Hi, I am new and think I have exhausted my search options to find a solution. After a scan,many objects appear as critical,a few with sender addr.'s,but most with compaq_administrator@2o7 with various followings-[1].txt etc. I try to find who they are so I can block via internet options/sites. But so few are identified give enough tracking info. to do that. Should I just leave those @2o7 as ignored? They account for 40-225 hits per user hour! I think it may be my ISP or Norton's anti-virus program? Any info. would be appreciated so I can handle the cookie "hits" after a scan. Thank You, Dan

Hi

Those items sound like tracking cookies. A quick solution is to disable third party cookies in your browser which will simply prevent a lot of the tracking cookies from ever being saved on your PC in the first place.

e.g. in Internet Explorer open control panel and select "Internet Options". Select the privacy tab, then click on the advanced button, check the box "over ride automatic cookie handling" then under "Third party Cookies" check the button "Block". Click OK to save the settings.

This will not impact your web browsing but will prevent ads displayed on the web pages you visit also adding a tracking cookie on your PC.

Try the above, if you still have these items appearing please post a copy of the Ad-Aware log file.

1) Start Ad-Aware SE

2) In the Ad-Aware SE Status window click on the "Check for updates now" link then the connect button and follow the prompts to ensure you have the most up to date defintions file.

3) Press the start button and in the Preparing System Scan window select the option "Perform full system scan", click on "Search for negligible risk entries" so that it shows a red cross i.e. is deselected and click on "Search for low-risk threats" so that is shows green tick i.e. is selected.

4) Click the next button to start the full scan, when the scan finishes click on the show logfile button. In the log window right mouse click and select "Select all..." then right mouse click again and select "Copy to clipboard" then paste in a reply to this thread.

p.s. I deleted the duplicate post to save confusion.

Thanks, Since I ran a scan earlier today,I will post the results tomorrow. I never used the clipboard. Once saved,will it appear when I click on attachments (browse) "add reply" button? Dan

Hi

After copying the Ad-Aware log as described above, simply add a reply to this thread.

Then when entering the reply press and hold the CTRL key, and then press and hold the V key at the same time. This will paste the text you copied previously.

Hi, After following your instructions on disabling 3rd party extentions-Only 1 critical item was found,but with 57 "hits". A tracking cookie. but without the addr. of the site. As follows:
Name:Tracking Cookie
Category:Data Miner
Object Type:IECache Entry
Size:916 Bytes
Location:C:\...\Cookies\compaq_administrator@2o7[2].txt
Last Activity:1-25-2007 4:13:51 PM
Relevance:Low
TAC index:3
Comment:Hits:57
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.

As you see it is the 2o7 txt one I addressed. Usually when I see the addr. and don't recognise it, I go to Int. options,privacy-sites and Block it after entering the .com/.net addr. I hope this entry can be identified so to block it,but I suspect it is my own ISP.

In blocking 3rd party ext.'s I see in the Int. Opt.'s/ Advanced-Browsing, a box is there that says "enable 3rd party Ext."s Should I uncheck and restart the PC,or is that a necessary function for internet surfing?
Alot of info. requests here and I really appreciate your advice. Regards, Dan

Hi

I did some investigation and 2o7.net is owned by Omniture products. Their web site privacy describes how they use tracking cookies and clear gifs to monitor which of their web pages you visit.

Do you use any Omniture products? If not then simply block that cookie as described below. If you do and you decide to block the cookies then you will have to log-in each time etc you visit a web site using Omniture products. The number of hits against that cookie show how many times a web site has read the contents of that cookie.

To block this cookie and many others and also block known malware ActiveX programs please use SpywareBlaster.

It is available for free (personal use) at

http://www.javacoolsoftware.com/spywareblaster.html

Install and run this and ensure that you check for updates. This simply sets some settings to make your browsing more secure. By setting what are called kill bits this will prevent known malicious ActiveX programs from ever being run. It also blocks many tracking cookies and finally for Internet Explorer it adds a list suspect web sites to the restricted zone which will ensure that no scripts from these sites will run.

SpywareBlaster does not run continuously as it just configures some settings so run it say once a week to check for new updates. It is a good tool to include in your defenses.


Re your question on "enable 3rd party Ext's". This refers to browser helper programs so things like Adobe reader, flash etc would not work if you disabled this. Some malware also install themselves as a browser helper but using SpywareBlaster will also help prevent these malware items getting installed.

Thanks for the info. As I get more involved with the operating of the PC, I found this and other forum sites to be of great value,as those who take the time to help us new guys! Dan

Hi,

To permanently block all web ads that reference www.2o7.net to download their content (which most likely contains Javascript code that drops the tracking cookie), simply add the following entry to your HOSTS file:-

127.0.0.1 www.2o7.net

This forces Windows DNS to resolve the domain name (www.2o7.net) locally instead of issuing a Remote DNS Request to your ISP's DNS servers. DNS will then always return the IP address 127.0.0.1 (localhost) instead of the domain's true IP address. This effectively redirects all references to that domain to your PC instead! Since the ad content never exists on your PC, nothing is ever downloaded, so the ad appears empty and potentially harmful/invasive Javascript code or ActiveX controls, etc, is never run! Hence, zero cookies, drive-by downloads, trojans, etc!

You can do this for as many advertiser domains as you like! Here's an example HOSTS file which redirects three imaginary advertiser domains, blocking all access to them:-

127.0.0.1 www.popupsource.com
127.0.0.1 adserver.crudverts.com
127.0.0.1 ads.andmoreads.com

Since hundreds of advertiser domains exist, it's a near impossible task to add them by hand as you find them. Fortunately, you can download ready-made HOSTS files from various "pro ad-blocking" web sites, which contain all known advertiser domains. Just do a search for "ad blocking" +hosts in your favourite search engine to find them. They're often regularly updated with newly discovered advertiser domains, so check back often to download the latest version!

Hope this helps.

Thank you for the enlightening information! Good Evening, Dan

Hey, Dan, you're welcome!

"HOSTS Redirection", as I call it, as a very simple method of blocking advertisers and badly behaved web sites. However, its simplicity hides several major flaws:-

1. Can only block ENTIRE domains, not individual folder names and web page filenames within the domain!

2. Cannot block 1st party ads (served by the site you're surfing). Can only block 3rd party ads (served by a remote domain you never visit and can therefore block completely). If you block the 1st party site, you're locked out!

3. Wildcards are NOT supported. E.g. To block ads000.adserver.com through ads999.advserver.com, you can't use a single entry reading ads???.adserver.com. You must use 1000 separate entries!

4. If your HOSTS file grows too large, Internet response will slow down no matter HOW fast your Internet connection is! This is because Windows ALWAYS parses the HOSTS file first before it issues a remote DNS Request. Parsing is fast when there's only a few entries in HOSTS, but when there's tens of thousands, surfing gets noticeably s.l.u.g.g.i.s.h!

The inability to block sites I wanted to visit and the necessity to keep my HOSTS file at a manageable size meant that I had to run Ad-Aware often to detect tracking cookies and drive-by downloads that some sites invariably dropped on my system! A couple of years ago, I got sick of this and started looking for a more sophisticated method of blocking unwanted content.

The solution to my problems came when I discovered "Proxy Auto Configuration" (PAC). In conjunction with my Firewall and IE's Restricted Sites zone, this is the most sophisticated, powerful and flexible manual blocking method you can use! It emloys a Javascript program to trap the FindProxyForURL function, which your web browser calls for every URL it encounters. PAC matches known domain names or URL substrings, and passes them to a non-existent proxy server, effectively sending the URL into limbo, from which NO content can be downloaded!

Advantages of PAC over HOSTS:

HOSTS - Non-programmable, unsophisticated, very basic syntax.
PAC - Fully programmable, as sophisticated as you want it to be, very powerful and flexible syntax.

HOSTS - Can ONLY match domain names, so can only block entire domains.
PAC - Can search entire URL, so can match folders and filenames as well as domains!

HOSTS - Can only block 3rd party ads, not 1st party ads.
PAC - Can block both!

HOSTS - No wildcard support. Must add separate entries for similar domains, leading to large file size, very slow parsing.
PAC - Can use sophisticated wildcards to match many similar entries in just ONE line of code, leading to far smaller file size, very fast parsing.

If you're interested, try downloading one of the many pre-written Proxy Auto Configuration (.PAC) files as a starting point. You can use the PAC file as is, or customise it to your own taste like I did.

I've been developing my PAC file for over two years, and it now sports a Whitelist (trusted sites), multiple Blacklists classified by threat type (generic ads, advertiser domains, bad domains (hackers/abusers/viruses/trojans/spyware), cookie droppers, etc), and will soon have an an Exceptions list (rare Blacklist bypasses). It also has an alerting system, where I can set flags to force PAC to display an alert message in IE for every detection "hit".

It's taken a lot of work but, like a digital version of Domestos, my PAC file now "Kills 99.9% of all known web threats"! LOL!

Hope this helps.

That's only if you leave the "dns client" service enabled; generaly it is a good idea to disable the "dns client" service anyway, better large host file compatability is just another benifit.

Wow, sounds like you have had your fill of cookies and those "outsiders" invading your PC! I got this HP/Compaq PC just 6 weeks ago (replacing a bad Compaq) that was returned to the factory twice. A story here,but does led to to an answer to your question. This PC (now known as Hal-from 2001/space odd,) was not programmed in China properly and from the onset never saw me as the true Administrator. It prefered Compaq_Administrator (the internal "Boss"). I would make files,put them in My Documents, later tried to change them and I got the "access denied-see the admistrator Or want to copy to my documents See the administrator!" All the time I was signed on as the Admin. Basically,I had "Limited" privileges. After 2 weeks talking to "Tech's" from who knows where and local support Saying Do a complete recovery-I said,All that will do is duplicate the same problem. ,HP finally said -To take "Ownership" of files go to Safe Mode,comp,setting/doc's,security tab,owner,etc. That helped a lot,but all the options I had,like give permission to /Owner/creator-System,and a made up one -it was my signon name with the /administrators (S) was there. I just checked marks for ALL. Never knowing if that was right. HP never responded.
That semi-fixed.
Even when new also I found that I could not burn any DVD's in either tray drive,and burn CD';s in just one. Another week and HP said "have "roxio?" I said No. I did have Nero. (Micro-Centers gift to me). Nothing back from HP again. I learned that they are the same, Took out Nero,and now I could burn CD's and DVD's on 1 drive. Not great,but I'll settle.
Three days ago,I found I could not install any programs. I could wait 1-2 hrs. for a download (On-Dial up,I know...) but, when came time to install, gone..Got this in part:>>>..Could not create temp file-Access Denied...something in there about %path% (percents if reading little box). Now you see why downloading is not in the cards.
I wanted to put the Security Center icon in the lower toolbar,Can't-In the securty center window I only have 3 icons to click present,no drop-down boxes to look at options. HP-says-do a recovery-I said-NO WAY! That is their fix when they are lost. I asked "is that the window one gets when the PC thinks a "limited" user is working"? No Answer again-I suspect it is. Did not mean to ramble, just no downloading for now!
Thanks, Good Night, Dan

Yea, I've noticed that hp/compaq seem to work quite hard at coming up with new bad ideas. Like getting rid of the windows cd and replacing it with a space wasting (and infectable) partition.

Windows: System file corrupted, insert windows xp cd.
hp/compaq user: What windows xp cd? hp/compaq didn't give me one.

Funny folk at HP/Compaq. When I messed up burning my own (one and only chance) the recovery disks on my mod.sr1750nx, I paid HP $25 for the XP sp2-media Ed.2005 2 disc set. You, Or anyone reading this,can have them for free. Just let me know.

I wonder if xp with even considers those cds as official xp cds that it can use to restore files. I also wonder [doubt] if you can use those cds to boot to the recovery console or do a repairing xp installation.

@Ai_tak,

Actually, all the DNS Client service does is function as a local DNS server, which caches remote DNS "hits" to save bandwidth. For those interested, here's how it fits into the normal Windows "DNS Resolution" event sequence:-

> LOCAL: Scan HOSTS file
> LOCAL: Send DNS Request to DNS Client (local cache) service (if running)
> REMOTE: Send DNS Request to DNS Server(s)

LOCAL DNS "hit": The REMOTE request never gets sent, so NO bandwidth is used, which speeds up DNS resolution.

REMOTE DNS "hit": Gets passed BACK to the DNS Client service to BE cached locally. Next time the same DNS resolution is performed, the result will be a LOCAL DNS "hit", saving bandwidth!

On a Dial-Up connection, sending/receiving packets is SLOW and remote DNS Requests take up a significant percentage of the LOW bandwidth. Using local DNS caching to avoid sending remote DNS Requests makes for a significant saving on bandwidth. On a Broadband connection, though, DNS caching makes almost no difference because sending/receiving packets is FAST and remote DNS Requests take up a TINY amount of the available bandwidth.

If you're on Dial-Up, you should leave the DNS Client serve running since it'll give you a significant speed benefit. If you're on Broadband, you may want to Stop and Disable the service since its speed benefit is minimal at best.

For my part, I'm on Broadband and my DNS Client service IS disabled. My main reason for switching over to Proxy Auto Configuration (PAC) was to drastically reduce the size of my HOSTS file. It had grown to over 2Mb in size, causing the HOSTS file scan to take SO long that remote DNS Requests (for anything I didn't block) were noticeably sluggish!

@Dan101

Yeah, I did get sick, didn't I? LMAO!

Re. Your PC problems.

Windows XP Setup normally creates ONE user account, called Administrator, with UNLIMITED access. Compaq have most likely renamed this to Compaq_Admininstrator, and created a LIMITED user account called Administrator!

I believe you have software and driver problems caused by installing them while logged in as a limited user which you THOUGHT had unlimited access! Many Setup programs need to be run from an unlimited user account, because they need to replace system files, etc. If they're installed from a limited account, they're denied access to the very files they want to replace, so they're not correctly installed and problems inevitably result.

I know its a big step, but I'd strongly suggest you reformat and reinstall Windows XP from a TRUE Windows XP disk, NOT from the Compaq-supplied "Recovery Disk", since this will no doubt simply contain a "disk image" containing an already heavily modified copy of Windows XP. That way, you'll have the standard UNLIMITED Administrator user account set up, from which you should have NO problems!

Typical PC manufacturer, eh? They're always trying to re-engineer things to make them "Better". Better for THEM, that is! What they're actually doing is following the old adage, "Always assume the end-user is as thick as a plank and will a. break things by changing vital settings, then b. call US to complain about it"!

By making Administrator a limited user, Compaq are clearly trying to make it difficult for you to "break" your PC. They're not doing this to help YOU, but to help THEMSELVES, by reducing the rate of Technical Support calls they receive!

Thanks! I shared your thoughts with HP support,who said-Create a new Admin. acct with a different name!! Like I don't have rights to install programs now,making a new account will fix it. Besides,I already tried it LOL. It has to do with "ownership/privileges" That I tried to fix in safe mode (with HP's blessing) but did not give me enough info. to know what boxes to check and to whom. My PC Admin name pieceofjunk it shows in the owner link, but pieceofjunk also appears as pieceofjunk/administrators note the S. I have no idea where that came from, PC assigned I suppose. I said if they send me recovery disc's that contain AOL,Vonage,etc are on them I would return 2 broken disc's. I have an hour just extracting there (HP's) ad's from this PC out of the box!
I talked to their "Tech"s who did not even know of Compact_Administrator. How are they to try to help??
And so it goes.. Dan

Ideally that would be how it works, but there is one major flaw with the dns cacher if a dns lookup fails for some reason (momentary outage or network glitch) the dns client caches the failure for a time, future attempts to resolve that host name will fail until the entry expires from the cache. Also programs such as browsers have their own dns cache so this further reduces the need for a caching service.