Is this some spyware doing its work?

I am having problems with my internet connection these days.
A couple of times a day, my internet connection just drops.
I am getting suspicious now that the firewall blocks all, based on a tremendous amount of requests from the inside on all sorts op IP adresses. In the firewall logs I find long lists like this

13/04/2010 22:47 --- Exceed MAX incomplete, sent TCP RST --- nnn.nn.nn.22:3990 --- 81.49.90.74:80 => wanadoo.fr
13/04/2010 22:47 --- Exceed MAX incomplete, sent TCP RST --- nnn.nn.nn.22:3986 --- 81.49.90.74:38369 => wanadoo.fr
13/04/2010 22:47 --- Exceed MAX incomplete, sent TCP RST --- nnn.nn.nn.11:1592 --- 89.152.251.91:80 => netcabo.pt
13/04/2010 22:47 --- Exceed MAX incomplete, sent TCP RST --- nnn.nn.nn.11:1591 --- 89.2.71.234:80 => numericable.fr
13/04/2010 22:47 --- Exceed MAX incomplete, sent TCP RST --- nnn.nn.nn.11:1590 --- 188.116.134.119:80 => orn.ru
13/04/2010 22:47 --- Exceed MAX incomplete, sent TCP RST --- nnn.nn.nn.11:1586 --- 89.152.251.91:443 => netcabo.pt

first IP adres is the source computer, second IP adres is the target, after the "=>" I put the target domain, which I derived using tracert.
I think that the target domains are very suspicious.
Anyone an idea what this could be?
Some computers have skype chat, all computers have kaspersky. I don't have a clue on how to interprete this behaviour, and if it is bad, how to remove it

Thanks for your help

Geert
LVL 61
Gertone (Geert Bormans)Information ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dboltCommented:
Not sure, but I'd run Malewarebytes
luckboxCommented:
Def sounds like some bad traffic, maybe some P2P action inside your network (multiple pc's in network?).  I would also load up Pheonix Labs PeerGuardian on the local machine to monitor outgoing TCP/IP requests.
optomaCommented:
Hi Gertone,
What make+model of router?
How many machines behind router?
When connection drops, above firewall logs coincide with drop, or logging occurs at random times of day?

>Router may not be able to handle "workload"?
>Possible DOS?
>Spyware as you suspect?
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Gertone (Geert Bormans)Information ArchitectAuthor Commented:
Zywall 5 from Zyxell
zywall goes directly to server
and via a switch to a bunch of laptops, sometimes 2, often 3

above firewall logs coincide with drops
it feels as if the zywall starts blocking all trafic when it gets a huge amount of these requests in a short period of time.
The trigger though is weird since traffic comes from all machines, server included, at exactly the same time,
so even if it is a timed execution,  clock time is not exactly the same on all computers,
as if there is an external trigger for all machines

server is win 2003, laptops are XP Prof, service pack 3
Gertone (Geert Bormans)Information ArchitectAuthor Commented:
well and yes, I was thinking about a DOS, but from the inside out

this is home office setting, so no gameplay, only business, no P2P stuff other than skype, no MS messenger
optomaCommented:
Possibly, or some backdoor bot/botnet junk causing this.
Wouldn't rule out the router acting up either, or due to spyware, its being flooded and drops.

Unfortunately, Not to informed on something like this regarding those logs :(

But no harm to scan those systems as mentioned with Malwarebytes
http://www.malwarebytes.org/mbam-download.php

>>Scan them with Hitmanpro first as if there is a patched system file, Hitmanpro will try and replace it
http://www.surfright.nl/en/hitmanpro

Post logfiles from Mbam if anything detected and write down anything which Hitmanpro detects.





Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sb7785Commented:
In addition to the other great suggestions posted; if they all fail, try creating a bootable antivirus CD. If that doesn't fix it, then you've got some serious problems. It's always good to keep on hand at anytime:
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_25347695.html 
http://www.experts-exchange.com/articles/Storage/Misc/Creating-a-bootable-CD-USB.html 
What I like is that there are just some pesky items that can't be removed while in Windows. I run from a bootable source first, then go into Windows and see what's left over and then deal with it after. The bootable CD sometimes will take care of 80-100% of the infected items; making it that much easier. Best of luck to you.
Gertone (Geert Bormans)Information ArchitectAuthor Commented:
Thanks guys for the helpfull hints.
At the end of the day it turned out that the modem was malfunctioning and since that blocked the router, skype went crazy on the computers behind the firewall. But I got some interesting hints for finding malware, which I used.
Sorry for closing this so late, but it took me some time to figure all out
optomaCommented:
Not to worry. Glad that you got it sorted :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.