Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer trying to send and recieve TCP packets


  • Please log in to reply
3 replies to this topic

#1 guttyguppy

guttyguppy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 28 January 2009 - 12:05 PM

Hi,
My router logs are showing constant errors with my XP SP2 computer trying to send and receive tcp packets. Here are some of the errors:

Priority Time Message
[INFO] Tue Jan 27 14:35:39 2009 Blocked TCP packet from 192.168.0.197:1860 to 216.163.188.58:25 as control None in not valid
[INFO] Tue Jan 27 14:35:38 2009 Blocked TCP packet from 192.168.0.197:2757 to 64.18.4.13:25 as control None in not valid
[INFO] Tue Jan 27 14:35:38 2009 Blocked TCP packet from 192.168.0.197:4810 to 192.117.142.202:25 as control None in not valid
[INFO] Tue Jan 27 14:35:38 2009 Blocked TCP packet from 192.168.0.197:3304 to 61.144.209.199:25 as control None in not valid
Blocked incoming TCP packet from 212.52.84.83:25 to 192.168.15.101:4786 with unexpected sequence 488810849 (expected 2004083346 to 2004148883)
[INFO] Wed Jan 28 11:58:48 2009 Blocked incoming TCP packet from 212.52.84.83:25 to 192.168.15.101:4786 with unexpected sequence 585376643 (expected 2004083346 to 2004148883)

I think this is a virus. If I shut down my machine, the other computers in my network run fine. I ran malwarebytes several times, and it always quarantines a bunch of stuff and tells me to restart, which I do, but then if I run it agaon there's more crud.
Help!!
GG

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:42 PM

Posted 28 January 2009 - 12:34 PM

Let's start with a Malwarebytes log. Please run Malwarebytes using these directions:

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 guttyguppy

guttyguppy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 28 January 2009 - 01:40 PM

I've done that several times, each time mwb removes stuff and tells me to restart. when I do, i run it again and more stuff comes up. one item that keeps appearing is rootkit.agent, and ati0loxx. I'm about to insert the system disk and do a clean wipe, but I'm holding on for any last hope...

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:42 PM

Posted 28 January 2009 - 07:06 PM

The malwarebytes log is our first "look" at your system. It is how we decide what to do from this point forward. If you choose to reformat, well that is your choice. You know everything is gone.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users