GOCARDSGO32
asked on
Where are these IP packets coming from? (blocked by AntiVir)
I'll constantly get a pop up from Avira AntiVir Internet Security that its blocked an IP packet. Are these things dangerous? I'm doing a trial with the Internet Security package, and they pop up a lot that they're being blocked. I'm not exactly sure what they are or do, I don't have any spyware ro adware on my computer doing scans. I also made a note of the IP's as they popped up. Some will pop up constantly as the same number, some only seen once or so.
41.215.120.154
74.128.17.114
209.235.28.74
66.102.1.97
64.233.169.97
130.126.72.51
80.86.84.212
98.105.132.164
60.18.161.7
Do these pose any danger, and what do they originate from? Not necessarily the IP's themselves, but just IP packets in general. Thanks.
41.215.120.154
74.128.17.114
209.235.28.74
66.102.1.97
64.233.169.97
130.126.72.51
80.86.84.212
98.105.132.164
60.18.161.7
Do these pose any danger, and what do they originate from? Not necessarily the IP's themselves, but just IP packets in general. Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info, I'll try a few more times, but I've downloaded Malware Bytes and run to no detection, along with my Avira Antivirus scan I run each night, to no detection. Using WHOIS I identified the IP packets:
41.215.120.154 AFRICAN NETWORK INFO CENTER
74.128.17.114 INSIGHT
209.235.28.74 SPRINTLINK
66.102.1.97 GOOGLE
64.233.169.97 GOOGLE
130.126.72.51 UNIVERSITY OF ILLINOIS CHICAGO
80.86.84.212
98.105.132.164
60.18.161.7
77.67.44.203
74.137.17.85 INSIGHT
Insight is my cable company, so I emailed them asking what the packets were and pasted the IP's, and with University of Illinois I emailed them asking too, I have no idea what they were from. Using this WHOIS site helped a lot. The other IP addresses seemed to be a wide server range. http://www.networksolutions.com/whois/index.jsp
41.215.120.154 AFRICAN NETWORK INFO CENTER
74.128.17.114 INSIGHT
209.235.28.74 SPRINTLINK
66.102.1.97 GOOGLE
64.233.169.97 GOOGLE
130.126.72.51 UNIVERSITY OF ILLINOIS CHICAGO
80.86.84.212
98.105.132.164
60.18.161.7
77.67.44.203
74.137.17.85 INSIGHT
Insight is my cable company, so I emailed them asking what the packets were and pasted the IP's, and with University of Illinois I emailed them asking too, I have no idea what they were from. Using this WHOIS site helped a lot. The other IP addresses seemed to be a wide server range. http://www.networksolutions.com/whois/index.jsp
K,
You have issue
download Gmer
autoruns and process explorer
run a quick sac of Gmer
reste IE secirity and advanced under internet options
You have issue
download Gmer
autoruns and process explorer
run a quick sac of Gmer
reste IE secirity and advanced under internet options
ASKER
I just did a scan in GMER, I don't use IE but I changed the settings, so isn't a probem anyone. Nothing was flagged on GMER. These were the only files listed that I didn't even know where they came from. The rest were from AOL (for the AIM software), from Microsoft, or from Avira.
I think these are only system processes:
---- System - GMER 1.0.15 ----
SSDT 8C54B75C ZwCreateThread
SSDT 8C54B748 ZwOpenProcess
SSDT 8C54B74D ZwOpenThread
SSDT 8C54B757 ZwTerminateProcess
SSDT 8C54B752 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 81CFCA18 4 Bytes [5C, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81CFCBE8 4 Bytes [48, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 640 81CFCC04 4 Bytes [4D, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CFCE18 4 Bytes [57, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4
I'm beginning to think the IP packets were harmless, because running WHOIS lookups, some were common, and another IP I had listed I found belonged to Avira, and a couple other were from google. They seem to be sent out on web surfing.
I think these are only system processes:
---- System - GMER 1.0.15 ----
SSDT 8C54B75C ZwCreateThread
SSDT 8C54B748 ZwOpenProcess
SSDT 8C54B74D ZwOpenThread
SSDT 8C54B757 ZwTerminateProcess
SSDT 8C54B752 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 81CFCA18 4 Bytes [5C, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81CFCBE8 4 Bytes [48, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 640 81CFCC04 4 Bytes [4D, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CFCE18 4 Bytes [57, B7, 54, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4
I'm beginning to think the IP packets were harmless, because running WHOIS lookups, some were common, and another IP I had listed I found belonged to Avira, and a couple other were from google. They seem to be sent out on web surfing.
ASKER