Jump to content

migs102006

Honorary Members
 View Profile  See their activity

  • Posts

    26

  • Joined

  • Last visited

Reputation

0 Neutral
  1. migs102006
    DarkKnight, Thanks for your help and efforts. For the record, all the ports on my PC are closed (McAfee). migs102006
  2. migs102006
    Tried Stinger, did not find any viruses, malware.
  3. migs102006
    DarkKnight, Maybe i spoke to soon. Shortly after installing Filehippo, i checked what apps needed to be updated. Skype and Acrobater Reader needed to be upgraded, so i did. Shortly after installing the upgrades, the ports on my PC started being scanned/probed again. I have McAfee, MalwareBytes, Spybot 2, SpywareBlaster and SuperantiSpyware loaded on my PC. Is it normal for PCs all over the world to probe the ports on your PC? Should i just give up and live with a botnet of zombies knocking at my ports, as long as they cannot penetrate the firewall? migs102006
  4. migs102006
    DarkKnight, Thank you so much. Enabled automatic updates. (A bit reluctant as i have been burned by poorly tested Microsoft updates in the past.) Combofix was uninstalled. Using Google Chrome. Installed SpywareBlaster. McAfee Site Advisor enabled. Installed Filehippo Thank you, migs102006
  5. migs102006
    Removed old version of Java. Installed latest version of Adobe Acrobat Reader.
  6. migs102006
    DarkKnight, Checkup file attached. Thanks for all your help. Best regards, migs102006 checkup.txt
  7. migs102006
    Hi DarkKnight, Apologies for not coming back to you, i was in the midst of job interviews. Best of all - i got the job-, hurray! In any case, after about 24 hours of inactivity, all of a sudden my PC started getting port scanned -AGAIN-. Looking to solve the problem from another angle, i approached the Mcafee community and i was give the link below. https://community.mcafee.com/docs/DOC-2168 You will recognize several of the anti-virus/anti-malware software links. :-) I went through each one of the links and frankly did not expect any anomalies to be detected. I guess i had given up... While running 'Stinger' the program detected the Artemis virus in one of my download folders. It removed the virus and the port scanning/port probing stopped all together. I i where to surmise what happened, i would venture to guess that i had a version of the Artemis software that somehow acted as a beacon for a botnet of PCs to probe the ports on my PC. Nasty stuff! migs102006
  8. migs102006
    Hi DarkKnight, Yes, i did uninstall Skype but the probing did not stop. I use Skype for business so i re-installed it. I looked up all the ip addresses that Skype was probing and found out that they were all Microsoft sites around the world. So Skype is not the culprit. Why Skype would ping Microsoft servers every so often is curious to say the least. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The good news. I finally found out how to configure the Mcafee anti-virus software to block certain IP addresses, as you had also suggested blocking 192.168.1.1 (internal router address). As soon as i blocked 192.168.1.1 from the internet the external port probing stopped. 192.168.1.1 keeps trying to probe ports on my PC once every minute, i guess that this acts as a beacon to the botnet. Looks like we have managed to cage the culprit. I wonder if the malware software resides on the router software itself? migs102006
  9. migs102006
    DarkKnight, Reading the results of the port scans i am at peace with an outside intrusion threat due to the stealth mode of all ports on my pc. More concerned with an internal intrusion... I monitored traffic on my pc and found something that does not seem right?! I have not used Skype today at all, yet it detected Skype communicating with the following IP addresses / ports 157.55.235.166 port 40038 65.54.61.169 port 443 193.120.199.12 port 12350 157.56.52.31 port 40027 213.199.179.155 port 40032 213.199.179.157 port 40008 213.199.179.155 port 40018 111.221.77.148 port 53910 127.0.0.1 port 53910 listening 53910 listening 443 listening 64151 listening 80 listening 54496 Is this normal? migs102006
  10. migs102006
    GRC Port Authority Report created on UTC: 2013-02-17 at 15:51:50 Results from scan of ports: 0-1055 0 Ports Open 0 Ports Closed 1056 Ports Stealth --------------------- 1056 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: FAILED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED.
  11. migs102006
    THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES!
  12. migs102006
    Hi DarkKnight, gmer.log contents file attached. Contents were too long to paste. migs102006 gmer.log
  13. migs102006
    Have my own IT business. Do some e-trade from home.(That's the scary part, as i fear a keystroke recording program). Ten years away from retirement... :-) Observed this since 10/2/12. McAfee detected on that day: Cookie-Yieldmanager Cookie-Imrworldwide Cookie-Doubleclick Cookie-Atdmt Cookie-Eyeblaster Cookie-2O7 Cookie-Realmedia Cookie-Zedo Cookie-Burst Cookie-Casalemedia Cookie-Insightexpress Cookie Mediaplex Then McAfee blocked a hacker from exploiting buffer-overflow on Internet Explorer and buffer-overflow on Acrobat Reader. 10 days after on 11/15 my pc started being probed. I am writing to you after about 2,500 port probes. I have contacted McAfee and they tell me the anti-virus software is working as designed since it blocks all incoming port probes. I have contacted Verizon and they don't have a clue. migs102006
  14. migs102006
    The McAfee firewall blocks all incoming network traffic that tries to communicate through various ports. The message i get is: "The pc 192.168.1.1 tried to access your system port TCP port 52832, If you want to allow this traffic either trust the IP address or open the port in the systems services in Firewall. The source ip address is your own gateway. The source ip address is your own DNS server. The source ip address is your own DHCP server. The source ip address is in your own local network." 192.168.* is a default internal IP address that the Verizon FIOS router assigns to all devices attached to one's router. 192.168.1.1 happens to be my own pc and there are no other pcs in the local network. Shortly after a program on my own pc probes one of the ports, other pcs somehow detect this or are alerted and start probing my pc through other ports.
  15. migs102006
    mega upload website has been closed by the FBI. Fraud investigation... Dropbox link below. https://www.dropbox.com/sh/4obwb86hp8jj7ae/D2c6jB8T1G
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.