Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: ooccag.exe/ooccctrl.exe

04 Feb 2010   #1
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 
ooccag.exe/ooccctrl.exe

Both of the files in the title belong to O&O Clever Cache, which I have installed. The thing that I just noticed is that these are shown in my firewall's Network Activity monitor as being active with remote ports listed, and a remote address of www.007guard.com.

Googling these, I have not found anything that leads me to believe to believe that these are considered risky or malware, and in one return is described processes as being used to communicate via LAN or the internet. I fail to understand why a program simply designed for the function of this program needs to communicate in either.

I'm probably going to uninstall the program, but before I do, I wanted to see if anyone might have an insight that would be useful in deciding?


My System SpecsSystem Spec
.
04 Feb 2010   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Do you have Spybot s&d and/or SpywareBlaster installed and running?

From your computer, navigate to C:\Windows\system32\drivers\etc <--Open folder...keep open

Open notepad, then drag the HOSTS file (no extension) into the open notepad window.
Copy and paste the results here ...close notepad
My System SpecsSystem Spec
04 Feb 2010   #3
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

I use SpyBot S&D plus Malwarebytes, and neither have complained about them, but then they don't necessarily conform to what I object to. I tend to dislike anything that calls home, even updaters. However, I doubt that these are updaters, because it doesn't require two updaters for the same program. As you can see if you click the link in my OP, the url gets a 401 error, meaning that it is not accessible via a browser, which increases my suspicions.
My System SpecsSystem Spec
.

04 Feb 2010   #4
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Jacee,

Quote:
From your computer, navigate to C:\Windows\system32\drivers\etc <--Open folder...keep open

Open notepad, then drag the HOSTS file (no extension) into the open notepad window.
Copy and paste the results here ...close notepad
And then what? There doesn't appear to be anything listed there relevant to O&O, the only uncommented addresses appear to be local. Not being in the hosts file doesn't mean that they can't communicate, because nothing appears there for any other updater or the like.

From what I read earlier, I got the impression that these files record keystrokes, etc. I may have been reading about a malware file, instead of the O&O file, but if these do do this, there is no good reason for them to do so.
My System SpecsSystem Spec
04 Feb 2010   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Right .... see how PepiMK (developer of Spybot s&d) explains 007guard.com
hosts immunisation. www.007guard.com - Safer-Networking Forums
My System SpecsSystem Spec
04 Feb 2010   #6
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Thanks, but I still don't fully understand this:

Quote:
There is a connection - to 127.0.0.1.

It is not a connection to 007guard.com though - that's a misinterpretation by netstat, displaying just a "random" (possible last?) 127.0.0.1 entry and not the first from the hosts file.

Connections to 127.0.0.1 are "to" your local machine - a loop redirection to block access to the actual address of specific bad hosts (like 007guard.com).

Without the hosts file entry, access to 007guard.com would lead to the real bad server, with this, access will be kept "inside" your machine and will enter the nirvana. Since there are many such sites, programs that use the IP address (127.0.0.1) to later display an associated domain (007guard.com) might show invalid names, since there are many and its impossible to find the correct one. Usually, access to 127.0.0.1 would be legit "local" communication.
If I understand, 007guard.com is a place to avoid, and SpyBot has blocked that. If this is the case, then CleverCache is designed to communicate with it...right? If that is the case, I may uninstall the program regardless of whether it is blocked or not.
My System SpecsSystem Spec
04 Feb 2010   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You are being protected. I've used O&O Defrag before and never had a problem.

It's up to you.
My System SpecsSystem Spec
04 Feb 2010   #8
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

The files do not come from O&O Defrag, they come from O&O CleverCache, which was a free program in a bundle, when I purchased the latest version of the defragger. The only reason that I have it is because it was free, which also tends to make me suspicious... I'm still thinking on it.

EDIT:
Another factor that bothers me, is that my firewall shows that these files have active open ports listed as "trusted". If SpyBot were blocking them, it seems that this wouldn't be so.
My System SpecsSystem Spec
Reply

 ooccag.exe/ooccctrl.exe




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:47.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App