caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
 ·WebBand
| reply to La Luna
Re: Please Help, I think my computer is being monitored
said by La Luna  :I (and many, many others) have use SUPER for a long time without issues. When the updater asks to connect to the internet, I deny it. I doubt it was the cause of your problem. +1 to that. I use Super and ALL2AVI all the time and have no such processes....perhaps it's one of those dodgey divx sites eh?
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to Anav
If it were my system, I think I'd want to find out what's initiating those connections too -
Objectsciences article;
said by article :
Science Applications International Corp. has completed another local acquisition, paying an undisclosed sum for Object Sciences in Alexandria.
The San Diego-based company says Object Sciences will become part of its Operational Intelligence Solutions Business unit. Object Sciences, which has 133 employees, specializes in systems integration and analysis for government intelligence agencies. ...
»washington.bizjournals.com/washi···y28.html
SAIC company profile -partial, read the rest at the link;
SAIC, Inc. provides scientific, engineering, systems integration, and technical services and solutions to various branches of the U.S. military, agencies of the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security and other U.S. government civil agencies, state and local government agencies, foreign governments, and customers in select commercial markets ...
»finance.yahoo.com/q/pr?s=SAI
When I did a lookup and a PING for the specific hostnames, host4.objectsciences.com host50.objectsciences.com but I get no IP address resolved for them. That makes me wonder if your Hosts file might have something in them.
One thing that would be helpful would be to PING from that computer and post what IP address it resolves to. Another would be to look in your HOSTS files to see if there's an entry in it for the host names. If they're in your hosts file and resolve to 127.0.0.1, you're good  If the names are in the hosts file and resolve to other addresses, document the entry information and delete the entries.
Note that connections to 127.0.0.x may display the first name listed for that address. That entry is usually (and should be)
127.0.0.1 localhost
netstat -b will also show the application name associated with the connection, but I don't think it shows the underlying process. As NetFixer indicated, Process Explorer from »technet.microsoft.com/en-us/sysi···653.aspx will go deeper.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
The Snowman
Premium
join:2007-05-20
·Verizon Online DSL
1 edit | EGeezer said:
When I did a lookup and a PING for the specific hostnames, host4.objectsciences.com host50.objectsciences.com but I get no IP address resolved for them. That makes me wonder if your Hosts file might have something in them. "
________________________________
EG,
That was the same results I had as well. Thanks for posting that information.
It should be interesting to see just where that Server is located.
An like you I agree that if I were the OP I would not rest until this was resolved.
It will also be interesting if we ever learn what the OP has installed that is calling out that way.......kindda makes a person wonder.
|
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| said by The Snowman : ... kindda makes a person wonder. ... If it's what I mentioned with the host files, it could be a legit app simply opening a pipe with address of 127.0.0.1 and displaying the host names instead of or ina addition to the address.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
The Snowman
Premium
join:2007-05-20 |
EG,
I just did an online Whois on that url an had the same results............online lookup would it be effected by a Hosts File ? |
|
ironwalker
World Renowned
Premium,MVM
join:2001-08-31
Keansburg, NJ
clubs: | reply to JosephL
Ok, I noticed today several deleted replies, one of which suggested to block the address block of the offending saic site.
I went and added this in my router, should I remove it now....why was that reply deleted? |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
| said by ironwalker :Ok, I noticed today several deleted replies, one of which suggested to block the address block of the offending saic site. I went and added this in my router, should I remove it now....why was that reply deleted? Don't ask, don't tell. 
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson |
|
ironwalker
World Renowned
Premium,MVM
join:2001-08-31
Keansburg, NJ
clubs: | reply to JosephL
Understood, but, still doesn't help me. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
| said by ironwalker :Understood, but, still doesn't help me. The answer is quite simple, and also personal. If you have a router or other gateway firewall device that is capable of blocking domain names and/or IP address ranges, you are legally and morally entitled to block access to anything you wish.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson |
|
JosephL
join:2009-11-06
| reply to EGeezer
Re: Please Help, I think my computer is being monitored
My Hosts file apparently was created by SPybot. There are no entries listing any specific IP address. The majority are formatted such as "127.0.0.1 www.007guard.com" and so on, thus blocking these websites from accessing my computer if I understand it correctly.
I have now gone in in notepad and added several name servers I have found relating to this site in my hosts file. I have placed these at the top of the file and listed the apparent main SAIC servers first , followed by most others listed sequentially. I'm not sure how many "host1, host2. servers they have, so I listed as many as I reasonably could" most info I have discovered from this site - »www.robtex.com/dns/objectsciences.com.html
I have also disabled my DNS Client in Services.
So far I have not noticed any more connections appearing in TCPView. SO I hope this problem is somehow now however much resolved?
When I open my command window and ping "objectsciences.com " or any other entry from my Hosts list, all now list "Ping statistics for 127.0.0.1 :
Packets sent = 4, Recieved = 4, Lost = 0 ,
Approximate Round Trip times in milliseconds :
Minimum = 0ms , Maximum = 0ms, Avergae = 0ms
Again, I am a novice to all this with using Hosts file to block sites if as I believe I now understand it correctly to do. I appreciate any advice. I should mention - I am on a router sharing the connection with other computers in the home. I have not attempted to block anything by configuring the router in any way, I have only done just this modification to my hosts file on my machine.
I will list the first portion of my hosts file with my modifications below -
127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 cpes1.saic.com
127.0.0.1 mcles1.saic.com
127.0.0.1 mail.objectsciences.com
127.0.0.1 ns1.objectsciences.com
127.0.0.1 ns2.objectsciences.com
127.0.0.1 ns2.objectsciences.com
127.0.0.1 superclass.objectsciences.com
127.0.0.1 class.objectsciences.com
127.0.0.1 www.objectsciences.com
127.0.0.1 objectsciences.com
127.0.0.1 host1.objectsciences.com
127.0.0.1 host2.objectsciences.com
127.0.0.1 host3.objectsciences.com
127.0.0.1 host4.objectsciences.com
127.0.0.1 host5.objectsciences.com
127.0.0.1 host6.objectsciences.com
127.0.0.1 host7.objectsciences.com
127.0.0.1 host8.objectsciences.com
127.0.0.1 host9.objectsciences.com
127.0.0.1 host10.objectsciences.com
127.0.0.1 host11.objectsciences.com
127.0.0.1 host12.objectsciences.com
127.0.0.1 host13.objectsciences.com
127.0.0.1 host14.objectsciences.com
127.0.0.1 host15.objectsciences.com
127.0.0.1 host16.objectsciences.com
127.0.0.1 host17.objectsciences.com
127.0.0.1 host18.objectsciences.com
127.0.0.1 host19.objectsciences.com
127.0.0.1 host20.objectsciences.com
127.0.0.1 host21.objectsciences.com
127.0.0.1 host22.objectsciences.com
127.0.0.1 host23.objectsciences.com
127.0.0.1 host24.objectsciences.com
127.0.0.1 host25.objectsciences.com
127.0.0.1 host26.objectsciences.com
127.0.0.1 host27.objectsciences.com
127.0.0.1 host28.objectsciences.com
127.0.0.1 host29.objectsciences.com
127.0.0.1 host30.objectsciences.com
127.0.0.1 host31.objectsciences.com
127.0.0.1 host32.objectsciences.com
127.0.0.1 host33.objectsciences.com
127.0.0.1 host34.objectsciences.com
127.0.0.1 host35.objectsciences.com
127.0.0.1 host36.objectsciences.com
127.0.0.1 host37.objectsciences.com
127.0.0.1 host38.objectsciences.com
127.0.0.1 host39.objectsciences.com
127.0.0.1 host40.objectsciences.com
127.0.0.1 host41.objectsciences.com
127.0.0.1 host42.objectsciences.com
127.0.0.1 host43.objectsciences.com
127.0.0.1 host44.objectsciences.com
127.0.0.1 host45.objectsciences.com
127.0.0.1 host46.objectsciences.com
127.0.0.1 host47.objectsciences.com
127.0.0.1 host48.objectsciences.com
127.0.0.1 host49.objectsciences.com
127.0.0.1 host50.objectsciences.com
127.0.0.1 host51.objectsciences.com
127.0.0.1 host52.objectsciences.com
127.0.0.1 host53.objectsciences.com
127.0.0.1 host54.objectsciences.com
127.0.0.1 host55.objectsciences.com
127.0.0.1 host56.objectsciences.com
127.0.0.1 host57.objectsciences.com
127.0.0.1 host58.objectsciences.com
127.0.0.1 host59.objectsciences.com
127.0.0.1 host60.objectsciences.com
127.0.0.1 host61.objectsciences.com
127.0.0.1 host62.objectsciences.com
127.0.0.1 host63.objectsciences.com
127.0.0.1 host64.objectsciences.com
127.0.0.1 host65.objectsciences.com |
|
Full Power
join:2009-09-25
Houston, TX | reply to JosephL
If it were my computer I would either find out what it was or I would erase and start over. |
|
JosephL
join:2009-11-06
2 edits | reply to JosephL
Last night I decided to re-install Win XP. I believe it was a clean install , I just installed it/reformatted right over drive C: where it was before, erasing everything from before.
This morning as soon as I start up Yahoo IM, suddenly I see the same type of connections as before all over again.
YahooMessenger.exe:880: host25.objectsciences.com
Next, I click on the link inside YIM settings to read about their privacy policy. After I open default browser IE , I see even more various host#.objectsciences.com connections now in IE.
I haven't seen them in Firefox yet, but I suspect its just a matter of time now again.
I don't know if this has anything to do with Yahoo maybe?
I read about their some sort of affiliated ad info collection thing, maybe this has something to do it ?
»www.networkadvertising.org/manag···_out.asp
I even tried to ping "host25.objectsciences.com" for example but I get nothing, no response. I don't understand how TCPView can show these connections, but when I try to ping them , it comes back as as no server being there etc.
I don't know what to do anymore, I thought this would all be over now. |
|
JosephL
join:2009-11-06
1 edit | reply to JosephL
Sorry, duplicate post. |
|
Robotics
See You On The Dark Side
Premium
join:2003-10-23
Louisa, VA
·Comcast
·Verizon Wireless B..
1 edit | reply to JosephL
Get this program (for firefox) it blocks that one you mentioned, and a crap load of others flawlessly.
»www.ghostery.com/
Once installed, go through the program and make sure "block all" is selected. It also tells you what all is happening in the upper right of your screen. I think you will like the program. I personally think its great.
Hope this helps.
**edit...forgot to mention, I no longer have the problem you are having at the moment**
--
Long you live and high you fly and Smiles you'll give and tears you'll cry
and all you touch and all you see, is all your life will ever be. |
|
JosephL
join:2009-11-06
| reply to JosephL
Thanks maybe I will check out Ghostery.
Question for anyone here:
I found this page now - »www.robtex.com/cnet/65.222.174.html
It lists most of the "objectsciences.com" addresses along with this IP block - 65.222.174.0
Can someone please tell me what that IP has to do with any of this?
When I click on that IP the information lists :
MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1)
65.192.0.0 - 65.223.255.255
WS/Akamai Technologies/Akamai Technologies UU-65-222-174-D3 (NET-65-222-174-0-1)
65.222.174.0 - 65.222.174.255
My ISP is Verizon.
|
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
4 edits | What this means is that if you had supplied us with IP addresses in the first place instead of using hostnames, this "mystery" could have been resolved rather quickly.
Briefly, UUNET/MCI originally was assigned that IP address block, and they subsequently sublet a portion of it to Object Sciences. Verizon is the current owner of UUNET/MCI. What you are seeing is old PTR (AKA rDNS) records that still point to objectsciences.com even though they are no longer using that IP address block. It would appear that Akamai is now using that IP address block.
Your ISP is Verizon, so it is not really unexpected that you may have open sessions with Verizon IP addresses. Akamai Technologies provides content services for almost every major internet player, and it is not unexpected to find open sessions to Akamai IP addresses.
Here are whois queries that show a similar situation, except that Object Sciences is still listed as sub leasing this IP address block from UUNET/Verizon:
To head off what is probably the next question, the PTR/rDNS records are likely still pointing to objectsciences.com because of a simple oversight. There are no standards or requirements for PTR/rDNS records, and in fact many IP addresses do not even have PTR/rDNS records.
For the super paranoid among us, yes it is possible that Object Sciences decided to farm out whatever those IP addresses are used for to Akamai. However, if that were the case, I would think that a company with as much experience in covert operations as Object Sciences would have covered their tracks a bit better and removed the old PTR/rDNS records.
And for the record, it is definitely an Akamai server:
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson |
|
JosephL
join:2009-11-06
| I appreciate this explantion very much, thank you Netfixer.
Perhaps I was being somewhat paranoid. But it concerned me when I saw how objectsciences is now part of SAIC. I think it was last year when a bill named HR 604? something was passed by the US Government giving total legal immunity to violate constitutional privacy rights of anyone.
I think I am beginning to better understand things now.
I should maybe explain though also that I only found this page »www.robtex.com/cnet/65.222.174.html
by chance through a Google search for "objectsciences"
Which is how the entries appear in TCPVIew , host1 , host2.objectsciences etc. I never could find any IP associated with it until I came across that link.
All this which if I understand is basically due to MCI, now Verizon, who only formerly offered IP blocks to Objectsciences , who is now part of SAIC. And this lease has apparently since discontinued.
So essentially the reason my TCpView displays "objectsciences.com" instead of anything else is because Verizon still owns this block, but the DNS info has not been updated to display anything different.
Although I do wonder why I had never seen this entry before in TCPVIew until recently and nobody else had either.
But so hopefully the NSA/FBI is not after my computer after all then.
It does seem curious though that MCI or any other former major communications corporation for that matter, would be however much in bed so to speak with whomever objectsciences or any other similar company apparently involved with federal intelligence agencies. But nowadays Telecom/ISP corporations probably have an even greater relationship with these agencies. Something which they probably have had already for several decades anyways.
Thank you again for the info.
|
|
tempnexus
Premium
join:1999-08-11
Boston, MA
| Pfft if NSA/FBI/MOM/DAD/SIS/BRO are after your computer then they will probably get it.
I would not start freaking out about it unless you have a real reason to freak out (aka you just sold 3939393 pounds of pure white cocaine to a dude named bob). |
|
