725 intrusions blocked by firewall and still going up.

Hi yeah, I’m using COMODO Internet Security and I recently noticed under the Summary > Firewall it says I’ve got over 725 intrusions and it’s going up every second but sometimes pauses. Is this normal? I’m no expert at this kind of thing but it seems odd I’m getting this many intrusions. I clicked on the number and it says all these intrusions are coming from Windows Operating System with various source IPs next to them and different destination IPs. Is there cause for concern here?

It’s also got over 500 outbound connections adn just over 200 inbound connections. Not entirely sure if I should be getting that many.

Are you running a torrent or vpn?

You should post a screenshot of the FW’s logs and of the active connections. This way, forum’s members could more easily help you.

http://img818.imageshack.us/img818/9138/firewallevents.jpg

Well, as you can see. It’s just hundreds and hundreds of these intrusions with different source IPs. The destination IP is the same and so is the application It’s currently at 1095 intrusions and these are all from today. And no I’m not running any torrent program, all I have running is steam.exe, chrome.exe, wlcommm.exe(which I think has something to do with windows live messenger) and msnmsgr.exe.

I’ve actually sorted out the inbound connection problem, it’s at 0 now. It was a program taking up much of my traffic called PMB.exe. Which had something to do with speeding online games up apparently. I’ve uninstalled it. The intrusions are still going up though, 1101 as I type this. And sorry if the image is a bit small, it should be bigger if you open it up on a separate page.

PMB.exe is Pando media Booster, its part of the p2p downloader/updater used by some games such as Lord of the Rings Online and DnD Online.

http://www.pandonetworks.com/Pando-Download-Manager

Wlcommm.exe is listed as a virus trojan. It might very well be the bad guy who is openning up TCP port 57342.

When is the last time you did a scan with your AV/AS? If you have Malwarebytes AntiMalware installed, do a quick scan with it. Otherwise download and install it and do a quick scan with it.

Sorry, I ment wlcomm.exe. Not the one with 3 m’s. I looked it up and it said it had something to do with windows live messenger. I just ran the malwarebtyes quick scan and it said I had 19 infected files. 2 of which where Trojan.Vundo and the rest where Adware.MyWebSearch. So thanks for showing me that program. Tbh I only run my comodo anti virus like once every month, I probably should do it more frequently.

Since you were infected, I would also recommend you run a full scan with Malwarebytes Antimalware. Might take a while.

You should run you main AV/AS scanner doing a full scan at least once a week.

Please add Super Antispyware and Emsisoft Antimalware to the scanners for on demand checks. I run them Spybot and Malwarebytes once a week. I have the AV from CIS running in the background.

There is too much malware being produced these days. No one scanner can keep up that at any given time. It is best to use multiple scanners. Running a quick scan is usually enough.