Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Over 100 inbound connections


  • Please log in to reply
8 replies to this topic

#1 connectedcr

connectedcr

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 September 2010 - 12:34 AM

I have comodo firewall installed and
noticed my system was running slow. Opened up the firewall and it showed that the where over 100 inbound connections. Seems like I have a virus now. Can anyone shed somelight as to why so many connections. Keylogger? Thanks in advance.

BC AdBot (Login to Remove)

 


#2 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:05:10 AM

Posted 01 September 2010 - 02:56 AM

If you get any inbound connections without any alert then there is something in your firewall rules that allows it.

Can you post screenshots of your Network Security policy?

Or you could open the Stealth Ports Wizard and select "Block all incoming connections and make my ports stealth to everyone". Then see if you still get the connections.

Or if you have never configured the firewall as Proactive Security you could right click the tray icon and select that configuration. That would reset all your rules but you will need to answer alerts correctly while new rules are being created.

You do not say what version of Comodo firewall you have. Version 5 is expected to be released today but I would not suggest moving to that quite yet until any bugs have been ironed out.

p.s. your other topic needs a reply.

Edited by JamesFrance, 01 September 2010 - 02:57 AM.

James

#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:10 PM

Posted 01 September 2010 - 09:37 AM

Are you downloading anything over any P2P network like bittorrent, Limewire, emule etc? P2P network requires other to connect to your computer and you usually end up having many inbound connections.

#4 connectedcr

connectedcr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 September 2010 - 10:36 AM

Thanks for the response. I have comodo 4.1. I'm new at it so thanks for the tips. I down have bittorrent but it was up at the time. I'll definatly use the stealth port wizard. Sorry for the lame question but is the inbound and outbound connections just from the internet? I ran some virus scans and turned out I had a rootkit!

#5 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:05:10 AM

Posted 01 September 2010 - 11:01 AM

If you have a home network/router you can have local connections, probably to 192.168.............
James

#6 connectedcr

connectedcr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 September 2010 - 11:06 AM

Yeah I have a local network, just the xbox on it. I'm guessing that with utorrent the ports that it uses stay open no matter if it is on or not, leaving the security vulnerable to inbound and outbound trafffic?

#7 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:05:10 AM

Posted 01 September 2010 - 12:41 PM

Well if you use p2p you are inviting strangers into your house, so probably one of them gave you the rootkit.

Are you sure it is no longer there? If not you should post a help topic.
James

#8 connectedcr

connectedcr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 01 September 2010 - 01:14 PM

Well i booted from a CD and ran superspyware and then going to run malwarebytes in safe mode. Then use comodo to scan and hijack this as well. Couldn't use combofix and smitfraud fix because it's not compatable with Vista x64. Think I'll close shop on the p2p. What do you use for rootkits and such??? Thanks for the advice.

#9 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:05:10 AM

Posted 02 September 2010 - 02:47 AM

I am not a malware helper, just posting about Comodo Firewall.

You need to start a new topic in the help section.

Good luck!
James




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users