i have some code on my drive, that keeps connecting with ning.com, and generating new session cookies for me, in FireFox.
the code bypassed all of my security apps, to install itself- setting FF to BLOCK the cookie has no effect.
- i'm not sure exactly the mechanism, but the cookie never seems to spend any time in FF's cookie.txt file (where FIREFOX would have some control over it).
* if i go OFFLINE, and delete the cookie- it STAYS deleted
UNTIL i go back online. (it re-generates about 45-60 seconds after i'm back online... and this is with FF set to BLOCK the cookie!)
* if i stay online and delete the cookie - it mysteriously re-appears (with a different Value) in about 60 seconds.
*** i wasn't able to stop this until today, by RESTRICTING - BLACKLISTING ning.com in my FIREWALL.
this stops the communication, but i still have some renegade code on my machine, i'd like to NUKE.
** (hopefully, something in my HJT log will alert you to the "unwanted" software.
IF NOT, i was thinking about ALLOWING the connection via the FIREWALL, and watching in TASK MANAGER to see what process turns on to contact NING... alternately, i could download ETHEREAL, and check my packets.)
*** WHY THIS IS IMPORTANT:
i realize session cookies "are your friend" etc etc- but, 1) i like to have control over my hardware and software, 2) these stinkers are "tricking" FF into allowing a cookie it thinks its' blocking, and 3) it's CREEPY!
- any help is appreciated.
here's my log.
*******
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:35 AM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9112 bytes
Hi:
Nothing showing in the HJT log. Can't answer anything about FF, as I am a IE user.
I see in your other topic, that Norton nor Spybot found anything. Did you try running Adaware?
Here are the directions on running it:
http://www.bleepingcomputer.com/tutorials/tutorial48.html
BG
Something you could do, is open up Command Prompt (Start > Run > type in cmd.exe and hit Enter) and use the command netstat -b. It will show what processes are connected where.
thanx, guys!
- 1) i thought AdAware was no longer recommended, due to so many problems, false positives, etc. (AdA SE no longer has new updates, as of DEC 31, 2007- and AdA 2007 has the problems.)
- 2) i got an email response from NING that said, in part:
I'm not sure why you're having trouble deleting this cookie or why it's appearing when you're not accessing Ning.
This is not a capability or intention that we have and may be the result of a browser malfunction (since the browser is responsible for managing cookie lifecycle).
FireFox plugins can sometimes cause persistent sessions when a tab is no longer open (and result in the cookie being reissued).
You may want to try creating a second FireFox profile without any plugins to eliminate the possobility that your plugins are triggering this issue. Check out this FAQ for more information:
http://help.ning.com/?p=342
*** the faq recommends:
Close Firefox.
Open a command prompt by going to Start -> Programs -> Accessories -> Command Prompt.
Paste in the following command:
"\Program Files\Mozilla Firefox\firefox.exe" -profilemanager
Click on the button entitled "Create Profile..."
Click on "Next."
Name the profile if you like. We recommend "test user."
Click on "Finish."
Select your new user in the selection box and click "Start Firefox."
Test out your Ning social network.
To return to your old profile, repeat steps 1 to 3 and select 'default' (or the old profile name if it was named) and click on "Start Firefox."
*** ME AGAIN:
if this simply has the effect of "DISABLING ALL ADDONS" --
A) why can't i just click "DISABLE ADDONS" within my current FF window
and
B) aren't either of these options dangerous, in that they'll allow everything my addons were blocking? (javascipt, FLASH, etc).
*** SPYDIE:
to use the "netstat -b" command, should i first UN-BLOCK NING.com in my firewall -- so that netstat can "catch" the connection taking place?
...Remember: I DON'T GET THE "RE-APPEARING" COOKIE, WHEN NING.com is BLACKLISTED in my FIREWALL.
* thanx again, for your help
Interesting that the email discusses plugins, not add-ons. Not sure what to make of that.
Some feedback though...
I can see where using "Add n Edit" add-on would be helpful if you are a web developer, but I don't pay that much attention to my cookies. The dev doesn't seem to be the most "active" w/ this add-on, although he did just issue an update in Feb. 08 I see.
Per the Add n Edit Developer:
QuoteIMPORTANT!!!
Cookie setting set in Preferences/Options take priority over the changes applied by this Cookie Editor. For example, if you set an option to have your cookies to expire at the end of session, you won't be able to change the expiration date on cookies using the Editor.
https://addons.mozilla.org/en-US/firefox/addon/573
As you have already heard from the NING site and they are implying browser malfunction, then keeping track of your "troubleshooting" w/ Fx might be handy for later.
Creating a new profile is standard to rule out some type of profile corruption, or testing add-ons.
An easier step might be to load "Fx Safe Mode" as I am using, now, while I post this. Plugins aren't effected, just add-ons, themes, etc.
Dangerous? Remember, the best add-on to ANY browser is between your ears.
I feel a bit more "blind" w/ no add-ons as more ads display and I can't see what scripts are running on each page per NoScript, but I am only surfing to sites that are known to me while doing this troubleshooting task.
Close all Fx sessions, go to All Programs>Mozilla Firiefox>Firefox (Safe Mode)
Here's what you will see:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi71.photobucket.com%2Falbums%2Fi152%2Fripley2006%2FFxsafemode.jpg&hash=4302b38f1e1140d0f4d963a210c7b3331ffda156)
Tip:
Do not check any of the boxes/options, just click "continue safe mode."
When you are done, close Fx and start the way you normally would, or w/ All Programs>Firefox.
Alternately, the preferences you set, (i.e. "blocks" for cookies) ought to showing in your hostperm.1 file in your profile. Have you checked whether the "block" you set is "set"?
Find your
profile (http://support.mozilla.com/kb/Profiles), and view your hostperm.1 file by rt clking and opening w/ WordPad. Do not attempt to manually edit. Find the cookie, and if it is "blocked" it will have a value of 2.
Also take a look at Firefox makes unrequested connections (http://support.mozilla.com/kb/Firefox+makes+unrequested+connections).
Lastly, I have no idea about the suggestion from SpyDie, but it would seem unblocking it first would be the way to see what it is doing. Remember, you are unblocking a cookie not a trojan downloader.
Hope some of this helps.
ripley, thanx -- i'll outline what happened below. the bottom line is, as soon as i take ning out of my firewall for blacklisting *POOF* a new ning cookie (even in FF safe mode).
* here's the full story (with details, as they may be significant).
my hostperm.1 isn't exactly where mozilla said it would be; it's buried one folder DEEPER in a folder called "iuv4ullz.default"
inside there, i found hostperm.1 -- but when i right-click, i had no option to "OPEN WITH" notepad.
so...
i COPIED it, PASTED to another folder, and renamed THAT copy "hostperm.txt"
THAT opened...
- before i explain what i found in there...
NING allows you to HOST FORUMS. you come up with a SUBDOMAIN for your forum.
so... you could start one that had the URL: ripley.ning.com, or cats.ning.com, etc.
i mention this, because i've checked out and registered a few NING forums, to see how're were done. (it's a highly customizable environment: you can get the api, program php, do all sorts of tricks...)
anyway.
i searched in HOSTPERM for every occurence of "ning.com", and a bunch came up, due to the subdomains of the forums.
ning.com cookies 2 is there, but also for various subdomains i have these OTHER value forms:
help.ning.com host install 2
**(SUBDOMAIN 1).ning.com host cookie 8
**(SUBDOMAIN 2).ning.com host install 2
**(SUBDOMAIN 3)ning.com host cookie 2
**** i exited FF and launched FF SAFE MODE.
no ning cookie.
i exited FF -- DELETED my NING.COM and WWW.NING.COM BLACKLISTING in my FIREWALL.
then, i launched FF SAFE MODE.
AND THE NING COOKIE WAS BACK AGAIN
which means this has nothing to do with my addons mis-firing -- as they were OFF in Safe Mode.
- thanx for the other info you provided. none of it applies directly to this situation, as far as i could tell - EXCEPT something screwy with PRE-FETCH.
http://lwn.net/Articles/139725/
* i've never had problems like this controlling cookies in FF- and i've dealt with an enormous number of them, as they are EVERYWHERE.
i have no idea why pre-fetch would choose to at up NOW... but, i'll shut it OFF (using about:config) to check.
* if it doesn't, i'll try SpyDie's "netstat -b" suggestion.
ARGH.
:thud:
(i tried editing my last post, but it said "Over Time Liimit")
PS. NONE of the ning subdomained forums were set to ALLOW COOKIE. they'd been set to ALLOW FOR SESSION COOKIE.
i never got mysterious cookies for "(SUBDOMAIN).ning.com" -- just ning.com
but i'm nuking the COOKIES EXCEPTIONS settings for everything ning-based, except for ning- which shall stay BLOCKED.
disabling FF's PREFETCH had no effect- i STILL generate the Ning HELL COOKIE.
* The ONLY way for me stop it, is to use my FIREWALL *
i did SpyDie's "netstat -b" and took screenshots of the results.
- (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi32.tinypic.com%2Fadf33r.jpg&hash=8df975f55762816ba372a68b58549137bf11d0e0)
whenever i launch FF, it evidently communicates with NING to do a cookie.
here's a SECOND shot. i tried to time it, so it snapped as i was launching FF...
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi31.tinypic.com%2F2dbo0nt.jpg&hash=08b5aa0a9415d2dda2b4a5349762e1fa2b5eb16e)
Take another screenshot of the results from netstat -b, whilst Firefox is closed please. It shows in both of those screenshots that Firefox is open.
SpyDie,
in both shots FF is off.
* in THIS pic, while FF was open, i stopped blacklisting NING.com in my FIREWALL - a cookie was generated INSTANTLY by the way.
i didn't delete the cookie, i closed FF and took the screenshot.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Faycu40.webshots.com%2Fimage%2F44479%2F2002661272988238397_rs.jpg&hash=ee877ff5baa851f97555a3d6b0a25fedf8f0a386)
* then i had my firewall block ning.com, opened FF and deleted the cookie.
i closed FF and took this:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Faycu23.webshots.com%2Fimage%2F46502%2F2002663902360906981_rs.jpg&hash=b6839d70e8d114ab196d2c8c417e88bb40001bdc)
I FOUND IT! (you'll have explain what i found, though)
* i repeatedly ran "netstat -b" and discovered, the following:
OPERA doesn't generate a connection to the IP: 8.6.19.68, when i use that browser
- i also have no problems with NING COOKIES in opera.
*** FIREFOX doesn't show 8.6.19.68 -- IF I BLOCK NING IN MY FIREWALL.
* as soon as i STOP blacklist firewalling it, FIREFOX makes a connection to... you guessed it -- 8.6.19.68
- a whois DNS shows this IP is owned by NING:
IP Address: 8.6.19.68
SSL Cert: *.ning.com expires in 1021 days.
Reverse IP: 2,038 other sites hosted on this server.
OrgName: Level 3 Communications, Inc.
* the ip is ALSO listed here, in relation to SPAM:
http://en.wikipedia.org/wiki/Wikipedia:WikiProject_Spam/LinkReports/tontinenation.com
* i don't understand this post (too technical), but it relates to the ip 8.6.19.68
and "Set-Cookie: xn_visitor"
http://developer.ning.com/forum/topic/show?id=1185512%3ATopic%3A24211
* All right, what have i found...?
i know FF is contacting NING via that IP, and generating the cookie.
why? how do i stop it?
...do i need a new computer??
:Win73:
On the fly here, but...
Nice illustration for why it's important to have a software firewall w/ outbound connections control... :thumbsup:
I don't know how to interpret those screenies to confirm whether it's coming from Fx or somewhere else on your hard drive.
Just a few FYI's:
Quotei searched in HOSTPERM for every occurence of "ning.com", and a bunch came up, due to the subdomains of the forums.
ning.com cookies 2 is there, but also for various subdomains i have these OTHER value forms:
help.ning.com host install 2
**(SUBDOMAIN 1).ning.com host cookie 8
**(SUBDOMAIN 2).ning.com host install 2
**(SUBDOMAIN 3)ning.com host cookie 2
* hostperm.1 = "Site-specific preferences"
The file stores Firefox permissions that are decided on a per-site basis. For example, it stores which sites are allowed to, or blocked from setting cookies, installing extensions, showing images, displaying popups, etc.
1 = allow, 2 = block, 8 = allow for session
Quote"iuv4ullz.default"
So you only have one profile, and are using the default one. There should be a corresponding hostperm.1 file for each profile, if created.
As you know Firefox "program" installs to a different location separate than the Profile: which contains bkmrks, add-ons, cookies, preferences, etc.
Have you any backups of your profile done manually or w/ say
MozBackup (http://mozbackup.jasnapaka.com/) (I use this cuz the dev is Czech) or
FEBE (http://customsoftwareconsult.com/extensions/febe/febe.html)<looking at that one now too.
You can easily create a "test user" profile per the email & see if the "connection" to that IP continues.
If it doesn't, then be selective about what you migrate from the old profile to the new & nuke the old profile.
If it does continue w/ the "connection", then there might be some geeky program that others know about to track it down.
How have you been deleting these cookies? Through the Fx >clear private data?
Have you done a good CClean? Maybe running CCleaner in (Windows) safe mode as well?
You have the option to "keep" cookies you want, see if anything "ning" shows up, and nuke it. In addition to the Fx cache, I'd go through the "Applications" list & clean those as well, esp. the multimedia options.
I am out of ideas as to why this is happening. I thought about the Fx prefetch too, or maybe it could be a LiveBookmark that you had tweaked the reload time to say 60 seconds, but you seemed to have ruled that out as well.
If it were me, at this point, do some "cleaning" and I'd create a new profile, see what happens and forward that info, in addition to the the above, to the site you are dealing with, as well as posting the "circumstances" to the new
Firefox forums (http://support.mozilla.com/forum).
Quote from: babyoh...do i need a new computer??
And I thought
I was a drama queen :tease:
It is nice to have some control with a software firewall, isn't it?
Quote from: Ripley on February 28, 2008, 03:39:29 AM
If it were me, at this point, do some "cleaning" and I'd create a new profile, see what happens and forward that info, in addition to the the above, to the site you are dealing with, as well as posting the "circumstances" to the new Firefox forums (http://support.mozilla.com/forum).
Would also do this aswell.
Out of interest babyoh, forgive me if they have already been asked:
You have Norton, is it the full works (Whole suite ,or just the AV for example?)
Out of curiousity, change your homepage (to something different) and then try with
netstat -b again. Tell me if you see that IP listed in the results.
Just had some time to come back online...how is this going with SpyDie's questions?
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.kolobok.us%2Fsmiles%2Fartists%2Fjust_cuz%2FJC_cookies.gif&hash=eced31504df11d415d3dc258b4b3fb349ca424a3)
HI.
i haven't had time to do a new FF profile, or download and run CC yet (hopefully tonight).
* BUT
i do have some strange info to report.
- first of all, SpyDie, i have:
NORTON INTERNET SECURITY 2006 (i bought it in 2008, and norton SWEARS it's the newest update)
it runs SECURITY, OUTBREAK ALERT, PERSONAL FIREWALL, INTRUSION PROTECTION, AV, and SECURITY INSPECTOR
...i've Turned Off PRIVACY CONTROL and PARENTAL CONTROL.
(unlike other versions of norton, i've noticed no problems with it)
***
now, for the WEIRD stuff.
i've had NO NING HELL COOKIES, or funny business re NING, since i FIREWALL BLOCKED them (by IP).
-- in FF i change my HOMEPAGE from GOOGLE to LandZ.
i exit and re-launch it a couple times to check it works; it does.
...i shut down OPERA and FF, and "netstat -b" until all the connections are closed.
i open my FIREWALL, and DELETE NING as BLACKLISTED.
i launch FF, and netstat shows i have a connection to NING's IP- IMMEDIATELY after my connect to LandZ (your server01.manageryourpc.com one).
*SURPRISE!* I HAVE A NEW NING COOKIE!
i'm not online long, just a couple minutes.
i EXIT FF.
i "netstat -b" over and over: my disconnect with LandZ is immediate, but i stay connected to NING for about 1 minute.
- i open my FIREALL, BLOCK NING.
THEN (THIS is the weird part)...
when i re-launched FIREFOX -- and check cookies, THE NING COOKIE HAS DISAPPEARED!
*** (this isn't supposed to be possible, i don't think: once you have a cookie, it's like an app or spam; it STAYS until you Delete it!)
anyway, i posted to the MOZILLA FORUM about a 1.5 days ago. no one's responded so far.
http://support.mozilla.com/tiki-searchindex.php?words=ning&where=forums&forumId=1
***
:smash:
i'm going to do a new FF profile, and download CC -- i wanted to do that when i wasn't rushed. hopefully tonight.
* i'm on nerd heaven by the way, SpyDie: thanks for that netstat command, very cool.
* something really odd seems to be going on with this NING COOKIE. i don't understand it at all.
:blink:
Norton internet security is now at version 2008. You can get a free upgrade here -
http://www.symantec.com/en/uk/home_homeoffice/support/special/upgrade2007/vista/migration_start.jsp?site=nuc
Quote from: babyoh on March 01, 2008, 05:01:48 AM
HI.
i- first of all, SpyDie, i have:
NORTON INTERNET SECURITY 2006 (i bought it in 2008, and norton SWEARS it's the newest update)
it runs SECURITY, OUTBREAK ALERT, PERSONAL FIREWALL, INTRUSION PROTECTION, AV, and SECURITY INSPECTOR
...i've Turned Off PRIVACY CONTROL and PARENTAL CONTROL.
(unlike other versions of norton, i've noticed no problems with it)
***
numbnuts... :o