Microsoft Update Dailing to Nigerian IP!!!!!!!!!!!!

I was Updating MS windows XP Security Updates when i saw logs in CPF and gone to see/check what this unusal ip and thaw its not ms update i canceled the updated immedietely.
I want a Question to ask;
That would be How to Shut Down Internet Accessing from all to every IP except Miscrosoft update site (65.55.192.93).

henybody ???

Just in other word can i blcok every IP except to few IPs i visit regularly???

so such a spam/virus/hack$ inet is!!! (:TNG)

Hey afg01,

If you want to block ALL IP-adresses except 65.55.192.93, you should make a new rule, or actually two.
Open up the CPF Interface, click the ‘Secuirty’-tab and continue to Network Monitor.
Make a new rule like this:

Action: Allow
Protocol: IP
Direction: In/Out
Source IP: Any
Destination IP: 65.55.192.93

Add it to the top of network rules.

Now create another one:

Action: Block
Protoctol: IP
Direction: In/Out
Source IP: Any
Destination IP: Any

Put it under the first rule.

This should block all traffic from any IP except 65.55.192.93 and it should

Now type 65.55.192.93 in your browser. I think it should work, remember to remove the IP Block rule, else no other site will work.

Ragwing

thanks (:TNG) (B)

edit: Got 1 moo Quest

Does MS Updates 2 other IP/s other than 65.55.192.93 ?

I forgot svchost.exe needs Internet access. Remove svchost.exe from Application Monitor, and run Windows Update without blocking all other IP, and see what IP svchost.exe uses and add it under the first rule that allows only Windows Update. Svchost.exe added a lot of trouble, but hopefully it’ll be able to be fixed.

Ragwing

When i enter into windows update I connect with strange IP’s 65.55.xxx or 64.4.52.xxx and my friends too.
I think it’s normal.

???

[attachment deleted by admin]

You’ve got a virus o Spyware/malware infection.
You must clean you computer.
What AV do you use? Antipaware(real time an on demmand)?
Do you do a safe surfing(no porn, no warez sites), only trusted sites??

If you see my shot , in adress bar, i’havn’t got a IP number.

I only surf with IE when I update Windows. I ssurf with Firefox.

[attachment deleted by admin]

???
Through My Findindgs I thawt the ip was microsoft update or maybe not wehn i updateing i typed this ip so not sure why VE gut this warning i will trye update.windows.com and be back.

Avast pro,AVG anti-spyware,BOClean,CPF Pro.

The warning dialogue you’ve posted isn’t a VE warning - it’s an IE7 warning.

Seeing as that IP leads to a phising site, you should go to network monitor and add this as number 1 rule:

Action: Block
Protocol: IP
Direction: In/Out
Source IP: 65.66.192.93

That should prevent all communication with 65.55.192.93

Also it seems like Windows Update use 207.xxx.xxx.xxx IP-adresses.
If BOClean and AVG Anti-spyware doesn’t find anything, try downloading Spybot Search & Destroy, Ad-aware 2007.
Also download HijackThis and run a scan, then post the log file here.

Ragwing

I use AVAST!! free, CBOClean , CPW SSM free(til V3·CPW)
You can scan too with SpuerAntispyware free.
Today we need an security arsenal :S With the best AV you aren’t totally safe. Maware craators are veryclever and are always ready.
It seems when yo go to Win update you r re-adressed to a pishing site.

When i connect with Win updates i haves those IP’s

[attachment deleted by admin]