Hi i just checked the firewall status,
i saw cmdagent downloading around 10-15 MB data from 91.209.196.180 which i did whois it showed as comodo,
then after some time, cmdagent again downloading some data around 5mb already downloaded from 145.5.128.3
which is non comodo IP . i did whois and reply was
person: John van Wel
address: Erasmus Universiteit Rotterdam
address: Burg.Oudlaan 50
address: NL-3062 PA Rotterdam
address: The Netherlands
phone: +31 10 408 2322
fax-no: +31 10 452 7236
abuse-mailbox: netop@nic.eur.nl
nic-hdl: JW801-RIPE
source: RIPE # Filtered
I dont know what is it?
Is my system hacked?
Is cmdagent supposed to download anything?
the path of cmdagent is in comodo internet security folder.
My system is original win xp home
1gb ram
p4 3.0 Ghz
There was a big signature update with size of 28 MB that you may have monitored. That is a new base on which upcoming updates, with a new database format, will be added.
It is interestingly odd the second part, may be the update to 992, is coming from a Dutch university server. Do you live in the Netherlands, like your truly?
Thanks for the replies EricJH and Jacob
No I am not in Netherlands, And I cant find any reason why such a server would be contacted from Asia ??
But what the #%@#. I caught it and have been keeping an eye on the data in out now onwards.
I will be formating the Hard disk anyways, in a few days. I had actually kept a working PC without a reinstall of Win Xp for more than five years, It was a headache to maintain, and my 200Gb hdd is soo like full , I dont even know what i have installed on my system anymore, I cannot sort the millions of files left on my system. Its gonna be a big headache for me, to back up and stuff.