Author Topic: Please Help! I fear the worst has happened!!!  (Read 2080 times)

Offline Maxxwire

  • Comodo's Hero
  • *****
  • Posts: 642
Please Help! I fear the worst has happened!!!
« on: November 18, 2014, 05:42:58 AM »
Starting yesterday my Comodo Firewall has allowed over 150 firewall requests from System and C:Windows \System 32\svchost.exe. and it relentlessly continues as I write this. I have never seen so much firewall activity in such a short time in the 6 years that I have used the Comodo Firewall and I am very worried about this activity. I have done several scans with both the Emsisoft Emergency Scanner and Hitman Pro and they each turn up no infections.

Here are 3 screenshots of the firewall activity over 11-17-2014 and the first couple of hours after midnight today...

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/2014-11-18_020215.png

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/2014-11-18_020447.png

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/2014-11-18_020541.png

I tried to look up the destination IP addresses of these entries in the firewall log, but apparently they are unknown.

Is it possible that malware is using System and C:Windows \System 32\svchost.exe to get through the firewall? I am extremely worried about this situation and I am hoping that the community here at the Comodo forums will be able to help me to understand what I am now considering to be a dire situation.       
« Last Edit: November 18, 2014, 05:59:07 AM by Maxxwire »

Offline Dolphin66

  • Comodo's Hero
  • *****
  • Posts: 416
Re: Please Help! I fear the worst has happened!!!
« Reply #1 on: November 18, 2014, 07:26:37 AM »
Hi Maxxwire,

A quick search shows up the following info :-

http://www.tech-faq.com/public-dns-servers.html

Apparently it belongs to

Level 3 Communications (Broomfield, CO, US)
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
209.244.0.3
209.244.0.4
Desktop:- Windows 10 64bit Pro ¦¦ CIS 10.0.1.6294 ¦¦ CBU 4.4.1.23        Laptop:- Windows 10 64bit Home ¦¦ CIS 10.0.1.6294 ¦¦ CBU 4.4.1.23      Tablet:- ACER W4-820:- Windows 10 32bit Home ¦¦ CCAV 1.13.424807.562

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2083
Re: Please Help! I fear the worst has happened!!!
« Reply #2 on: November 18, 2014, 08:20:10 PM »
After looking at the pics, Hopefully its probably a printer or something, but just to be sure

Would you mind downloading this and click "do a system scan and save a logfile".  This is portable so its easy to remove (Just drag folder to recycle bin when no longer needed)
http://portableapps.com/apps/security/hijackthis-portable
If you like, you can post the logs here

also you can run this as this (this is beta still) 
http://www.bleepingcomputer.com/download/glasswire/
Quote
GlassWire is a free network monitoring tool that displays and alerts you about the network traffic originating from your computer.  This allows you to quickly see what applications are communicating over the network and the Internet, how much bandwidth they are using, and what hosts they are connecting to. GlassWire also maintains a database of suspicious sites and will alert you when you attempt to visit one of them. Last, but not least, GlassWire includes an easy to use application firewall that allows you to block specific applications from communicating over a network and the Internet.
« Last Edit: November 18, 2014, 10:17:36 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek