Author Topic: web shield anomaly?  (Read 3041 times)

0 Members and 1 Guest are viewing this topic.

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
web shield anomaly?
« on: May 07, 2015, 04:06:45 AM »
I was on omegle today and I'd just closed my browser and switched users on my comp because I had to leave, when I got back some omegle urls were the most recent things scanned in my realtime data, showing up after the points where I had closed my browser switched off and logged back in. I've managed to replicate it twice so far

Is this a glitch with avast, or is my computer somehow connecting to omegle when logged off?

Offline Cast

  • Sr. Member
  • ****
  • Posts: 306
Re: web shield anomaly?
« Reply #1 on: May 07, 2015, 07:55:18 AM »
Does it show the times that it was scanned at? Maybe its just from when it was signed in before you signed off that account?

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
Re: web shield anomaly?
« Reply #2 on: May 07, 2015, 08:12:46 AM »
It definitely happened while I was signed off, I could tell because logonui.exe, which comes up when I sign off, was scanned before the url
« Last Edit: May 07, 2015, 08:16:15 AM by wizzlbang »

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
Re: web shield anomaly?
« Reply #3 on: May 08, 2015, 01:16:20 AM »
Managed to catch it in the act without switching out this time

First screenshot taken right after I closed my browser

Second was a short while later after I'd saved the first screenshot

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
Re: web shield anomaly?
« Reply #4 on: May 09, 2015, 05:29:18 AM »
.. so does just like, nobody know, or?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83523
  • No support PMs thanks
Re: web shield anomaly?
« Reply #5 on: May 09, 2015, 03:01:23 PM »
I don't see this as a web shield anomaly as it is doing what it should, scan connections to the internet. What we don't know is the program responsible for making the connection.

The anomaly as I see it lies with the program responsible for this connection and that is what people don't know.

Does the omegle.com site ring any bells ?

A google search for that domain turns up many hits relating to chat services, etc.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
Re: web shield anomaly?
« Reply #6 on: May 09, 2015, 10:19:42 PM »
Like I said, i was on omegle on by browser, but somehow a connection was made to it after the browser was closed

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83523
  • No support PMs thanks
Re: web shield anomaly?
« Reply #7 on: May 10, 2015, 12:30:27 AM »
Well there has to be something on your system making that connection, it doesn't necessarily have to open the browser to do it.

What that is we can't say from the information here, that is I believe was why you hadn't received any replies.

Monitoring avast won't help as it isn't reporting the process responsible for the connection to the site (just that the web shield will still be monitoring). I don't know what firewall you have or whether it has detailed logs in which you can see the outgoing process connecting to the site.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
Re: web shield anomaly?
« Reply #8 on: May 10, 2015, 01:28:49 AM »
Just using windows firewall

What else besides my browser would make a connection to omegle like this after i was visiting it? is there a way to see a log?
« Last Edit: May 10, 2015, 02:19:26 AM by wizzlbang »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83523
  • No support PMs thanks
Re: web shield anomaly?
« Reply #9 on: May 10, 2015, 03:53:35 PM »
Many programs connect to the internet without having to use a browser to do so.

Just your starter for 10, avast gets its vps updates without using a browser, many other programs will connect to get updates, etc.

The windows firewall depending on operating system (?) either don't have outbound protection or it is disabled by default. In either case it either keeps no logs or they aren't very user friendly.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline wizzlbang

  • Jr. Member
  • **
  • Posts: 93
Re: web shield anomaly?
« Reply #10 on: May 10, 2015, 10:31:12 PM »
Yeah I get that, but this is such a weirdly specific instance. So far I've only been able to replicate it with omegle