Cannot disable ICS - possible virus?

Hi

I noticed something very strange... in my Network Connections area I used to have only:
Local Area Connection icon and Wireless Network Connection icon.

But now there's an added "Internet Connection" icon as well...??
When I click on the icon's Properties, and click on "Settings", I get the following popup message:

"... it is not configured to let network users control or disable the shared Internet connection. This setting can be changed in the Advanced Properties of the shared connection on the Internet Connection Sharing computer."

The weird thing is, I'm already on the primary computer (there's only ONE computer on the network!) and my ICS is disabled.

So it appears as if my computer has been hijacked by some virus in some way (although my Avast anti-virus doesn't pick anything up nor does any online scanner) because it appears as if my computer is now the 'shared' computer from some other computer out there on the internet.

How do I stop this? When I go to my "Local Area Network" icon's Properties and click on Advanced, then ICS is disabled anyway. So there's nothing more I can do to disable this it seems.

I cannot delete that new "internet connection" icon, there is no option for that.

What do I do?

Do you maybe have an internet gateway on your network (like a router with a wan port) they normaly show up as internet connection or internet gateway even iBurst does this.

I use a DG834GT adsl NetGear router and have two computers connected to it. However, one is almost always switched off (now as well). So it's basically one this one laptop I'm now now, that's connected.

I don't have any bridged connections. My ISP username/pwd is entered on the router itself.

Gunny, if you're saying that my netgear router is the reason why the extra "internet connection" icon is showing, then why didn't it show up before? I don't recall ever seeing that extra icon. I'm used to only seeing my LAN icon and Wireless LAN icon only.

That is not ICS - check for a setting on your router / modem called Upnp (Universal Plug and Play)and turn that off.

It was the uPnP setting on my router, thx Anthropoid.

However, what kind of device/services will stop working with uPnP disabled on the router now? (it was enabled by default) What kind of problems can I expect, if any?
I have uPnP disabled on the computer itself (disabled services: SSDP Discovery Service & Universal Plug and Play Device Host).

What kind of devices/software require uPnP to be enabled to work?
My network printer, attached webcam, chat software etc. still seem to be working fine. I know some chat software uses random ports to listen to (and for file transfers) and I suppose uPnP enabled would help that but so far I have no problems.

You should not have any issues with it turned of -IMO it is safer, because someone can be on your subnet and just discover your devices / shared net connections.

When devices incorporating UPnP technology are physically connected to the network, they'll connect automatically to one another over the network, without the need for user configuration or centralized servers.

Click to expand...

Unfortunately I did pick up one problem when I disable UPnP on the router, my Windows Live Messenger (MSN) suddenly acts up, it disconnects frequently.

If I disable UPnP I cannot manually setup port forwarding for WLMessenger in the router because it uses random ports in a wide range.

I use WLMessenger frequently so I'm now forced to enable UPnP again. I couldn't find any decent workaround to make WLMessenger work 100% if UPnP is disabled on the router. WLM appears to require the SSDP service in XP (to be enabled).

I never had a problem with uPnP enabled. Just make sure your systems are secure.

That's just the problem with UPnP, even if your systems are secure, with UPnP enabled you're effectively authorising it to open ports the firewall on your behalf. That's what UPnP does, opens ports as it see fits. At least if you have it disabled, you can manually use port forwarding and therefore decide yourself which ports to open etc. Then you're in control as the user. I like being in control.

UPnP is merely convenient since you don't have to setup port forwarding rules and other configurations but it will always be a security threat to your LAN. Creating a new port mapping rule via the UPnP protocol is done without any authentication of the port mapping requesting entity which means that any program running on one of the LAN computers can open additional ports in the router without any user interaction or user notification(!)
With UPnP functionalities enabled a trojan that could successfully infect one of the LAN computers beforehand can now through UPnP open additional ports in the router on the fly.

Good example is software like BitComet, by default it's set to open a random port through UPnP (by default) or you can disable all that and choose a port yourself and setup your router manually to forward that port for torrent traffic. Now you know the port number and what it's used for.

I'd much rather disable UPnP and setup port forwarding manually for any applicable application to have more control. Just a pity Windows Live Messenger uses random ports from a wide range to function which makes manual setup irrelevant/tedious.