Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sality infection and unkown internet connection

  • Please log in to reply
1 reply to this topic

#1 marky331


  • Members
  • 2 posts
  • Local time:03:11 AM

Posted 27 September 2017 - 11:56 AM

(Sorry for my english).


I have two problems.


1) Sality Infection. Few day ago I noticed that I have sality virus infection. I have two systems on my PC (windows7 and XP) and both were infected. I used Sality Killer, Total 360 Security and ESET online scanner to remove this infection. After many scans, these three programs showed nothing. After all this  cleaning windows XP doesn't start (error gdi32 after start on blue screen) and in windows7 so many unistall files were infected that I literally couldn;t unistall programs (corrupt unistall files). So I decided to format Win7 partition system and install windows7 from scratch. After this windows7 is working well. For this problem I would like to ask if I have still this sality infection, because I don't know and how to check this.




2) Second problem is much more complex and I don't understand it. Three of my browsers (FIrefox, Safari and Opera) are starting to make connections to unkown IP number just shortly after I open a browser. Only with chome is ok (for now...). This connections are open literally always after opening a browser. This IP number is unkown for me, belongs to my country (Poland), about 300km from my city. It belongs to private network. It's not browser related because Opera, Firefox and Safari all try to open this connections. Small packets are sent to this IP number. So i decided to download Comodo Firewall and blocked this conenctions. Now they are not sending any packets but my computer are still making 'calls' to this IP after opening a browser. I downloaded TCP View to check this and it looks like port scan (?) because firefox etc are trying to open a port very high number (for example 49612) and then goes further (49613, 49614 etc), but TCP view showed state syn_sent so something is preparing to send but fortunately always 0 bytes are sent because Comodo blocking this. Before windows7 reinstall I downloaded WireShark to check what data exactly are sent  but I'm unable to read Wireshark data output.


Of course I know that browser are sending data to a lot of places, there are widgets, cloudflare, google, etc but this IP number is unrelated to browser.




I also thought that maybe is Windows7 doing this but I have other PC with windows7 and these connections are not seen there.


Thank you very much for reading this. Can I ask for help? I think I won't solve this alone...thank you.


EDIT: i forget to add that after windows 7 reinstall connections to this IP are still there, reinstall changed nothing

Edited by marky331, 27 September 2017 - 11:58 AM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 PM

Posted 10 October 2017 - 02:08 PM

No problem sorry for the delay...we should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users