Bitdefender Trying To Connect To Unknown I.p.

ykcirn
edited March 2008 in General talk

I have BitDefender AntiVirus 2008. Soon after I booted up today, Zone Alarm warned me that vsserv.exe (which of course is a key component of BitDefender) was attempting to connect to 66.132.221.68:80. I denied access and called BD support. I was told that I have a virus and that I should look for and delete any extra instances of vsserv.exe, and also run a virus scan. I did so and saw no extra instances of vsserv.exe, nor did the scan show any infections. (I also ran an anti-Trojan deep-scan with another program, which showed no problems)


About an hour later, ZA told me that vsserv.exe was attempting to access 127.0.0.1:8138. I know this is some sort of loopback address, but the warning was unfamiliar, so I denied it as well.


A few hours later, ZA warned me that vsserv.exe was attempting to connect to 80.86.106.67:80. I denied that one as well, although this may be a BitDefender address per a 2007 thread ( http://forum.bitdefender.com/index.php?showtopic=699 ).


I've checked the BD history files, and there are no errors listed. Updates have been occurring normally.


Any thoughts or suggestions on what may actually be going on? Was the CS person incorrectly jumping the gun by telling me I have a virus? He didn't hesitate for a moment before giving that reply.

Comments

  • Hello Ardmore,


    The IP 80.86.106.67 belongs to one of BD's servers, at BD HQ in Romania (as it says in the link that you already found). It's safe.


    The IP 127.0.0.1, otherwise known as localhost, represents your computer. There are multiple applications that use different protocols to communicate with each other, or with different devices (another wxample, besides vsserv.exe, might the the graphics drivers). So this IP is safe.


    vsserv.exe itself, if it is th only one in your computer and if it's located in the BD installation folder, it's a safe application. So, I believe all connections are legit.


    About the first IP... I don't know to whom it belongs to. However, it might have something to do with the HTTP scanner feature, or with some other online reporting server. Whatever it is, it's safe. ;)


    One thing I can say for sure: these connects are not related to LiveUpdate. The Update connections are made by livesrv.exe.


    Cris.

  • Thanks, Cris. Odd that the CS rep was so quick to conclude I had a virus.

  • Name: matrix.bitdefender.com


    Address: 66.132.221.68


    Allow that one too, it's safe.:)

  • ykcirn
    edited March 2008
    Name: matrix.bitdefender.com


    Address: 66.132.221.68


    Allow that one too, it's safe.:)


    Thanks, Andrei! That's nice to know. I do wish Tech Support would be more informed, though, and not rush to tell me I have a virus. I was a bit skeptical of their response, but a lot of users might panic or go to alot of unnecessary trouble trying to locate and eliminate the "virus."

  • Name: matrix.bitdefender.com


    Address: 66.132.221.68


    Allow that one too, it's safe.:)


    and


    Name: bitdefender.colocated.ines.ro


    Address: 80.86.106.78


    But I have configured Bitdefender to use our Webproxy.


    So WHY is it trying to connect to this sites directly ?!?!?