Can someone please help me identify if i have a virus because i have over 600 outbound connections!?
i can put up a log if you show me how to use that log deal, my svchost.exe in system32 says that it is receiving a connection from another computer? i checked it also from were it sends the connection and the ip is 96.17.157.4:80, 124.40.51.148:3478 and also 96.17.157.56:443 please help me i am so stressed because of credit and stuff. I am just 16 and i know nothing about computers can someone please guide me step by step if you’d be kind enough, if i have to i will also reformat my pc but i don’t think that our windows xp ever got a system disc.
Anyways please help me i will be ever so greatful
That’s nothing to worry about normally, it’s a provider that’s used by Microsoft to distribute their updates over, but there are much more that use this distribution network.
I’m not sure but the port 3478 could be related to some STUN VoIP service, do you run any VoIP software? The address space is registered in Japan:
Can you post both source and destination ports regarding to this connection, and how many of the 600 are from/to these ports?
If you fear your system is infected, please disconnect your network cable and of wifi connection so the system is no longer reachable over the internet, and use an other system to ask for help etc…
At least make sure you have a backup of your important data before you do anything drastic.
Don’t worry to much, at the moment the only thing suspicious here is the connection to the 3478 port, can you please report what the other side of the connection is and which port it shows there ?
Like IP 1 Source Port 2 Destination the Japan address en destination port 3478?
If you start it, it will begin with an initial scan, please check to see if it reports “possible rookit activity” after that run a full scan and see if it marks anything “hidden”/suspicious or rootkit.
well i put it in the picture if that explains enough if not it is
Source:192.168.1.101:1032 Destination 124.40.51.144:3478 and another 124.40.51.145:3478
I’m sorry but i have to sleep also, I’m from the Netherlands and it was about 01:00 AM here so time to get some sleep
First try this, Open CIS GUI and go to Firewall and click “View Active connections”, now check what application is using these connections to port 3478.
This is very important so we can determine what process is using this communication channel.
If you are sure you don’t use any “voice” related software create a block rule on global rules.
Please open the CIS GUI and click Firewall, Advanced, Network Security Policy, switch to Global rules.
Add a new rule
Block
IP
OUT
Source = ANY
Destination = IP mask 124.40.0.0 255.255.0.0
Protocol = ANY
And apply the rule, also create the following
Block
TCP
OUT
Source = ANY
Source port = ANY
Destination = ANY
Destination port = 3478
And apply the rule, now switch back to Application rules tab and add a new rule:
Select, File Group, All Applications and Add the above rules to this group and make sure it’s the first rule all the way on top of both policies. This will make sure it will directly match these rules.
Here is more information about the port traffic:
http://www.voip-info.org/wiki/view/STUN
It’s a way to “help” NAT traversal and I am almost certain it can be used for “bad” purposes also.
The Connection was from Akamai, i was told to delete the Akamai install and i did and also stopped getting the connection from 3478, now what i want to know is if 255.255.255.255 is safe or not or more information etc please
My windows operating system was getting this
Action:Blocked TCP 192.168.1.101 Source:1104 213.189.2.33 Destination:80
What is this? i looked it up on www.mindmax.com and it said the following:
Hostname Country Code Country Name Region Region Name City Postal Code Latitude Longitude ISP Organization Metro Code Area Code
213.189.2.33 NL Netherlands 16 Flevoland Almere 52.3667 5.1500 Reasonnet IP Networks B.V. Spango B.V.
And also what will your settings do ? will it stop people from connecting to me or what?
If someone could help me i’d appriciate it Thank you
I also would like to know a good scanner to check and see if anyone is connecting to my computer and i want to know what that Netherland IP address is doing on my firewall?
A scanner can’t detect how’s connecting to your computer, you need to setup a few basic things in the firewall to get this done.
First thing you could do is check to see if you are “stealth” seen from the internet, you can check that on this site here (Shields UP): https://www.grc.com/x/ne.dll?bh0bkyd2
You can scan from the internet to your connection and see if it reports stealth
I think all your questions are answered for now
If you have more please feel free to ask, and if you wish to watch a nice movie about how the internet works please check this out:
Ronny what is the meaning of life because you seem to know it all but why did it come as an ICMP through MSN messenger, and as a tcp type 3 on windows operating system it was trying to send that packet to my router while the icmp was going inbound to my router too why is this?
i just hate how complicated computers are :s
i want to fix my computer please someone help