part 1
I ran Ethereal to look at some unexplained and unexpected activity, and this capture.jpg was my result.
To my eye, it sure looks like an internal program has spontaneously decided that it needs to connect to 132.243.85.136
My understanding is that it has performed a DNS lookup of the address (which failed) and no actual connection attempt has taken place.
Concurrent with these lookups, I am manually blocking an outgoing connection attempt on port 139 with Kerio(so obviously that's not showing up in the packets).
Here's a kicker, though .. DNS requests on 3000 unique addresses, at an active rate of 70 requests per second!
edit: The requests are ###, but Kerio only picks up a couple of them trying to actually connect, and that seems to be one at a time and infrequent - haven't figured out what's up with that yet
Given the evidence, and assuming I have read this log properly, I can only assume that my computer is infected with something highly undesirable. Can anyone assess the soundness of that assumption for me?
If I am incorrect, there's no point reading beyond this line
part 2
Assuming the above, I would like to not only disinfect my system, but determine the source of the problem. Unfortunately, my running processes are all legit, and I have run the following software:
AVG
F-Secure AV
Kapersky AV
avast AV
adaware SE
spybot s&d
zero spyware
pest patrol
spysweeper
hijack this
tds-3
None of which have turned up *anything* suspicious or malicious.
At this point, I am severely tempted to back up my system, open up my firewall, and sniff packets for a couple minutes in the hope that the results will shed some new light on what is happening. Of course, since I don't know much about networking, this would probably be a futile effort
If anyone out there has any suggestions that sound more rational, I'd really appreciate hearing them
I ran Ethereal to look at some unexplained and unexpected activity, and this capture.jpg was my result.
To my eye, it sure looks like an internal program has spontaneously decided that it needs to connect to 132.243.85.136
My understanding is that it has performed a DNS lookup of the address (which failed) and no actual connection attempt has taken place.
Concurrent with these lookups, I am manually blocking an outgoing connection attempt on port 139 with Kerio(so obviously that's not showing up in the packets).
Here's a kicker, though .. DNS requests on 3000 unique addresses, at an active rate of 70 requests per second!
edit: The requests are ###, but Kerio only picks up a couple of them trying to actually connect, and that seems to be one at a time and infrequent - haven't figured out what's up with that yet
Given the evidence, and assuming I have read this log properly, I can only assume that my computer is infected with something highly undesirable. Can anyone assess the soundness of that assumption for me?
If I am incorrect, there's no point reading beyond this line
part 2
Assuming the above, I would like to not only disinfect my system, but determine the source of the problem. Unfortunately, my running processes are all legit, and I have run the following software:
AVG
F-Secure AV
Kapersky AV
avast AV
adaware SE
spybot s&d
zero spyware
pest patrol
spysweeper
hijack this
tds-3
None of which have turned up *anything* suspicious or malicious.
At this point, I am severely tempted to back up my system, open up my firewall, and sniff packets for a couple minutes in the hope that the results will shed some new light on what is happening. Of course, since I don't know much about networking, this would probably be a futile effort
If anyone out there has any suggestions that sound more rational, I'd really appreciate hearing them
Facebook
Twitter