Skip to main content

Wierd PC Behavior - Scanning IP's constantly!

More
20 years 4 months ago #1941 by Chris
Wierd PC Behavior - Scanning IP's constantly! was created by Chris
Hi people,

I'm just running my packet sniffer and observing some really wired stuff .....

My pc is constantly sending ICMP echo requests (pings) to different IP's that do not exist on the network.

What's alarming is that these pings are being sent at a rate of 45-50 ip's per second! This is the type of behavior you would expect from a virus infected PC, but my antivirus isn't reporting anything.

In the task manager, there dosen't seem to be any sus program running and I'm left scratching my head!

Any ideas or suggestions ?
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
20 years 4 months ago #1942 by sahirh
Replied by sahirh on topic Re: Wierd PC Behavior - Scanning IP's constantly!
Hmm the bad part is that being ICMP you wont be able to catch the process in netstat or tcpview.
Have you installed any spyware recently ?

What you could do is install zonealarm and when each program tries to access the net it will ask you if you want to allow it to. When you see a process that you're not sure about, you'll have caught the offender.

Thats pretty much how I found a worm on my system, my antivirus didn't say anything.. and then ZA told me that dllhost.exe wanted to send email :)

All things failing, update virus defs and run a full system scan (dont rely on blodhound heuristics to catch things).. if nothing comes up, do a system restore... or worse a reinstall.

Good luck
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 4 months ago #1960 by Chris
Replied by Chris on topic Re: Wierd PC Behavior - Scanning IP's constantly!
Actually that's a great idea Sahir.... I'll do it on Monday and post the results here!

Thanks for that!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
20 years 3 months ago #2256 by UHSsncmrm
Replied by UHSsncmrm on topic ICMP ping flood
Sometimes AV software won't detect ping flooding as actual virus...I see that problem with CA's E-trust all of the time, run stinger against the machine.

Merely a suggestion, good luck. Let us know.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
More
20 years 3 months ago #2259 by Chris
Replied by Chris on topic Re: Wierd PC Behavior - Scanning IP's constantly!
Errmmm.... I forgot to update you guys on the problem :)

It ended up being a worm problem! The worm, which is similar to blaster had infected my machine and was looking for other victims!

All is well now, I'll be making available the trojan scanner for people to download sometime soon!

Cheers
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
20 years 3 months ago #2260 by tfs
Replied by tfs on topic Re: Wierd PC Behavior - Scanning IP's constantly!
I'd be interested in seeing that scanner as I have had problems with the speed of my W2K machine and haven't had a chance to look at it yet. My AV doesn't say anything, either.

What was it you did that found the worm and which one was it?
Thanks,

Tom
Time to create page: 0.157 seconds