but the firewall has been blocking a very large number (1000+ per day) of intrusion attempts
A firewall serves two basics purposes
: Prevent incoming communications that you did not request from entering your computer and to monitor what programs on your computer are allowed to communicate out. It does this by enforcing an access control policy
to permit or block (allow or deny) inbound and outbound traffice. Thus, the firewall acts as a central gateway for such traffic by denying illegitimate transfers and facilitatint access which is deemed legitimate. The goal
of the firewall is to prevent remote computers from accessing yours and provide notification of any unrequested traffic that was blocked along with the IP address
If your firewall provides an alert
that indicates it has blocked access to a port but does not necessarily mean your system has been compromised. Firewall alert messages are a response to unrequested traffic from remote computers
. The alert means that your firewall has blocked an attempt from an external host to access a port on your computer that is commonly used by a trojan. Even if the port is open, the alert message indicates that your firewall has blocked the attempt to access it. These alerts are often classified by the network port they arrive on and allow you to see the activity of what is happening on your firewall. The alerts allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer.It is not unusal for a firewall to provide numerous alerts regarding such attempted access
and Zombie computers
scour the net and will randomly scan a block of IP addresses. These infected computers are searching for "vulnerable ports
" and make repeated attempts to access them. Your firewall is doing its job by blocking this kind of traffic and alerting
you about these intrusion attempts. However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there.
To check whether or not the port in question is open on your system you can use netstat
from a command prompt to obtain Local/Foreign Addresses, PID and listening state.
Go to Start > Run and in the open box, type: cmd
At the command prompt, type: netstat -an
You can also use Process Monitor
, an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity or various Internet Traffic Monitoring Tools
for troubleshooting and malware investigation.
You can investigate IP addresses and gather additional information at:
You need to be using more anti-malware tools than Spybot. Please download Malwarebytes Anti-Malware
and save it to your desktop.
Print out and follow these Instructions for scanning with Malwarebytes Anti-Malware
and perform a Quick Scan
in normal mode.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.