The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Since yesterday afternoon ESET a/v has been reporting that it has blocked access to 7g6njejx.com, roughly every ten minutes. That domain name does not exist, but ESET also gives me the IP. The IP given cycles through five addresses - and every one points to Amazon on every IP check site I can find - specifically the Amazon in Ashburn, Virginia on amazonaws.com. It has three goes in every session to connect, and then ten minutes later tries another of the five IPs.
At first I thought it might be related to MS Outlook, as that downloads every ten minutes, but it isn't. I can't see anything likely in Task Manager either.
Anybody seen this before, or have any idea what is going on? Even if all my browsers are closed, it still keeps popping up - AND IT'S DRIVING ME CRAZY*!!!!!!
I ran a full ESET scan - nothing.
I ran a full Malwarebytes scan - nothing.
I ran a full Search&Destroy scan - nothing.
Yet the ESET popups about blocked access to 7g6njejx.com kept coming.
When I checked the ESET logs it reported this as a JS/Redirector.NDS trojan.
The traffic was caused by ExpressVPN executable in my case, specifically:
C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
I uninstalled ExpressVPN but the issue persisted.
I then remembered that ExpressVPN installs brower extension and sure enough they were still present.
I removed the browser extensions and the popups stopped.
My concern is that none of the Antivirus/Malware checks found anything yet it was clearly happening.
So I am not sure whether my system is clean now.
The reason I leapt at your conclusion that it was ExpressVPN is that I when went through all the s/w listed in ESET, ExpressVPN was the only one with an orange "May be dodgy' mark against it, instead of a green tick.
Annoyingly I still have four months yet to run on my subscription.
First thing to do would be to identify the process from which is originating the request to the external IP. Did you have any browser process opened while checking your task manager? Because a simple periodic refresh on a web page would cause this kind of symptoms.
"Five fruits and vegetables a day? What a joke!
Personally, after the third watermelon, I'm full."
At first I thought it might be related to MS Outlook, as that downloads every ten minutes
depends, messages trying to access remote content?
ms outlook borrows and directly executes a lot of code/libs from ie - back in the older days made outlook it an even bigger liability than ie itself (people were careful about visiting sites but not so much opening email which outlook used ie to open remote content)
perhaps someone found something in that old pattern ms hasn't properly closed off yet?
for that reason I don't use outlook as my mail client on my personal machines.
Yeah I know it's quite nice, (use it on client machines where they've given me email),
in fact I reckon outlook is a better client then thunderbird which I use,
but regardless, because of it's poor security won't let it near my own equipment.
Got some web apps in Azure, everything, including key and access management, is fully automated.
I could delete an entire environment and automatically deploy it again and everything would work.
Custom domain names
I need to request two DNS records (A and TXT) so Azure can verify I'm the owner of the domain.
No way to automate that process and you can't have customers browse to company-myapp-prod.azurewebsites.net.
There's always something.
At my last job everything was fully automated, except some IP white listing to gain access to a third party application.
Well, if you've done the manual steps once it'll continue to work.
Just don't delete the environment.
It's almost really very good I guess
Yeah, but if I delete a service and redeploy it I get a new IP address, so the DNS record needs to be updated
So as long as I don't delete it everything is fine, except for that manual step I have to do at a first time deployment.