Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Possible connection to my PC. Tried as much as I know.

07 May 2014   #1

windows 7 pro 64
 
 
Possible connection to my PC. Tried as much as I know.

I was on last night and had skype running inbackground and malwarebyes notified me out of nowhere..




Then I turned off all connections to internet liek browser etc.. restarted to do a netstat.. it showed established on 1 only..to foreign address and ip address:server. Also mouse started being bit unusual.

I ran malwarebytes.. all ok except 2 cookies.
I ran CCleaner all ok
I ran AVG Pro... all ok
I ran Kaspersky rootkit killer.. all ok

I can run dds.scr and give logs if that's what ye do on here.

When I ran netstat this morning, the established connection now does not show from last night,

there are some established but to my ip i think? example connection 127.0.0.1:65400 a port on my PC.. I'm not sure I can screenshot if needed.. also there are a few time_waits..

I've also started using firefox and not IE explorer.. but i tried uninstall IE and it won;t show up in ccleaner to uninstall or in remove programs.

let me know if you look at logs.. .. any help would be great...


My System SpecsSystem Spec
.

07 May 2014   #2

Windows 7 ultimate 64-bit
 
 

From the sounds of it; it sounds like someone(hacker maybe?) was trying to access your system remotely(well obviously). I would turn of all "remote" connections that allow other people to access your pc remotely; as that is a big security loophole in windows unfortunately; and I dont believe microsoft has ever found a way to completely secure remote connections. So if you ever have to use it; once yer done; disable the connections. I dont recall exactly where it is right now; but there is a check box in the system control panel somewhere that will allow you to disable remote connections.
My System SpecsSystem Spec
07 May 2014   #3

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Hi there.

If you are on a HOME connection with a Router then a hugely valuable piece of infortmation is to look at the router logs. Usually acessible via 192.168.0.1 or 192.168.1.1 and you get the routers control panel.

I think also Virgin UK customers can get at this sort of stuff too. Check the documentation to get access to the routers / tivo / cable box's control panel.

The router should be able to STOP anything incoming before it even GETS to your PC.

I'm not sure though if you are on a CABLE connection whether you can get the same sort of info. -- Sometimes the older slower stuff provides more assistance than the One-click setup of all modern gear.

The other thing is to ensure your INCOMING firewall blocks all ports other than those you specifically need.

Cheers
jimbo
My System SpecsSystem Spec
.


07 May 2014   #4

windows 7 pro 64
 
 

Ok, @ matts6887 I went to remote desktop and done opposite to what is in settings here...


@jimbo45

Based in Ireland.. but I'm logged in to router now.
Logs show all from januuarty 1st a lot of info, the next date is may 7th with lots of info which was this morning when it happened?

I'm unsure what logs mean.. its listed from 4:58 this morning up until 5minutes ago, here are the 1st logs since january 1st...

45 May 7 04:58:09 INFO set time to 2014/5/7/ 4:58:9 46 May 7 04:58:12 INFO Internet up, PPPoE LLC, 8/35, IP=(EDITED OUT IP COS DNO IF SHOULD POST IT)
47 May 7 04:58:16 INFO Periodic inform fail 48 May 7 04:58:22 INFO Periodic inform success 49 May 7 04:58:54 INFO received INFORM 50 May 7 05:09:01 INFO received INFORM 51 May 7 05:13:35 INFO received INFORM 52 May 7 05:15:16 INFO received REQUEST 53 May 7 05:15:16 INFO sending ACK to 192.168.1.1

If the connection was established last night on netstat then possibly he has access and will connect later, these logs go up from 53 to 356 so far? Is this normal?
My System SpecsSystem Spec
07 May 2014   #5
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Here's what I get Googling the IP shown, but may not be correct.
89.28.98.167 | IPLocationTools.com

I pinged 89.28.98.167 and I got the same MBAM warning too but I didn't see it in time to note what app it was from. A second ping did nothing.
My System SpecsSystem Spec
08 May 2014   #6

Microsoft Community Contributor Award Recipient

Windows 7 Pro 64 SP1
 
 

Quote   Quote: Originally Posted by peader99 View Post



... but i tried uninstall IE and it won;t show up in ccleaner to uninstall or in remove programs.
IE is part of Windows so you can't actually uninstall it, you can disable it,

Windows Features - Turn On or Off

While newer versions can be uninstalled from windows update, there will always be a version of IE on your system.
My System SpecsSystem Spec
08 May 2014   #7

Windows 8.1 x64
 
 

Skype is a Peer-to-Peer (P2P) application. This means that it connects to a wide variety of IP addresses dynamically in order to establish a connection from one point to another.
Because of this, Skype may sometimes connect to IP addresses that are also known for hosting malicious content such as malware. For this reason, Malwarebytes Anti-Malware may block such connections, though this should not affect your usage of Skype or the quality of communication through Skype itself.




In MBAM 2.0


Clicking the Add Process button allows you to exclude a process which would otherwise be blocked from accessing an internet address. Please note that this option is only functional on Windows Vista Service Pack 2, Windows 7, and Windows 8.x. This is typically of value to users who need to access filesharing and/or peer-to-peer applications. On occasion, IP addresses used by these applications may be blacklisted, so that Malwarebytes Website Protection blocks access to the website as a whole. Excluding the IP address makes the user more vulnerable, as would exclusion of the domain (if the website uses a domain name). Excluding the process — providing that the process is not an internet browser — would allow the P2P application to function without increasing risk.
My System SpecsSystem Spec
08 May 2014   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

IP Information for 89.28.98.167

IP Location: Moldova, Republic Of Balti Starnet S.r.l ASN: AS31252 STARNET-AS StarNet Moldova,MD (registered Mar 31, 2004) Resolve Host: 89-28-98-167.starnet.md IP Address: 89.28.98.167 Whois Serverwhois.ripe.net

ONE-CLICK MONITORING
Create an IP Monitor to monitor future changes to “89.28.98.167”.



My System SpecsSystem Spec
Reply

 Possible connection to my PC. Tried as much as I know.




Thread Tools



Similar help and support threads for2: Possible connection to my PC. Tried as much as I know.
Thread Forum
Solved Local Area Connection missing from network adapters, no connection Network & Sharing
Wireless Connection - WIFI connection not showing up Network & Sharing
Solved Wireless connection works, wired connection does not. Network & Sharing
Wireless network connection lost internet connection Network & Sharing
No Internet Connection/No Network Connection Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:26 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33