?
Solved

High volume of Unknown traffic in outgoing log of router

Posted on 2009-04-19
6
Medium Priority
?
474 Views
Last Modified: 2013-11-22
I have 3 desktop pcs all with xp home sp2, connected via linksys router to a cable modem.  The modem indicators show constant usage.  The router indicators show that the source of the traffic is this pc.  I have looked at the outgoing log and see a constant stream of unknown URLs. I sample of the list is attached below in the Code are.

Otherwise the machine seems to work fine except that Windows Update will not work.  When I try a local install of the latest Update Agent it get an error  0X8024d007.  Not my major concern at this time.

I have run Windows Live Care and did clear several bugs but both problems remains.  I am now at a loss of where to go next or what to try.  Any suggestions will be appreciated.

Thanks
192.168.1.100      artsf1.spaz.org       SMTP 
192.168.1.100      74.201.243.254      SMTP 
192.168.1.100      border3.honda.com    SMTP 
192.168.1.100       mgw2.dv.fh-frankfurt.de   SMTP 
192.168.1.100      theatlantic.com.inbound10.mxlogicmx.net   SMTP 
192.168.1.100     mail.services.spaces.live.com.nsatc.net SMTP 
192.168.1.100      mail.worth.com SMTP 
192.168.1.100      mail.global.mas.att.com SMTP 
192.168.1.100      219.99.208.223            SMTP 
192.168.1.100     mail.global.mas.att.com SMTP 
192.168.1.100     mscan.sabah.net.my     SMTP 
192.168.1.100      mail.global.frontbridge.com SMTP 
192.168.1.100       smtp.edifecs.com         SMTP 
192.168.1.100      mx.eunet.at                 SMTP

Open in new window

0
Comment
Question by:jns2
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:warturtle
ID: 24182992
Try browsing to an antivirus website like kaspersky.com or mcafee.com and see if it still gives your problems. I also suggest that you download MalwareBytes Anti-Malware from www.malwarebytes.org and do a full scan with that in safe mode. I think that would be my first step. If you're unable to install MalwareBytes then download it again and save it with a completely different name like jabba.exe and install and run it.
0
 
LVL 3

Expert Comment

by:nrpanchal
ID: 24183388
It definately looks like your machine is being affected by some kind of virus. Install any good antivirus, run Live update. Then scan your machine.

It looks like the infected PC is trying to establish SMTP connection with various mail servers.

To know more details, you can use sniffer to capture the data.

Best Regards,
nayan panchal
0
 

Author Comment

by:jns2
ID: 24186292
I am running a scan by MalwareBytes for the 2nd time on the infected machine.  I have also run Windows OneCare and found bugs.  If this scan is bug free i will do some testing and probably close the problem with Accepted as Solution.

I have used Norton before (that was a challenge to remove all traces), migrated to AVG, and now moved to Vipre by Sunbelt Software.  It was highly rated by independent reviewers, seemed very effective, and integrated with no problems.  Now after running MalwareBytes and OneCare i find a number of bugs that Vipre missed.  With the good independent ratings how is one to go about choosing a good packge to protect their PC?  I have a strong PC background and thought i did all my homework before moving to Vipre---obiviously not the best choice.
Any input or suggestions are appreciated.

Will probablyclose this when the current scan finishes in a few hours.

Thanks for the help.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 16

Accepted Solution

by:
warturtle earned 1000 total points
ID: 24187206
Since you have a personal network, I suggest individual firewalls on each PC. You have a good solution - Vipre but no firewall with it. I suggest ZoneAlarm free firewall. AVG is my favorite in free antiviruses and ZoneAlarm in firewalls.

Its quite possible that viruses may escape detection by antivirus engines, and at such times MalwareBytes, SuperAntiSpyware and ComboFix are the tools that help us with it. MalwareBytes and SuperAntiSpyware are tools that I always have in my PC, I don't install them until I feel the need to do so. They are like supplements to existing antiviruses and can help detect something that antiviruses can miss like rootkits.
0
 

Author Closing Comment

by:jns2
ID: 31572085
Thanks for the  help and advice.  I have had the odd bug before but this round has been a killer.  Thanks again for the help.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24189208
Thanks for the feedback and its good to see that the problem has been resolved. You can have MalwareBytes installed on the PCs and not load on startup (this can be changed from the settings within MalwareBytes). Whenever you feel strange things happening in your PCs, then you can just update it and start the scan.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question