• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

High volume of Unknown traffic in outgoing log of router

I have 3 desktop pcs all with xp home sp2, connected via linksys router to a cable modem.  The modem indicators show constant usage.  The router indicators show that the source of the traffic is this pc.  I have looked at the outgoing log and see a constant stream of unknown URLs. I sample of the list is attached below in the Code are.

Otherwise the machine seems to work fine except that Windows Update will not work.  When I try a local install of the latest Update Agent it get an error  0X8024d007.  Not my major concern at this time.

I have run Windows Live Care and did clear several bugs but both problems remains.  I am now at a loss of where to go next or what to try.  Any suggestions will be appreciated.

Thanks
192.168.1.100      artsf1.spaz.org       SMTP 
192.168.1.100      74.201.243.254      SMTP 
192.168.1.100      border3.honda.com    SMTP 
192.168.1.100       mgw2.dv.fh-frankfurt.de   SMTP 
192.168.1.100      theatlantic.com.inbound10.mxlogicmx.net   SMTP 
192.168.1.100     mail.services.spaces.live.com.nsatc.net SMTP 
192.168.1.100      mail.worth.com SMTP 
192.168.1.100      mail.global.mas.att.com SMTP 
192.168.1.100      219.99.208.223            SMTP 
192.168.1.100     mail.global.mas.att.com SMTP 
192.168.1.100     mscan.sabah.net.my     SMTP 
192.168.1.100      mail.global.frontbridge.com SMTP 
192.168.1.100       smtp.edifecs.com         SMTP 
192.168.1.100      mx.eunet.at                 SMTP

Open in new window

0
jns2
Asked:
jns2
  • 3
  • 2
1 Solution
 
warturtleCommented:
Try browsing to an antivirus website like kaspersky.com or mcafee.com and see if it still gives your problems. I also suggest that you download MalwareBytes Anti-Malware from www.malwarebytes.org and do a full scan with that in safe mode. I think that would be my first step. If you're unable to install MalwareBytes then download it again and save it with a completely different name like jabba.exe and install and run it.
0
 
nrpanchalCommented:
It definately looks like your machine is being affected by some kind of virus. Install any good antivirus, run Live update. Then scan your machine.

It looks like the infected PC is trying to establish SMTP connection with various mail servers.

To know more details, you can use sniffer to capture the data.

Best Regards,
nayan panchal
0
 
jns2Author Commented:
I am running a scan by MalwareBytes for the 2nd time on the infected machine.  I have also run Windows OneCare and found bugs.  If this scan is bug free i will do some testing and probably close the problem with Accepted as Solution.

I have used Norton before (that was a challenge to remove all traces), migrated to AVG, and now moved to Vipre by Sunbelt Software.  It was highly rated by independent reviewers, seemed very effective, and integrated with no problems.  Now after running MalwareBytes and OneCare i find a number of bugs that Vipre missed.  With the good independent ratings how is one to go about choosing a good packge to protect their PC?  I have a strong PC background and thought i did all my homework before moving to Vipre---obiviously not the best choice.
Any input or suggestions are appreciated.

Will probablyclose this when the current scan finishes in a few hours.

Thanks for the help.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
warturtleCommented:
Since you have a personal network, I suggest individual firewalls on each PC. You have a good solution - Vipre but no firewall with it. I suggest ZoneAlarm free firewall. AVG is my favorite in free antiviruses and ZoneAlarm in firewalls.

Its quite possible that viruses may escape detection by antivirus engines, and at such times MalwareBytes, SuperAntiSpyware and ComboFix are the tools that help us with it. MalwareBytes and SuperAntiSpyware are tools that I always have in my PC, I don't install them until I feel the need to do so. They are like supplements to existing antiviruses and can help detect something that antiviruses can miss like rootkits.
0
 
jns2Author Commented:
Thanks for the  help and advice.  I have had the odd bug before but this round has been a killer.  Thanks again for the help.
0
 
warturtleCommented:
Thanks for the feedback and its good to see that the problem has been resolved. You can have MalwareBytes installed on the PCs and not load on startup (this can be changed from the settings within MalwareBytes). Whenever you feel strange things happening in your PCs, then you can just update it and start the scan.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now