Jump to content

abusive internet usage


xml
 Share

Recommended Posts

hi,

i would like to know why paint.net (including the installer) tries to connect about 10+ times to the internet (usertrust.com). is this really necessary i have to keep blocking it because its severall diferent exes trying to connect.

Link to comment
Share on other sites

Look under "Updates" and see if you have "Automatically check periodically" checked. If so, uncheck it and see if you still have the same problem.

I'm not sure why the installer tries to connect. It only tried to connect a single time when I first installed 2.6 Cr2. Other than that, it hasn't tried to connect to the internet anymore.

Also, you can check the program controls in your firewall to see if you are or are not allowing Paint.NET access to the internet.

Good luck with that!

BK_BloodSaw_sig.png

- DO NOT contact me asking for the .pdn of my avatar or the PDN logo. Thank you. Have a nice day.

Link to comment
Share on other sites

Paint.NET will only try to connect to http://www.eecs.wsu.edu/paint.net , for the purpose of checking for updates every 5 days (unless you tell it not to of course). The installer has no network access code in it at all.

If any other activity happens, you have spyware/malware that is injecting threads into the PaintDotNet.exe process and doing other stuff.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

Looks like usertrust.com is some site dealing with digital signatures.

Every EXE and DLL in Paint.NET is digitally signed with our code signing certificate. It is possible that you have configured some setting somewhere to do some kind of online double-checking/verification of signatures attached to EXE or DLL files. I don't know where or what this setting would be, but it's the only thing I can think of.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

i disabled the check for updates when installing and i use kapersky firewall. here's some screenshots

image54uo.jpg

image68qs.jpg

image79cf.jpg

image87ps.jpg

this is the first time a program tried to connect to that url on my pc and i run windows on a limited user account (im no begginer on pc usage).

Link to comment
Share on other sites

i suggest another one for you: drop dead

Now, Chew, there's no reason to start arguments. Paint.net is nothing to fight over.

You've all heard this before, but try following it:

If you don't have anything nice to say, don't say anything at all.

Link to comment
Share on other sites

I just downloaded and installed Paint.NET 2.6 and it shows the same behavior. Furthermore, when I hover the mouse over the menubar File - Acquire ->, the program WIAPROXY32.EXE, obivously part of Paint.Net, wants to have access to the IP's 216.126.201.89 and 66.249.93.104, which seem to be usertrust.com and google.com. This is reproducible. I'm an experienced user and I am sure I don't have any malware on my PC.

Link to comment
Share on other sites

We do not have any code that accesses the Internet except that which pings our website for update checking. All it does it download a text file.

To reiterate from a previous post,

Every EXE and DLL in Paint.NET is digitally signed with our code signing certificate. It is possible that you have configured some setting somewhere to do some kind of online double-checking/verification of signatures attached to EXE or DLL files. I don't know where or what this setting would be, but it's the only thing I can think of.

If you built Paint.NET yourself from our source code ZIP, and enabled code signing (set environment variables SIGNPDN=1 and PDNPFX=[path to PFX file]), you would see the exact same behavior. Most Windows components (Notepad, for instance) will not exhibit this activity because their signatures are stored in catalog files and are not retrieved as part of the normal loading process. However, you'll see above that the .NET Runtime Optimization Service is also being "flagged."

This Internet access you're seeing is not necessarily malicious, there just seems to be something that is performing an extra verification of the digital signature. What other security-related software have you installed?

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

To quote from http://www.webservertalk.com/archive53- ... 93670.html,

Carlos,

The most common reasons for the connection to usertrust.com is:

1. You have an SSL certificate from either Freessl.com or from USERTRUST.

2. Your website is configured to accept client authentication certificates.

The reason your server connects to usertrust.com is to download CRL information pertaining to either SSL or Client certificates. This is not a virus. If you would like further information please feel free to email me.

Nathan Luke

USERTRUST Inc.

nlmessageboard@usertrust.com

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...