Solved Multiple DDoS attacks prevention?

[Lorlan]

I've been receiving DDoS attacks for the past few months from different IP addresses, from different ISPs, from different countries. After finding this post: http://www.sevenforums.com/system-security/212520-multiple-dos-attacks.html
I Tried phoning up my ISP, they said they can't and wont do anything apart from provide my internet, which they're doing. My ISP has a division where I can post log information, but they'll only accept IP's from their IP pool, I managed to find that one of the IP's luckily was and filed a report. But I wont get a reply if any action is taken, and as the attacks are still coming I'm guessing they've done little or nothing. Eventually my ISP said that I should call my local authorities as it's an illegal activity. Currently waiting for a call back from my local authorities to see if they can help, but in the mean time my ISP also said to try on forums.

Some basic information about my setup.
ISP:Virgin Media(UK)
Package:8Mbps unlimited home broadband(capped to 2Mbps due to a SNR reset, which caused me to check my router log and is when I found my router logging attacks a week after the reset)
Router: Netgear DGN1000(running virgin's firmware)
Router Settings: MAC filtering, WPA2-PSK, Ping disabled on WAN, Using Comodo's DNS servers, dynamic IP
Antivirus etc: Avast! Free, Malwarebytes, Comodo Firewall, Microsoft Security Essentials(All of these apart from MSE are installed on all 3 of my PC's, MSE is only installed on one of them, also using Comodo's Port Stealth feature)

Here's part of a log showing attacks(my IP's changed since this and I omitted the other stuff the router was logging, but can add this if needed):

[DoS attack]from source:123.7.87.215, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=112 ID=58666 PROTO=UDP SPT=1052 DPT=11416  - Mon, 2012-04-02 00:11:34
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=107 ID=17722 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:35
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=107 ID=17723 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:35
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=17824 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:36
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=17826 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:36
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=17935 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:39
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=17936 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:39
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=17937 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:39
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=17938 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:39
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=13917 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:40
[DoS attack]from source:58.99.255.232, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=44 ID=23081 DF PROTO=UDP SPT=13699 DPT=11416  - Mon, 2012-04-02 00:11:40
[DoS attack]from source:223.16.45.42, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=48 ID=23723 PROTO=UDP SPT=1323 DPT=11416  - Mon, 2012-04-02 00:11:40
[DoS attack]from source:123.7.87.215, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=112 ID=59047 PROTO=UDP SPT=1052 DPT=11416  - Mon, 2012-04-02 00:11:41
[DoS attack]from source:123.7.87.215, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=112 ID=59048 PROTO=UDP SPT=1052 DPT=11416  - Mon, 2012-04-02 00:11:41
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=3879 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:42
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18177 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:44
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18178 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:44
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18179 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:44
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=13941 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:44
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=13942 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:44
[DoS attack]from source:58.241.241.5, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=49 ID=12128 PROTO=UDP SPT=5127 DPT=11416  - Mon, 2012-04-02 00:11:45
[DoS attack]from source:24.116.58.221, destination source:192.168.0.8 LEN=130 TOS=0x18 PREC=0x40 TTL=47 ID=11717 PROTO=UDP SPT=59505 DPT=52184  - Mon, 2012-04-02 00:11:45
[DoS attack]from source:86.160.50.52, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=48 ID=58231 PROTO=UDP SPT=58307 DPT=11416  - Mon, 2012-04-02 00:11:45
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18242 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:45
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18245 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:46
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18246 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:46
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=4148 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:46
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=4149 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:46
[DoS attack]from source:86.160.50.52, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=48 ID=58233 PROTO=UDP SPT=58307 DPT=11416  - Mon, 2012-04-02 00:11:47
[DoS attack]from source:221.193.240.49, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=47 ID=20922 PROTO=UDP SPT=10128 DPT=11416  - Mon, 2012-04-02 00:11:47
[DoS attack]from source:221.193.240.49, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=47 ID=20921 PROTO=UDP SPT=10128 DPT=11416  - Mon, 2012-04-02 00:11:47
[DoS attack]from source:123.7.87.215, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=112 ID=59268 PROTO=UDP SPT=1052 DPT=11416  - Mon, 2012-04-02 00:11:47
[DoS attack]from source:123.7.87.215, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=112 ID=59269 PROTO=UDP SPT=1052 DPT=11416  - Mon, 2012-04-02 00:11:47
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18321 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18322 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18323 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18324 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=13973 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=13974 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:223.16.45.42, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=48 ID=23739 PROTO=UDP SPT=1323 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=4311 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=4312 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:48
[DoS attack]from source:134.117.250.21, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=107 ID=18447 PROTO=UDP SPT=59780 DPT=11416  - Mon, 2012-04-02 00:11:50
[DoS attack]from source:58.99.255.232, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=44 ID=23107 DF PROTO=UDP SPT=13699 DPT=11416  - Mon, 2012-04-02 00:11:50
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=14004 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:50
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x60 TTL=51 ID=14005 PROTO=UDP SPT=59319 DPT=11416  - Mon, 2012-04-02 00:11:50
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=4436 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:50
[DoS attack]from source:124.95.137.142, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=4438 PROTO=UDP SPT=5384 DPT=11416  - Mon, 2012-04-02 00:11:50
[DHCP IP: (192.168.0.3)] to MAC address 90:84:0D:0B:75:1C - Mon, 2012-04-02 00:19:59
[WLAN access allowed] from MAC: 0c:ee:e6:a8:56:80 - Mon, 2012-04-02 00:22:43
[DHCP IP: (192.168.0.2)] to MAC address 0C:EE:E6:A8:56:80 - Mon, 2012-04-02 00:22:52
[WLAN access allowed] from MAC: c8:33:4b:49:00:aa - Mon, 2012-04-02 00:24:30
[DHCP IP: (192.168.0.8)] to MAC address C8:33:4B:49:00:AA - Mon, 2012-04-02 00:24:31
[DoS attack]from source:222.242.196.230, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=110 ID=25834 PROTO=UDP SPT=2633 DPT=11416  - Mon, 2012-04-02 00:29:35
[DoS attack]from source:86.9.130.75, destination source:82.31.30.202 LEN=56 TOS=0x18 PREC=0x60 TTL=57 ID=28005 PROTO=UDP SPT=8081 DPT=11416  - Mon, 2012-04-02 00:29:35
[DoS attack]from source:86.9.130.75, destination source:82.31.30.202 LEN=56 TOS=0x18 PREC=0x60 TTL=57 ID=28225 PROTO=UDP SPT=8081 DPT=11416  - Mon, 2012-04-02 00:29:35
[DHCP IP: (192.168.0.6)] to MAC address 1C:C1:DE:60:D8:31 - Mon, 2012-04-02 00:32:33
[DHCP IP: (192.168.0.10)] to MAC address 00:17:C4:3B:11:C4 - Mon, 2012-04-02 00:38:16
[DoS attack]from source:222.242.196.230, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=110 ID=55191 PROTO=UDP SPT=2633 DPT=11416  - Mon, 2012-04-02 00:45:28
[DoS attack]from source:115.21.112.216, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=110 ID=16096 PROTO=UDP SPT=1219 DPT=11416  - Mon, 2012-04-02 00:47:39
[DoS attack]from source:58.253.218.86, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=7382 PROTO=UDP SPT=13915 DPT=11416  - Mon, 2012-04-02 00:47:39
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=9605 PROTO=UDP SPT=59907 DPT=11416  - Mon, 2012-04-02 00:47:41
[DoS attack]from source:62.92.55.56, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=51 ID=9606 PROTO=UDP SPT=59907 DPT=11416  - Mon, 2012-04-02 00:47:41
[DoS attack]from source:222.242.196.230, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=110 ID=5877 PROTO=UDP SPT=2633 DPT=11416  - Mon, 2012-04-02 00:47:41
[DoS attack]from source:222.242.196.230, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=110 ID=5879 PROTO=UDP SPT=2633 DPT=11416  - Mon, 2012-04-02 00:47:41
[DoS attack]from source:58.253.218.86, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=7412 PROTO=UDP SPT=13915 DPT=11416  - Mon, 2012-04-02 00:47:41
[DoS attack]from source:58.253.218.86, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=7431 PROTO=UDP SPT=13915 DPT=11416  - Mon, 2012-04-02 00:47:43
[DoS attack]from source:58.253.218.86, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=7508 PROTO=UDP SPT=13915 DPT=11416  - Mon, 2012-04-02 00:47:49
[DoS attack]from source:58.253.218.86, destination source:82.31.30.202 LEN=45 TOS=0x18 PREC=0x40 TTL=40 ID=7507 PROTO=UDP SPT=13915 DPT=11416  - Mon, 2012-04-02 00:47:49

This attack was bigger than usual, I'll usually only get around 5-10 attacks logged by my router during the course of a day. I used to notice and sometimes still do, that whenever a machine is turned on that accesses my network then an attack will occur straight away. But it mostly seems to be at random times. I read in the post mentioned above that it could just be my router logging portscans as DoS attacks, but I'm sure it isn't as whenever I notice a serious drop in speed, usually to about 15kbps. Then i'll log into my router and see that it's logged DDoS attacks. I've also noticed that malwarebytes will occasionally detect outgoing connections from different ports usually via Skype, but i've seen it block outgoing connections for chrome and avast too. So I think I'm being portscanned too(well aware that most people are portscanned daily for legitimate reasons). But here's a MWB log of it:

2012/04/02 23:20:41 +0100	USER-PC	User	IP-BLOCK	83.128.119.119 (Type: outgoing, Port: 53059, Process: avastsvc.exe)
2012/04/02 23:20:41 +0100	USER-PC	User	IP-BLOCK	83.128.119.119 (Type: outgoing, Port: 53060, Process: skype.exe)
2012/04/02 23:20:41 +0100	USER-PC	User	IP-BLOCK	83.128.119.119 (Type: outgoing, Port: 53061, Process: skype.exe)
2012/04/02 23:20:41 +0100	USER-PC	User	IP-BLOCK	83.128.119.119 (Type: outgoing, Port: 53062, Process: skype.exe)

2012/04/01 05:11:23 +0100	USER-PC	User	IP-BLOCK	94.242.214.86 (Type: outgoing, Port: 50540, Process: avastsvc.exe)
2012/04/01 05:11:23 +0100	USER-PC	User	IP-BLOCK	94.242.214.86 (Type: outgoing, Port: 50544, Process: avastsvc.exe)
2012/04/01 05:11:23 +0100	USER-PC	User	IP-BLOCK	94.242.214.86 (Type: outgoing, Port: 50545, Process: avastsvc.exe)
2012/04/01 05:40:50 +0100	USER-PC	User	IP-BLOCK	109.163.230.202 (Type: outgoing, Port: 52427, Process: avastsvc.exe)
2012/04/01 05:40:53 +0100	USER-PC	User	IP-BLOCK	109.163.230.202 (Type: outgoing, Port: 52434, Process: avastsvc.exe)
2012/04/01 05:49:04 +0100	USER-PC	User	IP-BLOCK	195.16.88.120 (Type: outgoing, Port: 52921, Process: avastsvc.exe)
2012/04/01 05:49:05 +0100	USER-PC	User	IP-BLOCK	195.16.88.120 (Type: outgoing, Port: 52922, Process: avastsvc.exe)
2012/04/01 05:49:05 +0100	USER-PC	User	IP-BLOCK	195.16.88.120 (Type: outgoing, Port: 52928, Process: avastsvc.exe)
2012/04/01 05:49:05 +0100	USER-PC	User	IP-BLOCK	195.16.88.120 (Type: outgoing, Port: 52929, Process: avastsvc.exe)
2012/04/01 05:56:14 +0100	USER-PC	User	IP-BLOCK	109.163.230.114 (Type: outgoing, Port: 53368, Process: avastsvc.exe)
2012/04/01 05:56:14 +0100	USER-PC	User	IP-BLOCK	109.163.230.114 (Type: outgoing, Port: 53369, Process: avastsvc.exe)

Sorry for the long post, but I thought I'd try and give you as much information as possible. Any help would be very welcome, as I've been putting up with it for a good few months now and I've been adding the attacking IP's to my router's incoming firewall rule to block.

 

[quickdraw2011]

You have a Dynamic Ip address, it is changed everytime you restart your computer. Reboot and the hackers are gone.

However, some ISP's use Sticky Dynamic IP Addressing and do not change the IP address very often.

Call your ISP provider to find out which type you have.

 

[Lorlan]

Sadly I already tried doing this, one of the first things I did. Still getting attacked. I assume it's something from one of my machines causing it. But I can't find anything after various scans and such.

 

[quickdraw2011]

Do you ever play online games, such as, Starcraft?

 

[Lorlan]

Never played Starcraft before, but i'm an admin for a Minecraft server. Which is where i'm guessing the attackers know me from. But I'd be surprised if most of the players on there could pull attacks like this out.

 

[quickdraw2011]

That could very well be the source of attacks.

Are you receiving any 404 errors while under attack?

 

[Lorlan]

No, I've not noticed any. It's just usually big drops in speed and being disconnected from various online applications and programs. But I've not been on recently, so I'm not sure how any of the players would manage to still find my information to attack me.

 

[quickdraw2011]

Read these comments in the provided link.

DDOS? People can hack me with my IP address? - Yahoo! Answers

This should some what explain how and what is going on while under a DDoS, or DoS attack.

 

[Lorlan]

Thanks for the link but I've already read that before in my search for a way to prevent attacks. What I'm really looking for is a way to stop/prevent them from attacking me anymore. I'm guessing there's no easy answer.

 

[quickdraw2011]

I've been looking around for a solution but it appears there is really no solution for Botnets. However, your computer may be infected. First thing, I'd try is a full system recovery. Unplug your modem/router as long as you can so a new IP Address will be assigned. CmyIP.com, will show you if there has been an IP Address change. I did check with your ISP, VirginMedia.com UK. And found many ddos complaints state wide.

I remember a few times over the years were I've had a simular issue like the one you describe. I run all kinds of cleaners, and still could'nt get rid of it. Finally, I performed a system recovery and problem went away.

Other things to try is a different computer or router for and extended time period. Other than that I have no further suggestions.

Perhaps, some of our other members will see your post and offer some other solutitions.

Thanks, for using Sevenforums!

Quickdraw

 

[kegobeer]

If you have several computers behind the router, and they all trigger an attack as soon as they go online, then I would wager those computers are infected - they are "phoning home", which triggers the DDOS. I'm with quickdraw on this one - I'd do a restore or a complete Windows installation.

 

[quickdraw2011]

http://en.wikipedia.org/wiki/Zombie_(computer_science)

 

[Lorlan]

Thanks for all the help you've both given me! I was considering doing a restore but wanted to leave it as a last option, I don't know if this will help anyone else but I phoned up my ISP once again, they said that in the past few weeks they've received several reports of people receiving DoS attacks. Also Virgin Media(UK), offer nothing in the way of personal support for this issue apart from having a division to send a log to if you're being attacked by someone from their IP pool or so they tell me and that Virgin will send any information they have to the police or similar services. So don't waste your time phoning up asking for help, you'll get none or very little if you're a domestic user except advice to upgrade your security, make sure any existing security is working and running scans. If you do wish to report a log and you're being attacked by someone from their IP pool, you can report it here, just a small note I reported a log on the 15th of February and I doubt I'll receive a reply. This is from a confirmation e-mail that I received after I sent in my report "Please note that Virginmedia will not discuss the outcome of our investigation into this matter, nor divulge details of the account concerned. Unless we require further information from you, you will not receive any further communication from us in regards to the above reference number." If they contact you at all, expect it to be a long time after you send your report: NetReport - Virgin Media

I'll try a system restore, I'll let you know if this fixes the problem.

 

[fseal]

Well, also be aware that everyone everywhere is basically constantly "attacked" random DDOS, probes etc. nearly constantly. That's how they work. They just continuously probe until a machine becomes vulnerable.

Really the only soution is to keep your router firmware up to date as well as your firewall and computers. The wolves are always at the door...

 

[Lorlan]

Sadly I got told the same by a friend too. I'm unsure where to update my router's firmware or if it's done automatically as it was supplied by my ISP and runs their firmware. Looking at the router's status page the current firmware version is: 3.4.4.1.0.1. While looking at netgear's firmware version for my router would be 1.1.00.41. So I'm unsure whether I should be using the current firmware or Netgear's.

 

[F5ing]

You may have heard that if you connect a clean, but unsecured machine directly to the internet, it will likely be compromised within a few minutes. You are always under attack.

But you mention that your connection speeds drop, and this shouldn't happen under normal circumstances. Do you have only one realtime virus scanner running? When one machine's connection speed drops, does it also drop for the other two?

 

[Lorlan]

Never heard that before, but it wouldn't surprise me too much. As far as I know it's like this for the other machines too. Apart from Avast, MSE and malwarebytes these are the only things which have realtime scanning enabled, look at my first post to see what else I use. Also added Spybot search and destroy to my machine and one of the other ones.

 

[quickdraw2011]

Internet Security (Anti-virus & Firewall)
I use Norton, it's does everthing automatically. (Besides, my ISP provides it free).
Use Malwarebytes
Other than CCleaner, I don't recommend using registry cleaners, they can cause more harm than good.
Keep Microsoft Updates current.
Social networks, Torrent downloads, Opening strange email, and Girly sites , will be were you get infected the most.
Remove programs you do not use from add/remove programs. Google, if not sure.
Spybot: Search & destroy, always disable the Tea timer which runs in real time. Causes a lot of issues. (You only need Malwarebytes).
The more Malware scanner software you download, the greater the changes are of getting false positive readings from the scan results.
Clean your browser History often.
Google msconfig startup entries, and disable the ones you don't need.
Defragment often.
I perform system recovery, twice per year on all my computers. Keeps them running tops! I keep important stuff backed up on external drives.
The computer you have is not every powerful, so you need to keep software to a minimum, and keep it well maintenanced.

That's my two cents worth.

Quickdraw

 

[Lorlan]

I used to use Norton, but it hogged a lot of my resources and sadly I had to pay for it. I already use CCleaner and keep MS updates current. As for social networks, torrenting, strange e-mails and girly sites; I try to keep those at a low. Regularly check to see if I have unnecessary programs anyway. Didn't know about the tea timer, and false positive issue though, so thanks for that. Clean my browsing history fairly often. I'll give check the startup entries too. Defragment about once every 2 weeks. Might be an idea to do a system recovery, and it's always a good idea to back up your important files. I try my best to keep my machines maintained ok, but thanks again for the advice!

 

[quickdraw2011]

Post a screen shot of processes in task manager. I'd like to see what is running there.

http://www.sevenforums.com/tutorials/9733-screenshots-files-upload-post-seven-forums.html?ltr=S

Here's how mine looks in selective startup mode. But, post your's in normal mode.




Quickdraw