Help Norton Internet Security 2005 & SpywareBlaster logs

Discussion in 'other firewalls' started by cybergran, Jan 5, 2006.

Thread Status:
Not open for further replies.
  1. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :eek: Hi...I have a new computer running win XP...I have spybot & adaware installed too...Yesterday I downloaded SpywareBlaster and executed it...I am unsure about the logs in NIS both Alerts & Firewall logs..could someone please help me to interpret them...also is there anything else I should be looking at....I have googled for the remote addresses but can't really understand them much...I would also like to know which address is my own ISP & how do I find out who the remote addresses are......I just want to make sure I have spywareblaster set up correctly....thanx
    Firewall Logs:
    1. Firewall Icon....User created a rule to "permit" communications.
    Outbound TCP connection.
    remote address, service is: 64.91.230.221,http(80)
    process name: spywareblaster.exe

    2. Firewall Icon...User created a rule to "permit" communications.
    Outbound UDP Packet
    local address, service is: 210.55.xx.xxx,0
    remote address service is: 202.27.158.40,domain(53)
    process name: spywareblaster.exe

    Alerts Log:
    1. Firewall Icon; User created rule to "permit" communications.
    outbound TCP connection
    remote address, service is: 64.91.230.221,http(80)
    process name: spywareblaster.exe

    2. right pointing arrow: Firewall rule permitted (202.27.158.40,domain(53)
    Outbound UDP Packet
    local address: 210.55.xx.xxx.0
    remote address, service is: 202.27.158.40,domain(53)
    process name: spywareblaster.exe

    3. firewall icon: user created rule to permit communications
    Outbound UDP Packet
    local address: 210.55.xx.xxx,0
    Remote address, service is: 202.27.158.40,domain(53)
    process name: spywareblaster.exe
     
    Last edited by a moderator: Jan 6, 2006
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,894
    Location:
    SW. Oklahoma
    I checked where the addys were and one I believe to a liquid web site, and the others are in Auckland NZ probable an Internet provider.

    % [whois.apnic.net node-1]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 202.27.156.0 - 202.27.159.255
    netname: XTRA-NZ
    descr: Telecom Xtra ISP.
    country: NZ
    admin-c: IA42-AP
    tech-c: IA42-AP
    status: ALLOCATED PORTABLE
    notify: nic@netgate.net.nz
    mnt-by: APNIC-HM
    mnt-lower: NZTELECOM
    changed: ARRON@WAIKATO.AC.NZ 19950620
    changed: hm-changed@apnic.net 20040927
    changed: dbk1@netgate.net.nz 20050308
    changed: hm-changed@apnic.net 20050308
    changed: hm-changed@apnic.net 20051011
    source: APNIC

    person: IP Administrator
    address: Telecom Internet Registry
    address: Level 9, Mayoral Drive BLDG
    address: Private Bag 92028
    address: Auckland
    country: NZ
    phone: +64-363-5861
    e-mail: TIR@ggi.net.nz
    nic-hdl: IA42-AP
    mnt-by: NZTELECOM
    changed: dbk1@netgate.net.nz 20030918
    source: APNIC


    and the other is here

    OrgName: Liquid Web
    OrgID: LQWB
    Address: 4210 Creyts Rd.
    City: Lansing
    StateProv: MI
    PostalCode: 48917
    Country: US

    ReferralServer: rwhois://rwhois.liquidweb.com:4321/

    NetRange: 64.91.224.0 - 64.91.255.255
    CIDR: 64.91.224.0/19
    NetName: LIQUIDWEB
    NetHandle: NET-64-91-224-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS.LIQUIDWEB.COM
    NameServer: NS1.LIQUIDWEB.COM
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2001-07-20
    Updated: 2004-12-28

    RTechHandle: AL621-ARIN
    RTechName: Admin Liquidweb
    RTechPhone: +1-800-580-4985
    RTechEmail: webmaster@liquidweb.com

    OrgAbuseHandle: ABUSE551-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-800-580-4985
    OrgAbuseEmail: abuse@liquidweb.com

    OrgTechHandle: IPADM47-ARIN
    OrgTechName: IP Administrator
    OrgTechPhone: +1-800-580-4985
    OrgTechEmail: ipadmin@liquidweb.com

    They both look fine. The 210.55.44.108 entrys are probably spywareblaster trying to update.
     
    Last edited: Jan 5, 2006
  3. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :thumb: Hi bigc73542........thanks for a quick reply...Yes I am in NZ..I use xtra.co.nz thru telecom...What is a liquid website??....How do I find this info myself in future...Thank you...Have a nice day
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,894
    Location:
    SW. Oklahoma
    Here is the app I used to get the ip info Here And liquid web is the software that runs some web sites.;)
     
  5. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :thumb: bigc73542...Cool...thanks so much for the info...is it best to download IPNetInfo as a zip file or Download self install exe for installing IPNetinfo with uninstall support....Thanx.....I really appreciate the time you have spent supporting my problem....
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,894
    Location:
    SW. Oklahoma
    I usually download the zip. and after uinzipping and installing I save the zip file in case I ever need it again.;)
     
  7. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :thumb: Hi bigc73542...Thanks for the input it is much appreciated...I will download the zip file tomorrow...it is 12.40 AM & I should be bye bye's now...By the way I have Ad-Aware.exe...Spybot.exe & SpywearBlaster.exe on my desk top where I downloaded it...Can I now hide this somewhere & if so how do I do that....thanx again...Have a nice day.....
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.