interesting firewall alarm..
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: interesting firewall alarm..

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    385

    interesting firewall alarm..

    Norton firewall has been popping up this message a few times today:

    Microsoft Office 2000 component is attempting to access the Internet

    At X:XX PM on X/XX/XX, the following communication was detected:
    Application: C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    Protocol: TCP (Outbound)
    Remote Address: www.irs.gov (66.77.65.247) : http (80)
    Local Address: Service port 1159
    This file is not infected with a virus. There is no autoconfiguration data for this application. This application is from a known company (Microsoft Corporation). This application does not have a digital signature or the digital signature is invalid.
    any thoughts?
    (btw, my mother just did her taxes on it today)
    Preliminary operational tests were inconclusive (the dang thing blew up)

    \"Ask not what the kernel can do for you, ask what you can do for the kernel!\"

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    121
    In the startup there usually is findfast... I have never found out what it does but its not neccissary so just get it out of there and it wont be running.... dont think it'll try to connect out if its not running.

  3. #3
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    Rule of thumb if you never use the program or have never heard of it; never let it access the internet.
    Its not software piracy. I’m just making multiple off site backups.

  4. #4
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    Find fast is a program that is included w/ ms office. What its supposed to do is index your documents on your drive for faster searches. Why its trying to get port access, no clue. I havn't ever heard of that. As tuskin said you can easily disable it.

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    385
    I'm wondering why it wants the IRS
    Preliminary operational tests were inconclusive (the dang thing blew up)

    \"Ask not what the kernel can do for you, ask what you can do for the kernel!\"

  6. #6
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    Conspiracy note... This is very interesting. Here are my thoughts.

    1) The program Findfast should NOT be tring to access ANY ports what so ever. The fact that this program's design is to catalog everything on your HD causes a bit of concern to me. This leads me to believe that it may be infected with somthing.

    2) The fact that its trying to contact the IRS homepage also worries me. Hmmm... I did a whois on the IP and got this:

    Qwest Cybercenters (NETBLK-QWEST-CYBERCENTER-2)
    1200 Harbor Boulevard
    Weehawken, NJ 07087
    US

    Netname: QWEST-CYBERCENTER-2
    Netblock: 66.77.0.0 - 66.77.191.255
    Maintainer: QCYB

    Coordinator:
    Wysocki, David (DW820-ARIN) ip-admin@qis.qwest.net
    201-770-4133

    Domain System inverse mapping provided by:

    DCA-ANS-01.INET.QWEST.NET 205.171.9.242
    SVL-ANS-01.INET.QWEST.NET 205.171.14.195

    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

    Record last updated on 25-Mar-2002.
    Database last updated on 14-Apr-2002 19:58:00 EDT.
    I may be wrong on this, but would the IRS use Qwest as an ISP? I would think they would use their own lines. Okay, possibly the website is hosted by Qwest.

    Ughh, If I hear another AOL ad on TV I'm gunna go completly... sorry.

    Anyways where was I? Oh yeah...

    [PARANOIA] Okay, here comes the "What If" part. What if while your mother was on the computer doing her taxes via an on-line tax generator, the tax website downloaded a trojan controlled by the government? I see this this as a perfect opportunity for the government to install backdoor Carnivore, Magic Lantern, type of software to thousands of computers.[/PARANOIA]

    I may be way off on this, but what if?

    Your thoughts?

    Halo found this later: FindFast
    It has no reason to connect out. Very, Very strange.

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    503
    /me hides.

    I think someone's a bit paranoid. But I also don't think that this is something to be ignored. Just kill the program, don't let it run, don't let it access any ports, don't let it eat, don't let it poop, don't let it... well, you get the idea. I personally think it is the spawn of Satan, and we all know that Satan answers to his alternate identity of the IRS...

    God bless,
    --PhirePhreak
    I know you\'re out there. I can feel you now. I know that you\'re afraid. You\'re afraid of us. You\'re afraid of change. I don\'t know the future. I didn\'t come here to tell you how this is going to end. I came here to tell you how it\'s going to begin. I\'m going to hang up this phone, and then I\'m going to show these people what you don\'t want them to see. I\'m going to show them a world without you, a world without rules and controls, without borders or boundaries. A world where anything is possible. Where we go from there is a choice I leave to you.

  8. #8
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    Xmaddness might be a little paranoid but he has a point trust no one. I would update you virus scanner and do a complete scan. But a virus made by the government wouldn’t be detected by a virus scanner. There to smart to fall for that one. They could know that you’re posting on this forum and dispatch a secret irs commando death squad after you. My advice to you would be to pack up all you stuff and go live in a shack with no power on the side of a snowy mountain. And what about us. Now we know and they’ll be after us to. Oh man I need a beer.
    Its not software piracy. I’m just making multiple off site backups.

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    121
    cwk9 ... you have a point... y did I ever reply?? I am putting my life and future in danger... lol, no if it were the goverment you would have more difficulty finding the 'issue'. FINDFAST trying to acces the internet is definately odd and I'd be currious... M$ has no reason to have FINDFAST really in the fist place, his idea of 'convience'... :conflicting issues! My first comment will work... if it says still that the goverment is trying to get.... I mean FINDFAST is trying to get out... something is triggering "FINDFAST" and you will have to determine the cause.

    (If findfast is closed [not in startup] and its trying to get out, something is opening it or posing as it)
    well I hope I helped...
    Tuskin

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    121
    Dang I forgot to say: Good paranoia = self determination to understand how to protect yourself from "it" and of course do it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •