Author Topic: Blocking userplane.com  (Read 20942 times)

0 Members and 1 Guest are viewing this topic.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Blocking userplane.com
« on: June 06, 2006, 01:18:10 AM »
i was just online at myspace writing an email, and noticed that -- despite all my security software -- i appeared to be getting a download from:
02.presence.userplane.com
(on the far bottom left on my screen it said something like "transferring from 02.presence.userplane.com" or "downloading" for that URL.)
  * i googled userplane.com, and see they make LIVE CHAT apps -- which I DON'T WANT.
so... i killed my connection, and in symantec's firewall, i blocked userplane.com, www.userplane.com, presence.userplane.com etc.
questions: isn't this kind of downloard already supposed to be blocked by TEA-TIMER, or SPYWARE GUARD?
and:
if anyone knows -- when i'm coming up with addresses to be blocked, is it enough for use "userplane.com", or do i need to use all the various subdomains etc., like
userplane.com
presence.userplane.com
02.presence.userplane.com
*.userplane.com
*.*userplante.com


etc.


Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Blocking userplane.com
« Reply #1 on: June 06, 2006, 02:15:15 AM »
1. do you have flash enabled?
2. i don't do myspace but might look at this
http://www.techcrunch.com/2005/07/01/profile-userplane/

could it be a "feature of my space" ?

don't know your firewall?
you could use Karen's "whois" and get the full ip add for them and block that range if you can create rules for the firewall?
were you using IE or firefox?  ( active x) ?

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #2 on: June 06, 2006, 06:41:42 AM »
* thanks for that techcrunch article - that certainly makes it look like it's an "in house" feature of MySpace, that isn't being downloaded to my computer
 :shock:
i just set my firewall to alert me before allowing active-X. (when i renewed the app, it must have changed some of my firewall settings.)
* YES - i've been allowing FLASH on both FIREFOX and OPERA.(i just disabled it in opera.)
* FUNNY: when i googled the message i've been getting (in BOTH FF and OPERA), i got ONLY ONE HIT --
"Transferring data from presence.userplane.com..." was the HEADLINE title for this MySpace user:
http://www.myspace.com/metal2core
(i emailed him, to see what he knows. he just changed his headline, but still shows for the older one, since google hasn't updated his page's cache yet.)
 * MySpace hasn't had live chat in ages. this is probably their effort at getting it.
one of the reasons i'd paniced, was because i wasn't DOING anything at the time, except slowly composing an email.
i'm used to seeing "data being downloaded..." messages, when a page is loading its jpg files, etc. NOT under these circumstances.
(BTW: i BLOCKED userplane.com in N-Symantec firewall, and i STILL got that same message in FF and OPERA)
MITCH - The way they decribe the product, it's on MYSPACE'S SERVERS, right??? NOT being downloaded onto my drive?






Offline Ripley

  • Hero Member
  • *****
  • Posts: 2565
    • View Profile
Re: Blocking userplane.com
« Reply #3 on: June 06, 2006, 05:59:26 PM »
Hey babyoh,

The pre-teens/teens in my family have been asking about MySpace, and I now have more pages bookmarked about that site than I have time to review.  :lol:

And this article, doesn't refer to MySpace chat software or userplane, but other 3rd party "free" software issues at MySpace.  Totally different issue than what you are experiencing.
But thought you might be interested in that article if ya hadn't seen it.

Of note was this quote by Brian Krebs, not so much the part about choosing to download from MySpace, but his comments concerning the reactions with different browser options while he was looking into the Zango/MyFriendSpy:

"At any rate, there seem to be a few different variations on this Zango/MyFriendSpy thing going around. So if you use Myspace, use your head. Don't download or install software from untrusted sources, even those apparently recommended by your friends. Also, MyFriendSpy page choked pretty heavily when I browsed the sites with Firefox, even when I wantonly clicked "yes" on everything that popped up. Visit the site with the Firefox "NoScript" plugin installed (which blocks javascript from loading unless you specifically allow it) and you'll get nothing more than a blank page."

When Spyware Performs as Advertised by Brian Krebs
More here: http://blog.washingtonpost.com/securityfix/2006/05/when_spyware_performs_as_adver.html


In your case tho, I'd be curious to know if you found a way to add that specific domain or domain range for this userplane in your firewall and found that it effectively blocks it.
It does seems strange that you noticed what appeared as a download when all you were doing was composing an email while at MySpace.  :uhm:

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #4 on: June 07, 2006, 04:22:26 AM »
ripley,
thanks. that article was very good, but i know enough not to click on those links.
this was happening while i was minding my own business, composing email. the message was on the bottom left of the screen, resembling the "downloading data from youtube.com" etc messages you get while a page loads, and that data is being called.
 * the "transferring from userplane" message hasn't been appearing today... i have a few different MySpace accounts, and noticed it was active on ALL on them, yesterday.
 * i Googled the "transferring from...userplane" alert, and came up with ONE hit - from a guy using those words AS HIS HEADLINE on his MYSPACE PROFILE(!).
 i wrote him, and this is how the exchange went:

Hi.
i've been getting this message while i'm logged onto MySpace: "Transferring data from presence.userplane.com"
* when i search for that -- in quotes -- only your page shows, cuz that was your MySpaceheadline last week.
what IS this thing? is it downloading onto my computer?
(i thought you might know, because of your headliine.)
take care.
thanks.
  ** RESPONSE: **
uhh haha, I just put it in there because I saw it on my computer too haha.
I was thinking of a title for my page, saw that on my screen, so I just copied it.
I think it's just transferring the page into your browser or something like that. No idea.


NOTE: my actual message was: "Transferring data from 02.presence.userplane.com" - i kept doing variations of that,  in Google, until i got the hit referred to above.

if anything funky's going on, we'll probably know soon. MySpace has millions of users.
 



Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #5 on: June 07, 2006, 06:30:56 AM »
PS.
ripley wrote: In your case tho, I'd be curious to know if you found a way to add that specific domain or domain range for this userplane in your firewall and found that it effectively blocks it.

it didn't help AT ALL when i added "userplane.com" to be blocked by my norton firewall.
how do i block a "DOMAIN RANGE"? (does that mean, to find the corresponding domain IP numbers range, and add those to blocked? anything you know about this would be helpful.)

* like i said, i noticed the download activity YESTERDAY and none today.
so... maybe whatever was trying to get downloaded GOT downloaded...

still, would like to know about blocking this and other things in the future, and i don't know about "domain range"

thanks for the help, by the way

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Blocking userplane.com
« Reply #6 on: June 07, 2006, 01:22:12 PM »
i don't know norton's firewall at all!

but just a hunch
in the blocking
you did a www userplane.com

do it for userplane.com and see if that does it ( don't use the www, remember that is a type like ftp) go after the domain)

;-)

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #7 on: June 07, 2006, 11:12:09 PM »
mitch,
once again, a thousand thank-you's... previously, i'd blocked for:
02.presence.userplane.com
presence.userplane.com
www.userplane.com

i JUST ADDED userplane.com.
- thanks for that tip.
(earlier versions of Norton Firewall, allowed me to block *.userplane.com -- but in this last update "*" became an illegal character)
* I SEARCHED FOR "USERPLANE" and THERE IS SOMETHING RECENTLY DOWNLOADED ONTO MY DRIVE.
it may be completely safe BUT THIS IS IRRITATING, BECAUSE I'D LIKE TO HAVE A LITTLE CONTROL OVER WHAT ENDS UP ON MY COMPUTER...   ARGH!


** it appears to be related to FLASH.
-- should i delete these things? --
* this is what i found in my search:
these directories:
static.userplane.com
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player

static.userplane.com
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6AAULA58

#static.userplane.com
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

***
WHAT'S INSIDE THOSE DIRECTORIES: NUMBER ONE
static.userplane.com
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player
DATE MODIFED - 4.23.06 7:14 PM

inside that directory, i'm led to these directories and ultimately this file:
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\statirc.userplane.com\presence\m\presence.swf\
there is a file in this folder, called presence.sol (1 KB  MODIFIED 5.29.06 CREATED 4.23.06  ACCESSED 6.7.06 )

NUMBER TWO (for search "userplane") -
static.userplane.com
inside this directory:
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6AAULA58\presence\m\presence.swf\
inside presence.swf folder is a file:
presence.sol SIZE 1K, MODIFIED: 6.5.06 CREATED 4.22.06 ACCESSED 6.7.06
DATE MODIFIED: 4.22.06

NUMBER THREE
#static.userplane.com
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

inside this directory:
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\
IS THIS FILE:
settings.sol SIZE 1K MODIFIEDL 4.22.06 CREATED 4.22.06 ACCESSED 6.5.06

* from what i know so far, my best guess is that MYSPACE is downloading this onto users computers, in an honest attempt (hopefully) to provide some new service (i would guess it's RealTime Chat, since they don't offer that right now.)

ALSO - in the last month, MySpace has unleashed a HUGE number of new ADS using FLASH. sneaking this renegade software onto their users' drives, guarantees them that -- unless people know how to disable it -- users will be seeing their ads.

PS. i ALREADY HAVE flash... but it's set up so i can disable it, if i start getting too many ads, etc.

:: argh ::

...maybe i'll RE-NAME the USERPLANE folders -- and if myspace still works properly -- then i'll delete them all.

thoughts?



Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Blocking userplane.com
« Reply #8 on: June 08, 2006, 12:34:21 AM »
with flash enabled
have you ever been here?

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html

that is where you can set up your security for flash ( not much but better than nothing) i have mine set to no cookies downloads or anything)  (it is slow on dialup)

that userplane info was saying it used flash

might go to their tech support and fire off a question about removing it?

( will also tell you how honest they are ;-DDD)
just for the heck of it...anything new in add/remove programs
or start/all programs?

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Blocking userplane.com
« Reply #9 on: June 08, 2006, 12:41:41 AM »
READ THIS
http://www.userplane.com/privacy.htm

( didn't like some of it, but info about uninstall so you should be able to bug them)

had to post again, 1/2 way through modifying the post it said timeout and too late to modify post ;-(

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #10 on: June 08, 2006, 01:14:30 AM »
mitch,
THERE IS NO UN-INSTALL
:Win73: :Win73: :Win73:
nothing under the name "userplane" -- or anything else i saw that seemed to correspond to the software.
* NO NEW SOFTWARE INSTALLED, under Start - All Programs...
i DID recently allow an upgrade to ADOBE's reader. AND, a week or two ago, i got a free graphics app download for GIMP. gimp lets me edit and save in jpg, gif, png formats etc.
i downloaded and tried using their GIMP GIF ANIMATION. as far as i know, this doesn't have anything to do with FLASH at all. (and i've already told you, at least one other person had a suspicious USERPLANE download, while logged onto MYSPACE. he got hit at least 1 week before me, so MySpace isn't doing this all at one time.)
*  i visited here:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html
(THANKS FOR THAT LINK!)
* i changed my settings, so that i'm ALERTED when a site tries saving info on me.
I DELETED a USERPANE FILE THAT ALREADY EXISTED:
static.userpane.com

* i assume i'm not going to be getting much help from either MySpace or USERPANE -- EVENTHOUGH USERPANE IS VIOLATING THEIR TOS BY NOT GIVING ME AN UNINSTALL OPTION

is it safe for me to re-name the all USERPAND directories i listed before, and then to DELETE THEM, if my system is stable etc?

* i can email USERPAIN... um, excuse me - UserPane - and MYSPACE (which is latin for "Pain in the rectum"), but i keep hearing that MySpace deletes accounts from "troublemakers." (those users usually sign up again right away, and post something on their accounts, like "Caution: MySpace May Cancel You Account!" etc)

 :sinking:




Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Blocking userplane.com
« Reply #11 on: June 08, 2006, 01:28:30 AM »
if you got that from myspace i would not worry too much about them closing your site myself;-)

and i would go after their tech support at userpain myself !!!!
and tell them what happened and no installer  a drive by install and you are only 13 years old !!

yep you want to tell them that !

( it scares the hell out of them as it is illegal for them to do that to a minor (serious)

you could try the rename...but think it might crash the flash player ( thank you adobe for buying it and making things worse)

yep i use gimp myself on linux !!!!! do you know how long it takes to do a update ( reload all) on a dialup and it is about 140meg !!!
 i like it, but takes a bit to figure it out !!! cut i can cut/crop and small color adjustments !

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #12 on: June 08, 2006, 01:54:06 PM »
mitch,  :help:
this is getting WEIRDER and more CONFUSING.
i can't tell if this thing is gone, or HIDING.  :help:
 *  i've talked to a few other MySpace users who have the same USERPLANE "mystery" garbage on their drives, and their CREATION DATES are very close to mine. (MAY 22nd)
* i searched AGAIN for USERPLANE (on THURS JUNE 8th 7.30 AM ), and now it SEEMS like this thing is gone (except for one empty USERPLANE folder).  :blink:
* when i SEARCHED, i got THIS (only ONE occurence - not the previous THREE):
#static.userplane.com
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
DATE MODIFIED 6.7.06 6.59 PM

 * (I ENABLED VIEW HIDDEN FILES, and HIDDEN SYSTEM FILES) *
 * when i click MY COMPUTER, C, etc. --
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
(the PATH at top of screen ONLY SHOWS through "\support" - no matter how many other directories i enter. i guess it's just run out of room, to show more of the path)
 ANYWAY, i GET THIS DIRECTORY:
#static.userplane.com   - LAST MODIFED 6.7.06 6.59 PM
it's ZERO BYTES in size - and is EMPTY when i open it
 - i recognize the rest of directories as names of flash files i'd deleted, using the flash link you gave me yesterday. they still EXIST as FOLDERS, but when i click them, they're empty too.

i have a "settings.sol" file 1 KB - DATE MODIFIED 6.7.06 9.33PM.

* questions:
1) have the userplane files and directories that HAD existed, DELETED themselves - or are they just hiding (ie, re-named themselves etc.)
2) is it safe to delete the EMPTY folders, and the ".SOL" FILES?


* i told a friend of mine not to delete the USERPLANE folders / files she found on her computer, but she deleted them anyway. a couple hours later they were back. SO... either she didn't delete ALL of them, or MySpace - USERPAIN, re-installed itself.

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Blocking userplane.com
« Reply #13 on: June 08, 2006, 03:13:56 PM »
hummm

ok, run a HJT and post in that area and give a link to this topic !!!!!!!!!!!!!!!!!!!!

maybe they can find something about it???


if nothing from hjt
maybe uninstall flash , run all the c cleaners and reg checkers and then reinstall flash?

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #14 on: June 08, 2006, 10:32:44 PM »
hey! does this sound right? :help:
userplane says what i had were ONLY cookies.
that COULD explain why they they disappeared when i Deleted all those things using the FLASH link you gave me the other day.
:blink:
according to userplane, MySpace licenses their software and userplane isn't involved with downloading anything to users' drives. (which is STRANGE, considering my download came from 02.presence.userplane.com. it took alot of time, too. i'd think cookies had little data, and would be transmitted almost instantly.)
* at any rate, since i set my firewall to block them, i haven't had anything named "userplane" on my drive, except for that empty directory.)
 :tease:
PS. IS THERE A WAY FOR ME TO ALLOW COOKIES for ONLY A FEW DOMAINS - like LandZ, etc.?, and only allow session cookies for everything else...? all if there IS, i can't figure it out