News Groupie wrote:
I ran netstat at command prompt because I noticed my web browsing
getting ridiculously slow. It came up with 270 connections to my
computer. I know this is not normal. I recognize the AIM, MSN, Trillian
and similiar connections. But most of the other connections established
were to ports "2119" and "http" and most were from foriegn hosts/ips
(.fr, .se, .nl, .it, etc.). I don't have a web server running and I have
no clue what app or service uses port 2119.
How do I fix this so my internet speed isn't boggled down? How do I
prevent this from happening again?
Thanks in advance
P.S. - Yes, I'm running WinXP SP2.
Do a thorough scan for malware. Are you running a firewall? One should
be active at all times when online.
Run these programs to check for spyware/malware. After installing update
them, then boot into safe mode and run them. You should update and run
them weekly.
Cwshredder
http://www.intermute.com/spysubtract/cwshredder_download.html
Ad-aware SE
http://www.lavasoftusa.com
Spybot Search and Destroy
http://www.safer-networking.org
Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html
Pest Patrol Free Pest Scanner
http://www.pestscan.com/ScanOrTrial.asp
If you’re still having problems after running these then run HijackThis
and post the log to one of the specialty forums, _NOT_ this one.
HijackThis
http://www.majorgeeks.com/download.php?det=3155
Forums to Interpret HijackThis Logs:
http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/
After your system is clean use these programs to help keep it clean:
Spywareblaster
www.javacoolsoftware.com/sbdownload.html
Spywareguard
http://www.javacoolsoftware.com/sgdownload.html
IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm
For viruses, start with Trend Micro’s Sysclean. Download it and the
signature file. Turn off system restore, boot into safe mode and run
sysclean. Boot back into normal mode and run a full AV scan with your
normal AV program. Then turn system restore back on.
Trend Micro Sysclean
http://www.trendmicro.com/download/dcs.asp
Trend Micro Signature File
http://www.trendmicro.com/download/pattern.asp
You should also regularly run at least two of these online scans in
addition to your regular up to date AV program:
Online and Downloadable Virus Scanning:
Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Bit Defender Online Virus Scan:
http://www.bitdefender.com/scan/license.php
Symantec Online Virus and Security Scan:
http://security.symantec.com/ssc/home.asp
TrendMicro:
http://housecall.trendmicro.com/housecall/start_corp.asp
McAfee Online Virus Scan:
http://www.mcafee.com/myapps/mfs/default.asp
RAV AntiVirus - Scan Online
http://www.ravantivirus.com/scan/
F-Secure:
http://support.f-secure.com/enu/home/ols.shtml
McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/
[Note: Stinger looks only for a limited number of specific viruses. It’s
not intended for full strength virus scanning and removal, but it can
help eliminate enough threats to allow you to install and scan with a
full featured AV program.]
Make sure you have a firewall active at all times. If nothing else use
the one built into XP, but there are a variety of free third party ones
that do a better job from Sygate, Zone Alarm or Kerio.
Sygate Personal Firewall
http://smb.sygate.com/products/spf_standard.htm
Zone Alarm
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za
Kerio Personal Firewall
http://www.kerio.com/kpf_download.html
Lastly check your system for vulnerabilities. Make sure you have all the
latest security patches from Windows Update too.
Websites which will check for vulnerabilities:
Browser Security Tests:
http://www.jasons-toolbox.com/BrowserSecurity/
Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
www.pcpitstop.com
