My system is secure as far as I know and I credit Comodo with that along with mine own customized rules. However, almost every two seconds explorer.exe (C/Windows) tries to connect TCP from my router (source) to 22.214.171.124 (destination) which seems to be a malware connection. The source port is always in the 6400’s and it just tries all of them. The Destination Port is always 80. I don’t think this is a legit connection but perhaps I am wrong.
These connections are blocked by Comodo but they keep repeating every two seconds.
Can someone tell me if there is anyway to stop this or will I just have to live with this being blocked and filling up my Firewall Events window?
Your PC has been infected ‘Sytem Antivirus 2008’.
126.96.36.199 distributes fake antivirus software ‘System Antivirus 2008’.
If your PC still tries to connect 188.8.131.52, it means there are still malwares in your pc.
You will find how to remove ‘System Antivirus 2008’ on search engines.
But I recommed you, format your HDD and reinstall windows.
(CIS can block them all but can’t remove them all.)
Because, you can repair with antivirus software against malwares. But your PC will not be stable even if
it’s repaired against tons of infections.
I didn’t have to re-install Vista nor re-format my drive. It took me five hours but I managed to clean my system. I started at 10pm and didn’t finish till 3am. The ‘harmful’ connections have all stopped and I have no firewall events that aren’t normal or none that don’t reflect my rules. No more connection attempts every 2 sconds. Turns out that I had two major Trojans or root kits and as of yet I don’t know what they were. They had destroyed my host file, registration files were invalidated with improper keys, had placed about 20 dll’s in the system 32 folder not counting the 6 .exe that were in there as well. Had even created a new User with administration rights.
They had also created four compressed files that would re-install the Trojan after I had cleaned it out. It was a nightmare. Several times my Windows validation would not work and I would get that error message stating that my security had been tampered with or I was running a counterfeit Windows. Which, of course, was not true. When this happened, I could only access the internet but not use the system. I finally got that to work again.
I don’t think it was the AntiVirsus infection at all since my system did not do any of the things it was suppose to do with that trojan. No messages about non-existent virus, no pop=ups, there were no outward signs of any infections at all. Everything was running normal
As I stated only Comodo’s Firewall’s Event log notified me something was going on. Had it not been for that my system would still be infected.
None of the programs that are suppose to get rid of such things, worked for me and I must have tried 10 of them. Nothing worked. I had to do all of this manually. I just made sure I had a good restore point (even though the virus was in there as well at least I could get back on the system) and a copy of my Reg files and started working.
In any event, I got rid of them. Was surprised though that no malware program, virus program or scan found these ugly bugs. Had it not been for Comodo’s Firewall event log I would have never known they were on my system.
All of the symptoms that are suppose to alert you to a Trojan, were not present. My system was not slow. No indications that anything was wrong. Getting rid of this thing manually is not for those who have little or no knowledge of how their system works. It can destroy your OS if you don’t have an idea of what you are doing. I had no choice, I did not want to re-install Vista nor have all of my files wiped out. I had NO backups. Learned a valuable lesson there
I don’t wish this on anyone. It was extremely difficult to get rid of. But it can be done