Results 1 to 4 of 4

Thread: Suspect activity

  1. #1
    ianwest Guest

    Default Suspect activity

    I am at my wits end!

    XP Home SP2, Norton System Works 2004, ZoneAlarm Pro version 6.5.737.000 with anti-spyware on, ADSL connected by modem to the main computer and a LAN using a direct cable connection between Main and Spare computers using Free Proxy to allow the Spare to access the internet through Main. Spare is running Win98 SP2

    I don't know if I have two problems or one and even if I did I have not been able to find the cause. The problems are with Main - Spare does not seem to be affected and shutting it down does not stop the problem.

    I have scanned my computer several times with Norton AV and just recently tried AVG Free both with negative results.

    Every now and again ZA alerts me that a program is trying to send an email with a sender address that is not mine and/or more than one message is being sent. My outbound mail rules only allows one of two sender addresses and only one message to be sent at a time. On one occasion the sender was hgjuieirw@msa.hinet.net and the message was addressed to eric.vip@msa.hinet.net with a subject of BC 203.109.211.52. This problem occurs at irregular intervals usually days apart but when it does occur it occurs several times during the day and sometimes becomes so frequent that I have to restart the computer to stop it. After such an episode it usually does not re-occur for several days or even two or three weeks.

    The other problem is more recent or I have only recently noticed it. There is considerable internet activity that I have not initiated. It amounted to about 140 Mbytes sent and received yesterday and so far about the same today and appears to be in small packets of about up to 2 Kbytes at irregular intervals of a fraction of a second to several seconds. I have checked program control in ZA to see if I could find the culprit and it seems that svchost.exe is being used by an anonymous program to access the internet.

    All my programs seem to be running normally and the performance tab in Windows Task Manager does not show any abnormal CPU or memory usage.

    Can anyone suggest what I should do?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Suspect activity

    http://www.dnsstuff.com/tools/ip4r.c...203.109.211.52

    This is a BlackListed Server (BLDNS or BDNS). Definitely spam, as you aleady knew.

    What does the netstats show? Tried anything like>

    Port Explorer (shareware)>

    http://www.diamondcs.com.au/portexpl....php?page=home

    TCPViewer (freeware)>

    http://www.microsoft.com/technet/sys...s/TcpView.mspx

    Port Repoter (freeware)>

    http://support.microsoft.com/kb/837243

    Packet Sniffer>

    http://en.wikipedia.org/wiki/Packet_sniffer

    Where is the Generic Host Process (svchost,exe) going to? Is it the DNS server of your ISP? The first three tools will find out where it goes.

    Oldsod
    Best regards.
    oldsod

  3. #3
    ianwest Guest

    Default Re: Suspect activity

    Thanks for these links Oldsod

    I had tried SpyAgent but it told me nothing - I will try these.

    In the meantime I have disabled Free Proxy and ordered a router/modem and I hope that will plug that hole.

    Will keep the forum advised on what I have found.

    ianwest

  4. #4
    ianwest Guest

    Default Re: Suspect activity

    Just an update

    I downloaded and installed Port Explorer from DiamondCS - it worked ok for a day and then locked me out of the 30 day evaluation period.

    I was impressed with the program and decided to buy it but never got an unlock code - apparently DiamondCS has disappeared off the face of the earth but RegSoft (Digital River) are still accepting orders. See here http://www.wilderssecurity.com/showthread.php?t=156737

    I have now got my new router installed but because of the stuff up with Port Explorer am no closer to analysing my problem.

    Can someone suggest a good alternative to Port Explorer? I was not impressed with the Microsoft offerings.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •