Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 4th, 2008, 2:44pm
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   My computer is trying to access my own computer!		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: My computer is trying to access my own computer!  (Read 3480 times)
corolla315
Newbie
*





   


Posts: 8
My computer is trying to access my own computer!
« on: Aug 1st, 2005, 6:52pm »		 Quote Quote  Modify Modify
Hi everybody,
 
For this past week I'm having this problem where Norton Internet Security (NIS) 2005 frequently alerts me with a pop up window saying that it "has detected and blocked an intrusion attempt". Strangely enough, when I had a look at the details of this NIS Security Alert, the computer which is trying to intrude/attack my computer has the same IP address of my own PC! In other words I have something in my system which is trying to access my own computer which results in NIS frequently popping continuous Security Alerts. Below you can find the details of this Security Alert:
TIME: frequently  
DATE: daily  
INTRUSION: INVALID UDP DESTINATION PORT
INTRUDER: COROLLA315(<ip address> => being my own IP address  
RISK LEVEL: MEDIUM
SOURCE IP ADDRESS: COROLLA315(<ip address> => being the same IP address -that is my own IP address.  
DESTINATION IP ADDRESS: <different ip address> => not my ip address-a completely unknown/different ip address  
UDP SOURCE PORT: a four digit number UDP DESTINATION PORT: 0.INVALID  
 
P.S. Please note that text in CAPS LOCK are the exact details given from NIS whilst the other text is either my comments or an explanation of the exact details.  
 
Furthermore, under the NIS alert assistant, I read that "a computer with the IP address COROLLA315(<ip address> [ being my own IP address], sent information that is characteristic of the Invalid Destination IP Address attack."  
 
After this attack, I scanned my system with Norton Antivirus 2005, MSAS, Xoftspy as well as with online anti-virus/spyware programs available on the internet including Panda ActiveScan, McAfee security and Trend Micro.  
Just to let you know my system is made up of a P4 512 MB RAM having Windows XP Service Pack 2 but I don't use Windows firewall as I use NIS.  
 
In this regard, can someone please tell me what's happening and whether there's something I can do to solve this problem?
 
I thank you in anticipation for your help and support.
Best Regards,
 
Corolla
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: My computer is trying to access my own compute
« Reply #1 on: Aug 2nd, 2005, 5:21am »		 Quote Quote  Modify Modify
Does this happen when you are using a specific program on your system?  It sounds like something is messed up in a program that is trying to check for updates.  
 
It might help identify where the problem is if you can isolate the Destination IP that it is trying to send to.  If you do not have a tool to do this, download Karen's WHOIS at:
 
http://www.karenware.com/powertools/powertools.asp
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: My computer is trying to access my own compute
« Reply #2 on: Aug 2nd, 2005, 9:12am »		 Quote Quote  Modify Modify
on Aug 2nd, 2005, 5:21am, siliconman01 wrote:
It sounds like something is messed up in a program that is trying to check for updates.

Possibly the remote server {for updates or whatever} has changed its IP so that the IP you are repeatedly trying to contact is now invalid.  Probably this is recurring because your updater cannot contact this invalid IP so it keeps trying over and over.
IP Logged
corolla315
Newbie
*





   


Posts: 8
Re: My computer is trying to access my own compute
« Reply #3 on: Aug 2nd, 2005, 12:25pm »		 Quote Quote  Modify Modify
Hi,
 
Thanks very much for your replies guys. To answer your question Siliconman, actually I don t have an idea which specific program is causing all this. All i know is that all started this past week. I installed some new programs this past week and I tried to block their access to the Internet via NIS firewall - but the annoying security alerts from NIS persist.
 
As regards Karen's WHOIS, I downloaded this cool software and as you suggested I searched for the IP destination address. First I searched for it under the Default RIR Sever and the results were the following:  
"The IP Address falls within the Internet's Private
or Reserved IP Address Space. If you have detected this address apparently assigned to a remote computer, the IP address is in error or has been forged."
 
When I then changed the RIR Server, it gave some information related to IANA.org.
 
However, the destination IP address changes all the time - it's never the same!!and also when I tried to find it on Karen's WHOIS, there was information different than that related to IANA.org.  
 
At this stage, I would appreciate if you tell me what I can do next...
 
Thanks in advance guys for your help and time.
 
Regards,
 
Corolla  
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: My computer is trying to access my own compute
« Reply #4 on: Aug 2nd, 2005, 2:45pm »		 Quote Quote  Modify Modify
Quote:
All i know is that all started this past week. I installed some new programs this past week and I tried to block their access to the Internet via NIS firewall - but the annoying security alerts from NIS persist.

 
Ahh...okay, obviously you need to be very suspicious that one of these new programs is "probably" the culprit.  I recommend that you:
 
1.  Open NIS 2005
2.  Select Personal Firewall-Configure-Programs tab
3.  Remove every one of the new programs that you added this past week from the list of programs.  Scan your list carefully and be sure you get all of them.  
4.  Then close the NIS 2005 windows.
 
This will cause NIS to alert with a block/permit window for each of the programs that tries to access the Internet.  If you want the program to access the Internet, select "Permit Always"...not the option to Configure the Internet Manually.
If you do not want the program to access the Internet, select Block Always.
 
Go through the setup of options and preferences for each of the new programs you added and ENSURE that you have the options properly set up for your system...particularly any Internet connection settings.
 
If you do not resolve the problem of the Intrusion alerts via the above actions, then I'd suggest removing the new programs one at a time until the NIS Intrusion Alert ceases.  Hopefully they each have an uninstaller and also "some new programs" is not very many.  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
corolla315
Newbie
*





   


Posts: 8
Re: My computer is trying to access my own compute
« Reply #5 on: Aug 3rd, 2005, 1:31am »		 Quote Quote  Modify Modify
Hi Siliconman,
 
Yes I will definitely try what you suggested. Although I installed about 10 programs recently but I know which ones I installed so it must not be a problem to know which are the ones. However I'm realising now that it's important to tell you also that in this past week I downloaded a .exe file from an unknown site and I thought it was suspicious from the beginning and so I scanned the file with Norton Antivirus and the file was found to be clean of any viruses. However, when I executed the file I expected that something will pop up on the screen but actually nothing happened  and I knew I had trouble immediately as normally this sort of thing means viruses.
 
I then scanned my system with online antivirus programs including Mcafee, Panda and Trendmicro and in fact one of them managed to find it (I don t know which) and I deleted the file manually. After all this I scanned my system again including the TrojanHunter software trial and my system was reported to be virus/adware free again from all the programs I scanned with.
 
Having read all your comments, you made me realise that maybe it could be this file which is causing my problem although the antivirus/anti trojans and antispyware softwares I have on my system are ALL still saying that my system is 100% clean. That's why I didn t mention this thing in the first place as I took it for granted that this infected file was traced and deleted and after various scans with different antivirus/anti trojans and antispyware softwares my system was found again to be 100% clean and so I assumed the problem was definitely not originating from this file.  
 
Having said this, I will still try what you suggested in your last reply. But what do you think Siliconman if I make a system restore back to a date where I'm sure that my sytem was clean and that it goes back to a date before I installed all the proggies I mentioned before as well as before I executed that infected file which then I cleaned?  Does this makes sense or it's all useless?
 
Once again I thank you for your help and assistance.
 
Best Regards,
 
Corolla
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: My computer is trying to access my own compute
« Reply #6 on: Aug 3rd, 2005, 1:53am »		 Quote Quote  Modify Modify
Quote:
However I'm realising now that it's important to tell you also that in this past week I downloaded a .exe file from an unknown site and I thought it was suspicious from the beginning and so I scanned the file with Norton Antivirus and the file was found to be clean of any viruses.

 
This does sound very ominous.   Sad
 
Doing a System Restore might work...and it might not.  It's definitely worth a try.  I'd also recommend that you download and run RootkitRevealer and BlackLight from the sites below and see if they detects any rootkits.  I'd do this even if you do a System Restore
 
http://www.sysinternals.com/utilities/rootkitrevealer.html
http://www.f-secure.com/blacklight/
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
corolla315
Newbie
*





   


Posts: 8
Re: My computer is trying to access my own compute
« Reply #7 on: Aug 8th, 2005, 2:39pm »		 Quote Quote  Modify Modify
Hello Guys....
 
Thanks very much for your replies.  
 
I would like to excuse myself especially with you Siliconman that I'm replying a bit late but unfortunately I had to go abroad for the past days for an urgent meeting related to work.  
 
But anyway,as regards the problem we have here, yesterday I was back and just before I was going to post the reply saying that I'm still having problems, I realised what was causing this problem and what was actually triggering it.
 
In fact I realsied that the thing which was causing my problem is a P2P application program which my youngest brother just installed on my PC. I'm not gonna mention the name of this P2P program but I 'm quite sure that it's this application program which is causing it.  
 
Therefore I would suggest that you if anyone has this problem is that he/she should disable any P2P programs which you have installed recently on your PC. That doesn't mean that your computer is infected with any viruses, trojans or adware. You must always of course run frequent scans and clean the infected files but in my case it wasn t a matter of infected files or a trojan as my PC was found to be 100% clean after I run Norton antivirus and various other scans with other online antvirus programs available online on the web including Kaspersky, McAfee, Panda & Trend Micro. Therefore you should check which P2P program is triggering this problem. Please note that the problem is only caused when THIS SUCH PARTICULAR P2P is running and active in the background - at least in my case you can say it was surely that. I removed it from my PC and now this problem is HISTORY.  
 
I thank Mischel Interney Security for this wonderful opportunity which we have to post PC problems.  
 
Best Regards,
 
Corolla
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: My computer is trying to access my own compute
« Reply #8 on: Aug 8th, 2005, 4:25pm »		 Quote Quote  Modify Modify
Glad you figured out what the problem is/was!  Cheesy  
 
Stop by the forum anytime for info, etc.   Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
corolla315
Newbie
*





   


Posts: 8
Re: My computer is trying to access my own compute
« Reply #9 on: Aug 11th, 2005, 2:05am »		 Quote Quote  Modify Modify
Thank you very much for your kind assistance Siliconman...
 
Best regards,
 
Corolla
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: My computer is trying to access my own compute
« Reply #10 on: Aug 11th, 2005, 5:45am »		 Quote Quote  Modify Modify
@Corolla and Tom:
Glad to see a happy ending, good show! Wink
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: My computer is trying to access my own compute
« Reply #11 on: Aug 11th, 2005, 9:20am »		 Quote Quote  Modify Modify
corolla did all the work and even got to go on a trip!   Wink
 
Glad problem is resolved.  Cheesy
« Last Edit: Aug 11th, 2005, 9:20am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
To-nee-T
Newbie
*





   


Posts: 2
Re: My computer is trying to access my own compute
« Reply #12 on: Apr 26th, 2006, 12:26am »		 Quote Quote  Modify Modify
Hey I know it's been a long time since the last discussion on this thread but......
I am now having my problem.  I have a single computer connected to a dsl modem. I keep getting intrusion attempts from my own pc, the destination IP address is always the same 1.0.0.0 but the UDP changes with evey attempt (41137, 56053, 30234, 2297) just to list a few. UDP dest. port 0  
 
I've read other forums that suggest that such activity is normal and I can configure Norton not to display the msgs.  I've also come to the same conclusion as corolla315 who suggeted that it was the P2P software.  I know it's my Ares since when it's not installed I don't get this particular problem.  
 
What bothers me most is that previously I used Ares with no problem what so ever.  I remember that my problem started when connecting to a home LAN and getting an ip conflict. It's never been the same since. I ran norton for viruses after that and other sypware programs but nothing.
 
I wonder also if all these packets sent from all these source ports to invalid  destination port 0 couldn't be using up my resources and slowing down my ares?
 
Any help.
I will appreciate.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: My computer is trying to access my own compute
« Reply #13 on: Apr 26th, 2006, 4:11pm »		 Quote Quote  Modify Modify
Welcome to the forum To-nee-T  Wink
 
Looks like no one has any input on your question concerning Norton and Ares.
 
I recommend that you jump over the DSLReports forum at http://www.dslreports.com/forum/security  
 
That is where a lot of Norton gurus hang out that might be able to give you a prompt response to your question.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
To-nee-T
Newbie
*





   


Posts: 2
Re: My computer is trying to access my own compute
« Reply #14 on: Apr 29th, 2006, 12:10am »		 Quote Quote  Modify Modify
Ok thanks siliconman... I'll check it out
IP Logged
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register