MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: My Computer is trying to access my own Computer!
October 19, 2019, 07:05:56 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 19, 2019, 07:05:56 PM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: My Computer is trying to access my own Computer!  (Read 1626 times)
corolla315
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 26


Bookmark and Share

View Profile
« on: July 30, 2005, 03:09:25 PM »

Hi everybody,

For this past week I'm having this problem where Norton Internet Security (NIS) 2005 frequently alerts me with a pop up window saying that it "has detected and blocked an intrusion attempt". Strangely enough, when I had a look at the details of this NIS Security Alert, the computer which is trying to intrude/attack my computer has the same IP address of my own PC! In other words I have something in my system which is trying to access my own computer which results in NIS frequently popping continuous Security Alerts. Below you can find the details of this Security Alert:
TIME: frequently
DATE: daily
INTRUSION: INVALID UDP DESTINATION PORT
INTRUDER: COROLLA315(<ip address> => being my own IP address
RISK LEVEL: MEDIUM
SOURCE IP ADDRESS: COROLLA315(<ip address> => being the same IP address -that is my own IP address.
DESTINATION IP ADDRESS: <different ip address> => not my ip address-a completely unknown/different ip address
UDP SOURCE PORT: a four digit number UDP DESTINATION PORT: 0.INVALID

P.S. Please note that text in CAPS LOCK are the exact details given from NIS whilst the other text is either my comments or an explanation of the exact details.

Furthermore, under the NIS alert assistant, I read that "a computer with the IP address COROLLA315(<ip address> [ being my own IP address], sent information that is characteristic of the Invalid Destination IP Address attack."

After this attack, I scanned my system with Norton Antivirus 2005, MSAS, Xoftspy as well as with online anti-virus/spyware programs available on the internet including Panda ActiveScan, McAfee security and Trend Micro.
Just to let you know my system is made up of a P4 512 MB RAM having Windows XP Service Pack 2 but I don't use Windows firewall as I use NIS.

In this regard, can someone please tell me what's happening and whether there's something I can do to solve this problem?

I thank you in anticipation for your help and support.
Best Regards,

Corolla
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #1 on: August 02, 2005, 12:20:01 AM »

Hello Corolla

Not sure what is going on could you please post a HJT log for me to look over


Also Download and install:  HiJackThis.

(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)

Then doubleclick HijackThis.exe, and hit "Do A System Scan And Save Log". Make sure all Windows and Browsers are closed.
When the scan is finished, best to save your text file in the same folder as where you put HiJackthis.


Copy/Paste the info from your saved Hijackthis log file into this thread
« Last Edit: August 02, 2005, 12:20:26 AM by Geekgirl » Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
lobba123
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« Reply #2 on: August 03, 2005, 09:13:40 PM »


i have the same problem, if possible i would like to email you the log i dont know what the log is so i prefer not to post it pubblic

thank you
Logged

 
corolla315
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 26


Bookmark and Share

View Profile
« Reply #3 on: August 08, 2005, 07:13:01 PM »

Hello Guys....

Thanks very much for your replies.

I would like to excuse myself especially with you Geekgirl that I'm replying a bit late but unfortunately I had to go abroad for the past days for an urgent meeting related to work.

But anyway,as regards the problem we have here, yesterday I was back and just before I was going to post my hijack this log file to you I realised what was the problem and what was actually triggering it.

In fact I realsied that the thing which was causing my problem is a P2P application program which my youngest brother just installed on my PC. I'm not gonna mention the name of this P2P program but I 'm quite sure that it's this application program which is causing it.

Therefore lobba123 I would suggest that you should disable any P2P programs which you have installed recently on your PC. That doesn't mean that your computer is infected with any viruses, trojans or adware. You must always of course run frequent scans and clean the infected files but in my case it wasn t a matter of infected files or a trojan as my PC was found to be 100% clean after I run Norton antivirus and various other scans with other online antvirus programs available online on the web including Kaspersky, McAfee, Panda & Trend Micro. Therefore you should check which P2P program is triggering this problem. Please note that the problem is only caused when THIS SUCH PARTICULAR P2P is running and active in the background - at least in my case you can say it was surely that. I removed it from my PC and now this problem is HISTORY.

I wish you all the luck lobba123 to solve this problem which have caused me lots of headaches but at the end of the day is definitely not a headache....you should not have any problems..

I thank mytechsupport  for this wonderful opportunity to post PC problems.  

Best Regards,

Corolla
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #4 on: August 08, 2005, 11:48:39 PM »

Thank you for sharing that information with us corolla315.
 Im sure lobba123 will benefit from your reply

Thank you for visiting MyTechSupport.ca  Grin
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
cbrylla
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 37


Bookmark and Share

View Profile
« Reply #5 on: August 09, 2005, 12:59:25 AM »

Hi, sorry to use the same thread but I have exactly the same problem. I have been using P2P (Shareaza) for 9 months now, but this recent attacks from my own PC IP are a recent occurence. Here is my Hijack log:

Logfile of HijackThis v1.98.2
Scan saved at 01:59:55, on 09/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Burning\Applications\System Essentials\Spy and privacy software\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O16 - DPF: {E19F9331-3110-11d4-991C-005004D3B3DB} -


Thanks,

Catalin
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #6 on: August 09, 2005, 01:09:28 AM »

Hello Catalin Welcome to MyTechSupport.ca

Unfortunately you are going to have to start a new thread in the security forum Smiley
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
corolla315
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 26


Bookmark and Share

View Profile
« Reply #7 on: August 18, 2005, 07:54:23 AM »

Catalin/GeekGirl,

I will still suggest to monitor Shareaza when used with NIS - I'm not a technical person but I think that there has been an update from Symantec NIS side which is now triggering a security alert everytime this particular P2P program as well as when Shareaza is used.  

Try not to use these 2 programs together. In my case it worked. Just give it a try for a few days and see what happens.

All the best.

Regards,

Corolla

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 04, 2016, 04:56:12 PM