Busy Adapter (Firewall Log Sample Included)

[kcheston]

Please help. a single computer on a 10 compter network
generating this traffic (below) at idle. This is
constant. It continuously opens and closes a series of
sequential UDP port, for example 4555 to 5000, then opens
3001 thru 3092, then Close a similar range. The opening
and closing of hundreds of ports happens in a matter of
seconds (9 to 15 per second).

See below. This is from the XP firewall log.
What can be causing this? net stat shows nothing active,
task manager shows nothing either. no viruses, no ad
ware (that can be detected with what I have). Any
suggestions?


EXAMPLE
2004-08-16 13:20:53 OPEN UDP 192.168.1.40 207.217.77.82
4555 53 - - - - - - - -
2004-08-16 13:20:53 OPEN UDP 192.168.1.40 207.217.120.83
4556 53 - - - - - - - -
2004-08-16 13:20:53 OPEN UDP 192.168.1.40 207.217.77.82
4557 53 - - - - - - - -


*****************Up to 5000, then starts at 3001 thru
3092, then begins closing as follows...



2004-08-16 13:21:53 CLOSE UDP 192.168.1.40 207.217.120.83
4429 53 - - - - - - - -
2004-08-16 13:21:53 CLOSE UDP 192.168.1.40 207.217.77.82
4430 53 - - - - - - - -
2004-08-16 13:21:53 CLOSE UDP 192.168.1.40 207.217.120.83
4431 53 - - - - - - - -

 

[Richard G. Harper]

I'd be very suspicious that you do indeed have a virus or trojan on your
computer, or perhaps a backdoor/remote program. What exactly "do you have"
to check for viruses and such?

 

[kcheston]

Mcafee online virus scan and Ad Aware for the spyware. I
feel comfortable about Mcafee, but AdAware's instructions
are kinda unclear. I may be skipping some steps.

Anybody have any experiences with a problem like this one?

 

[Richard G. Harper]

1. Try another online virus scanner, but be aware that if your computer is
already infected an online scanner may be of no assistance. The virus may
already have stealthed itself.

2. Start AdAware, click the "Check for Updates" link, download and install
the updates, then scan your computer and remove everything that AdAware
finds.