TheDarkKnight Posted February 16, 2013 ID:647933 Share Posted February 16, 2013 Hey migs102006,Please visit the below site:https://www.grc.com/x/ne.dll?bh0bkyd2Follow the instructions and let me know what it tells you please. Link to post Share on other sites More sharing options...
migs102006 Posted February 16, 2013 Author ID:647945 Share Posted February 16, 2013 THE EQUIPMENT AT THE TARGET IP ADDRESSDID NOT RESPOND TO OUR UPnP PROBES! Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 17, 2013 ID:647957 Share Posted February 17, 2013 Hey migs102006,If you scroll down on that page, you will see a bunch of grey bars. One of them should say Service Ports. Please click this and let me know what it finds. Link to post Share on other sites More sharing options...
migs102006 Posted February 17, 2013 Author ID:648109 Share Posted February 17, 2013 GRC Port Authority Report created on UTC: 2013-02-17 at 15:51:50Results from scan of ports: 0-1055 0 Ports Open 0 Ports Closed 1056 Ports Stealth--------------------- 1056 Ports TestedALL PORTS tested were found to be: STEALTH.TruStealth: FAILED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. Link to post Share on other sites More sharing options...
migs102006 Posted February 17, 2013 Author ID:648137 Share Posted February 17, 2013 DarkKnight,Reading the results of the port scans i am at peace with an outside intrusion threat due to the stealth mode of all ports on my pc.More concerned with an internal intrusion...I monitored traffic on my pc and found something that does not seem right?!I have not used Skype today at all, yet it detected Skype communicating with the following IP addresses / ports157.55.235.166 port 4003865.54.61.169 port 443193.120.199.12 port 12350157.56.52.31 port 40027213.199.179.155 port 40032213.199.179.157 port 40008213.199.179.155 port 40018111.221.77.148 port 53910127.0.0.1 port 53910listening 53910listening 443listening 64151listening 80listening 54496Is this normal?migs102006 Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 18, 2013 ID:648392 Share Posted February 18, 2013 Hello migs102006,In a previous post I suggested uninstalling Skype. Did you ever do that? If so, did the probing stop? Link to post Share on other sites More sharing options...
migs102006 Posted February 18, 2013 Author ID:648486 Share Posted February 18, 2013 Hi DarkKnight,Yes, i did uninstall Skype but the probing did not stop. I use Skype for business so i re-installed it.I looked up all the ip addresses that Skype was probing and found out that they were all Microsoft sites around the world. So Skype is not the culprit. Why Skype would ping Microsoft servers every so often is curious to say the least.-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The good news.I finally found out how to configure the Mcafee anti-virus software to block certain IP addresses, as you had also suggested blocking 192.168.1.1 (internal router address).As soon as i blocked 192.168.1.1 from the internet the external port probing stopped.192.168.1.1 keeps trying to probe ports on my PC once every minute, i guess that this acts as a beacon to the botnet.Looks like we have managed to cage the culprit. I wonder if the malware software resides on the router software itself?migs102006 Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 18, 2013 ID:648592 Share Posted February 18, 2013 Hello migs102006,Why Skype would ping Microsoft servers every so often is curious to say the least.Microsoft is merging its Windows Messenger with Skype, so that is probably part of the reason.Please do the following to reset your router:Turn off your computer.Unplug or turn off your DSL/cable modem.Locate, on the back/front/side of your router, the small button that reads Reset.While pressing the Reset button, turn on/plug in the router. Hold for 30 seconds.Wait for your Power, WLAN and Internet lights to turn on.Plug in or turn on your modem (if it is separate from the router otherwise disregard this step).Open your web browser to see if you have an internet connection. If you still don't have an internet connection you may need to restart your computer. Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 22, 2013 ID:649976 Share Posted February 22, 2013 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
migs102006 Posted February 23, 2013 Author ID:650360 Share Posted February 23, 2013 Hi DarkKnight,Apologies for not coming back to you, i was in the midst of job interviews. Best of all - i got the job-, hurray!In any case, after about 24 hours of inactivity, all of a sudden my PC started getting port scanned -AGAIN-.Looking to solve the problem from another angle, i approached the Mcafee community and i was give the link below.https://community.mcafee.com/docs/DOC-2168You will recognize several of the anti-virus/anti-malware software links. :-)I went through each one of the links and frankly did not expect any anomalies to be detected. I guess i had given up...While running 'Stinger' the program detected the Artemis virus in one of my download folders.It removed the virus and the port scanning/port probing stopped all together.I i where to surmise what happened, i would venture to guess that i had a version of the Artemis software that somehow acted as a beacon for a botnet of PCs to probe the ports on my PC.Nasty stuff!migs102006 Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 23, 2013 ID:650394 Share Posted February 23, 2013 Hey migs102006,Great!Just a side note: I am away until Tuesday.Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Link to post Share on other sites More sharing options...
migs102006 Posted February 23, 2013 Author ID:650431 Share Posted February 23, 2013 DarkKnight,Checkup file attached.Thanks for all your help.Best regards,migs102006checkup.txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 26, 2013 ID:651211 Share Posted February 26, 2013 Hello migs102006,Please follow the instructions below to remove older versions of Java: Please go to Start>Control Panel>Programs. Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Select Uninstall.=====Your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:Please go to Start>All Programs>Adobe Reader.Open Adobe Reader and navigate to Help>Check for Updates.Please follow the prompts to install the latest version.Please let me know how that goes. Link to post Share on other sites More sharing options...
migs102006 Posted February 28, 2013 Author ID:652029 Share Posted February 28, 2013 Removed old version of Java.Installed latest version of Adobe Acrobat Reader. Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 28, 2013 ID:652058 Share Posted February 28, 2013 Hey migs102006,A little housekeeping to uninstall ComboFix:Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:ComboFix /uninstallNote: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.Right-click the Recycle Bin and please select Empty Recycle Bin.=====Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.Please consider installing and running the following program (there is a free version available):SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:http://www.spywarewarrior.com/rogue_anti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.Please also read Tony Klein's excellent article: How did I get infected in the first place.Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. Link to post Share on other sites More sharing options...
migs102006 Posted February 28, 2013 Author ID:652073 Share Posted February 28, 2013 DarkKnight,Thank you so much. Enabled automatic updates. (A bit reluctant as i have been burned by poorly tested Microsoft updates in the past.)Combofix was uninstalled.Using Google Chrome.Installed SpywareBlaster.McAfee Site Advisor enabled.Installed FilehippoThank you,migs102006 Link to post Share on other sites More sharing options...
migs102006 Posted March 1, 2013 Author ID:652377 Share Posted March 1, 2013 DarkKnight,Maybe i spoke to soon.Shortly after installing Filehippo, i checked what apps needed to be updated. Skype and Acrobater Reader needed to be upgraded, so i did. Shortly after installing the upgrades, the ports on my PC started being scanned/probed again.I have McAfee, MalwareBytes, Spybot 2, SpywareBlaster and SuperantiSpyware loaded on my PC. Is it normal for PCs all over the world to probe the ports on your PC?Should i just give up and live with a botnet of zombies knocking at my ports, as long as they cannot penetrate the firewall?migs102006 Link to post Share on other sites More sharing options...
TheDarkKnight Posted March 1, 2013 ID:652380 Share Posted March 1, 2013 Hello migs102006,Please try Stinger again and see what it finds. Link to post Share on other sites More sharing options...
migs102006 Posted March 2, 2013 Author ID:652724 Share Posted March 2, 2013 Tried Stinger, did not find any viruses, malware. Link to post Share on other sites More sharing options...
TheDarkKnight Posted March 3, 2013 ID:652772 Share Posted March 3, 2013 Hey migs102006,I think we have made it to an area I am not familiar with. You don't appear to have any malware, given the tools haven't found anything, and I don't know much about ports and how to close them etc. You could try posting a topic in the Internet section of this forum.Sorry I can't be of any further help. Link to post Share on other sites More sharing options...
migs102006 Posted March 3, 2013 Author ID:652923 Share Posted March 3, 2013 DarkKnight,Thanks for your help and efforts.For the record, all the ports on my PC are closed (McAfee). migs102006 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 10, 2013 ID:655471 Share Posted March 10, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts