Over 1 million tech questions and answers.

Incoming ARP flood

Q: Incoming ARP flood

Hi, techguys!

I need help with the following problem. I'm on a LAN provided by my ISP, but the LAN is very hostile (when I first connected two years ago, I got hacked within something like 15 minutes). I have closed all my ports by disabling all kinds of Windows XP services (Home) and I installed Jetico Firewall, which I think is really good. I log everything, allowed and blocked traffic.

Jetico allows one to see ARP packets going out and coming in. And that's where my problem lies: Almost nothing goes out, but every second, I get about 8 ARP packets! That seems like very much. No addresses on this LAN are trusted. I have disabled NetBIOS and even uninstalled Microsoft Client from the Internet Connection.

I was wondering if there is a way to somehow regulate this traffic. I've tried blocking the packets, but the Internet connection went dead.
Isn't there a way to limit this traffic? Maybe by hardcoring the gateway's and DNS servers' MAC addresses? If yes, how do I do that?
In the command line it says that my gateway MAC is dynamic. Does that mean I have no control over this crazy stuff?
And how can I determine the MAC of my DNS servers?

I have Ethereal installed, but I have no idea whatsoever what to do with it besides watching all those packets come in. I was alarmed by the administrator of firewallleaktester[dot]com that when I registered there for the mailing list, his logs showed some specially crafted packets that 'could only be the result of a deliberate hacking attempt'. I checked my computer with all kinds of anti-this and anti-that. My computer seems to be perfectly clean.

D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.C) Fast Ethernet connection with limited speed but unlimited traffic.
Windows XP SP2 (licensed and up-to-date) configured in accordance with the CIS benchmark recommendations
AMD Athlon 2004+

Paul Wynant
Moscow, Russia

RELEVANCY SCORE 200
Preferred Solution: Incoming ARP flood

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Incoming ARP flood

Read other 6 answers
RELEVANCY SCORE 54.8

im having
syn flood ,
tcp udp basedportscan
lan-side udp flood,
ip fragmented packet
problems
how do i stop this where its comming from,
my internet become verry verry verry slow normal i can download at 7mb's now im downloading at 43 kb/s! on steam.
my connections randomly stops working
after i click on fix this connetion my pc is freeze i need to force shutdown and reboot.
 
 
can someone help me avoid and fix those problems pls

A:Syn flood lan-side udp flood etc requesting fix

Hi,
If I were to make a guess as to the problem I'd say you have been infected with some malware.
What security software is installed and current?
Have you run any scans with it or any of the other available free scanners?
Keep us posted

Read other 3 answers
RELEVANCY SCORE 49.2

Hello:

My husband and employer both sent me an email that shows the correct date in the email time line, but Outlook shows a recieve date of April 2008.

It doesn't happen on every email, just some. We've all checked our clock dates and their correct. Talked to my Internet Service Provider and they said it was an Outlook problem.

Any ideas?

Thanks,

A:Incoming email randomly shows incoming date 04/08

Hi helpcook, you dont mention what version of Outlook you are running but this link is the same for most versions http://support.microsoft.com/kb/q197717/ Also check Windows control panel>date & time>time zone. Make sure all is correct.

Read other 2 answers
RELEVANCY SCORE 40.8

just wondering if anyone has any information about a "TCP SYN Flood" and how I could get rid of what-ever is infecting on my computer, I am running windows XP and I am running Blackice firewall.

I un-installed norton's antivirus thinking that could be the problem but it isn't the problem is still there. I ran a scan of my computer but it pulled up no virus's.

I will post what services I have running later as I'm at work atm.

TIME: 228h 12m UPLOADED:1115.54 MB DOWNLOADED:359.81 MB from
18 May 2004 to Thursday, 17 June 2004

regards
matt
 

Read other answers
RELEVANCY SCORE 40.8

hi, i scanned my computer w/ mcAfee and it picked up the trojan IRC/Flood.dz and will not take it out of my computer. How can I manually remove the trojan?

-Kev
 

A:IRC/Flood.dz

Search your file for porno.exe and delete it
Search for and delete explorere.exe
Delete any of these that appear on your computer:
1349.reg
397.reg
ico.ico
Rregedit.dll
system.exe
temp.mvr
win.hlp
Wwindos.dll

Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here

 

Read other 3 answers
RELEVANCY SCORE 40.8

UDP from 67.23.24.254 to local port 51106 Denied: Scan.Generic.UDP 9/2/2012 12:42:44 PM
UDP from 41.226.27.181 to local port 53007 Denied: Scan.Generic.UDP 9/2/2012 12:41:36 PM
UDP from 50.19.114.163 to local port 8113 Denied: Scan.Generic.UDP 9/2/2012 12:41:23 PM
UDP from 50.56.222.4 to local port 50242 Denied: Scan.Generic.UDP 9/2/2012 12:41:18 PM
UDP from 67.23.24.254 to local port 4067 Denied: Scan.Generic.UDP 9/2/2012 12:40:19 PM
UDP from 50.56.222.4 to local port 22152 Denied: Scan.Generic.UDP 9/2/2012 12:39:17 PM
UDP from 41.226.27.181 to local port 41211 Denied: Scan.Generic.UDP 9/2/2012 12:39:14 PM
UDP from 50.19.114.163 to local port 9685 Denied: Scan.Generic.UDP 9/2/2012 12:38:43 PM
UDP from 67.23.24.254 to local port 9482 Denied: Scan.Generic.UDP 9/2/2012 12:37:53 PM
UDP from 50.56.222.4 to local port 25854 Denied: Scan.Generic.UDP 9/2/2012 12:37:15 PM
UDP from 41.226.27.181 to local port 62762 Denied: Scan.Generic.UDP 9/2/2012 12:37:01 PM
UDP from 50.19.114.163 to local port 23675 Denied: Scan.Generic.UDP 9/2/2012 12:36:16 PM
UDP from 67.23.24.254 to local port 65491 Denied: Scan.Generic.UDP 9/2/2012 12:35:44 PM
UDP from 50.56.222.4 to local port 25628 Denied: Scan.Generic.UDP 9/2/2012 12:35:14 PM
UDP from 50.19.114.163 to local port 23788 Denied: Scan.Generic.UDP 9/2/2012 12:34:14 PM
UDP from 67.23.24.254 to local port 59875 Denied: Scan.Generic.UDP 9/2/2012 12:33:44 PM
UDP from 41.226.27.181 to local port 14495 Denied: Scan.Generic.UDP 9/2/2012 ... Read more

Read other answers
RELEVANCY SCORE 40.8

New Member here - I have tried to solve this problem via internet search and my own uninformed efforts - without much luck.-- Hoping someone here can help me. If this isnt the right forum for this question please advise. I have had a home network with a older Belkin router serving 2 wireless PC's (family) and one wired (my main PC). Am using standard DHCP modes etc .Some time ago we started experiencing occasional strange outages on the PC's for which I had no good explanation -- IE would just quit working for no obvious reason and the PC would need to be rebooted etc to get IE browser connections. Shortly thereafter my son's PC obviously became infected ( Happy 888 plus other gremlins) - which got me seriously involved with finding out what was going wrong. I have cleaned all 3 PC's using all the usual cleaners and HJT, while keeping the wireless PC's offline. This is when I was able to catch the current problem ( I think) on my wired PC [WinXP S1A]. Whatever the problem, it has been shutting down the IE connection about once a day. After a recent shutdown I looked at the security log of the router and this is what it revealed: (xxx.xxx. my revision)

2007/05/23 12:13:09 ** TCP SYN Flooding ** <IP/TCP> 199.203.243.104:80 ->> 76.187.xxx.xxx:46029
2007/05/23 12:14:18 ** TCP SYN Flooding ** <IP/TCP> 192.168.2.4:3286 ->> 199.203.243.104:80
2007/05/23 12:14:49 ** TCP SYN Flooding ** <IP/TCP> 192.168.2.4:3358 ->> 199.203... Read more

A:TCP SYN FLOOD? I need help.

Read other 14 answers
RELEVANCY SCORE 40.8
Q: Flood

Samsung 40 gb hdd was is water for 2-3 days due to flood

no its not getting detected

i tried by changing controller card but no use
is there any way to recover data
 

RELEVANCY SCORE 40

Today I clicked on a link in an e-mail saying "You have a greetings card", but instead of it being from some stunning woman as I'd hoped, nothing happened except I got a Virus Alert from my AVG. (sniffle)
I ran two full scans to try to get rid of it but it won't go.
The scan tells me the virus is a "Backdoor.Flood" whatever that means, and that it's sitting in my "C:\Windows\ststem32\script.ini" file.

The test result reads -
0 files healed successfully
1 file error while healing
Threats-1
Healed-0
Moved to virus vault-0
Deleted-0

So what shall I do now? (I'm PC-illiterate, Win XP Home)
Thanks

A:How To Get Rid Of Backdoor.flood?

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How To start Windows in Safe Modehttp://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Read other 5 answers
RELEVANCY SCORE 40

I've ran McAfee multiple times and the results are always the same: it find nothing, but always warns me there's a virus, then it makes me run the scan again and again. No matter what, McAfee doesn't seem to detect the virus. I'm assuming that the virus is IRC/Flood.cd.dr because that's what it says I have. It's really weird, and I'm thinking about dumping McAfee and getting Norton.

Here's my HighjackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 2:50:40 AM, on 1/8/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\crypserv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\apache2triad\mail\bin\XMail.exe
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD... Read more

A:Can't find a way to get rid of IRC/Flood.cd.dr

Read other 9 answers
RELEVANCY SCORE 40

When re-starting my windows XP, the desktop is filled with unwanted icons every time. over 2000 by now.
 

A:Flood of icons

It looks like something has taking over your system. Have you tried running any antiviral programs or spyware utilities like Adaware and Spybot. Another options is to download the program HiJackThis (http://www.majorgeeks.com/downloads31.html ) and post your results on the Security Forum
 

Read other 3 answers
RELEVANCY SCORE 40

Comming from somewhere and have followed all steps in your sticky now what?

Logfile of HijackThis v1.99.1
Scan saved at 5:07:28 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SIGMANEST\Binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\{B0A5AD2A-0711-1033-0727-051109040001}\Update.exe
\SERVER\Users\CWheat\MYDOCU~1\APPATC~1\rundll32.exe
C:\Documents and Settings\CWheat\Application Data\??pPatch\n?tdde.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe
C:\Documents and Settings\CWheat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
... Read more

A:Flood of stuff. Pls Help

Please do two things first....relocate HijackThis.exe to it's own folder, such as at C:\HJT. Having it on the desktop will make it more difficult to locate backups should the need arise.

Once it's in it's own folder, please rename HijackThis.exe to HJT.exe, run a new scan, save that log and post it here.

Read other 16 answers
RELEVANCY SCORE 40

When re-starting my windows XP, the desktop is filled with unwanted icons every time. over 2000 by now.
 

A:Flood of icons

It looks like something has taking over your system. Have you tried running any antiviral programs or spyware utilities like Adaware and Spybot. Another options is to download the program HiJackThis (http://www.majorgeeks.com/downloads31.html ) and post your results on the Security Forum
 

Read other 3 answers
RELEVANCY SCORE 40

Hello and I am hoping I have posted this in the correct forum. I contacted my Internet Company (Charter) and the tech told my I have some running called SYN Flood. Has anyone had a experience with is? The tech suggestion I delete my hard drive and re-install XP, although he said XP is an easy system to compromise. My question is there any anti virus application I can run to remove it. .......Thanks

A:Virus syn flood

Hello,A SYN Flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system. There are variety of solutions to fix this,such as, solutions that involve changing the operating system's TCP/IP networking. We need to see some more about what is on here.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

Read other 2 answers
RELEVANCY SCORE 40

I've recently switched from a BT homehub (which broke [stopped giving out more that 1 bar of signal]) back to our old Belkin router (model #F5D7632-4)

I can access the internet for about 5 minutes, before I lose it and get "could not connect" type messages from my browser. After investigating further I noticed something interesting in the routers security log, A UDP flood.. I'll put the log below:
Code:
03/31/2010 17:29:33 **UDP Flood to Host** 192.168.2.2, 56853->> 158.43.240.4, 53 (from ATM1 Outbound)
03/31/2010 17:29:32 **UDP Flood to Host** 192.168.2.2, 56853->> 194.72.0.98, 53 (from ATM1 Outbound)
03/31/2010 17:29:31 **UDP Flood to Host** 192.168.2.2, 56853->> 8.8.8.8, 53 (from ATM1 Outbound)
03/31/2010 17:29:22 **SYN Flood to Host** 192.168.2.2, 50549->> 72.21.81.133, 80 (from ATM1 Outbound)
03/31/2010 17:29:05 192.168.2.2 login success
03/31/2010 17:29:00 NTP Date/Time updated.
08/01/2003 00:00:16 If(ATM1) PPP connection ok !
08/01/2003 00:00:15 ATM1 get IP:86.146.56.136
08/01/2003 00:00:13 ATM1 start PPP
08/01/2003 00:00:13 ADSL Media Up !
08/01/2003 00:00:01 sending ACK to 192.168.2.2
There's also a SYN flood just before the others.

Anyone have a clue about why this might be happening? Am I at the receiving end of someone just having fun giving me a DDOS attack, or have I got a dodgy configuration somewhere. I've scanned my computer with AVG to no avail.

Oh, also, I can sti... Read more

A:UDP Flood attack

Read other 14 answers
RELEVANCY SCORE 40

Hi there. A few days ago while have problems viewing a webpage on firefox, I switched to Internet Explorer and was flooded with trojans and such. A whole load was blocked by my avast anti virus and a load of stuff was deleted by windows security. I decided to run combofix (was instructed to use it once before on this site to fix my last virus problem, updated for this use of course) hoping for a quick fix or just to see if everything was fine. Combofix detected rootkit activity and did the reboot. Problem is, at one scan stage a couple minutes in, my computer crashed with a BAD_POOL_HEADER error. This happens everytime I run it. All programs closed and anti virus off. The same thing happened when I tried to run gmer, although my computer crashes just running the .exe so I was unable to get that log.
I hope you can help, thanks for your time


DDS (Ver_10-11-05.01) - NTFSx86
Run by Paul at 4:20:58.25 on 06/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2485 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastS... Read more

A:malware flood

bumpo

Read other 2 answers
RELEVANCY SCORE 40

Hi,

My laptop (Dell Vostro 1500, XP) started freezing up yesterday and my AV began to notify me of all sorts of malware. I ran Spybot S&D in safe mode, and then again at start up - it caught a whole series of infections and supposedly fixed them. I ran it again and it detected no threats, but AV continues to note threats and there are all sorts of weird processes popping up on my task manager (odbnsy.exe, usr_.exe, etc.).

Help would be much appreciated!

Tried to run an HJT log after normal startup, but it keeps freezing up before completing. Here is an HJT log from safe mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:44 AM, on 2010-03-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
c:\documents and settings\philbo\rundll32 .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071023
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=1ACEEB-Hj5D5Lx14H2Aim1-PuVI
R1 - HKCU\Softw... Read more

A:Flood of Malware

Read other 16 answers
RELEVANCY SCORE 40

Logfile of HijackThis v1.99.1Scan saved at 02:00:47, on 27/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\VoyagerTest\fts.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\AOL\1165374413\ee\AOLSoftware.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlc... Read more

A:Backdoor.flood

Hello MickinPlymouthUK, I am SifuMike and I will be helping you. You will need to use Internet Explorer for this scan. Disable your antivirus program and go here to run BitDefender Online Scan. Click on I Agree. Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download and install AVG Anti-Spyware v7.5.After download, double click on the file to launch the install process. Choose a language, click "OK" and then click "Next".Read the "License Agreement" and click "I Agree".Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".After setup completes, click "Finish" to start the ... Read more

Read other 2 answers
RELEVANCY SCORE 40

Hello

I have a small server hosted on windows 2003 standard ed sp1 and since few days ago someone is flooding us through udp ports.

I have followed these guides

http://blog.larmib.com/2011/stop-outbound-udp-floods-on-your-windows-server-2003-or-2008/

and

http://www.serverintellect.com/support/windowsserversecurity/ipsec-blockip.aspx

but the upd flood still goes on.

I'm using outpostfirewall to see the packets and the ip that are flooding. svchost.exe is shown as flooded through UDP 123 port
Could anyone help me to sort this out?
Thank you
 

A:Windows 2k3 UDP flood, help please

Do you currently have your server configured to match time with the network via NTP? If not, turn the service off and simply shut down UDP/123 at your firewall.
 

Read other 1 answers
RELEVANCY SCORE 40

I have a slew of adware remover programs (spyboy S&D, ad-aware SE,AVG) and it's just not cutting it. im getting a fair amount of adds including the ever favorite ''your computer may contain viruses! click here to have it scanned for free!!!''...*sigh*. Any help would be GREAT.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lxdb\Ahqiruw.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Pro... Read more

A:Adware flood

Read other 6 answers
RELEVANCY SCORE 39.6

Can someone explain what a "detected syn flood attack" means?
lately I've noticed my broadband connection has slowed to a point where it is slower than dialup,pages take longer to load
and downloads are 1 or 2kbs or sometimes less than 1kbs when i should normally get around 30kbs
I downloaded a program called NNAgent and in the alerts it mentioned detected syn flood attack,is this a symptom of some malware on my computer or is the problem coming from my isp?
I'm using a WAG54Gv.3 wireless modem on windows xp
 

A:Solved: SYN flood attack

http://en.wikipedia.org/wiki/SYN_flood

usually not malware, but an attacker on the internet flooding your IP address with syn packets, otherwise known as a denial of service attack, contact your isp about it.

If you suspect malware download MBAM, manually update it after install and do a scan of your system, it is free.

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Free version has to be updated occasionally, and has to be done manually by you, and will only scan when you tell it to, the paid version has automatic updates and active protection.

.
 

Read other 3 answers
RELEVANCY SCORE 39.6

Hi,

I'm a Vista & PC newbie, as well as a newbie to this forum. Sorry in advance for such a long post.

I have a Sony Vaio NG31S, with Vista Home Premium & Service Pack 1. When my free Norton trial expired, I read reviews and bought Shield Deluxe, which seems to work well except for regularly saying that a mal-ware scan has not been carried out for (e.g.) 40 days when one has actually just been carried out.

Now the PC has gone crazy, with a constant barrage of Windows error messages piling up faster than I can delete them. Meanwhile, programmes won't load.

At first, the normal desktop was visible, I was able to set up an Administrator account and thanks to this forum try some possible solutions, such as 'restore' - but none have worked.

I had recently added updates from Apple for iTunes & Quicktime and suspected they may have conflicts, so I un-installed them - no change.

The most common error message is: 'Windows Problem Reporting has stopped working', but there are many others, such as 'Task Scheduler Engine' and many more landing on top of each other and all saying that various features have stopped working. These include System Restore, so I can't follow recommendations to carry out a restore.

I shut down last night and went to have another go tonight - this time, after signing in as Administrator again, I can only get a black screen with the Windows error messages coming thick & fast.

The Vaio came with Vista pre-loaded and no support disks. I... Read more

A:Flood of error messages

You can contact Sony and order the disks for a fee.

I would run Hard Drive Diags and Windows Memeory Diag

Also, I would get rid of and a refund (personal opinion) of Shield Deluxe.
I have seen this in the past, and I think it was the root cause of issues. But uncertain as it was a long time ago.

You should find out what manufacturer HDD you have and run those (ie: Western Digital, Seagate, Maxtor etc. [Toshiba Drives do not have diags available at all])

When you run the mem diag, after it starts hit "t" on the keyboard to run the advanced diags and let them run for no less than 4 to 6 hours.

Read other 9 answers
RELEVANCY SCORE 39.6

Hi, I've recently have noticed sluggish internet speeds. I decided to take a look at our router's activity and here is what I've found.

Is someone outside the network trying to flood and knock out our network? Or could it be coming from inside the network?

Belkin Wireless Router (G)

Devices Connected to Network:
WinVista Machine (Wired)
WinVista Machine (Wireless)
Ubuntu 9.10 Machine (Wireless)
Netendo Wii

From looking at the logs, what do you guys think?

01/01/2010 19:14:37 **UDP Flood Stop** (from PPPoE1 Inbound)
01/01/2010 19:14:37 **UDP flood** 111.255.128.179, 24086->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:36 **UDP flood** 119.247.47.56, 16776->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:36 **UDP flood** 41.78.17.132, 33837->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:35 **UDP flood** 68.74.114.75, 37193->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:35 **UDP flood** 85.93.202.69, 59963->> 70.227.26.248, 57890 (from PPPoE1 Inbound)
01/01/2010 19:14:34 **UDP flood** 210.24.242.95, 13181->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:33 **UDP flood** 219.79.209.182, 24528->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:33 **UDP flood** 60.26.145.174, 19327->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
01/01/2010 19:14:33 **UDP flood** 95.78.194.159, 58339->> 70.227.26.248, 57908 (from PPPoE1 Inbound)
01/01... Read more

A:UDP Flood? Is someone spamming our network?

Read other 6 answers
RELEVANCY SCORE 39.6

Hello and thanks in advance for the help:My Pc is infected with Backdoor.Flood. I have ran AVG several times but it was able to detect it only the first time. Nevertheless, Panda Activescan gives the following information:Incident Status Location Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe Adware:Adware/SaveNow Not disinfected C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\S-1-5-21-130597653... Read more

A:Infected With Backdoor.flood

Hello Mkrokes Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. ===== I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience. Stelios

Read other 1 answers
RELEVANCY SCORE 39.6

good day

my windows 7 x64 laptop is logging over 1300 event id 7036 on boot in a span of less than 30 seconds. It encompasses many different services all starting and stopping very rapidly. there used to be less than 100 of these after using the system for a whole day. the computer browser service seems the most frequent, and I have seen it start and stop 24 times in 1 second according to the logs. there are no errors in the logs.

has anyone experienced this? any idea what has caused this?

thanks in advance

A:event id 7036 flood

Is your laptop performing normally??Any new software installation might be causing this.I suggest you visit this link and read the comments below Event ID: 7036 Source: Service Control Manager

Here is another link from microsoft technet website.The poster has the same problem as you are encountering.
Windows 7 Home Premium - services keep stopping and re-starting - eventually lose all network connectivity and access to most system services

Let us know how it goes

Read other 9 answers
RELEVANCY SCORE 39.6

I've used Malwarebytes', SpyBOT and Avira for detections, but I guess there is still a rootkit or worm hidden.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Carlos at 8:10:44 on 2011-06-30
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2038.928 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:... Read more

A:Getting (UDP and SYN) flood on wireless router.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 16 answers
RELEVANCY SCORE 39.6

MY internet has been painfully slow of late and I managed to finally get inside the brain of my wifi router. I checked the log and noticed lots and lots of UDP Flood attack reports from many different IP addresses. Can someone tell me what this means and if it could be the reason my internet seems to be 5 times slower than usual? A

Also, is there anything I can do? I have a D-Link router.

Thanks!
 

A:UDP Flood - The problem with my interenet?

Read other 6 answers
RELEVANCY SCORE 39.6

Hi, I've recently had a computer on our network get infected with this trojan. I followed several steps posted elsewhere to remove it, but feel like the PC isn't completely repaired, as our network is rediculously slow. Any help would be much appreciated.

Chris
 

A:mirc/Backdoor.Flood

Please start a new thread with this description and a HijackThis 2.00.2 Log in the Malware Removal & HijackThis Logs forum here. They'll assist you in clearing any infection.
 

Read other 1 answers
RELEVANCY SCORE 39.6

Lately my internet connection has been realy slow at some times, when I try to download stuff though my browser [Firefox] I get a maximum of 10kb/s and Ive got a 10Mbs connection.
Ive check'd my computer with NOD32 and Spybot S&D, nothing found.
So I check'd my router event-log and I see there's a lot of tcp syn flood stuff, and yes its all comming from my computer [10.0.0.3].
I dont know if they have anything to do with each other.

Can anyone help me?

Router Event-Log:

Code:
01:08:31 (since last boot)IDS dos parser : tcp syn flood (1 of 1) : 10.0.0.3 83.211.226.46 0048 TCP 10973->80 [S.....] seq 1007159808 win 16384

01:08:11 (since last boot)FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 201.25.170.110 Dst ip: 80.202.39.187 Type: Destination Unreachable Code: Port Unreacheable

01:06:21 (since last boot)IDS dos parser : tcp syn flood (1 of 1) : 10.0.0.3 83.211.226.46 0048 TCP 10973->80 [S.....] seq 1007159808 win 16384

01:06:18 (since last boot)FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 201.25.170.110 Dst ip: 80.202.39.187 Type: Destination Unreachable Code: Port Unreacheable

01:05:13 (since last boot)FIREWALL icmp check (1 of 2): Protocol: ICMP Src ip: 58.153.104.83 Dst ip: 80.202.39.187 Type: Destination Unreachable Code: Host Unreacheable

01:04:12 (since last boot)IDS dos parser : tcp syn flood (1 of 1) : 10.0.0.3 83.211.226.46 0048 TCP 10973->80 [S.....] seq 1007159808 win 16384

01:02:01 (since l... Read more

A:Slow internet, tcp syn flood?

you might want to try a rootkit revealer:
http://filehippo.com/download_rootkit_revealer/

if you do a "ctrl+alt+del" and go to task mgr, how much of the CPU is being used?
 

Read other 1 answers
RELEVANCY SCORE 39.6

Okay so my computer has 50 mps download speed. However the frequency and network utilization is always maxed out. Also, i get pop-ups for poker and green cards USAGC. How do i fix this??? Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:11:04 PM, on 6/6/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16448)Boot mode: Normal Running processes:C:\Users\DM Gray\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exeC:\Users\DM Gray\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\PowerISO\PWRISOVM.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exec:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Users\DM Gray\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\DM Gray\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DM Gray\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DM Gray\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DM Gray\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DM Gray\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\DM Gray\AppData\L... Read more

A:USAGC Pop-Up and internet flood

I would like assistance with this problem rather than having to send it into an IT

Read other 3 answers
RELEVANCY SCORE 39.6

Hello and please please help me:
I just runned AVG and it detected 13 infections. I have a PC running with Microsoft XP. Please help me with this.
The result of AVG says it has found infected files in "DC21.exe" in the following folder:
C:/RECYCLERS/S-1-5-21-1305976535-2026448809-2224742899-1077

and..

C:/WINDOWS/system32/drivers/etc/cache08/NortonPID.hlp
C:/WINDOWS/system32/drivers/etc/cache08/ret.bat

This is my Hijack Log, please help me with this...

Logfile of HijackThis v1.99.1
Scan saved at 23:40:21, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\Tablet.exe
C:\WIN... Read more

A:Help against virus: Backdoor flood

Hi and welcome to the Security Forum.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

I will monitor this thread for your reply.

Thank you for your patience.

Read other 13 answers
RELEVANCY SCORE 39.6

Hello, I seem to have something a trojan called ... trojan.flood that my AVG antispyware 7.5 keeps finding, but cant get rid of. I have also found a strange entry on my hijack this log to... fir.exe & fixweb.exe? I tried looking it up, but found nothing. I'd appreciate any help thanks so much!




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\windowsupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\fir.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\fixweb.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrob... Read more

Read other answers
RELEVANCY SCORE 39.6

MY internet has been painfully slow of late and I managed to finally get inside the brain of my wifi router. I checked the log and noticed lots and lots of UDP Flood attack reports from many different IP addresses. Can someone tell me what this means and if it could be the reason my internet seems to be 5 times slower than usual? A

Also, is there anything I can do? I have a D-Link router.

Thanks!
 

A:UDP Flood - The problem with my interenet?

please do not dupicate threads - - closing this thread
continue here
http://forums.techguy.org/networking/891248-udp-flood-problem-my-interenet.html
 

Read other 1 answers
RELEVANCY SCORE 39.6

Ok so i've been playing xbox recently and been getting disconnected from Xbox live around every 10min while nothing else has been getting disconnected...I decided to check my router security log and found loads of UDP flood attacks on my router??

Firstly why is this happening? was it my fault?

Secondly how do i stop this?

Thanks in advance,
Luke.
 

A:My Router is being UDP flood attacked?!?

Read other 11 answers
RELEVANCY SCORE 39.6

Hi, Hope Someone can Help Me With Thiis One...Im Not The Brightest Bulb In The House when it comes To Computers.. But Im Trying to Learn, Im Stuck On E-mails.. I Receive Them With Full Headers And Just Like The People Who Send Them To Me, I Dont Know how To Remove Them,Would Like Just My Address To Show (Like It Should) When I Forward To Other Friends...Dont Want to Be Promoteing Spam For Other People.. I Know I Hate Opening Anything From Someone I Dont know who Got My Name Of A Forwarded E-mail... Can You Help Me? I Have Yahoo For My Mail, And In My Tools Cut Coppy And Paste Are shown in faded color. Tried Hilighting and Deleteing To No Avail.. Tryed Right Clicking,, Got Nothing?? Dont know What Else To Do.. If You Can help me With This It Would be Appreciated... And Please in Detail, Not Very Tec Minded Here... Thanks So Much
 

A:Lost In a Flood of Headers

Read other 9 answers
RELEVANCY SCORE 39.2

Hello,  I keep getting the following error message: A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Busevice:Function: 0x0:0x1C:0x5 Vendor IDevice ID: 0x8086:0xA115 Class Code: 0x30400  The details view of this entry contains further information. My Model: HP Pavilion Gaming 15 - ak000nh  It always happens after system start and I got thousands of entries. As I know I'm using the latest BIOS version F.71 which is not available on the download section anymore, neither this nor newer version. I'm using the latest drivers installed by HP Assistant, and I tried to update all of them induvidualy too. I also tried to reinstall the system and reset the BIOS to defaults including security settings. There was no effect I'm getting the message continuosly. Is there any solution? Is there any update that can help? I saw a few same post here with same models, if this a known issue I would like to know the exact way to solve this issue. Thank You

A:WHEA-Logger flood - Event ID 17

Its a hardware issue, software or drivers may not fix it, is it under Warranty? You can try reinstalling all the chipset drives found at link below.  http://support.hp.com/us-en/drivers/selfservice/HP-Pavilion-Gaming-15-ak000-Notebook/8610971/model/8...

Read other 9 answers
RELEVANCY SCORE 39.2

Has anyone heard of a virus that sends multiple copies of an email? I sent an email to a friend via "hotmail" and now, she is getting multiple copies of it. She's already received over 100 copies, and they keep coming - like every 15 minutes.

I got an automatic notice from the hotmail "postmaster" saying that my email was "delayed" and would be sent later!
So, possibly there is a bug in the hotmail side of it.
I've written to the hotmail people, but no response so far.

Does anyone know anything about this problem, or have any suggestions?
 

A:Virus? - Got email flood on Hotmail

Read other 7 answers
RELEVANCY SCORE 39.2

My Belkin Wireless N Router has been recently showing UDP Floods constantly coming from random IPs and random ports, and targeting only one of my computers. Here is the log from the router so far:Firewall Log06/15/2010 10:36:15 **UDP Flood to Host** 77.83.225.60, 35168->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:21 **UDP flood** 221.64.21.205, 11407->> 24.110.44.8, 9424 (from WAN Inbound)06/15/2010 09:23:21 **UDP Flood Stop** (from WAN Inbound)06/15/2010 09:23:21 **UDP flood** 123.192.210.21, 8080->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:21 **UDP flood** 72.189.117.247, 22887->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:21 **UDP flood** 112.118.146.203, 16707->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:21 **UDP flood** 24.185.249.57, 22303->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:20 **UDP flood** 94.96.170.111, 19505->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:20 **UDP flood** 86.11.91.87, 10772->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:20 **UDP flood** 111.224.3.108, 32768->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:20 **UDP flood** 121.117.85.41, 15072->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:20 **UDP flood** 81.227.130.18, 33006->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:19 **UDP flood** 113.4.196.166, 1483->> 192.168.2.2, 9305 (from WAN Inbound)06/15/2010 09:23:19 **UDP fl... Read more

A:Router showing UDP Flood from WAN Inbound

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 39.2

In my Hijackthis log below, you'll see a flood of entries like "O18 - Protocol: bw-0s". What are they? My Gateway WinXPPro desktop (750MB RAM) starts and runs just fine, and I'm willing to leave them alone, but they sure do look weird. Clue: The desktop is a gift from a friend and although he had deleted a lot of his files, he did not do a full re-install of XPPro. Maybe some old stuff got left on. (By the way, the keyboard and mouse are also the original Gateway.) And if you see anything else wrong, feel free to flame.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:20 PM, on 12/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Commo... Read more

A:Flood Of O18 - Protocol: Bw-0s Startup Entries

Hello glnzThose O18's were made by LogitechDesktopMessenger.LogitechDesktopMessenger.exe is a Logitech Desktop Messenger from Logitech.www.logitech.comLogitech Desktop Messenger (LDM) is a free service designed to deliver software support, news and information you can use. It ensures that you have simple, speedy, and effortless access to product upgrades, technology tips, and technology news and offers that are relevant to you. It delivers information right to your desktop, allowing you to take advantage of all of the advanced features of the Logitech products you own, while staying abreast of new computer-related product and service developments (Logitech and otherwise) that are applicable to your life.What does it do?Backweb Removal - This is very widely used among corporations like Kodak, WD and HP. The original intention of this program is to easily keep your applications updated without you having to do anything. The down side to this is many variants of are floating around and some collect information about you. It looks like the previous user of the computer removed the O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeand left the O18'sDownload CCleaner and install it. (default location is best). Do not run it yet! CCleaner Tutorial*******************************************Select the following with HijackThis. With all windows (including this one!) closed (cl... Read more

Read other 1 answers
RELEVANCY SCORE 39.2

hello....

recently I startd to face internet connectivity problems (web sites hardly load) then after some time I took a look at the modem log and ;I see "sync flood " or "ddos to xxx.xxx.xxx.xxx" (If you wish I can look at the log one more time and post the exact log here)... I scanned by virus programs, trojan remover etc. and I am using AVG 8 + PCTools Firewall.....

I can not solve this problem -- is there any way to handle thiss issue and delete the program / virus that makes the ddos attck?...

Read other answers
RELEVANCY SCORE 39.2

Hi:
I posted a thread previously and I just wanted to update you guys with new scans I have made on my computer. I apologyze for starting a new thread on the same matter, I didnt know if I should reply to myself on my previous post or start a new one (and I obviously chose the latter).

My first AVG scan told me my Pc was infected with Backdoor.flood
and apparently AVG was able to fix all of the infected files except for the one named "dc21.exe" which was found in the "recyclers" (?) folder.

I scanned my computer today with Panda Activescan and the result was the following:



Incident Status Location

Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\DaemonTools_WhenUSav... Read more

A:Is my PC is infected with Backdoor.flood virus?

Hello there:

I realized there is a new version of HijackThis.
This is the Log I get with the new version:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:22, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program File... Read more

Read other 2 answers
RELEVANCY SCORE 39.2

I just ran a virus scan under PC Tools Antivirus and here are my results.

PC Tools AntiVirus Activity Report
Generated on: 5/19/2008 4:59:41 PM

Scan Information:


Object Name Status Action Infection Date and Time


C:\WINDOWS\system32\oiib\exit.exe Infected Quarantined trojan: Trojan.Cloner.L 5/19/2008 5:28:42 PM







C:\WINDOWS\system32\oiib\x.q Infected Quarantined mutant: IRC.Flood.CJ 5/19/2008 5:28:47 PM







C:\WINDOWS\system32\cl Infected Quarantined mutant: IRC.Flood.CJ 5/19/2008 5:28:49 PM







C:\WINDOWS\system32\d Infected Quarantined mutant: Backdoor.IRC.Kelebek.O 5/19/2008 5:28:50 PM







C:\WINDOWS\system32\d.dll Infected Quarantined trojan: Trojan.DuckIRC.F 5/19/2008 5:28:51 PM







C:\WINDOWS\system32\col\jt1 Infected Quarantined mutant: IRC.Flood.CJ 5/19/2008 5:28:52 PM







C:\WINDOWS\system32\col\jt3 Infected Quarantined mutant: IRC.Flood.CJ 5/19/2008 5:28:53 PM







C:\WINDOWS\system32\col\win.dll Infected Quarantined trojan: Trojan.DuckIRC.F 5/19/2008 5:28:54 PM







C:\WINDOWS\system32\j44444m\b Infected Quarantined mutant: IRC.Flood.CJ 5/19/2008 5:28:55 PM



... Read more

Read other answers
RELEVANCY SCORE 39.2

Hi I'm new here so hope I'm posting in right forum. Correct me if I'm not.

I have 3 laptops an Ipad 2 and an Xbox which use a Belkin wireless router to connect to the outside world. My main PC is hardwired to router and so is my Humax HD TV Box.

The problem is we all keep losing connection together. It's almost become an hourly occurence. Sometimes more often and its driving us mad.

Whenever we lose connection the wireless is still showing as connected via the 192.168.2.1 login and all the lights are lit on thr router?

The router is a Belkin F5d7634-4 model.

All items are MAC address filtered. Security is set at WPA WPA2 Encryption Type AES and there is a password to use the router.

I've noticed when we all lose connection that the following is a typical security report from the router but I haven't the foggiest what its telling me. Is the info below the source of our trouble and if it is what's the likely cause please anyone?

07/28/2012 18:49:55 192.168.2.12 login success
07/28/2012 18:49:37 192.168.2.6 logout
07/28/2012 18:49:18 Duplicate user login from 192.168.2.12
07/28/2012 18:49:17 Duplicate user login from 192.168.2.12
07/28/2012 18:49:01 sending ACK to 192.168.2.12
07/28/2012 18:44:37 192.168.2.6 login success
07/28/2012 18:36:04 **UDP Flood Stop** (from ATM1 Outbound)
07/28/2012 18:36:02 **SYN Flood** 192.168.2.9, 49361->> 15.193.0.148, 80 (from ATM1 Outbound)
07/28/2012 18:36:02 **SYN Flood** 122.148.32.39, 52478-&... Read more

A:Intermittent Internet Loss - SYN FLOOD?

Read other 16 answers
RELEVANCY SCORE 39.2

Hi,

I'm running Windows Vista, and my system has been fairly stable for the last few months. I got a pile of strange bugs all popping up at the same time today, and I'm stumped-

1)Windows explorer crashes periodically, especially when opening items in the control panel. The "system" "programs" tabs refuse to open at all.
2)Some applications are reporting that my CPU does not meet minimum spec, saying it has a speed of 0.0 GHz.
3)Sophos antivirus refuses to start entirely, making a virus scan difficult
4)Itunes library was reported as damaged
5)Audio does not work for some applications.

32-bit Vista
Dual Core AMD 2.41 GHz Processor
2 GB ram
Geforce 8600 GT graphics card

HJT log attached
 

A:Sudden flood of problems with vista

Copy and paste you HJT log in the Malware and HijackThis forums....you are infected.
 

Read other 1 answers
RELEVANCY SCORE 39.2

This is not how I imagined I would end up spending my night, but alas. I hope to hear from you soon. I apologise if there is any information missing or erroneously provided.
 

A:rundll32.exe memory flood (SysWOW64)

Hello,
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Read other 0 answers
RELEVANCY SCORE 39.2

Hi,

I'm running Windows Vista, and my system has been fairly stable for the last few months. I got a pile of strange bugs all popping up at the same time today, and I'm stumped-

1)Windows explorer crashes periodically, especially when opening items in the control panel. The "system" "programs" tabs refuse to open at all.
2)Some applications are reporting that my CPU does not meet minimum spec, saying it has a speed of 0.0 GHz.
3)Sophos antivirus refuses to start entirely, making a virus scan difficult
4)Itunes library was reported as damaged
5)Audio does not work for some applications.

32-bit Vista
Dual Core AMD 2.41 GHz Processor
2 GB ram
Geforce 8600 GT graphics card

HJT log attached

A:Sudden flood of problems with vista

I also had several weird issues with Vista today. System had been running great all morning. I left the system running for a couple hours and this afternoon it was running like crap, sputtering and not responding on several programs.

Firefox 2.0.0.8 would not open up but was in the process list

IE7 32-bit would sit at connecting and not load up anything and would not close without killing the process.

IE7 64-bit worked but was slow and sometimes unresponsive.

Control Panel was slow and sometimes unresponsive.

Other programs that normally open up instantly were taking up to 10 seconds and may become unresponsive.

Shutting down the system and powering cycling all equipment did nothing. My other system on XP PRO SP4 was fine, no problems at all.

The only thing that I noticed that had changed, I still had auto update on and it had downloaded and installed KB929777. I uninstalled it and restarted. Nothing changed.

I reset IE7 back to defaults and flushed everything, no change.

Uninstalled firefox, downloaded a fresh copy and reinstalled. No change.

I ended up booting up the DVD and restoring the system to last nights restore point and everything is running great again. I also had to once again uninstall and reinstall firefox, it still wouldn't open, but reinstalling it fixed it this time. Weird...


Vista 64 Ultimate
Core 2 Q6600
4GB DDR2 8000
8800Ultra

Read other 6 answers