Wierd PC Behavior - Scanning IP's constantly!
20 years 11 months ago #1941
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Wierd PC Behavior - Scanning IP's constantly! was created by Chris
Hi people,
I'm just running my packet sniffer and observing some really wired stuff .....
My pc is constantly sending ICMP echo requests (pings) to different IP's that do not exist on the network.
What's alarming is that these pings are being sent at a rate of 45-50 ip's per second! This is the type of behavior you would expect from a virus infected PC, but my antivirus isn't reporting anything.
In the task manager, there dosen't seem to be any sus program running and I'm left scratching my head!
Any ideas or suggestions ?
I'm just running my packet sniffer and observing some really wired stuff .....
My pc is constantly sending ICMP echo requests (pings) to different IP's that do not exist on the network.
What's alarming is that these pings are being sent at a rate of 45-50 ip's per second! This is the type of behavior you would expect from a virus infected PC, but my antivirus isn't reporting anything.
In the task manager, there dosen't seem to be any sus program running and I'm left scratching my head!
Any ideas or suggestions ?
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
20 years 11 months ago #1942
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Wierd PC Behavior - Scanning IP's constantly!
Hmm the bad part is that being ICMP you wont be able to catch the process in netstat or tcpview.
Have you installed any spyware recently ?
What you could do is install zonealarm and when each program tries to access the net it will ask you if you want to allow it to. When you see a process that you're not sure about, you'll have caught the offender.
Thats pretty much how I found a worm on my system, my antivirus didn't say anything.. and then ZA told me that dllhost.exe wanted to send email
All things failing, update virus defs and run a full system scan (dont rely on blodhound heuristics to catch things).. if nothing comes up, do a system restore... or worse a reinstall.
Good luck
Have you installed any spyware recently ?
What you could do is install zonealarm and when each program tries to access the net it will ask you if you want to allow it to. When you see a process that you're not sure about, you'll have caught the offender.
Thats pretty much how I found a worm on my system, my antivirus didn't say anything.. and then ZA told me that dllhost.exe wanted to send email
All things failing, update virus defs and run a full system scan (dont rely on blodhound heuristics to catch things).. if nothing comes up, do a system restore... or worse a reinstall.
Good luck
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
20 years 11 months ago #1960
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Wierd PC Behavior - Scanning IP's constantly!
Actually that's a great idea Sahir.... I'll do it on Monday and post the results here!
Thanks for that!
Thanks for that!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
20 years 10 months ago #2256
by UHSsncmrm
A scapegoat is often as welcome as a solution...never memorize what you can look up.
Replied by UHSsncmrm on topic ICMP ping flood
Sometimes AV software won't detect ping flooding as actual virus...I see that problem with CA's E-trust all of the time, run stinger against the machine.
Merely a suggestion, good luck. Let us know.
Merely a suggestion, good luck. Let us know.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
20 years 10 months ago #2259
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Wierd PC Behavior - Scanning IP's constantly!
Errmmm.... I forgot to update you guys on the problem
It ended up being a worm problem! The worm, which is similar to blaster had infected my machine and was looking for other victims!
All is well now, I'll be making available the trojan scanner for people to download sometime soon!
Cheers
It ended up being a worm problem! The worm, which is similar to blaster had infected my machine and was looking for other victims!
All is well now, I'll be making available the trojan scanner for people to download sometime soon!
Cheers
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
20 years 10 months ago #2260
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Wierd PC Behavior - Scanning IP's constantly!
I'd be interested in seeing that scanner as I have had problems with the speed of my W2K machine and haven't had a chance to look at it yet. My AV doesn't say anything, either.
What was it you did that found the worm and which one was it?
What was it you did that found the worm and which one was it?
Thanks,
Tom
Time to create page: 0.140 seconds