Help Norton Internet Security 2005 & SpywareBlaster logs

Discussion in 'other firewalls' started by cybergran, Jan 5, 2006.

Thread Status:
Not open for further replies.
  1. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :eek: Hi...I have a new computer running win XP...I have spybot & adaware installed too...Yesterday I downloaded SpywareBlaster and executed it...I am unsure about the logs in NIS both Alerts & Firewall logs..could someone please help me to interpret them...also is there anything else I should be looking at....I have googled for the remote addresses but can't really understand them much...I would also like to know which address is my own ISP & how do I find out who the remote addresses are......I just want to make sure I have spywareblaster set up correctly....thanx
    Firewall Logs:
    1. Firewall Icon....User created a rule to "permit" communications.
    Outbound TCP connection.
    remote address, service is: 64.91.230.221,http(80)
    process name: spywareblaster.exe

    2. Firewall Icon...User created a rule to "permit" communications.
    Outbound UDP Packet
    local address, service is: 210.55.xx.xxx,0
    remote address service is: 202.27.158.40,domain(53)
    process name: spywareblaster.exe

    Alerts Log:
    1. Firewall Icon; User created rule to "permit" communications.
    outbound TCP connection
    remote address, service is: 64.91.230.221,http(80)
    process name: spywareblaster.exe

    2. right pointing arrow: Firewall rule permitted (202.27.158.40,domain(53)
    Outbound UDP Packet
    local address: 210.55.xx.xxx.0
    remote address, service is: 202.27.158.40,domain(53)
    process name: spywareblaster.exe

    3. firewall icon: user created rule to permit communications
    Outbound UDP Packet
    local address: 210.55.xx.xxx,0
    Remote address, service is: 202.27.158.40,domain(53)
    process name: spywareblaster.exe
     
    Last edited by a moderator: Jan 6, 2006
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I checked where the addys were and one I believe to a liquid web site, and the others are in Auckland NZ probable an Internet provider.

    % [whois.apnic.net node-1]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 202.27.156.0 - 202.27.159.255
    netname: XTRA-NZ
    descr: Telecom Xtra ISP.
    country: NZ
    admin-c: IA42-AP
    tech-c: IA42-AP
    status: ALLOCATED PORTABLE
    notify: nic@netgate.net.nz
    mnt-by: APNIC-HM
    mnt-lower: NZTELECOM
    changed: ARRON@WAIKATO.AC.NZ 19950620
    changed: hm-changed@apnic.net 20040927
    changed: dbk1@netgate.net.nz 20050308
    changed: hm-changed@apnic.net 20050308
    changed: hm-changed@apnic.net 20051011
    source: APNIC

    person: IP Administrator
    address: Telecom Internet Registry
    address: Level 9, Mayoral Drive BLDG
    address: Private Bag 92028
    address: Auckland
    country: NZ
    phone: +64-363-5861
    e-mail: TIR@ggi.net.nz
    nic-hdl: IA42-AP
    mnt-by: NZTELECOM
    changed: dbk1@netgate.net.nz 20030918
    source: APNIC


    and the other is here

    OrgName: Liquid Web
    OrgID: LQWB
    Address: 4210 Creyts Rd.
    City: Lansing
    StateProv: MI
    PostalCode: 48917
    Country: US

    ReferralServer: rwhois://rwhois.liquidweb.com:4321/

    NetRange: 64.91.224.0 - 64.91.255.255
    CIDR: 64.91.224.0/19
    NetName: LIQUIDWEB
    NetHandle: NET-64-91-224-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS.LIQUIDWEB.COM
    NameServer: NS1.LIQUIDWEB.COM
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2001-07-20
    Updated: 2004-12-28

    RTechHandle: AL621-ARIN
    RTechName: Admin Liquidweb
    RTechPhone: +1-800-580-4985
    RTechEmail: webmaster@liquidweb.com

    OrgAbuseHandle: ABUSE551-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-800-580-4985
    OrgAbuseEmail: abuse@liquidweb.com

    OrgTechHandle: IPADM47-ARIN
    OrgTechName: IP Administrator
    OrgTechPhone: +1-800-580-4985
    OrgTechEmail: ipadmin@liquidweb.com

    They both look fine. The 210.55.44.108 entrys are probably spywareblaster trying to update.
     
    Last edited: Jan 5, 2006
  3. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :thumb: Hi bigc73542........thanks for a quick reply...Yes I am in NZ..I use xtra.co.nz thru telecom...What is a liquid website??....How do I find this info myself in future...Thank you...Have a nice day
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Here is the app I used to get the ip info Here And liquid web is the software that runs some web sites.;)
     
  5. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :thumb: bigc73542...Cool...thanks so much for the info...is it best to download IPNetInfo as a zip file or Download self install exe for installing IPNetinfo with uninstall support....Thanx.....I really appreciate the time you have spent supporting my problem....
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I usually download the zip. and after uinzipping and installing I save the zip file in case I ever need it again.;)
     
  7. cybergran

    cybergran Registered Member

    Joined:
    Nov 20, 2005
    Posts:
    10
    :thumb: Hi bigc73542...Thanks for the input it is much appreciated...I will download the zip file tomorrow...it is 12.40 AM & I should be bye bye's now...By the way I have Ad-Aware.exe...Spybot.exe & SpywearBlaster.exe on my desk top where I downloaded it...Can I now hide this somewhere & if so how do I do that....thanx again...Have a nice day.....
     
Loading...
Thread Status:
Not open for further replies.