Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky Found A Network Attack


  • Please log in to reply
9 replies to this topic

#1 infected32

infected32

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 27 June 2012 - 09:32 PM

Hello, I have Kaspersky PURE 2.0 running on my computer, and it's found a network attack twice now. Both of the attacks come from the IP address 192,168.0.101. The first attack was on July 23rd, on port 26980. The second attack was on July 24th on port 26961. Kaspersky defines the events as "Denied Scan.Generic.UDP"

I know that the IP address is probably my own, from searching on the yahoo search engine, but still, my paranoia has kicked in. Could somebody help me to find out what is causing these "attacks", and whether or not I should be concerned?
From continuing to research, many people are saying that Kaspersky is just simply being overprotective, if is the case, I would like to say I am very sorry. Like I said, my paranoia gets to me, and I know the people here are good at what they do. If you guys tell me there's nothing to worry about then I'll be able to sleep again..

Hi, I would like to let you guys know that I searched in my C Drive and found a hidden folder named "kleaner.tmp". Inside is a folder named kln83CF.tmp. I have no idea what created this. When I scanned it using "virustotal.com" the file came up clean. However, when looking at "additional information" and reading the different file names, my insomnia just worsened. Here is the link to the scan results.
https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1340855703/
What scares me is the NUMBER of different file names, and the ratio of "malicious" to "harmless" votes.

Ah, disregard the paragraph about "kleaner.tmp" It seems like that file is associated with Kaspersky Labs. I have no idea why virustotal's results made it out to look suspicious.

Edited by infected32, 27 June 2012 - 11:23 PM.


BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 28 June 2012 - 01:42 AM

The attack IP-adress is an internal IP-adres from your own network. 192.168.0.101

  • Are there any other computers on your network?
  • Do you notice any other strange behavior of the computer?

Run a scan With MBAM:

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

#3 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 June 2012 - 08:49 AM

I am unable to download Malwarebytes' Anti-Malware as Kaspersky says it interferes with it. I actually had MBAM previously, but during the installation of Kaspersky, it made me uninstall it.

#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 28 June 2012 - 09:38 AM

Please try this instead;

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

If you have to conflict back, please temporary disable your AV
==> http://www.bleepingcomputer.com/forums/topic114351.html
And try both (MBAM + Eset online scanner).

Edited by ElFasso, 28 June 2012 - 09:40 AM.


#5 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 June 2012 - 04:02 PM

I couldn't find any created log, but maybe that was because ESET detected no threats?

#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 28 June 2012 - 04:04 PM

The logs can be found under: C:\Program files\ or C:\Program files (x86)\ and then open the folder "Eset online scanner". Then search for log file (.txt file).

#7 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 June 2012 - 08:18 PM

I checked the folder and found "OnlineScanner.ocx", "OnlineScannerApp.exe.", and "OnlineScannerUninstaller.exe".
I'll try running the scan again.

Oh, I see why ESET didn't create a log. I ran the scanner from Firefox, I will use Internet Explorer this time. I am very sorry for not reading your instructions closely enough..

Edited by infected32, 28 June 2012 - 08:23 PM.


#8 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 June 2012 - 11:26 PM

Okay, I ran the scan again, this time with Internet Explorer. I'm not sure if the log has what you're looking for..

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

I ran the scan, and it said there were no infected files. I would show you the picture I took, but I have no idea as how to upload pictures onto the forum.

#9 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:08 AM

Posted 29 June 2012 - 05:38 AM

I just think your Kaspersky is too overprotected. Sometimes it's good, sometimes it can get you paranoid indeed.

You have no other signs (infection) anymore?

#10 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 29 June 2012 - 09:20 AM

Well, there was another network attack today. My own IP address again. Other than that, no, my computer seeeems fine..

I guess my Kaspersky is just too overprotective. Thank you for putting up with my paranoia ElFasso. You're a great addition to this website.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users