I am kinda having the same issue, so I guess I dont have to create a new thread
The same System tries to connect using port 137 using hte UDP protocol
and the source port being 126.96.36.199 and the destination port being 188.8.131.52
both the ips belong to china and I am from India.
Neither the source of the destination is my IP, what kinda transfer between 2 IPs from China is
going to use an IP at India???
Apparently the two of you are directly connected to the web by a modem with no router present.
Do not respond to requests on ports 135-139 as they are for NETBIOS; which is about sharing files over the local network. And since there is no local network you would be sharing with unknown users.
The solution is to set the firewall to stealth settings by choosing “Block all incoming connections and make my ports stealth for everyone” in the Stealth Ports Wizard. That way you won’t get these alerts anymore. They will be discarded by the firewall.
@Eric Hello, Thanks for your response. I already have my ports stealthed…
And for me the solution was to disable NETBIOS as I do not have any other system connected in lan or a printer or other network device to connect to me.
Stealthing the port dint help for me.
@Russiancat Make sure you arent trying to broadcast to the devices on your lan.
If there are no other computers on your lan, I would advise you to disable NETBIOS.
In few cases it can’t be a virus causing this. Those IP would have been the local ip of different devices that you have connected. When you try to look up it will point to random locations.
To make sure thats not the case, check the local IP of different devices connected to your system and ifits to that ip the requests are going. and set the local ip in the range 192.168.0.0 to 192.168.255.255
and check for the nbdgram. if they also change to 192.168 then you dont have anything to worry about.
If you get the outgoing to the ips you listed even after changing your local ip, then you are having a trojan or some logger. I bet you let windows choose your local ip which is the reason for the issue as there are not many trojans which uses port 137 or 138 and a UDP connection.