HELP! trying to find out why I'm connected to an IP in Taiwan

[niggles]

OK, this is really begining to drive me a littly nutty so I'm hoping someone with some experience on this may have some insight. I have my Dell laptop and from time to time it just starts acting screwy. It's a pretty new machine (Inspiron 6000) and so I was trying to track down what the issue was and I ran a netstat to see what was going on. I have formatted with the Dell recovery partition and I'm begining to wonder if there is something within the installation of the CDs that's acting screwy. Anyway, when I run a netstat from the comand line I find that I am attached to the following IP: 203.73.25.206:http and my source is (computername):1034

Now I have no browsen when I do this and as far as I know I have shut down all the Dell crap that's running in the background. When I look the IP up it shows up as an IP in Taiwan. It's the same IP everytime. Anyone have any thoughts on this, on how I can shut this down, on what it is, anything?

 

[Atheus]

Run a packet sniffer like ethereal to see what it's up to.

 

[niggles]

ok, but what am I looking for, if I post results will you be able to help interpret it?

 

[RebateMonger]

That IP is part of a large block registered to SEED.NET.TW.

A quick UseNet search shows that it's NOT a good sign. Lots of reported abuse from that network.

 

[niggles]

Originally posted by: RebateMonger
That IP is part of a large block registered to SEED.NET.TW.

A quick UseNet search shows that it's NOT a good sign. Lots of reported abuse from that network.

I googled the IP and found it in a log on some chinese sites (used the translate google feature) that listed it as a source of an attack. What does it being part of SEED.NET.TW mean?
How do I get rid of this when Norton can't find anything on my computer?

 

[BadThad]

Not a fix, but a quick patch...I'd install a software firewall like ZoneAlarm and block it when it tries to connect to that IP.

You must be infected with something unique that is not yet identified by the antivirus mfg's. Could very well be that your restore partition is also infected/corrupted. Didn't they give you a restore CDROM? Let's try to pin this down, post a hijackthis log for us to look over.

 

[Slowlearner]

Zone Alarm pronto - like right now

 

[BSEagle1]

I'd use something other than ZoneAlarm...I've read they're doing some tracking/spying of their own these days, I don't trust 'em.

 

[pikachu656]

scanned for spyware?

 

[niggles]

Originally posted by: pikachu656
scanned for spyware?

Yes, it's part of Norton, it doesn't find anything. It's funny, that virus mentioned earlier isn't even a virus that Norton scans for. They have a seperate scanning program that is used to find that virus. For what ever reason when I run it the virus can't be found.

I'm currently on the phone with Dell to try and find out if this is something their software does but they are telling me that I have to call all the software vendors that they use. I'm saying why would I bother going and buying a Dell if I can't go to them with my issues... I mean seriously, I'd of bought a barebones Asus if Dell wasn't going to support me. Arrggg... Anyway, I formatted again last night, ONLY installed Norton and sure enough the IP is back listenening. I sent an e-mail to Norton on Tuesday and they haven't sent me anything since.

I'll give Zonealarm a go. I'd rather have them listening to me than some unknown IP in Taiwan.

 

[BadThad]

Originally posted by: BSEagle1
I'd use something other than ZoneAlarm...I've read they're doing some tracking/spying of their own these days, I don't trust 'em.

FIXED

 

[BadThad]

Originally posted by: niggles

Originally posted by: pikachu656
scanned for spyware?

Yes, it's part of Norton, it doesn't find anything. It's funny, that virus mentioned earlier isn't even a virus that Norton scans for. They have a seperate scanning program that is used to find that virus. For what ever reason when I run it the virus can't be found.

I'm currently on the phone with Dell to try and find out if this is something their software does but they are telling me that I have to call all the software vendors that they use. I'm saying why would I bother going and buying a Dell if I can't go to them with my issues... I mean seriously, I'd of bought a barebones Asus if Dell wasn't going to support me. Arrggg... Anyway, I formatted again last night, ONLY installed Norton and sure enough the IP is back listenening. I sent an e-mail to Norton on Tuesday and they haven't sent me anything since.

I'll give Zonealarm a go. I'd rather have them listening to me than some unknown IP in Taiwan.

Dell support is really only for hardware issues. They are pretty much worthless anyway. Troubleshooting a problem like this is far to time-consuming and complex for a phone support person anyway.

 

[niggles]

Well it's been figured out so not to worry. On the Dell point, I wasn't actually looking for them to trouble shoot anything, I was simply asking what a standard image should listen for if you run a netstat -a This is info they should simply have available to them as part of the software config.

 

[BadThad]

Originally posted by: niggles
Well it's been figured out so not to worry. On the Dell point, I wasn't actually looking for them to trouble shoot anything, I was simply asking what a standard image should listen for if you run a netstat -a This is info they should simply have available to them as part of the software config.

What was the problem?