strange block action against attempted trusted site addition

J

John

Today, on two client PCs running XP Home SP2, MS
Antispyware prompted with an "allow"-or-"block" dialog.

It stated that something (didn't state what) was attempting
to add the following to the trusted site list in Internet
Options.

"//@mail.mar@"

This client uses MSN software and this MS Antispyware
prompt appeared right after I installed MS Antispyware,
rebooted, then started the MSN software.

On one PC I hit allow and the other I hit block.

It appears this "//@mail.mar@" is part of something MSN
needs, but I'm unsure since next to nothing showed up in a
clusty.com and google search for this. (Except a
Mar29,2005 posting by someone else about this exact same MS
Antispware prompt.

Questions:
1. What is //@mail.mar@ ?
2. What is trying to add it to Trusted Sites?
3. Why is something trying to add it to Trusted Sites?
4. If MSN is the culprit, does it need to add this for MSN
to work?
5. How can a "remember this action" "Block" action in MS
Antispyware be undone, so that the prompt reappears?

Thank you,
John
 
R

Ron Kinner

Seems unlikely that mail.mar needs to be in the Trusted
Zone. The address is not a valid URL but you could have a
DNS hijacker that knows the fake domain or an entry in
your hosts file that mapped it to a real address.

Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then
send it to me as an attachment. Maybe I can see what is
going on from that.

Ron Kinner
MVP 2004
(e-mail address removed)
 
A

Andre Da Costa

You can ignore it, its safe:

This relates to Microsoft Money, but the same applies to the MSN Client
also:
You may spot this in the Internet Explorer Local Intranet Zone (under
control panel->Security->Local Intranet->Sites->Advanced).

If you browse to that location, you'll find it starts Money. A couple of
examples of it's use are:

money://@surf.mar@/investing.htm

money://@surf.mar@/ols_accttype.htm?{7F136766-E2F1-43D7-9405-9529D9799376}

Because Money is built on IE, these appear to be mechanisms within the
program to launch pages from within itself, and it's not because something
external has infiltrated your machine.

You can delete the entry, but I have found that if you do so, it can
reappear when running Money again.

A similar item "//@signup.mar@" can also be displayed when running Money
(this has been witnessed in anti-spyware tools). This also seems to be part
of Money, but related more to login type procedures.

Thanks to Tony Linguini & Money FAQs
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

_//@mail.mar@ 2
Internet Trusted Site blocked 2
Blocking a site and reporting threats 5
An interesting block that I would like to know more about. 2
What is mail.mar ?? 1
"Trusted Site" prompt while adding Restricted Site 1
"Trusted Sites" 2
//@mail.mar@ (what is this?) 2

Top