Defender Accessing web site during scan?

[Guest]

I always check my Norton activity log for invalid internet connections. After
I run a Defender (beta 2) scan I find that Defender is accessing the
following web site WWW.FORSYTHCO.COM at 66.110.201.196. has any one else
experienced this? And does anyone know why it is happening.

 

[Guest]

Big Brother is watching you????

 

[Guest]

Hello Mike,

Go for scans in safe mode and also add Ewido and Ccleaner as Ewido performs
great with Trojans and Ccleaner will clear your temp folders where a lot of
malware hides installers.

http://www.ccleaner.com/downloadbuilds.asp
http://www.ewido.net/en

Note, When you install Ccleaner, uncheck the Yahoo toolbar option.
Note, in Options, Settings, Advanced, uncheck - Only delete files in Windows
folders older than 48 hours.
Note: uncheck Windows Defender in the applications.
Open Ccleaner and press "Windows" "Aplications" and Run Cleaner from the
menu choose 'Issues' and then press scan for issues, Repair any fºund.
Run twice Ccleaner, the same as above,until you get “0 bytes to be removedâ€.


*When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu".
*Run Ewido. From the main ewido screen, click on update in the left menu,
then click the Start update buttºn.
*After the update finishes (the status bar at the bottom will display
"Update successful")
Now scan with Ewido. Click on the Scanner button in the left menu, then
click on Complete System Scan. This scan can take quite a while to run.
Once its started scanning it will display an alert window when it finds any
infected files, when you see this first alert check the boxes "Perform action
with all infections" and "Create encrypted backup" before clicking on ºk
When the scan finishes, If ewido finds anything in the scan click on "Save
Report". This will create a text file. Save to desktop or c:drive incase you
need to post it bªck.
While I posting Ewido does say its a 14 day free trial but it still works
fine after the trial has expired, All it does after the 14 days is stop the
real time protection and auto updates but I never advise that to be enabled
at setup anyway as it can interfere with other real time protection programs
plus the updates can be done manually anytime you wish so it may be usefull
to keep it incase you need to use it again in the future.

For the benefit of the community reading this post, please rate the pºst.

I hope this post is helpful.

Let us know how it works ºut.

Еиçеl

 

[Steve Dodson [MSFT]]

When I did a whois on that address, I got:

Server Used: [ whois.arin.net ]

66.110.201.196 = [ ]
OrgName: GEORGIA PUBLIC WEB INC.
OrgID: GPW
Address: 1470 RIVER EDGE PARKWAY
City: ATLANTA
StateProv: GA
PostalCode: 30328
Country: US
NetRange: 66.110.192.0 - 66.110.223.255
CIDR: 66.110.192.0/19
Is this your ISP? Maybe that is who owns the DNS server?-steve
--
-steve

Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[Dave M]

Windows Defender seems to have acquired a strange fascination with state
and local governments:

From: JonJ
Subject: Scan triggers outgoing "unknown" traffic on ports 139 & 445
Date: Thu, 3 Aug 2006 16:52:01 -0700
Newsgroups: microsoft.private.security.spyware.general
--

Regards, Dave

When I did a whois on that address, I got:

Server Used: [ whois.arin.net ]

66.110.201.196 = [ ]
OrgName: GEORGIA PUBLIC WEB INC.
OrgID: GPW
Address: 1470 RIVER EDGE PARKWAY
City: ATLANTA
StateProv: GA
PostalCode: 30328
Country: US
NetRange: 66.110.192.0 - 66.110.223.255
CIDR: 66.110.192.0/19
Is this your ISP? Maybe that is who owns the DNS server?-steve
--
-steve

Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod

I always check my Norton activity log for invalid internet connections.
After
I run a Defender (beta 2) scan I find that Defender is accessing the
following web site WWW.FORSYTHCO.COM at 66.110.201.196. has any one else
experienced this? And does anyone know why it is happening.

 

[Guest]

Steve,
No Forsyth County is not my ISP; I never went to this site until it started
showing up on my connection log. I just ran Defender and here is the
information from the log:

Connection: WWW.FORSYTHCO.COM(66.110.201.196): http(80) from
D2B2YP41(192.168.1.100): 2283, 4805 bytes sent, 232999 bytes received,
32.468 elapsed time.

I now run Defender manually with no internet connection until I resolve this
issue.

Mike Lib

--
Mike Lib

When I did a whois on that address, I got:

Server Used: [ whois.arin.net ]

66.110.201.196 = [ ]
OrgName: GEORGIA PUBLIC WEB INC.
OrgID: GPW
Address: 1470 RIVER EDGE PARKWAY
City: ATLANTA
StateProv: GA
PostalCode: 30328
Country: US
NetRange: 66.110.192.0 - 66.110.223.255
CIDR: 66.110.192.0/19
Is this your ISP? Maybe that is who owns the DNS server?-steve
--
-steve

Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

I always check my Norton activity log for invalid internet connections.
After
I run a Defender (beta 2) scan I find that Defender is accessing the
following web site WWW.FORSYTHCO.COM at 66.110.201.196. has any one else
experienced this? And does anyone know why it is happening.