Some info you may (or may not) need:
Operating System: Windows XP SP 3
Anti-Virus/Anti-Malware: Avast 4.8 (recently changed from AVG 8.0) / Ad-Aware 2008 / Spybot S&D / SUPERAntiSpyware / Malwarebytes Anti-Malware / McAfee Avert Stinger / Trend Micro RootkitBuster / SpywareBlaster
Firewall: ZoneAlarm version 7.0.483.000 (firewall only)
Also, since I changed to Avast a few days ago I've been using it's Network Shield.
Recently I noticed that entries in my ZoneAlarm log were disappearing after one day. I had it configured to "show last 50", but every day when I started my computer all entries from the previous day would be gone. I took a look at some posts (by others with the same problem) on the ZoneAlarm website. A couple posters were advised to do a clean uninstall and reinstall of ZoneAlarm, so I decided to do the same. I followed the directions for a clean uninstall and reinstalled version 7.0.483.00 (there's a newer version, but people have reported problems with it blocking all Internet access, so I installed the older version). Since I just did this today, I don't know if it's fixed the problem of the disappearing logs, but I'm not here for that. After reinstalling and browsing the web for awhile, I noticed that some intrusions had already been blocked, and I became curious about where this traffic was coming from. I decided to go to samspade.org and look up the IP addresses that had been blocked. Of the 11 that had been blocked up to that point, 10 (both of the TCP and UDP type) were from East Asia (8 from China, 1 from Taiwan and 1 from Japan IIRC). (The 11th was just a ping from my ISP.) I also noticed that three consecutive entries had different IP's but the ports that the packets "originated" from were identical - TCP Port 6000 - and the first two had sent the packet to the same port on my computer - TCP Port 2967. Since then there have been 10 more blocked intrusions, and although I haven't checked samspade for these, they all have IPs similar to the previous ones (IPs beginning with 60, 61, 220, 202, 218, etc.). What worries me is that it seems unusual that all but one of the entries I checked out at samspade (and, I assume, the ones that I haven't checked due to the similarities of IPs) should all come from one specific region, namely China and nearby countries. I've run all of my Anti-spyware and -malware applications within the last week or so, and today specifically I've run Avast and I'm running Malwarebytes as I type this, and everything's been coming up clean. Sorry if this post is overlong, but what I'm basically asking is this: should I be worried about this, or am I just being paranoid?
Edited by InfinityPlusOne, 12 February 2009 - 10:43 PM.