Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Over 800 outbound connections. Merry Christmas


  • This topic is locked This topic is locked
12 replies to this topic

#1 neneduty

neneduty

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 25 December 2014 - 06:41 AM

Hi to all. I am currently using Comodo as my firewall and Avast free as my AV. My operating system is Win 7 sp1. When I open Firefox, my outbound connections will go up. I understand,but, when I go to a website it will go up to 200 connections. The highest I have ever seen was 863. I have scanned with Malwarebytes(normal and in safe mode), Superantispyware both ways, Norton power eraser, Avast, Eset, Hitman pro, Malwarebytes anti root kit, Kapersky's anti root kit, Trend Micro,s housecall and have not found anything evil lurking on my computer. When these connections are high my CPU usage will be at 100% and the computer is useless. After a couple of minutes they go down to 50 outbound and can continue using my computer. I am connected to my providers modem via an EA3500 router for the hardware firewall. I have my HP and Alienware laptop connected to said router and both exhibit the high outbound connections. I have searched the internet but couldn't peg anything to this .Any ideas? boopme told me to repost at this forum. Just want to say your site kicks ass and am constantly reading over it. Thanks again, I hope you guys have a wonderful Christmas.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:07 PM

Posted 27 December 2014 - 02:42 PM

hi,

 

Your seeing these connections via COMODOs firewall?  There all established connections? What about when you try using Internet Explorer?

 

Get a copy of this and post the log as a starting point:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 27 December 2014 - 03:50 PM

.


Edited by neneduty, 27 December 2014 - 03:59 PM.


#4 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 27 December 2014 - 03:58 PM

.


Edited by neneduty, 28 December 2014 - 05:27 AM.


#5 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:07 PM

Posted 27 December 2014 - 08:52 PM

I dont see anything that looks like malware in the FRST log. Those three items svchost,FF and Avast will all initiate connections as you know. A single svchost can have mutilple services running under it. A firewall can also show listening states,- no connection is established.

Do you see  this high CPU use/connections when you boot up, then it settles down?

Could be all the window services cranking up hogging system resources.

 

" exhibit the high outbound connections" not sure how you determined this or what your counting as a connection.There also lots of traffic to/from your router as well as other machines on your LAN.

 


How Can I Reduce My Risk to Malware?


#6 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 December 2014 - 05:21 AM

They do crank up in the beginning then calm down.I determined thew outbound connections by looking at Comodo. When I first signed on and went to Yahoo, the count was at 145 outbound connections. Now it is down to 15. Thanks for your help, I will keep reasearching.


Edited by neneduty, 28 December 2014 - 07:40 AM.


#7 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 December 2014 - 06:37 AM

Here is a screen shot when my outbound was over 200. This is when I was browsing bleeping computer and an ad came up.

Attached Files


Edited by neneduty, 28 December 2014 - 06:39 AM.


#8 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 December 2014 - 06:46 AM

Like I stated, I have scanned with everything possible and nothing comes up malware-wise. Out of those 200+ outbound connections I counted 144 were initiated from Firefox. I understand firefox has to hit the internet to update malicious urls, white list and black list programs etc etc. But 144 outbound? Is it updating Nasa's computers via my modem? (a funny). When I first start up everything clogs for approximately 1-2 minutes then the outbounds subside and my computer is responsive again. I don't have any major programs on my computer, just the norm. I just can't see why on earth my computer would need so many connections going out. Thanks



#9 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 December 2014 - 07:46 AM

I even checked to make sure Windows Defender or Windows firewall wasn't running in conjuction with Avast or Comodo. I shut off updates to MS word. I was trying out ZA Pro and every time I would open a word document it told me word was trying to phone home. I know it is off topic but I cant seem to get Comodo to talk to me like ZA Pro does. It tells me that Avast wants to phone home, which of course I would allow. I just like the communication of ZA Pro. I made Comodos firewall set alert frequency level to very high and it rarely tells me anything. Sorry had to get that off my chest.


Edited by neneduty, 28 December 2014 - 07:47 AM.


#10 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:07 PM

Posted 28 December 2014 - 12:35 PM

I dont see anything that looks like you have malware either and you have run several tools. I think its safe to assume the connections arent malware related. Is 144 connections from Firefox excessive, I cant say really. Iam sure you know webpages can and do pull all types of content from other sources, each one initiating its own connection.

 

I have seen topics where a service running under a svchost is using alot of CPU resources. As far a malware goes I would trust the results from the tools you have run and not assume its malware based on the firewall connections.

Thats not to say the number of outbound connections isnt worth investigating. Have you browsed the Comodo forums looking for similiar topics/questions?


How Can I Reduce My Risk to Malware?


#11 neneduty

neneduty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 December 2014 - 01:21 PM

I've searched the world over for an answer. Thanks for your help, I will continue researching.



#12 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:07 PM

Posted 30 December 2014 - 01:49 PM

Iam assuming from the tools you ran even though I didnt see the logs that its not a malware issue. Nothing in the FRST log either. I would look around the COMODO forums if you havent yet. Good Luck.


How Can I Reduce My Risk to Malware?


#13 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:07 PM

Posted 30 December 2014 - 02:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users