Jump to content

Recommended Posts

Hello,

A whois returns the following:


inetnum: 82.221.105.0 - 82.221.105.255
netname: IS-ORANGEWEBSITE
descr: OrangeWebsite.com
country: IS
org: ORG-OFO1-RIPE
admin-c: OTD3-RIPE
tech-c: OTD3-RIPE
status: ASSIGNED PA
mnt-by: MNT-ADVANIA
source: RIPE # Filtered

organisation: ORG-OFO1-RIPE
org-name: OrangeWebsite Finland Oy
org-type: OTHER
address: Hannikaisenkatu 14
abuse-c: OTD3-RIPE
mnt-ref: MNT-ADVANIA
mnt-by: MNT-ADVANIA
source: RIPE # Filtered

role: OrangeWebsite.com Technical Department
address: OrangeWebsite.com
address: Klapparstigur 7
address: 101 Reykjavik
address: Iceland
abuse-mailbox: abuse@orangewebsite.com
admin-c: AK12182-RIPE
tech-c: AK12182-RIPE
mnt-by: MNT-ADVANIA
nic-hdl: OTD3-RIPE
source: RIPE # Filtered

Link to comment
Share on other sites

Also take caution as port 5353 can be used for the following reasons:

 

-iChat, Mac OS X Bonjour/Zeroconf port
-Multicast DNS (MDNS) [iESG] (IANA official) Primarily on Mac OSX , possibly p2p ?
-Backdoor.Optix (2004.02.10) - a backdoor trojan horse that gives an attacker unauthorized access to an infected computer by opening TCP port 5353 and listening for incoming connections.
-Avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS IPv4 or IPv6 UDP packet to port 5353.
References: [CVE-2011-1002], [BID-46446]
-Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.
References: [CVE-1999-0438]

 

Also see this link:

hxxp://www.pc-library.com/ports/tcp-udp-port/5353/

 

My recommendation is this:
 

Run an In-depth scan on all local drives for your system.

Edited by Arakasi
Link to comment
Share on other sites

The application in question could be a reclusive executable, or an obfuscated one. Thus, recommend running a full in-depth scan.

I am unaware of shodan.io, where did you reference that ?

 

For now, i would check Remember Action (create rule) and Deny.

You can refer back if any of your applications begin to reveal issues, and delete the rule.

Link to comment
Share on other sites

ok

shodan.io  is  a website, type it on ur address bar

 

I see now, you are right.

The domain must be behind the proxy orangewebsite or simply hosted there.

Edited by Arakasi
Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

Shodan is a company which scans the public Internet for accessible computers.  In this case, it looks like they were scanning the IP range belonging to your ISP and attempted to connect to your computer.  This is why it is a good idea to run a firewall, and to place a router between your modem and computer, in order to block direct connection attempts from the Internet to your computer(s).

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Hi,

 

The best method is to uninstall and reinstall.

 

Manually will have a few steps.

 

To reset the firewall rules to default, follow the directions outlined here : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN941

 

If you would like to reset to default settings and values of everything else you can open the Advanced setup and click the button labeled "Default" in the lower right corner.
 

Link to comment
Share on other sites

No, database is removed as well, and license.

 

Will have to use the later route of pressing default buttons and options etc.

Edited by Arakasi
Link to comment
Share on other sites

Why I can't delete or disable these things ? :angry:

I want to have the full control over every single process. :rolleyes:

Click the Toggle Application Tree to delete your rules.

Link to comment
Share on other sites

I am getting crazy, what is this about ? what is that tracking and opencandy thing :blink:

 

Open Candy is malware. It is a classification of  adware called win32/OpenCandy

ESET detects this and i recommend running an In-depth scan on the system.

 

What is OpenCandy and why does it trigger a threat warning?
Link to comment
Share on other sites

  • Administrators

I'd suggest running a full disk scan with both potentially unwanted and unsafe applications enabled. They are not malicious but you may not want to have them on your computer.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...