
     
    Last edited: Jul 4, 2006
Thread Status:
Not open for further replies.