Please help i am so worried

Can someone please help me identify if i have a virus because i have over 600 outbound connections!?
i can put up a log if you show me how to use that log deal, my svchost.exe in system32 says that it is receiving a connection from another computer? i checked it also from were it sends the connection and the ip is, and also please help me i am so stressed because of credit and stuff. I am just 16 and i know nothing about computers can someone please guide me step by step if you’d be kind enough, if i have to i will also reformat my pc but i don’t think that our windows xp ever got a system disc.
Anyways please help me i will be ever so greatful

[attachment deleted by admin]

Hi Joey,

First and third address resolves to:

That’s nothing to worry about normally, it’s a provider that’s used by Microsoft to distribute their updates over, but there are much more that use this distribution network.

I’m not sure but the port 3478 could be related to some STUN VoIP service, do you run any VoIP software? The address space is registered in Japan:

inetnum: -
netname: ARCSTAR
descr: 1-6 Uchisaiwai-cho 1-chome Chiyoda-ku,
descr: Tokyo 100-8019 Japan
country: JP

Can you post both source and destination ports regarding to this connection, and how many of the 600 are from/to these ports?

If you fear your system is infected, please disconnect your network cable and of wifi connection so the system is no longer reachable over the internet, and use an other system to ask for help etc…

At least make sure you have a backup of your important data before you do anything drastic.

i am not sure if i do, and also thanks for the help (if you are going to help me) which i hope will be yes
idk what a VoIP server is i am just 16 ;_; okay i put these on imageshack, if you could please help me through all of this because it is sadly sending me to a depressed state because i get so worried :confused: i just hate how complicated computers are :s
what would that be?
and if you need anymore things please don’t be a bother to ask i really want to get this whole ordeal out of my life

Don’t worry to much, at the moment the only thing suspicious here is the connection to the 3478 port, can you please report what the other side of the connection is and which port it shows there ?

Like IP 1 Source Port 2 Destination the Japan address en destination port 3478?

Also please download GMER it’s an anti-rootkit scanner.

If you start it, it will begin with an initial scan, please check to see if it reports “possible rookit activity” after that run a full scan and see if it marks anything “hidden”/suspicious or rootkit.

well i put it in the picture if that explains enough if not it is
Source: Destination and another

no please log back in please please :frowning: i want to fix my computer please someone help

please people reading this i feel so vulnerable please

If you’re really worried I would do a scan with Hitman Pro:

Chances are if you’re infected this will find it.

Also have you used the stealth ports wizard?

I have noticed that I get a lot of connections until I set it to ‘Alert me to incoming connections and make my ports stealth on a per-case basis’.

Hi Joey,

I’m sorry but i have to sleep also, I’m from the Netherlands and it was about 01:00 AM here so time to get some sleep :wink:

First try this, Open CIS GUI and go to Firewall and click “View Active connections”, now check what application is using these connections to port 3478.

This is very important so we can determine what process is using this communication channel.

If you are sure you don’t use any “voice” related software create a block rule on global rules.

Please open the CIS GUI and click Firewall, Advanced, Network Security Policy, switch to Global rules.
Add a new rule

Source = ANY
Destination = IP mask
Protocol = ANY

And apply the rule, also create the following

Source = ANY
Source port = ANY
Destination = ANY
Destination port = 3478

And apply the rule, now switch back to Application rules tab and add a new rule:
Select, File Group, All Applications and Add the above rules to this group and make sure it’s the first rule all the way on top of both policies. This will make sure it will directly match these rules.

Here is more information about the port traffic:

It’s a way to “help” NAT traversal and I am almost certain it can be used for “bad” purposes also.

The Connection was from Akamai, i was told to delete the Akamai install and i did and also stopped getting the connection from 3478, now what i want to know is if is safe or not or more information etc please

My windows operating system was getting this
Action:Blocked TCP Source:1104 Destination:80

What is this? i looked it up on and it said the following:

Hostname Country Code Country Name Region Region Name City Postal Code Latitude Longitude ISP Organization Metro Code Area Code NL Netherlands 16 Flevoland Almere 52.3667 5.1500 Reasonnet IP Networks B.V. Spango B.V.

And also what will your settings do ? will it stop people from connecting to me or what?

If someone could help me i’d appriciate it Thank you
I also would like to know a good scanner to check and see if anyone is connecting to my computer and i want to know what that Netherland IP address is doing on my firewall?

Hi Joey,

That’s nothing to worry about, it’s local network broadcast.

This address resolves to

Did you install hitmanPRO ? it’s probably traffic belonging to the product.

A scanner can’t detect how’s connecting to your computer, you need to setup a few basic things in the firewall to get this done.

First thing you could do is check to see if you are “stealth” seen from the internet, you can check that on this site here (Shields UP):

You can scan from the internet to your connection and see if it reports stealth

I think all your questions are answered for now :wink:
If you have more please feel free to ask, and if you wish to watch a nice movie about how the internet works please check this out:


Ronny what is the meaning of life because you seem to know it all but why did it come as an ICMP through MSN messenger, and as a tcp type 3 on windows operating system it was trying to send that packet to my router while the icmp was going inbound to my router too why is this?

The icmp address was from type(3)

It came inbound through msn messenger through port 50573 trying to go to my router ip port1443

Sometimes. Msn also tries to get a connection from texas why does msn do this?