-
August 23rd, 2004, 12:35 PM
#1
Help with spyware
Hi,
My computer is sending and receiving packets, even when no programs request information from the internet. My friend says this is just normal internet traffic, but then again, normal internet traffic wouldnt cause your computer to dial the internet on its own...
Here is a hijack this log:
Logfile of HijackThis v1.98.2
Scan saved at 18:25:35, on 23/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BT Digital Access USB\vstartx.exe
C:\Program Files\BT Digital Access USB\gisdnlog.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: live mp3 coal - {F3128CE4-8B23-1318-6FDE-BA9DBC79A7DB} - C:\PROGRA~1\SKIPCR~1\tonschin.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4ECC943B-6576-9710-9C2F-4298197B4FD6} - C:\PROGRA~1\SKIPCR~1\tonschin.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{68077353-2A1A-4E03-84AF-E89CE2C9F9E2}: NameServer = 195.92.195.95 195.92.195.94
Also I noticed that one of the svchosts has around 25,000k mem usage, which is abnormally large compared to the other process' of it.
Ive ran several spyware + antivirus checkers and so far all that comes up is some DSO exploits (despite numerous requests for spybot to remove it, it returns every time I reboot) and an ebay toolbar, which likewise, returns every time I reboot( not so bothered about that because other family members use it)
Well if anyone can offer me help, Id be very grateful.
-
August 23rd, 2004, 06:30 PM
#2
Driver Terrier
Welcome to Windrivers Trying
True, but have you checked pccillin? you can check a box to let pc cillin dialup and connect for itself.
C:\PROGRA~1\FlashGet\jccatch.dll removal instructions
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
Suspicious >
O3 - Toolbar: (no name) - {4ECC943B-6576-9710-9C2F-4298197B4FD6} - C:\PROGRA~1\SKIPCR~1\tonschin.dll (file missing)
O3 - Toolbar: (no name) - {4ECC943B-6576-9710-9C2F-4298197B4FD6} - C:\PROGRA~1\SKIPCR~1\tonschin.dll (file missing)
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{68077353-2A1A-4E03-84AF-E89CE2C9F9E2}: NameServer = 195.92.195.95 195.92.195.94
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 23rd, 2004, 10:26 PM
#3
Originally Posted by NooNoo
True, but have you checked pccillin? you can check a box to let pc cillin dialup and connect for itself.
After reading this I looked in pccillin, as it is unregistered I dont think it automatically connects to check for updates.
I also checked the rasuauto with the list of allowed autodials, the only one on was my homepage, and some IP addresses which I removed.
-
August 24th, 2004, 05:51 AM
#4
Driver Terrier
did you remove the items I noted?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 24th, 2004, 07:05 AM
#5
Yes, I removed them all except this one: O17 - HKLM\System\CCS\Services\Tcpip\..\{68077353-2A1A-4E03-84AF-E89CE2C9F9E2}: NameServer = 195.92.195.95 195.92.195.94
As the IP address is that of my ISP, freeserve, so I assume it has something to do with my connection, and removing it only causes it to reappear on restart anyway.
-
August 25th, 2004, 09:06 AM
#6
Driver Terrier
Do you share the internet connection between computers?
Do you have any scheduled jobs running?
Is there any pattern to when it dials?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 25th, 2004, 09:56 AM
#7
I do share an internet connection, but I disabled the network for the past few days.
Here is a HJT log after removing what you said, and some others which I didnt want: (took out processes)
Logfile of HijackThis v1.98.2
Scan saved at 13:07:59, on 24/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
And here is one after restart:
Logfile of HijackThis v1.98.2
Scan saved at 14:53:21, on 24/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {F3128CE4-8B23-1318-6FDE-BA9DBC79A7DB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{68077353-2A1A-4E03-84AF-E89CE2C9F9E2}: NameServer = 195.92.195.94 195.92.195.95
Can you help me to remove the things that keep coming back?
-
August 25th, 2004, 10:08 AM
#8
Driver Terrier
bhodaemon can rid you of those bho entries with no files.
What in particular didn't you want back - it depends what they are as to how you get rid of them.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 25th, 2004, 10:33 AM
#9
Thanks, Ill use bhodaemon to remove the BHOs, but how about the blank DPFs?
I dont know whether this will help, but here is my firewall log, can you see anything wrong with it? (sorry its so big n jumbled... =\ )
Type Time Direction Protocol Source IP Address Source Port Destination IP Address Destination Port Description
Firewall 13:55:27 IN UDP 208.62.117.2 22371 217.135.170.224 137 NetBIOS
Firewall 13:55:39 IN UDP 68.236.61.19 1026 217.135.170.224 137 NetBIOS
Firewall 14:23:20 OUT ICMP 81.76.228.231 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:23:21 OUT ICMP 81.76.228.231 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:23:22 OUT ICMP 81.76.228.231 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:23:23 OUT ICMP 81.76.228.231 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:23:24 OUT ICMP 81.76.228.231 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:23:25 OUT ICMP 81.76.228.231 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:25:00 IN UDP 213.170.197.75 1027 81.76.228.231 137 NetBIOS
Firewall 14:25:40 IN UDP 204.1.215.112 31917 81.76.228.231 1028 Security rule matched
Firewall 14:29:25 OUT ICMP 81.78.58.170 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:29:26 OUT ICMP 81.78.58.170 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:29:27 OUT ICMP 81.78.58.170 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:29:28 OUT ICMP 81.78.58.170 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:29:29 OUT ICMP 81.78.58.170 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:29:30 OUT ICMP 81.78.58.170 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:31:51 IN ICMP 81.78.127.89 N/A 81.78.58.170 N/A ICMP Echo Request
Firewall 14:32:08 OUT ICMP 81.78.58.170 N/A 82.121.195.38 N/A ICMP Destination Unreachable
Firewall 14:32:15 OUT ICMP 81.78.58.170 N/A 80.78.58.170 N/A ICMP Destination Unreachable
Firewall 14:32:29 IN ICMP 81.78.127.89 N/A 81.78.58.170 N/A ICMP Echo Request
Firewall 14:32:56 IN UDP 201.1.13.162 1033 81.78.58.170 137 NetBIOS
Firewall 14:32:57 IN UDP 80.139.28.227 19876 81.78.58.170 137 NetBIOS
Firewall 14:33:42 OUT IGMP 81.78.58.170 N/A 224.0.0.22 N/A Security rule matched
Firewall 14:33:42 OUT IGMP 81.78.58.170 N/A 224.0.0.22 N/A Security rule matched
Firewall 14:33:43 OUT IGMP 81.78.58.170 N/A 224.0.0.22 N/A Security rule matched
Firewall 14:33:56 OUT IGMP 81.78.58.170 N/A 224.0.0.22 N/A Security rule matched
Firewall 14:33:56 OUT IGMP 81.78.58.170 N/A 224.0.0.22 N/A Security rule matched
Firewall 14:35:56 OUT UDP 81.78.49.242 1900 239.255.255.250 1900 Security rule matched
Firewall 14:40:10 OUT UDP 81.78.49.242 1900 239.255.255.250 1900 Security rule matched
Firewall 14:40:10 OUT UDP 81.78.49.242 1900 239.255.255.250 1900 Security rule matched
Firewall 14:40:10 OUT UDP 81.78.49.242 1900 239.255.255.250 1900 Security rule matched
Firewall 14:40:10 OUT UDP 81.78.49.242 1900 239.255.255.250 1900 Security rule matched
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:40:10 OUT ICMP 81.78.49.242 N/A 205.209.144.80 N/A ICMP Destination Unreachable
Firewall 14:43:49 OUT ICMP 81.78.41.67 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:43:50 OUT ICMP 81.78.41.67 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:43:51 OUT ICMP 81.78.41.67 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:43:52 OUT ICMP 81.78.41.67 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:43:53 OUT ICMP 81.78.41.67 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:43:54 OUT ICMP 81.78.41.67 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:45:53 OUT ICMP 81.76.196.107 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:45:54 OUT ICMP 81.76.196.107 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:45:55 OUT ICMP 81.76.196.107 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 14:45:56 OUT ICMP 81.76.196.107 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:45:57 OUT ICMP 81.76.196.107 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:45:58 OUT ICMP 81.76.196.107 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 14:47:04 OUT ICMP 81.76.196.107 N/A 222.88.173.5 N/A ICMP Destination Unreachable
Firewall 14:48:34 OUT UDP 81.76.196.107 3088 64.4.12.200 7001 Security rule matched
Firewall 14:48:38 OUT UDP 81.76.196.107 3088 64.4.12.200 7001 Security rule matched
Firewall 14:48:50 IN TCP 81.76.49.82 4433 81.76.196.107 5554 Security rule matched
Firewall 14:53:29 IN TCP 81.76.49.82 3295 81.76.196.107 5554 Security rule matched
Firewall 14:53:34 OUT ICMP 81.76.196.107 N/A 82.121.195.38 N/A ICMP Destination Unreachable
Firewall 14:55:46 IN TCP 222.175.15.175 3486 81.76.196.107 9898 Security rule matched
Firewall 15:03:58 IN UDP 204.64.231.253 27945 81.76.196.107 1027 Security rule matched
Firewall 15:04:55 IN TCP 218.191.71.7 4548 81.76.196.107 5554 Security rule matched
Firewall 15:04:55 IN TCP 218.191.71.7 3260 81.76.196.107 9898 Security rule matched
Firewall 15:19:54 IN UDP 200.21.103.220 1026 81.76.196.107 137 NetBIOS
Firewall 15:21:57 IN TCP 218.252.148.154 4494 81.76.196.107 5554 Security rule matched
Firewall 15:21:57 IN TCP 218.252.148.154 4997 81.76.196.107 9898 Security rule matched
Firewall 15:23:56 IN ICMP 195.92.168.35 N/A 81.76.196.107 N/A ICMP Destination Unreachable
Firewall 15:26:13 IN TCP 67.70.150.182 4476 81.76.196.107 5554 Security rule matched
Firewall 15:26:13 IN TCP 67.70.150.182 4889 81.76.196.107 9898 Security rule matched
Firewall 15:27:36 IN UDP 200.249.204.2 1032 81.76.196.107 137 NetBIOS
Firewall 15:27:47 OUT ICMP 81.76.196.107 N/A 195.132.44.44 N/A ICMP Destination Unreachable
Firewall 15:27:55 IN TCP 81.76.51.186 3043 81.76.196.107 2745 Security rule matched
Firewall 15:27:58 IN TCP 81.76.51.186 3043 81.76.196.107 2745 Security rule matched
Firewall 15:28:04 IN TCP 81.76.51.186 3043 81.76.196.107 2745 Security rule matched
Firewall 15:29:33 OUT TCP 81.76.196.107 3609 192.168.0.2 1592 Security rule matched
Firewall 15:29:37 OUT TCP 81.76.196.107 3609 192.168.0.2 1592 Security rule matched
Firewall 15:30:17 OUT TCP 81.76.196.107 3610 192.168.0.2 1593 Security rule matched
Firewall 15:31:06 OUT TCP 81.76.196.107 3610 192.168.0.2 1593 Security rule matched
Firewall 15:31:06 OUT TCP 81.76.196.107 3610 192.168.0.2 1593 Security rule matched
Firewall 15:31:06 IN TCP 218.71.215.58 3523 81.76.196.107 17300 Security rule matched
Firewall 15:31:06 IN UDP 201.128.33.14 1233 81.76.196.107 137 NetBIOS
Firewall 15:40:54 OUT ICMP 81.76.227.40 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 15:40:54 OUT ICMP 81.76.227.40 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 15:40:55 OUT ICMP 81.76.227.40 N/A 69.57.152.56 N/A ICMP Echo Request
Firewall 15:40:56 OUT ICMP 81.76.227.40 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 15:40:57 OUT ICMP 81.76.227.40 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 15:40:58 OUT ICMP 81.76.227.40 N/A 66.79.174.101 N/A ICMP Echo Request
Firewall 17:09:20 IN TCP 81.156.229.117 3502 81.76.242.243 1433 Security rule matched
Firewall 17:09:23 IN TCP 81.156.229.117 3502 81.76.242.243 1433 Security rule matched
Firewall 17:09:29 IN TCP 81.156.229.117 3502 81.76.242.243 1433 Security rule matched
Firewall 17:09:43 IN TCP 24.200.216.155 4006 81.76.242.243 5554 Security rule matched
Firewall 17:09:43 IN TCP 24.200.216.155 4498 81.76.242.243 9898 Security rule matched
Firewall 17:11:35 IN TCP 82.50.156.187 3140 81.76.242.243 1433 Security rule matched
Firewall 17:11:38 IN TCP 82.50.156.187 3140 81.76.242.243 1433 Security rule matched
Firewall 17:11:44 IN TCP 82.50.156.187 3140 81.76.242.243 1433 Security rule matched
Firewall 17:14:53 IN UDP 203.88.5.13 24871 81.76.242.243 1028 Security rule matched
Firewall 17:15:02 IN UDP 83.31.6.155 1026 81.76.242.243 137 NetBIOS
Firewall 17:15:06 IN TCP 81.229.77.115 3352 81.76.242.243 2745 Security rule matched
Firewall 17:15:09 IN TCP 81.229.77.115 3352 81.76.242.243 2745 Security rule matched
Firewall 17:15:16 IN TCP 81.229.77.115 3352 81.76.242.243 2745 Security rule matched
Firewall 17:18:36 IN ICMP 81.76.144.58 N/A 81.76.242.243 N/A ICMP Echo Request
Firewall 17:20:47 OUT ICMP 81.76.242.243 N/A 82.169.131.126 N/A ICMP Destination Unreachable
Firewall 17:20:54 IN ICMP 81.76.133.140 N/A 81.76.242.243 N/A ICMP Echo Request
Firewall 17:24:14 IN UDP 81.64.156.111 3360 81.76.242.243 137 NetBIOS
Firewall 17:25:48 IN UDP 200.168.56.72 1064 81.76.242.243 137 NetBIOS
Firewall 17:28:55 IN UDP 64.230.0.91 60823 81.76.242.243 137 NetBIOS
Firewall 17:29:28 IN TCP 81.78.126.137 4028 81.76.242.243 1025 Security rule matched
Firewall 17:29:31 IN TCP 81.78.126.137 4028 81.76.242.243 1025 Security rule matched
Firewall 17:29:37 IN TCP 81.78.126.137 4028 81.76.242.243 1025 Security rule matched
Firewall 17:30:18 IN UDP 151.199.18.77 1028 81.76.242.243 137 NetBIOS
Firewall 17:36:27 IN TCP 65.95.226.234 3677 81.76.242.243 5554 Security rule matched
Firewall 17:39:10 OUT IGMP 81.78.165.158 N/A 224.0.0.22 N/A Security rule matched
Firewall 17:39:10 OUT UDP 81.78.165.158 3661 239.255.255.250 1900 Security rule matched
Firewall 17:39:10 OUT UDP 81.78.165.158 3661 239.255.255.250 1900 Security rule matched
Firewall 17:39:10 OUT UDP 81.78.165.158 1900
-
August 25th, 2004, 10:34 AM
#10
well thats just a portion of it, but its all pretty much the same...
-
August 25th, 2004, 10:48 AM
#11
Driver Terrier
Trying, if you think I am going to check every one of those ips for authenticity, you have another think coming!!
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 25th, 2004, 11:00 AM
#12
Originally Posted by NooNoo
Trying, if you think I am going to check every one of those ips for authenticity, you have another think coming!!
No thats not what I intended. I just wanted you to take a look and see whether that looks like normal traffic, as I have no idea what any of that stuff means. You've helped me so much already, and I suspect that Im just beeing paranoid.
-
August 25th, 2004, 11:07 AM
#13
Driver Terrier
Which firewall software are you using?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
August 25th, 2004, 11:31 AM
#14
its the one built in with PCC
-
August 26th, 2004, 07:05 AM
#15
Driver Terrier
how to analyse firewall log faq
PC-Cillin is a not a very friendly or easily configurable firewall. The log file gives you very basic information.
If you want to understand what the firewall log is telling you about, you need to either take a course in network protocols or look up the individual terms.
protocol defined here
Never, ever approach a computer saying or even thinking "I will just do this quickly."
Similar Threads
-
By NEPATEC in forum Tech-To-Tech
Replies: 19
Last Post: May 13th, 2005, 02:43 AM
-
By NooNoo in forum Spyware & Antivirus - Security
Replies: 15
Last Post: June 3rd, 2004, 02:46 AM
-
By JungleMan1 in forum Tech Lounge & Tales
Replies: 6
Last Post: July 30th, 2001, 10:36 PM
-
By MacGyver in forum Tech Tips
Replies: 35
Last Post: April 22nd, 2001, 12:05 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks