PDA

View Full Version : Dodgy internet access from my computer?



Umila
10-08-2003, 03:44 PM
Hi All. I wonder if anyone can assist with this -
I sometimes receive the following message from firewall to access the internet, even when I'm not on the internet, for access to the internet -
Does anyone know what it means or is it a legit request..., where's it from, how can I find out, - more info on firewall is not much help.

Dest: IP: 203.66.2.53, Application: PNT 10MON.exe, Version: 7.6.1.0.1402

I have in the past granted permission, being a bit naive when I first installed firewall
As I say, I have my suspicions due to the fact that I am not on internet when it sometimes wants to access. Am I being suspicious for no good reason. I have spyware and adware installed as well.
Any assistance appreciated.

Jen C
10-08-2003, 04:33 PM
I cannot find much information on that application, but the IP address of 203.66.2.53 comes to a grinding halt at this location: Chungwha Telecom Co. (http://www.cht.com.tw/CHTFinalE/Web/)

Is your Ad-aware 6 and Spybot are up to date with definitions? Do you use any antiviral software?

Umila
10-08-2003, 04:43 PM
That's interesting, you found a foreign telecom link. If its not too much bother, how did you locate that address?

Yes my Ad-ware and spybot are up to date and I do use pc-cillin 2000 anti- virus only software.
I'm just in the process of updating firewall but I'm a bit stuck, because with Ad-ware and Spybot, they are automatically updated when you go into their whatever, but with Zonelab firewall, I've had to download a new version, and I think I have to uninstall, but not sure.
Thanks again.

argus
10-08-2003, 04:45 PM
The first thing that occurs to me is a long thread we had a while back about a multimedia keyboard that sent out a signal to what turned out to be a completely random site, just in order to check that the internet connection was working.

Try scanning the list of PressF1 posts for Netropa.

In the Netropa case, the unintending "villain", Hewlett-Packard had to issue a fix to remove the probe - though they insisted it was doing nothing suspect.

Argus

Jen C
10-08-2003, 05:01 PM
>how did you locate that address?

You can enter an IP address at this site: Sam Spade (http://www.samspade.org/) and get further information on that address. It does have its limits however.

Peter H
10-08-2003, 05:05 PM
To find ISP address. http://www.amnesia.com/index.jsp
Bye

Peter H
10-08-2003, 05:08 PM
Whoops - just checked that link, and it's not working. See what I can find.
Bye

Peter H
10-08-2003, 05:12 PM
My Spelling. http://eamnesia.com/index.jsp
Bye

wuppo
10-08-2003, 05:53 PM
PC-cillin has a file named iomon.exe - perhaps that's what you saw?

Umila
10-08-2003, 08:42 PM
Hi Wuppo
Yes I think you are on to it. I checked the pc program and the version number matches exactly. I'll just double check with pc support.
Thanks for that.

eef2
10-08-2003, 11:05 PM
Am I missing something?

AS I just typed the IP address of 203.66.2.53 into the titlebar of my Mozilla Browser, this website came back to me without help from the outside world:
http://www.trendmicro.com/tw/home/enterprise.htm.

Umila
11-08-2003, 12:06 AM
Hi Eef2
Wow, as easy as that to check an address.
I went there and it belongs to Trend micro homepage (Taiwan) and I need to install chinese language to read, which I didn't. So I think it cld be a cookie. A cookie from the anti virus crowd. hmm.

Thanks again and goodnight

argus
12-08-2003, 12:04 PM
I use www.geektools.com. Click "whois" in top right corner and enter the IP address.

But I'm not sure the actual address is relevant; it may be just a "ping" to check that the connection's up.

Argus

argus
12-08-2003, 12:06 PM
I use www.geektools.com. Click "whois" in top right corner and enter the IP address.

But I'm not sure the actual address is relevant; it may be just a "ping" to check that the connection's up.

Argus