Should my PC be sending and receiving data onto/from the internet on its own?

Should my PC be sending and receiving data onto/from the internet on its own?

am 26.04.2007 22:59:08 von admyc

Hello,

I think I might have some sort of mal-ware on my computer. The reason
for this is that my anti-virus software (AVG free 7) has recently
found and deleted (I think) some viruses all of which had 'Trojan
horse downloader' in part of their name and since then my MSIE6
browser has been slightly odd, for example when I click on its icon to
launch MSIE6 and my computer connects to the internet over its dial-up
connection the MSIE browser window takes a lot longer to appear then
it used to.

But my real concern and question is that I have noticed, when I look
at my Internet connection status dialogue box, that data is being sent
even though I have only one web-page up and it has long since finished
downloading, is this a sign of mal-ware that is sending info and or
files from my computer to another computer over my internet connection
or could it be some innocent process going on in the background?

Any help very much appreciated.

AM

Re: Should my PC be sending and receiving data onto/from the interneton its own?

am 27.04.2007 05:21:40 von Sebastian Gottschalk

admyc wrote:

> Hello,
>
> I think I might have some sort of mal-ware on my computer. The reason
> for this is that my anti-virus software (AVG free 7) has recently
> found and deleted (I think) some viruses all of which had 'Trojan
> horse downloader' in part of their name


Where? Under which circumstances?

> and since then my MSIE6

> browser has been slightly odd, for example when I click on its icon to
> launch MSIE6 and my computer connects to the internet over its dial-up
> connection the MSIE browser window takes a lot longer to appear then
> it used to.


There's your problem. As a user you shouldn't be able to run MSIE at all.

Re: Should my PC be sending and receiving data onto/from the interneton its own?

am 27.04.2007 09:15:14 von bullseye

admyc wrote:
> Hello,
>
> I think I might have some sort of mal-ware on my computer. The reason
> for this is that my anti-virus software (AVG free 7) has recently
> found and deleted (I think) some viruses all of which had 'Trojan
> horse downloader' in part of their name and since then my MSIE6
> browser has been slightly odd, for example when I click on its icon to
> launch MSIE6 and my computer connects to the internet over its dial-up
> connection the MSIE browser window takes a lot longer to appear then
> it used to.
>
> But my real concern and question is that I have noticed, when I look
> at my Internet connection status dialogue box, that data is being sent
> even though I have only one web-page up and it has long since finished
> downloading, is this a sign of mal-ware that is sending info and or
> files from my computer to another computer over my internet connection
> or could it be some innocent process going on in the background?
>
> Any help very much appreciated.
>
> AM
>
It depends on how many sites it's connected to and what the sites are.
When you access a web page, you are not just accessing that server, but
any servers that provide information to that page. For example, you may
be on www.website.com, but there are other servers that are providing
images, advertisements, etc. One example is Download.com. If you look
at your connections, you are not only accessing Download.com, but also
adlog.com.com, cnet.com, webware.com, and others. In turn, you will show
multiple connections to all of these servers, no matter which browser
you are using. At the same time, you might want to run some Whois
checks on the sites shown to make sure who is is you are connected to,
especially if there is data being sent back and forth. I would also
suggest doing some scans with some other products (such as
Superantispyware, online Kaspersky scan, online Panda scan, etc) to see
if they find any malware on your system. Also, if the IP's are in the
following ranges, you might have reason for concern:
210.0.0.0-221.255.255.255, 58.0.0.0 - 61.255.255.255 - many of these are
hacker/crack/spam sites and could be a sign of a compromised system.

--
Posted via a free Usenet account from http://www.teranews.com

Re: Should my PC be sending and receiving data onto/from the internet on its own?

am 27.04.2007 12:27:16 von Sebastian Gottschalk

Bullseye wrote:

> Also, if the IP's are in the
> following ranges, you might have reason for concern:
> 210.0.0.0-221.255.255.255, 58.0.0.0 - 61.255.255.255


WTF?

Re: Should my PC be sending and receiving data onto/from the internet on its own?

am 27.04.2007 22:00:56 von ibuprofin

On Fri, 27 Apr 2007, in the Usenet newsgroup comp.security.misc, in article
<4631969f$0$16301$88260bb3@free.teranews.com>, Bullseye wrote:

>admyc wrote:

>> my MSIE6 browser has been slightly odd

You're posting from a search engine - use it. You'll discover millions
of warnings that Internet Exploiter 6 is REALLY unsafe.

>Also, if the IP's are in the following ranges, you might have reason for
>concern:
>210.0.0.0-221.255.255.255, 58.0.0.0 - 61.255.255.255 - many of these are
>hacker/crack/spam sites and could be a sign of a compromised system.

http://www.iana.org/assignments/ipv4-address-space

058/8 Apr 04 APNIC (whois.apnic.net)
059/8 Apr 04 APNIC (whois.apnic.net)
060/8 Apr 03 APNIC (whois.apnic.net)
061/8 Apr 97 APNIC (whois.apnic.net)

210/8 Jun 96 APNIC (whois.apnic.net)
211/8 Jun 96 APNIC (whois.apnic.net)
212/8 Oct 97 RIPE NCC (whois.ripe.net)
213/8 Mar 99 RIPE NCC (whois.ripe.net)
214/8 Mar 98 US-DOD
215/8 Mar 98 US-DOD
216/8 Apr 98 ARIN (whois.arin.net)
217/8 Jun 00 RIPE NCC (whois.ripe.net)
218/8 Dec 00 APNIC (whois.apnic.net)
219/8 Sep 01 APNIC (whois.apnic.net)
220/8 Dec 01 APNIC (whois.apnic.net)
221/8 Jul 02 APNIC (whois.apnic.net)

Would you like to explain what brilliant observation that's supposed to
be? I'm guessing you're bashing APNIC (Asia Pacific region, from
Afghanistan East about to Pitcairn Island, excluding the former Soviet
Union). If that's the case, your list is wildly inaccurate. APNIC has
allocated IP addresses in the following ranges:

[compton ~]$ zcat APNIC.gz | cut -d' ' -f2 | cut -d'.' -f1 | sort -un |
column
58 123 131 140 149 156 163 170 211
59 124 132 141 150 157 164 192 218
60 125 134 143 151 158 165 196 219
61 126 136 144 152 159 166 198 220
116 128 137 146 153 160 167 202 221
121 129 138 147 154 161 168 203 222
122 130 139 148 155 162 169 210
[compton ~]$

That's the first digit of the IP quad, but before you go blocking those
you should realize that IP addresses are not arranged in neat lines of
order for your convenience. For example, 128.0.0.0 - 128.255.255.255 is
allocated to the following countries:

[compton ~]$ zgrep -h ' 128.' [ALR]* | cut -d' ' -f1 | sort -u | column
AU CA DE EU FR GR KR PR US
BE CH DK FI GB IT NL SI ZA
[compton ~]$

Old guy