(Sorry for my english).
I have two problems.
1) Sality Infection. Few day ago I noticed that I have sality virus infection. I have two systems on my PC (windows7 and XP) and both were infected. I used Sality Killer, Total 360 Security and ESET online scanner to remove this infection. After many scans, these three programs showed nothing. After all this cleaning windows XP doesn't start (error gdi32 after start on blue screen) and in windows7 so many unistall files were infected that I literally couldn;t unistall programs (corrupt unistall files). So I decided to format Win7 partition system and install windows7 from scratch. After this windows7 is working well. For this problem I would like to ask if I have still this sality infection, because I don't know and how to check this.
2) Second problem is much more complex and I don't understand it. Three of my browsers (FIrefox, Safari and Opera) are starting to make connections to unkown IP number just shortly after I open a browser. Only with chome is ok (for now...). This connections are open literally always after opening a browser. This IP number is unkown for me, belongs to my country (Poland), about 300km from my city. It belongs to private network. It's not browser related because Opera, Firefox and Safari all try to open this connections. Small packets are sent to this IP number. So i decided to download Comodo Firewall and blocked this conenctions. Now they are not sending any packets but my computer are still making 'calls' to this IP after opening a browser. I downloaded TCP View to check this and it looks like port scan (?) because firefox etc are trying to open a port very high number (for example 49612) and then goes further (49613, 49614 etc), but TCP view showed state syn_sent so something is preparing to send but fortunately always 0 bytes are sent because Comodo blocking this. Before windows7 reinstall I downloaded WireShark to check what data exactly are sent but I'm unable to read Wireshark data output.
Of course I know that browser are sending data to a lot of places, there are widgets, cloudflare, google, etc but this IP number is unrelated to browser.
I also thought that maybe is Windows7 doing this but I have other PC with windows7 and these connections are not seen there.
Thank you very much for reading this. Can I ask for help? I think I won't solve this alone...thank you.
EDIT: i forget to add that after windows 7 reinstall connections to this IP are still there, reinstall changed nothing
Edited by marky331, 27 September 2017 - 11:58 AM.