Internet access puzzle - www.007guard.com ???

Help
2010-01-26
2013-04-03
  • Philip Goddard
    Philip Goddard
    2010-01-26

    I'm not aware of any reason why KompoZer  should make an outgoing connection to www.007guard.com every time it starts up, but this is what it's doing.  This is happening in v.08b1 and was also happening in v.0.7.10.  The remote port number accessed changes each time - which has resulted in an annoying series of prompts from my firewall.  I just tried accessing www.007guard.com in Firefox and got warned off it by the WOT add-on, which gives a very strong "This site has a poor reputation" warning about that site.

    For this reason I'm blocking all Internet access to KompoZer at least for the time being.  I don't use it for uploading sites anyway, having my own dedicated FTP software.

    I'd much appreciate an explanation of what those accesses represent.  Although I wouldn't expect security problems with KompoZer, I do have to say that its automatic Internet connections look to be suspicious and in any case quite unnecessary behaviour.

     
  • KompoZer does not try to access 007guard at startup. Feel free to download the source code and check by yourself.

    Are you sure this is not related to your personal setup? Anti-virus, firewall or whatever it takes to try to secure a Windows box?

     
  • Don Williams
    Don Williams
    2010-01-27

    Your computer is infected with a malware virus.  Search for 007guard & you will get 100's of hits.  You can probably edit your etc/hosts file to make it ineffective.

     
  • Philip Goddard
    Philip Goddard
    2010-01-27

    Oh, sorry about that - I did actually submit a reply not long after my post (successfully), to explain because I actually found out what the problem was - but for some reason that reply has disappeared.  So, let's have another try.

    My computer is actually not infected at all, and, what's more, a bit of Internet search revealed that lots of people are getting apparent contacts with www.007guard.com from software that they're running.

    What the issue really is, is something completely innocent that Spybot Search & Destroy does when you use its Immunize function.  It puts a long list of nasty domains in the Hosts file, each referred to 127.0.0.1, and "127.0.0.1 www.007guard.com" is at the top of the list.  Above that is a line "127.0.0.1       localhost", which, however, was commented out, which it shouldn't have been.  Whether Spybot S&D had commented it out or whether it had been like that by default, I have no idea.

    So, any firewall or other utility that shows a program's network connections then interprets 127.0.0.1 as the domain given in the first active line in the Hosts file list, which happened to be www.007.guard.com.  That is why KompoZer and indeed Firefox (when I looked) and other Internet connecting programs appeared to be contacting a noxious site; those connections were really to localhost, and thus completely innocent!

    I've rectified this by the simple means of uncommenting the  "127.0.0.1       localhost" line at the top of the list, and now the various programs' localhost connections are reported with my computer name - a much happier state of affairs. And naturally I've unblocked KompoZer in my firewall.

    Kind regards,
    Philip.

     
  • TexTech
    TexTech
    2010-01-27

    I just checked my W7Urc pristine hosts file, and it is 100% commented out, i.e. the default state of the file.

     
  • Philip > thanks for your update!