R
Richard In Va.
I think I got a virus that causes excessive port scans.
Last week a web page wanted to install an active-x feature and I allowed it
to my regret. A few minutes later, I noticed excessive network activity on
my DSL modem. Closing my browser and all open applications, the activity
continued to run wild.
A list of my attempts to find/fix the problem...
1- Updated to Vcom System Suite 7 Pro and ran a full scan.
2- Ran AVG Anti-Spyware Free Edition.
3- Ran McAfee Stinger
4- Ran Spybot Search & Destroy
5- Ran Symantec FixBlast.exe
6- Ran Symantec FixWelch.exe
7- Ran Trend Sysclean
8- Ran windows Defender
9- Ran Symantec online anti-virus scanner
These I've run in normal AND safe mode. Some have found some problems and
cleaned them up but my problem persist.
Watching my network traffic, \system32\services.exe & \system32\svchost.exe
seem to be rapidly trying to reach the internet.
If I try to manually block services & svchost from internet access via Vcom
Firewall I'll see that both will start up multiple instances (many) in the
Vcom Net Defense Firewall list of applications trying to access the
internet. Vcom will see alot of this as high risk port scans and will block
much of it.
When this gets going, my CPU usage will vary from 10%-40% and my bandwidth
gets all eat up making it hard to even browse a web page.
The weird thing is that much of the traffic is between the LAN IP of my PC
and my DSL modem, but then I begin to see IP addresses I don't recognize and
can't seem to backtrace them. Involved port numbers are all over the place,
but seem to start off with port 80.
I'm beginning to wonder if services.exe and/or svchost.exe have been
compromised in some way. Anybody got a clue what's going on here?
Thanks for any help!
(let me know if there is a better place to post my question)
Richard in VA.
+++++++++++++++++++++
Last week a web page wanted to install an active-x feature and I allowed it
to my regret. A few minutes later, I noticed excessive network activity on
my DSL modem. Closing my browser and all open applications, the activity
continued to run wild.
A list of my attempts to find/fix the problem...
1- Updated to Vcom System Suite 7 Pro and ran a full scan.
2- Ran AVG Anti-Spyware Free Edition.
3- Ran McAfee Stinger
4- Ran Spybot Search & Destroy
5- Ran Symantec FixBlast.exe
6- Ran Symantec FixWelch.exe
7- Ran Trend Sysclean
8- Ran windows Defender
9- Ran Symantec online anti-virus scanner
These I've run in normal AND safe mode. Some have found some problems and
cleaned them up but my problem persist.
Watching my network traffic, \system32\services.exe & \system32\svchost.exe
seem to be rapidly trying to reach the internet.
If I try to manually block services & svchost from internet access via Vcom
Firewall I'll see that both will start up multiple instances (many) in the
Vcom Net Defense Firewall list of applications trying to access the
internet. Vcom will see alot of this as high risk port scans and will block
much of it.
When this gets going, my CPU usage will vary from 10%-40% and my bandwidth
gets all eat up making it hard to even browse a web page.
The weird thing is that much of the traffic is between the LAN IP of my PC
and my DSL modem, but then I begin to see IP addresses I don't recognize and
can't seem to backtrace them. Involved port numbers are all over the place,
but seem to start off with port 80.
I'm beginning to wonder if services.exe and/or svchost.exe have been
compromised in some way. Anybody got a clue what's going on here?
Thanks for any help!
(let me know if there is a better place to post my question)
Richard in VA.
+++++++++++++++++++++