Why?

[Old Boozer]

Thirty days after installing Kav 6 I get this. Six outbound hits on
different ports. Strange!

06/Jul/2006 14:05:29 Trible Fusion blocked; Out TCP;
localhost:1198->www.tribalfusion.com [204.11.109.70:80]; Owner: C:\PROGRAM
FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE



OB.

 

[Art]

Thirty days after installing Kav 6 I get this. Six outbound hits on
different ports. Strange!

06/Jul/2006 14:05:29 Trible Fusion blocked; Out TCP;
localhost:1198->www.tribalfusion.com [204.11.109.70:80]; Owner: C:\PROGRAM
FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE

Hey OB. Long time no see. I'm puzzled about the spelling in the first
line of the report. Trible Fusion? Is that a misspell by your sw
firewall? What are you using as a outbound traffic monitor? Also, is
your KAV 6 a trial or Beta version? Expiration date? Or normal
licensed/registered version?

Indeed the report is strange. I suppose you've tried using
some of the usual antispyware/adware scanners? What have you
tried in the way of running process trackers? SysInternal's
Process Explorer, etc.?

Does KAV 6 seem to be working normally otherwise? If you
suspect it isn't, try a formal scan using KAVDOS32. See my web site
for the K-BOOT and KAVDOSNT downloads.

Art
http://home.epix.net/~artnpeg

 

[Old Boozer]

Thirty days after installing Kav 6 I get this. Six outbound hits on
different ports. Strange!

06/Jul/2006 14:05:29 Trible Fusion blocked; Out TCP;
localhost:1198->www.tribalfusion.com [204.11.109.70:80]; Owner: C:\PROGRAM
FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE

Hey OB. Long time no see. I'm puzzled about the spelling in the first
line of the report. Trible Fusion? Is that a misspell by your sw
firewall? What are you using as a outbound traffic monitor? Also, is
your KAV 6 a trial or Beta version? Expiration date? Or normal
licensed/registered version?

Indeed the report is strange. I suppose you've tried using
some of the usual antispyware/adware scanners? What have you
tried in the way of running process trackers? SysInternal's
Process Explorer, etc.?

Does KAV 6 seem to be working normally otherwise? If you
suspect it isn't, try a formal scan using KAVDOS32. See my web site
for the K-BOOT and KAVDOSNT downloads.

Art
http://home.epix.net/~artnpeg

Hey Art glad to see you are well and still kickng ass. AVP exe is not trying
to connect to
triblefusion >
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075246

When a site tries to put their (trible's) cookie on the box, kerio personal
shows an out bound connection. I have a rule set to block that

domain. Kerio associates this with Kav. More than likely because Kav has
rootkit'ed itself into the files. I may have a benign regestry

value from some past freeware progran that connects the events. Yes I use
Process Explorer V10.11 nothing unusual going on.

Just a head scratching anomaly. Kav is running great and no other problems.
Well maybe just one, I picked a file off of

the usnet, ofcourse I don't run Kav real time.



Obvious malware! Without my glasses on I opened it with associated program
instead of dumping it into a hex reader.

DAMN dropdown boxes!!!

HeHe I'm no longer a virgin. Yep F'ed my own computer.

 

[Art]

On Sun, 9 Jul 2006 20:37:10 -0500, "Old Boozer" <oldboozer> wrote:

When a site tries to put their (trible's) cookie on the box, kerio personal
shows an out bound connection. I have a rule set to block that

domain. Kerio associates this with Kav. More than likely because Kav has
rootkit'ed itself into the files. I may have a benign regestry

I tried a experiment using Sygate set to not allow AVP.EXE and I get
a pop up for any attempt at TCP/IP ... can't browse, use newsreader
or email. The only app activity that was allowed was my atomic time
which uses UDP. Since KAV 6 is monitoring all TCP/IP activity it "gets
blamed" by sw firewalls for all such activity So the use of a sw fw
to check unauthorized outbound while KAV 6 is running realtime is
clearly nonsense.

Keep on posting!

Art
http://home.epix.net/~artnpeg