PC sends packets and cannot connect to Internet

D

DCG

Member
Joined
Feb 23, 2006
Messages
12
Reaction score
0
Hi, I have ADSL at home (Telkom ISP) and use the Telkom WI-FI stick to connect to the router wirelessly. Problem is that when I connect to the Internet, I cannot even get to a web page (Though the DNS seems to work), pages always timeout. My anti-virus and anti-spyware couldn't find anything. Eventually I reinstalled Windows XP Prof SP2 after quickformatting the C: drive.

I installed Comodo firewall, and saw that svchost.exe was continuously sending packets to the following addresses when I connect to the Internet:
193.108.95.56:80 and on port 53
193.108.95.110:80

There is no way that I know of to block individual ports on Comodo, so if you can tell that will also help. Would it be possible that the virus infected the boot sector, so it would survive a Windows XP reinstallation?

Also, can the ADSL wireless router be infected with a virus?

Thanks
D.
 
Additional whois information for 193.108.95.56:

[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '193.108.88.0 - 193.108.95.255'

inetnum: 193.108.88.0 - 193.108.95.255
netname: AKAMAI-PI-1
descr: Akamai Technologies
country: EU
admin-c: NARA1-RIPE
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NARA1-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
status: ASSIGNED PI
mnt-by: AKAM1-RIPE-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: AKAM1-RIPE-MNT
source: RIPE # Filtered

role: Network Architecture Role Account
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
e-mail: [email protected]
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
tech-c: APB15-RIPE
nic-hdl: NARA1-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

person: John Payne
address: 307 Thacher St
address: Milton
address: MA, 02186
phone: +1 617 444 2562
fax-no: +1 617 444 2562
e-mail: [email protected]
nic-hdl: JP1944-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

person: Noam Freedman
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
e-mail: [email protected]
nic-hdl: NF1714-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

% Information related to '193.108.94.0/23AS20940'

route: 193.108.94.0/23
descr: Akamai Technologies
origin: AS20940
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

Additional whois information for 193.108.95.110:

[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '193.108.88.0 - 193.108.95.255'

inetnum: 193.108.88.0 - 193.108.95.255
netname: AKAMAI-PI-1
descr: Akamai Technologies
country: EU
admin-c: NARA1-RIPE
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NARA1-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
status: ASSIGNED PI
mnt-by: AKAM1-RIPE-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: AKAM1-RIPE-MNT
source: RIPE # Filtered

role: Network Architecture Role Account
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
e-mail: [email protected]
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
tech-c: APB15-RIPE
nic-hdl: NARA1-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

person: John Payne
address: 307 Thacher St
address: Milton
address: MA, 02186
phone: +1 617 444 2562
fax-no: +1 617 444 2562
e-mail: [email protected]
nic-hdl: JP1944-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

person: Noam Freedman
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
e-mail: [email protected]
nic-hdl: NF1714-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

% Information related to '193.108.94.0/23AS20940'

route: 193.108.94.0/23
descr: Akamai Technologies
origin: AS20940
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered


Best way, if you are serious about blocking off traffic, is to do it with a dedicated hardware firewall like Smoothwall or IPCop tho...

You can't block port 80 - otherwise you won't be able to browse...

Port 53 is DNS queries - I think what happened here is that your PC queried Akamai for some DNS records - there's nothing to be alarmed about these.

If you block ports 80 and 53, then you can't browse or access the Internet at all...

I have heard that some r00tkits, virii and trojans can survive a reinstallation, although I still have to experience this. The only way to detect these scum, is again, with a dedicated firewall.

ADSL routers, AFAIK, can't be infected with a virus.

I don't know of other firewalls with a default-deny installation (where all ports are closed) and you have to manually open them (Smoothwall's closed security policy) or some are open (half-open security policy) or there's no blocked ports (full open policy). - this is for outgoing packets btw.
 
Last edited:
OK, my question though is why a clean reinstall of Windows XP SP2 doesn't fix the problem?
 
What problem?

I suspect it is the Windowsupdate feature of XP trying to "phone home"...

As there is no more data that's all I can suspect. Crystal ball's in for repairs, sorry.

Try to download either ClamWin or AVG Free, update them, and scan for suspicious files in safe mode.

Also, use Spybot S&D and Ad-Aware to sniff out spyware.

McAfee's got a r00tkit-removal tool - try it and see what gives. http://www.pcsupportadvisor.com/rootkits.htm
 
Thanks.

I wanted to install Spybot, but it wants me to connect to the Net to access some php file when its busy installing, which doesn't work because I cannot connect to the Internet! Therefore I cannot install SpyBot 1.5.
I have ad-aware as well, not the latest updates though.
The problem is all these spyware programs don't provide a seperate download for the latest definitions, except avg anti-spyware.
I did try the Microsoft RootKitRevealer from SysInternals yesterday. It picked up some funny files and empty registry settings, but fixing that didn't change anything.

What beats me still is how this thing can survive a reinstall of Windows XP.
 
First sort out the internet connection. Temporarily disable Comodo to check whether that is the problem. Right lick on tray icon then select adjust security level==>Allow all. Don't forget the switch it back on again later.

To block those two addresses.

Comodo==>Security==>Network Monitor==>Add

Then set up a new rule with:
Block
TCP/UDP
In/Out
Destination==>Single IP

Then move the rule all the way up the list and do the same with the other IP. Do same again, but this time put the IP in Source not destination, so that stuff from that IP to your PC is also blocked.
 
just athought, the last time i had a send packets but not receive i phoned telkom and asked them to reset my dslan port...
 
Do you use a DHCP or static IP address??

Its possible your pc has lost its DNS settings. Renew your ip address if you use DHCP.

You can also try double-clicking the network connection icon in the taskbar near the time. Then click on support/repair. It kind of does the same thing
 
Ditto - what they said above. Your pc is trying to do a automatic update.

If you reinstalled XP (a bit drastic but too late its done) and the AV and AS couldnt find anything I seriously doubt you have maleware/trojans/rootkits on your machine.

What is the exact pproblem? svchost will send traffic out on port 80 and 53 (http and DNS) - its supposed to do that.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X