Over 1 million tech questions and answers.

Redirecting outbound IP requests

Q: Redirecting outbound IP requests

Hello,

I have an old but useful application that is attempting to access an internet IP address that has changed. I've used netmon and found that the application doesn't make a DNS query beforehand (so I can't redirect using the hosts file). I've also verified that the IP isn't configurable for the app (it must be compiled into the binary). The params for the query are the same at the new address, it's just the IP that has changed.

How can I force the windows IP stack to redirect the requested IP to the new one?

RELEVANCY SCORE 200
Preferred Solution: Redirecting outbound IP requests

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Redirecting outbound IP requests

I'd guess that the route command might do it, but I've never actually tried it.

Read other 2 answers
RELEVANCY SCORE 70.8

I have the Zone Alarm firewall and I have been getting outgoing requests to IP sites that I have blocked since I do not think that these are good sites.

A few months ago I was somehow infected by a Smitfraud trojan and I blocked all sites mentioned in bulletins as those that this trojan might call. I still get outbound requests to some of these sites. I may have been infected by other trojans as well....sites that I have blocked too. (Cadux family perhaps??)

The sites in question are realsearch.cc, www.nymex.com (I may have been infected by a unvise32.exe trojan variant), www.topadwarereviews.com, ecjnoe3inwe.com, among others. Zone alarm allows you to put in a web address and find the IP address.

I have tried to protect my computer as much as possible. I put on IE-Spy-Ad, SpyBot, SpyBlaster, and I try to use Firefox. I previously had Norton Internet Security and I now use a different Antivirus program. I have done numerous online scans Panda (Activescan2, nanoscan), BitDefender, Kaspersky, Trend-Micro among others and my computer seems clean at present.

How can I find out what is triggering these outbound requests so that I can put a stop to it.. Somehow I must have gotton a file, trojan, or registry key that has activated this behavior.

I have traced the outbound IP address from my Zone alarm log (program log). Is the IP address necessarily bad or could another computer be accessing mine through using those IP addresses?

Please advise!! Thank you.
 

A:Strange Outbound IP Requests Blocked by Firewall

Maybe you should post a HJT log.
 

Read other 3 answers
RELEVANCY SCORE 70.8

I was finally able to get all the spyware/adware off my computer, but there is still something wrong. It did something to block all outgoing port connections except for port 80. So basiclly only webbrowsing works. It even blocked port 443. I can't update any of my virus defs, as MS adware blocking, norton, ad-aware are unable to connect to the internet. I can't even connect to other computers using RDP.

I have tried to reinstall my nic card, I have reset winsock2, and I have looked at my hosts file. Everything seems to be there, but I still can't figure out what has been changed to block all these ports. I've also tried firefox, and I have the same problem. I am able to ping, and it is able to resolve DNS, but I can't connect to anything on any port other than 80. The spyware also messed up windows update, (maybe because it uses a wierd port to check for updates?) but I'll get to that problem later =/

I am running Windows XP Home, SP2.

Also, to the best of my knowledge, there is no spyware programs running as of right now. I have looked at every module running under every process, and they are all MS modules. So I'm pretty sure there is no active process running that is causing this, unless it installed a rootkit, and I'm not able to see all the running processes Thanks for any help.

Hope there is a way of fixing this without having to reinstall windows =/

Paul

EDIT - I know it's not a router problem, etc, because the other... Read more

Read other answers
RELEVANCY SCORE 60

I had a virus on Windows 7 and norton removed it. Now, when I type mozilla.org in the URL bar I get redirected to another site. This is quite annoying. The only place I know to check for this is in the hosts file but it seems benign. Please help. Thank You.I tried running gmer but I keep receiving errors when it runs so I'm posting what I have. Below are the hijack this log and dds log. The attach.txt is attached.The viruses/problems that Norton Removed have been: SpywareGuard200842441975-585950advmain.class78d6980a-35b72d9dvmain.classDWH2D74.tmp---------------------------------------HijackThis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:27:30 AM, on 8/4/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\MagicDisc\MagicDisc.exeC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\P... Read more

A:Firefox redirecting my url requests

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The... Read more

Read other 2 answers
RELEVANCY SCORE 38

What is the best way, on windows xp to monitor ur outbound internet connections..?
-blitze

PS
i have z/a firewall if that helps.
 

A:outbound?

.. you could try Ethereal

http://www.ethereal.com/

Very popular amongst network administrators

Cross platform
It's free
Open-source
 

Read other 2 answers
RELEVANCY SCORE 37.6

Hi to all. I am currently using Comodo as my firewall and Avast free as my AV. My operating system is Win 7 sp1. When I open Firefox, my outbound connections will go up. I understand,but, when I go to a website it will go up to 200 connections. The highest I have ever seen was 863. I have scanned with Malwarebytes(normal and in safe mode), Superantispyware both ways, Norton power eraser, Avast, Eset, Hitman pro, Malwarebytes anti root kit, Kapersky's anti root kit, Trend Micro,s housecall and have not found anything evil lurking on my computer. When these connections are high my CPU usage will be at 100% and the computer is useless. After a couple of minutes they go down to 50 outbound and can continue using my computer. I am connected to my providers modem via an EA3500 router for the hardware firewall. I have my HP and Alienware laptop connected to said router and both exhibit the high outbound connections. I have searched the internet but couldn't peg anything to this .Any ideas?

A:Over 800 outbound connections

Someone should have had you repost in another area for a deep look.. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.If you cannot get DDS to work, please try this instead.Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.Link 1 for 32-bit versionLink 2 for 32-bit versionLink 1 for 64-bit versionLink 2 for 64-bit versionThis tool needs to run while the computer is connected to the Internet. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.Vista/Windows 7 users right-click and select Run As Administrator.Read the disclaimer and click Continue.When the scan is complete, a text file named log.txt will automatically open in Notepad.Another text file named info.txt will open minimized.Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.Important: Be sure to mention that you tried to follow the ... Read more

Read other 3 answers
RELEVANCY SCORE 37.6

All,

I am looking for a router solution that supports both inbound and outbound one to one NAT. As the project is cost sensitive, I am looking for the lowest line of product that supports this. I tested a Netgear and its one to one NAT is inbound only and apparently they don't have an outbound NAT.

Can anyone assist or point me to a router that offers this capability?

Thanks

Scott
 

A:Inbound and Outbound One to One NAT

Read other 8 answers
RELEVANCY SCORE 37.6

When sending an outgoing email it is undelieverable. Here is the message that I receive. 550 5.7.1 <[email protected]>... Relaying denied. IP name lookup failed [152.44.65.250]
need help
 

Read other answers
RELEVANCY SCORE 37.6

Ok, here we go...Win2kS SP3, 2 NICs, DSL connection shared via proxy server/clients. When installing VPN manually (without using the wizard - as per M$) everything goes fine. The RRAS service starts and thats when it happens. No clients on the LAN can access internet/email. There is not even a VPN connection made yet. Disabling the RRAS service restores LAN client connections. Am I missing something? I d/l M$ "configuring a vpn solution.doc" and went step-by-step but am still unable to figure out what my problem is. Any help is greatly appreciated.

Thanks,

Drew
 

A:VPN and Outbound Connection

Is your goal to make the VPN connection with your proxy?

If so... go into the vpn connection properties and disable 'use default gateway on remote network' option.

Do you want to share this VPN on your proxy with other computers on your network too? I think you can do... you will have to bridge your internal LAN connection to the VPN.

If you clarify I can probably give you better advice.
 

Read other 2 answers
RELEVANCY SCORE 37.6

Hi,
I am using Comodo Internet Security Premium 10. It is showing a lot of outbound traffic from my machine even if I am doing nothing at all. !!!???
I've terminated the connections but they come back. It was up to 59 when I started to come her then 38 after I logged in now it is 16 no its gone down to 11. !?!?!?!

I need to understand what these outbound connections are. How to determine the function of each instance so I can choose to stop them if I want to.

Lenovo 64bit intel i5 7200
Win 10 Home
ff 52.0

Read other answers
RELEVANCY SCORE 37.6

Okay, so this is starting to become extremely annoying.  I've usually been able to remove any sort of threat no problem but can't figure out how this one is getting through and nothing seems to block it.  I recently had my SSD drive fail, so i had to format and reinstall windows on my 2 TB drive.  I used my windows 8.1 Pro 64 iso that I downloaded from microsoft itself, created a bootable usb stick, installed fine.  But kept getting these popups and malicious website protection from malwarebytes showing this same IP address over and over again.  So I decided to attempt to install windows off my disc, which has a few scratches so it can be a pain.  ERverything back up and running again and still, same thing.  After installing windows, i did all the updates first, then moved onto malwarebytes, then to my gpu driver from amd.  Not sure how these still pop up.  Now that I have everything installed that I did before, when i run steam (which i believe uses iexplorer) i get pop ups inside steam through the browser telling me to click here to update FLV player and all this junk.  Malwarebytes comes up with 0 infections, defender shows 0 infections, i had BitDefender internet security suite installed which also showed 0 infections (no longer installed).
 
malwarebytes when browsing the web shows this
 
Detection, 5/21/2014 1:12:36 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, ... Read more

A:Need some help, onclickads.net outbound

Disregard needing help.  I seemed to have fixed it by resetting my router settings.  I suppose it's possible my router was comprimised.   I changed my password, which was different than the default, changed my static dns servers to opendns, and turned off web access for the router.   I also updated my network adapter dns to the same as well.  No more popups or outbound/incoming connection warnings from malwarebytes.
 
Sorry for the post, but i think its safe enough for me to assume this issue has been fixed.

Read other 2 answers
RELEVANCY SCORE 37.6

When using the current version of Firefox browser, my Comodo Firewall shows 60 to 80 outbound connections and 0 inbound connections. Checking the log shows a variety of IP destinations for these outbound connections. I run a number of Malware programs and use Comodo anti-virus and all seem to show the system clean. The outbound connections are from Firefox, Window Mail and svchost.exe. Is this normal or should I be looking for a problem? The connections can drop down to 1 or 2, then go back up. Thanks for any help. Chuck

A:Outbound Connections

Browsers can create lots of outbound connections depending on what site(s) you're visiting. Some sites create only 1 or 2 connections while others might create much more. It has do to with how every web page is built and the content in it - if it's from the same site or from an external site: advertising, images, videos, javascript etc. Browser plugins can create connections too. And the OS, and your AV etc.
And if you have more than 1 window/tab open you'll see more connections of course. Restart Firefox and visit one site at a time and you'll see the difference.

An outbound connection is when a program on your computer makes a connection to the outside.
An inbound connection is when something outside of your computer tries to connect to it. For example if you had a local web server running on your machine and people could connect to it from the Internet. If you have a router that blocks all incoming traffic you'll never see inbound connections from the Internet, but perhaps from your local network.

Read other 2 answers
RELEVANCY SCORE 37.6

Hello dear Gurus,

I hope you can help me. I've tried quite many things to solve the issue myself, but it looks like only gents like you can.

Here's what's happening..

Since a few days, my PC tries to connect to many many external IP addresses, initiating Outbound TCP connections with remote port 25. I'm quite always connected to the Net thru my ADSL line at home.

I noticed the above since Norton Internet Security kept on checking "Outgoing emails" ??? from me, but I wasn't using email.. :(

From that point on, I performed the following. Hope all of this can help you.

1. Full deep scan with Norton Antivirus -> Nothing found.
2. Installed Kaspersky Internet Security and blocked outbound TCP to port 25 just to avoid spamming around.
3. Full deep scan with kaspersky -> Nothing found.
4. Full deep scan with Panda and Online Panda -> Nothing found.
5. Full deep scan with AVG -> Nothing found.
6. Full deep scan with Spybot S&D.... FOUND Spy Sheriff and Removed..!
7. Cleaned files, registry, etc etc with CCleaner several times.
8. Checked again with the firewall :( :( SVCHOST still trying to connect to remote port 25 to many hosts all over the words :(

At this point I run HijackThis V2 and also Deckard's System Scanner

Hereafter and attached all the logs you may need.

Let me thank-you beforehand and wish in the meantime a Merry Xmas and Happy New Year.

TSC

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:32... Read more

A:Please help - Outbound to Port 25

Hello,

I wanted to add a new piece of information. The worm has changed behaviour. After I blocked port 25 TCP outbound, it started trying to connect to port 80 Outbound TCP and no more tried with port 25. Looks like it detected that I was blocking port 25..

I created a new firewall rule to block SVCHOST connect to remote port 80 as well..

PLEASE HELP!!

Thank-you!

TSC

Read other 12 answers
RELEVANCY SCORE 37.6

Hi,
Really sorry to put on you guys but i have a few concerns. I normally solve all my pc issues myself but am baffled by this one. I am running kaspersky 2009, on an XP machine. My PC intermittently runs very very slow. I can be surfing a few websites, and the task manager will show that IE is using upto 250,000K Mem Usage. But yet IE is not open.
If i check Kaspersky's Network monitor, i get a list of IP Addresses in Outbound Streams to External IPs. Many of which seem to be the google homepage. One was a5.creativecommons.org which i have never visited.
I'm not very technical, this is as far as i can go. This happens on a regular basis. I can close all windows and then check task maager, it will be showing around 35,000K Mem usage. even though it is closed. And then out of nowhere, these outbound streams all opened. Should i be concerned?

Have screen printed for reference.

A:IE Outbound Streams

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 37.2

Hi Guys,
I did pass the following request to MS newsgroup. 3-4 days passed and nobody answered
I am not surprised . I hope I'll get some clue in this forum.
{XP Pro, SP2}
The following happened after applying latest MS Update, 15/08/2007 (9 security tampons )
To different firewalls give very frequent and similar alerts involving
svchost.exe, services.exe and C:\Windows\explorer.exe
for example:
IP: 203.206.129.49: http(80) - TCP
The addresses are, e.g.:
203.206.129.49
203.206.129.25
203.206.129.51
.etc. - those are "Asia Pacific Network Information Centre".
When I block many of those, another group starts to annoy me, like:
65.55.184.221
207.46.209.126
.etc. those are "Microsoft Corp".
I am blocking them too
Next time I restart there will be another range of addresses with mentioned
OrgNames, like:
210.9.72.177
210.9.72.169
207.46.209.126
I block them and everything is working fine after that ... but it is
annoying.
Can anybody, please, give me some ideas why such behaviour (unseen before
here) emerged after the last MS Update?
What this new uptate may need to report so insistently
The last thing to add (despite it may not be relevant) - explorer.exe by
itself is blocked In/Out by me long time ago.
====
In addition to the above.
I ran the latest security update for Win 2000 Pro box on the same network
(it was switched off for couple of days).
Peace and quiet. Nobody is trying to go out.
Windows explorer is blocked by firewall on that computer ... Read more

A:outbound activity after last MS Update

Read other 12 answers
RELEVANCY SCORE 37.2

Hi All,

I'm setting up a firewall to block P2P and other unwanted uses.

Rather than blocking known P2P ports, I am going to close everything and open required ports. Can anyone add to or edit the list below for me:

Essential
HTTP: TCP 80
HTTPS: TCP 443
DNS: TCP/UDP 53
POP3: TCP 110
IMAP: TCP 143
SMTP: TCP 25
 

A:Required outbound ports

Here's what I've come up with so far. Any advancements, especially to the 'Essential' category?
Code:
Cat Sevice Type Server Port
Essential DNS TCP 53
Essential HTTP TCP 80
Essential HTTP TCP 8080
Essential SSL TCP 443
Essential SSL TCP 8443
Essential POP3 TCP 110
Essential IMAP TCP 143
Essential SMTP TCP 25
Essential Secure IMAP TCP 993
Essential Secure SMTP TCP 465
Essential Secure POP3 TCP 995
IM IRC TCP 6667
IM Yahoo TCP 5050
IM MSN TCP 569
IM MSN TCP 1863
IM AIM TCP 5190
P2P Kazaa UDP & TCP 1214
P2P eDonkey UDP & TCP 4661 4672
P2P WinMX UDP & TCP 6257
P2P WinMX UDP & TCP 6699
P2P BitTorrent UDP & TCP 6881 6889
P2P Gnutella UDP & TCP 6346 6348
P2P Share Direct UDP & TCP 2705
P2P Grouper UDP & TCP 8038
Useful Cpanel TCP 2082 2083
Useful FTP TCP 21
Useful NIST Time UDP 123
Useful RDP TCP 3389
Useful Daytime Time TCP 13
Useful Xdate Time UDP & TCP 37
VPN IPSEC ESP TCP 50
VPN IPSEC AH TCP 51
VPN IPSEC UDP 500
VPN IPSEC NAT UDP 4500
VPN L2TP UDP 500
VPN L2TP UDP 1701
VPN PPTP TCP 1723
VPN PPTP GRE 47
VPN Kerberos UDP & TCP 88
 

Read other 3 answers
RELEVANCY SCORE 37.2

I came across an interesting anomaly the other day.

I was reviewing our usage graph for the past few days, and noticed something odd. For the past week, we have had 24 hours of steady outbound traffic. It is very minimal as far as bandwidth goes, only 0.6kbps/s or so. But it never falls below that and it never stops.

I am about 99.9% sure we don't have any nasty virii, as we are running Symantec Corp AV, and have tested negitive for Netsky. Wa also have a SOHO 6tc with all outgoing ports closed but HTTP, HTTPS, DNS, and FTP.

What else could be causing this outbound traffic? I do have one pesky user who seems to always 'forget' to log off at night. He leaves his streaming music running 24/7. Drives me crazy. Could that be it?
 

A:Mystery outbound traffic

Can you put either a sniffer or network monitoring software on a computer. Easy way to see what traffic is coming and going from each computer.
 

Read other 3 answers
RELEVANCY SCORE 37.2

I've been advised that I might want to consider an outbound firewall.

1. I have BD TS2016 (which replaces Win Defender inbound firewall) and I have WebRoot SecureAnywhere AV. Previously I thought the latter had an outbound firewall component as per its website, but apparently WR SA does NOT run an outbound firewall on Win 8.1 or Win 10, which they do NOT make very obvious (the program for example says firewall is active... but as per their own comments the firewall does not work on the most recent versions of Windows.

I'm not very worried about information theft so I'm listing this as a low priority issue, but if I DID want an outbound firewall (assuming nothing complicated like a hardware setup) what would the options be?

2. I was thinking that Comodo firewall (which is free) probably has an outbound firewall component (though I wasn't 100% sure about this), and if it does... I imagine I would need to turn OFF BitDefender's Firewall. I've been thinking this might be the best solution given Comodo Firewall has a pretty active userbase and seems well respected.

3. Still, I don't know if I really want to add more software just to get an outbound firewall.

Thoughts?
 

Read other answers
RELEVANCY SCORE 37.2

For some reason the past couple times I have re-started my computer, I have been getting 1 of 2 error's, they both have the same effect. If I have any programs running the outbound sounds work's on those programs, however once of the 2 error's occur any programs loaded after that will not do any outbound sound.

szAppName : svchost.exe szAppVer : 5.1.2600.5512
szModName : kernel32.dll szModVer : 5.1.2600.5781 offset : 00012afb

C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERf48a.dir00\svchost.exe.mdmp
C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERf48a.dir00\appcompat.txt

szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : unknown
szModVer : 0.0.0.0 offset : 001a6f64
C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERa19b.dir00\svchost.exe.mdmp
C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERa19b.dir00\appcompat.txt


Those are the error's that occur.
 

A:Outbound Sound Error

sounds like you have a bad application thats trying to use the sound card and causing conflicts, or a bad driver.

First, I am not sure if those errors are generated into the temp folder, or if its something in the temp folder thats causing the errors, So Delete your temp internet files. see if that solves the problem.

If not, go to the control panel add remove programs, and see if anything in there that you added reciently is causing the problems, by uninstalling it, ( if you uninstall the program, you may need to get it back, so be sure you know what it is your uninstalling, and how to get it installed again). Its also a good time to take out the old programs you dont use or need anymore.

If whats listed above doesnt solve the problems, then go back into the control panel, and go into the SYSTEM, and then device manager, look for the sounds driver section, (it might have a yellow question mark by it), right click them and update the drivers.
 

Read other 3 answers
RELEVANCY SCORE 37.2

This started a good 2 months ago, was off and on at 1st, just thought it had to do with server problems. Recently I've been not able to send any mail at all thru outlook or thunderbird.

Outlook error is - unable to connect to server - error 0x800ccc0e

Thunderbird says server may be unavailable or refusing connections.

AV disabled, no mail scanning, no router, etc...

SMPT set to mail.adelphia.net port 25

adelphia on-line mail works fine

Nothing stands out over the last 2 months as being problematic. Any ideas? Adelphia tech support said it was Outlook... then when I said it happens on thunderbird.. they said it's probably my computer?

A:Outbound Email Errors

Jack,

what anti virus are you using?

most antivirus programs scan all email outbound on port 25 if the Av program has become corrupt or you are not using one, you may be infected by a virus.

seeing as both of your email programs are having problems, Adelphia might be correct in saying that your computer has the problem.

OF

Read other 3 answers
RELEVANCY SCORE 37.2

Hi, I'm hoping someone can help with this.  Every 10 minutes, exactly, I see 5 pop-ups in the lower right corner of my screen.  They are generated by MBAM.  I've inserted a sample of the warning below.  They are always for the same IP addresses, which are as follows:
 
5.150.195.167      0427d7.se
185.57.82.55        movie4k.to
91.202.63.7          cy-pr.com
119.145.147.181  mama.cn
5.254.96.36          tukif.com
 

 MBAM Warning.JPG   20.58KB
  0 downloads
 
MBAM prevents the access, so there is no harm being done to my computer (I hope), but I cannot figure out which process or service is initiating the attempt.  As I said, it's exactly every 10 minutes, 24x7, and always to the same sites.  I thought that maybe I could just add a new Outbound Rule to Windows Firewall, which I did.  I created a Custom Outbound Rule that blocks the 5 above IP addresses.  But that didn't stop the attempts from occuring.  I still get the warnings from MBAM.  Since adding the new rule, however, I did notice that the IP address for the first item above (0427d7.se) changes each time now.  The other 4 IP addresses are always the same.  And in all cases, the initiating process or service is always trying to use Port 0.  The only tangible proble... Read more

A:Unsolicited Outbound Web Attempts

I am being assisted with this problem on the Malwarebytes Anti Malware site, so this issue can be closed here.  Thanks.

Read other 2 answers
RELEVANCY SCORE 37.2

Hello,

Is there a way to stop mail from going to a particular domain in Exchange 2000? I know that an individual user can be stopped from sending. However, I am trying to disable the delivery of my server sending to specific domains.

Thank you...
 

A:Exchange Outbound Connections

Read other 6 answers
RELEVANCY SCORE 37.2

If there is a RAT on my computer and I want to close ports so that the RAT is ineffective, should I be mainly concerned with closing inbound or outbound ports?

I see in some firewalls, like mcaffee livesafe, that i have the option to "decide which unknown programs can connect to the internet." I have to approve them or they can't connect, so it seems... I can also set the firewall, mcaffee livesafe, so that "i decide which programs can connect to the internet." With both of the above, I block everything hoping that if there is a RAT on my computer that it will be rendered ineffective.

In my security history, I see that incoming connections were blocked over 1,000 times in the last 24 hours. I am using wifi on a new pc. Only 4 outbound connections were blocked. I am not sure if my computer is infected. I have received RAT in different ways........emails, ip addresses of mine known to the hackers and then sent over, logging into sites like techguy (but not techguy) whereby there MAY have been a RAT link connected to my inbox link and when i click on it the RAT downloads.

Can i completely lock down my computer so that if i am using wifi or anything else that a RAT will be ineffective? I am very aware that wifi is the worst to use and i have had someone targeting me with RATS for the past 5 years and am sure you would like to ask me why do i think i have a RAT on my computer. I know how to get rid of them, but rather than always going to this extreme,... Read more

Read other answers
RELEVANCY SCORE 37.2

Hi,
Like any typical organization, we have Internet access allowed through a proxy server. Workstations are largely running on Windows 7/8 Enterprise.
I am looking at creating an outbound Windows firewall rule, which basically allows Internet access only from browser applications (IE, Chrome, Firefox), and not from any other program. This should help protect the workstation, if it is infected and any other
executable tries to contact external world. We currently do not have a use case, where any other application needs Internet access.
I can create a block policy to block all outbound connections to the proxy server, but I cannot add an exception in the form of a program (like IE). And an allow policy to allow proxy access from a program will not work, as an allow policy will have
a lower priority than block policy.
Is there a way I can achieve my objective without too much of engineering?
Thanks

Read other answers
RELEVANCY SCORE 37.2

My father moved to a different ISP.  He had no network issues with the previous ISP.
 
When he moved, I got his computer connected to the new ISP (RoadRunner).  At that same time, I removed some of the software he had installed including TrendMicro that his former ISP provided.  I installed AVG free to replace it.
 
He started complaining about his connection coming and going.  I also noticed this remotely via instant messenger because I could see him connecting and dropping every few seconds.
 
My method for reproducing the problem is to open a cmd and ping -t his gateway (default route).  There will be several successful pings in a row and then some "Request timed out" or "Destination Host Unreachable".  Often, the successful reponses immediately around these are very long -- seconds.
 
So, I started wireshark to watch what was happening during this test.  I can still see all the traffic on the other side of the NIC -- NETBIOS requests for who is, etc.  During the failed pings, wireshark doesn't see any outgoing requests.  This led me to believe it's some software on the machine blocking the outgoing requests.
 
I've removed AVG -- no change.  I've shutoff the firewall -- no change.  I tried a different NIC (the machine has two) -- no change.
 
When I reboot, I immediately start up a cmd window and ping and for quite a while it's fine and then the dropped packets start.  My father's us... Read more

A:Dropping outbound packets

Sorry, I forgot to mention that the Vista installation is up to date -- there are no pending updates.

Read other 3 answers
RELEVANCY SCORE 37.2

We have several users with this issue, and I have seen plenty of references to this issue, but no specific resolution as of yet. Here’s what we know so far:

Reports of since (patch) Tuesday of not being able to get out on port 80; 443 seems to work just fine.

At least one machine had no MS patches on Tuesday.

We have machines with the issue that were patched (Tuesday) and ones that were not.

Only Dell 620's laptops running Windows XP seem to have been affected (so far).

We had Cisco VPN error messages, since Juniper VPN upgrade that went away when we uninstalled – We are investigating this as a coincidence, or possible sonic firewall issues which should have been removed with the install?

Machines will boot into safe mode, and after several scans with malwarebytes, all the Trojans are removed.
Spybot found nothing on two separate safe mode scans.
MacAfee finds nothing.
You can browse happily all day long in safe mode, so something is loading during normal mode boot.

Netstat produces some very odd results in normal mode, i.e. lots of blank tcp and udp entries in listening mode. Fine in safe mode

Reinstalled the IP stack on both machines.

Fixed Cisco VPN clash on both machines apparent since previous Sunday’s Juniper updates, but do not believe this is related.

Logs from my scans available, included are HJT logs from two machines.


Here are some other things other collegues of ours have found:
“ * When the laptop is booted in "normal" mode,... Read more

Read other answers
RELEVANCY SCORE 37.2

Hello,

I recently brought my STUDIO computer home (W2000 SP3) (graduated from school) and seem to have successfully connected it to my HOME computer (W2000 SP4) via crossover cable...maybe. Anyway, I had a modem in the home computer and was connecting no problem to the web, sending messages, etc. (I don't need to use the design computer to surf: I just wanted to be able to share files and printers between them) then suddenly yesterday morning I was unable to send out attachments. I would get the Symantec pop-up telling me: "...was unable to be sent because the connection to your mail server was interrupted. Please open your email client and re-send the message from the Sent Messages folder." Anyway, ever since I've been unable to send lengthy messages through my email client or through my host's webmail front end, I can't send attachments, I can't even upload files via FTP. Receiving emails doesn't seem to be an obvious problem, but sending out emails or files seem to be intermittently successful at best. The first time I try to upload something via FTP it gets to 81% and times out, then next time the same file will get to 4% and hang. I thought maybe something happened to my home computer so I got another modem, added it to my design computer, and tried to dial up through that and got the same exact symptoms. Could I have done something to permissions in Networking, etc. to screw both systems up? Could I have something wrong with my p... Read more

A:Solved: Outbound anything: Timing Out

Read other 7 answers
RELEVANCY SCORE 37.2

hi , running vista installed comodo firewall when i launch firefox get up to 150 outbound connections then after a minute or so they are gone.i get kicked from internet a lot . i am wi-fi at a hotel its unsecured. i dont know where i got this or how long it is been on my pc if it is a virus . pls help me. this is my first pc . i have no idea what is going on still a noob. thank u in advance for any help . pls helpComboFix 10-06-03.01 - jkr 06/06/2010 16:33:51.1.2 - x86Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1014.414 [GMT -8:00]Running from: c:\users\jkr\Downloads\c-fixed.exeSP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system32\SrchSTS.exec:\windows\system32\tmp.regc:\windows\system32\VACFix.exec:\windows\system32\VCCLSID.exec:\windows\system32\WS2Fix.exe.((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 ))))))))))))))))))))))))))))))).2010-06-07 00:46 . 2010-06-07 00:47 -------- d-----w- c:\users\jkr\AppData\Local\temp2010-06-07 00:46 . 2010-06-07 00:46 -------- d-----w- c:\users\Public\AppData\Local\temp201... Read more

A:pc slow 150 outbound connections help pls

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 37.2

Hi,

I have Vista Firewall Control, and it is popping up messsages saying Blocked Outbound - 208.111.181.75 - DHCP. Vista's firewall log says it is going to port 80 of that address. Well DHCP has no business talking to anything other than the router. Please have a look at my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:39 PM, on 8/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe
C:\Windows\system... Read more

A:Hacked-DHCP outbound to 208.111.181.75

In addition, I have done a scan with Avast ( installed ) and Bitdefender Online Scan. Nothing was found.
 

Read other 2 answers
RELEVANCY SCORE 37.2

For some reason the past couple times I have re-started my computer, I have been getting 1 of 2 error's, they both have the same effect. If I have any programs running the outbound sounds work's on those programs, however once of the 2 error's occur any programs loaded after that will not do any outbound sound.

szAppName : svchost.exe szAppVer : 5.1.2600.5512
szModName : kernel32.dll szModVer : 5.1.2600.5781 offset : 00012afb

C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERf48a.dir00\svchost.exe.mdmp
C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERf48a.dir00\appcompat.txt

szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : unknown
szModVer : 0.0.0.0 offset : 001a6f64
C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERa19b.dir00\svchost.exe.mdmp
C:\DOCUME~1\CODYHE~1\LOCALS~1\Temp\WERa19b.dir00\appcompat.txt


Those are the error's that occur.
 

Read other answers
RELEVANCY SCORE 37.2

Hello all,

I am trying to figure out what is going on, and quite stumped; seems as if the OS is blocking outbound port 80 requests and sending back tcp resets.

Firefox says the connection was reset for every site anything; going to port 80 (http) making an https connection works just as it should. DNS works (nslooiup) as does ping and tracert to various sites both local and offsite.

I wouldn't care so much about this, but this is the third computer that this has happened to and the woman that is the IT person at the office can only reinstall XP as her only recourse.. so I am trying to help.

At first I thought it was a virus or some malware, but everything works fine in safe mode; sdfix doesn't find anything and neither does prevx (prevx.com).

I had to setup putty to tunnel (socks5) to another host to get Internet access.

If I were to setup an http server on the local machine, and try and connect via loopback; still says connection reset, so it's a very interesting problem (if one thinks network problems with XP are interesting).. but again all these problems so away in safe mode.. so it still sounds like a virus or some malware.

The only main thing I can see is that they are NOT running IE7, IE6, running ghost and AVG. Other than that they are all 'bare metal up' XP installs from Dell. The boxes are varying years old, but all had been reformatted when they came from Dell and had XP Pro reinstalled without extra things from Dell.

If anyone could... Read more

Read other answers
RELEVANCY SCORE 37.2

Hi, I have found through kaspersky that my svchost.exe sometimes makes an outbound connection, sometimes 2, to akadns/akamai related IP addresses.
Is this serious? could it be malware? I also see google chrome when I load it has some outbound connections to Washington, Redmond which is to the google hq which I believe is fine, but why is svchost doing this? I had windows update running if it makes a difference. Would it help if I posted the IPs?
I have ran scans with mbam, mse, spybot, norton, npe, kaspersky and tdsskiller, and it has come clean.

A:Svchost.exe outbound connections.

Welcome to Bleeping computer.
 
Please read the article at Wikipedia for information on Akadns/Akamia.

Read other 6 answers
RELEVANCY SCORE 37.2

I am having problems using RDC to connect to an HP laptop running Windows 7 Ultimate, 32 bit edition. The HP laptop is connected wirelessly to my home router. The second computer is an iMac (running same OS as HP) cabled to a switch, which is cabled to my home router router. A third computer, a Thinkpad running Win7 64 bit Pro (and cabled to the same switch as the iMac), behaves identically to the iMac, so I won't mention it further.

I can always RDC from the HP into the iMac, but have problems RDCing from the iMac into the HP. I will get the error "Remote Desktop can't connect to the remote computer for one of these reasons: 1)Remote access to the server is not enabled 2)The remote computer is turned off 3)The remote computer is not available on the network"

When this error appears, I am unable to ping the HP from the iMac. I am always able to ping the iMac from the HP.

The HP is awake when in am trying to connect to it. In fact, both computers are set to never sleep or hibernate so I won't have to wake up a computer to RDC into it.

Both computers are set up to allow incoming RDC connections. I have confirmed that the antivirus and Windows firewall settings on the HP and iMac are identical. I have even tried disabling both Windows firewalls, to no effect.

Now here's where it gets strange. If I first RDC from the HP into the iMac and then disconnect, I can then ping the HP and RDC to it from the iMac. If I reboot the HP, the problem comes back.

It looks like ... Read more

A:Can only get inbound RDC after first making outbound RDC

I would check the firewall settings on the HP computer make sure you have an inbound rule to allow RDC or port 3389.

You also wont be able to ping the PC by default ICMP traffic is blocked.

Read other 1 answers
RELEVANCY SCORE 37.2

Hi everyone. A few days ago I had to change the motherboard of my pc and I reinstalled windows after that. Since then whenever I connect to the internet svchost.exe always forms an outbound connection only for an instant to a different ip everytime - the ip address always starts with 79.140 like 79.140.94.209 , 79.140.94.216 , 79.104.81.64 , etc. Before I reinstalled windows the ip address whenever i noted it was 192.186something.

Also since I have reinstalled windows the incoming data in the AV's firewall for svchost.exe is currently at 64MB+ (this was after I updated windows) whereas in the previous installation it was only at 3-4 MB for the past 5 months. The network activity upon connection only lasts for about 20-30 seconds on average and the outbound connection appears only for 1-2 seconds. I also connected the net in my laptop and the result is the same.

The system itself is working fine, is fully updated (Win7 SP1) and there are no other problems. I regularly scan the system with Kasperky PURE, Malwarebytes, SpybotS&D , TDSSKiller and Malwarebytes Anti-Rootkit.

So is this behaviour by svchost.exe a sign of infection or is this normal ?

A:svchost.exe - outbound connection to different ips

Did you look up any of the 79.x.x.x IPs to get the name? It might tell you the OS is calling home to MS. If you have a different motherboard maybe it's been noted and the activation checker is trying to figure out if it's legit? I'm just guessing. But you might learn more if you look up the IPs it's calling to.

Read other 9 answers
RELEVANCY SCORE 36.8

As my Malwarebytes Anti-Malware log states, I have these two problems: 
 
Protection, 5/26/2016 6:26 PM, SYSTEM, ROTITA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/26/2016 6:26 PM, SYSTEM, ROTITA-PC, Protection, Malicious Website Protection, Started, 
Detection, 5/26/2016 6:32 PM, Rotita, ROTITA-PC, Protection, Malware Protection, File, Trojan.Downloader, C:\Users\Rotita\AppData\Local\Temp\g37A3.tmp.exe, Quarantine, [ceaba3378811dd5975680d38f0141ce4]
Detection, 5/26/2016 6:47 PM, SYSTEM, ROTITA-PC, Protection, Malicious Website Protection, Domain, 104.154.36.143, www.adcash.com, 50261, Outbound, C:\Windows\System32\rundll32.exe, 
Detection, 5/26/2016 6:47 PM, SYSTEM, ROTITA-PC, Protection, Malicious Website Protection, Domain, 104.154.36.143, www.adcash.com, 50261, Outbound, C:\Windows\System32\rundll32.exe, 
Scan, 5/26/2016 7:11 PM, SYSTEM, ROTITA-PC, Manual, Start:5/26/2016 7:03 PM, Duration:7 min 46 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware

 
Unfortunately as shown, it'll always show 0 results. Tried restarting after quarantine the tmp.exe file, but it always appears right back as I start back up. Might be related to Google Chrome only.
 
Here are the necessary logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by Rotita (administrator) on ROTITA-PC (26-05-2016 19:44:48)
Running from C:\Users\Rotita\Downloads\Programs
Loaded Profile... Read more

A:Trojan tmp.exe and Outbound adcash rundll32.exe

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to a new file.

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\ProgramData\DeltaSearch\DeltaSearch.dll",_
HKU\S-1-5-21-2815074937-3251990301-1603328592-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected] => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rotita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
C:\ProgramData\DeltaSear... Read more

Read other 0 answers
RELEVANCY SCORE 36.8

I use McAfee for my virus protection. When I set it to scan Outbound files, it takes twice as long to start my Opera browser. Same with my Juno E-mail. I do not know about Internet Explorer, because I only use it for updates. It is so slow compared to Opera anyway. Would it be safe to stop that scan.
 

A:Solved: Scan Outbound files?

Read other 7 answers
RELEVANCY SCORE 36.8

Suddenly, last week, I started getting a Norton popup telling me to run Power Eraser because it's detected a large amount of suspicious outbound traffic. I ran Power Eraser, but it found nothing. I also did a full system scan and found nothing. I am a pretty savvy computer user, but I could use some help with this one please.  Thanks!DD

A:Norton - Outbound traffic detected

I don't know Norton anything, but me thinks that to get a response here, you need to give a bit more information, such as:
What Norton product?
On what computer? which Windows system?
Can you list some examples of those detections?
What applications?
To what IP?
etc

Read other 3 answers
RELEVANCY SCORE 36.8

Suddenly, last week, I started getting a Norton popup telling me to run Power Eraser because it's detected a large amount of suspicious outbound traffic. I ran Power Eraser, but it found nothing. I also did a full system scan and found nothing. I am a pretty savvy computer user, but I could use some help with this one please.  Thanks!DD

Read other answers
RELEVANCY SCORE 36.8

Ok, so my computer was having connection problems, and basicly, when I did the scan, this came up.
"Your system can not send or receive fragmented traffic over IPv6.
The path between your network and our system supports an MTU of at least 1280 bytes. The path between our system and your network has an MTU of 1276 bytes. The bottleneck is at IP address 2001:470:0:136::2. The path between our system and your network does not appear to handle fragmented IPv6 traffic properly."

I have no idea what this is and how to fix it.
Ideas?

A:Certain TCP protocols are blocked in outbound traffic?

Scan- ICSI Netalyzr

Read other 7 answers
RELEVANCY SCORE 36.8

Is there any option to enable inbound and outbound alerts in windows. 8.1 without addind any third party app?
 

A:How to get inbound/outbound alerts in windows

sinu said:





Is there any option to enable inbound and outbound alerts in windows. 8.1 without addind any third party app?Click to expand...

WFwAS will generate alerts, but not like 3rd party softs. You can add BiniSoft's Windows Firewall Control - it will give good outbound connection alerts plus it has some useful features - like WhoIs, IPVoid, etc lookups.

I like BWFC, but it can be quite a busy experience until I have "Allow" rules configured for all safe apps on my system.

If you are going to use WFwAS then I would use a Guest Account or anti-executable; some malwares using an Admin account can disable WFwAS, UAC, Windows Action\Security Center, etc. Just be careful if you use Windows firewall - it is good at filtering - but it needs to be protected... Windows' own built-in self-protections are weak.

FYI those same malwares can sometimes disable 3rd party AV - either partially or completely. For example, Avira - completely, Comodo - partially\malfunction, Kaspersky - partially\malfunction...
 

Read other 2 answers
RELEVANCY SCORE 36.8

Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 69.197.188.122.

The warning came when using browsers or some other programs that connected to the net, any idea what this is?

A:infection? outbound localhost.world to ip 69.197.188.122

Hi Cixoos.
I think localhost.world is possibly a redirect from a botnet (possibly Zeroaccess rootkit). 69.197.188.122 is Wholesale Internet out of Kansas.

If you think you have an infection or rootkit: Please download TDSSKiller and run it.

What antivirus do you have on your system?

Read other 10 answers
RELEVANCY SCORE 36.8

Here is the deal. I am looking for an app that will log outgoing connections from my computer so I know what the url's are that an app is calling out to.

Here is an example of what I mean. Say I am playing a game and it connects to a redirect. What is that url.

Another example, an app sees that there is an update of itself and downloads a new version for me. What was that url?

This is just for my own computer so I don't need any spyware or covert type thing. The app being free would be a huge plus.

There is nothing to read into this, I am just doin' me some old fashioned learnin'.

What say all of you?

T

P.S. Tried the google beast but apparently I cannot come up with the right search string to get the results I am looking for.
 

Read other answers
RELEVANCY SCORE 36.8

I've got a Windows 2008 R2 server with Firewall with Advanced Security configured with an outbound rule configured, in all policies, to block all IGMP traffic. I've deleted all but this one rule from the outbound list. When I run software, on this host, that joins a multicast group, I still see the IGMP membership packet leaking out onto the network. It's just plain not working. If I go back to the rule and change the protocol to something else, like ICMP, it works like a charm. No leakage of said protocol.

So what's special about IGMP? Help!!!

Thanks.

Regards,
Dave

A:IGMP outbound filtering not working

If you run software which by definition joins a multicast group, it will have to use IGMP in order to function properly (otherwise, the software simply will not work).

Read other 3 answers
RELEVANCY SCORE 36.8

For about 2 weeks now norton keeps giving a popup saying i have high outbound traffic when i open chrome and to run power eraser to find out what it is. I tried to use power eraser but it said all of the files were fine and the popups continued. Im running windows 7, tried to disable all add-ons on Chrome, reinstalling chrome and doing norton full scams as well as malware scans. the popups persist and i dont know if they are actually from high traffic or if its just a norton problem
 
Here is the popup i keep getting.
http://imgur.com/dYHlv4U

A:Norton saying high outbound traffic

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 1 answers
RELEVANCY SCORE 36.8

Mod edit: Moved to Malware Removal logs forum ~~ boopmeOn this Vista 64 system, the user runs Malwarebytes Premium (was Pro?), and she gets popup warnings that show: Malicious Website BlockedIP: 79.135.151.35Port: 51069Type: OutboundProcess: c:\windows\system32\svchost.exe and another identical one with IP 219.153-239.158, same port. I traced one of these IPs to Latvia, never good, and the other never finished the trace. We have run MWB scans in safe mode several times, finding nothing.Today I ran tdsskiller which also found nothing.Hijack this log:---------------------------------------------------Logfile of Trend Micro HijackThis v2.0.5Scan saved at 5:13:51 PM, on 7/20/2014Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16561)FIREFOX: 30.0 (en-US)Boot mode: NormalRunning processes:C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exeC:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exeC:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exeC:\Users\Joyce\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\So... Read more

A:Malwarebytes showing "outbound" warnings

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

Read other 16 answers
RELEVANCY SCORE 36.8

I am currently using Windows Firewall. But I understand it allows all outgoing connections by default. If I change the outbound profiles to 'block' obviously I cannot connect to the internet at all. So, what outbound rules should I change, if any, to make the firewall work better. Thanks in advance for your advice.
 

A:Windows Firewall outbound rules

Windows Advanced Firewall, turn on outbound blocking and logging
------------------------------------------------------------------------------------------
Control Panel/Administrative Tools/Windows Firewall with Advanced Security
/"Windows Firewall Properties" link
- Change all Profiles, Outbound connection = Block
- Public Profile tab/Logging/Customize
-- Size Limit = 999999 KB
-- Log Dropped packets = Yes

Comment: Windows 7 Firewall has outbound blocking, but most people don't know that you have to turn it on. When outbound blocking is turned on, it only allows the programs and services you specify to talk to the net. Malware will have a hard time reporting back to their servers. However, it is missing a feature that tells you what it has blocked outbound. So after installing a program that needs to connect to the net, like your antivirus program, you have test those exe files one by one to see which is responsible for talking.
----- Firewall Rules ------
HowTo allow a windows service outbound: Click on Outbound Rules on the left, click on 'New Rule', select 'Custom', next to 'Services' click customize, select 'Apply to this service', scroll and find 'Windows Update', next, ports and protocol - (no change), next, IP addresses ( no change ), next, select 'Allow The Connection'. Checkmark all 3 "Domain", "Private" and "Public". Give the rule a name, eg "Allow serv... Read more

Read other 2 answers