today I noticed it was quite a bit warmer in my room, despite it being cooler outside. I checked my computer’s temps, and my CPU is running at about 60C (140F). it normally runs around 30-40C. I checked my processes, and I have CPF running between 30-50% (I have a hyperthreading processor), with 5-30 MB of IO write data per second. I checked CFP and it’s, well, check the attached log file (warning, deceptively large log file) any clue what’s going on? the log message is recorded even when I’m disconnected from the internet; for reference, here is my connection log:
Date Time Source Type Category Event User Computer Message
2007.1104 1926.27 RemoteAccess Information None 20158 N/A CRAPSHACK The user 8d49d49533558828734b5b99a78be51e successfully established a connection to the Frontier using the device COM3.
2007.1104 1925.36 RemoteAccess Information None 20159 N/A CRAPSHACK The connection to the Frontier made by user 8d49d49533558828734b5b99a78be51e using device COM3 was disconnected.
2007.1104 1732.56 RemoteAccess Information None 20158 N/A CRAPSHACK The user 8d49d49533558828734b5b99a78be51e successfully established a connection to the Frontier using the device COM3.
2007.1104 1732.09 RemoteAccess Information None 20159 N/A CRAPSHACK The connection to the Frontier made by user 8d49d49533558828734b5b99a78be51e using device COM3 was disconnected.
2007.1104 1658.42 RemoteAccess Information None 20158 N/A CRAPSHACK The user 8d49d49533558828734b5b99a78be51e successfully established a connection to the Frontier using the device COM3.
2007.1104 1657.35 RemoteAccess Information None 20159 N/A CRAPSHACK The connection to the Frontier made by user 8d49d49533558828734b5b99a78be51e using device COM3 was disconnected.
[attachment deleted by admin]
Quick question, what type of connection do you have?
Right click My Computer → Properties → Remote and uncheck the options: “Allow Remote Assistance invitations to be sent from this computer” and “Allow users to connect remotely to this computer”.
Next, go to Network Properties → Network Connections, right click your connection → Properties → uncheck “File and Printer sharing for Microsoft Networks”. Then double click Internet Protocol TCP/IP → Advanced → WINS and checkmark “Disable NetBIOS over TCP/IP”. Apply/OK in the usual way.
I looked at your log file and the only IP address shown for the 3 hour period in question is 184.108.40.206 which resolves to swiftco.irc.proxy.monitor.dal.net which leads me to ask whether you were on IRC chat at the time? The open ports don’t appear to be related to malware, but it might be wise to check them here
The log file you posted does, as Zito suggested, look like an IRC connection. The entries in your post, however, are something else. I’ve never seen CFP report on COM ports. To be honest, I didn’t know it could!
My first guess is, you have picked up a ‘dialer’ trojan from somewhere. Have you checked your system with a good antispyware and antivirus program?
the log in my post is from my event viewer. (exported to tsv, and filtered through an excel spreadsheet) it is my connection to my ISP, Frontiernet (I masked my username, for obvious reasons) indicating when I was connected to my ISP, and when I was disconnected.
I followed Zito’s instructions, however I had already completed them a while ago, before I had this firewall installed
and yes, the IP address in the log is the direct result of an IRC connection. it’s a single scan performed by most IRC networks on all incoming connections to see if the connection is running on an open anonymous proxy or not. I’ve been around computers since 1999, and I’ve been on IRC since 2002, and I’ve been network admin on 5 IRC networks since 2004
hello, I’m still having this problem. because of the density of the log file, I have no ISP disconnections/reconnections logged in the timeframe that the log file spans. CFP is still using ~50% of my CPU (if I were not hyperthreading, CFP would be using ~100% of my CPU). will someone please tell me what is going on. and don’t say it’s a dialer trojan horse. I know what those are, and my modem has only dialed one number, that is my ISP’s telephone number. it isn’t any other type of virus, because no virus I know is able to connect to the internet when I am disconnected from my ISP and the modem isn’t in use. additionally, if, in the remote chance there is a virus on my, or my roommate’s, computer that is making connections to the DAL.Net network, it could not be making them once every five seconds, because the dal.net servers would throttle the connections, and my roommate (who does, and is connected to dal.net on his computer, through my internet connection [and Comodo Firewall], as I write this message, and has been connected to dal.net for six hours) would not be able to connect at all,
[attachment deleted by admin]
ok, if I can’t get assistance on this, I’m going to have to remove Comodo. I switched to Comodo from Sunbelt Personal Firewall because Comodo had ICS, however, since I’ve installed Comodo, I’ve received 5 seperate CPU diode and CPU Socket temperature alarms, all while Comodo has been reporting these logs and I’m not going to risk scorching my processor. as of right now, my computer has no connections to dal.net (netstat shows:
Proto Local Address Foreign Address State PID
TCP CRAPSHACK:1651 im.bitlbee.org:6667 ESTABLISHED 1844
TCP CRAPSHACK:1654 dissonance.nl:6667 ESTABLISHED 1844
TCP CRAPSHACK:1660 po-in-f125.google.com:5222 ESTABLISHED 116
TCP CRAPSHACK:1916 localhost:1917 ESTABLISHED 316
TCP CRAPSHACK:1917 localhost:1916 ESTABLISHED 316
TCP CRAPSHACK:1519 192.168.0.101:netbios-ssn ESTABLISHED 4
TCP CRAPSHACK:1907 td-in-f113.google.com:http CLOSE_WAIT 116
and CFP is still logging 1 portscan per 5 seconds from 220.127.116.11