Unexplained outbound UDP traffic in firewall log

I've recently noticed in my Kerio 4.0 Network log messages indicating
MS File and Printer Sharing is attempting to send UDP traffic outbound
every 20 seconds or so from my Win98 PC DSL connection to various IP
addresses. A whois lookup on a sample of the various IP addresses in
the log turns up telco's and communication companies (presumably ISPs)
worldwide, e.g. US, Brazil, Turkey etc.

I've run a virus scan (AVG) with an up to date deffinition file and
Spybot and ad-aware as well. The virus scan turned up nothing. Spybot
and ad-aware both had some hits on the usual type of spyware which I
deleted and then restarted the PC. This had no effect. I have been
running for some time now with MS file and print sharing NOT bound to
the NIC or to PPPOE. I did download Kazaa some time ago but haven't
used it in ages and it is not configured to start at bootup. When I
check the task list for running programs, I don't see anything unusual
in the task list that shouldn't be there.

I have only one network connection which is the connection to my DSL
modem.

For the time being, I'm stopping the messages getting out with the
firewall. However if anyone has any idea what might be causing this
and suggestions for getting it to stop, I'd be very appreciative.

Here's a sample line from the Firewall log og.

1841 1 22/Jan2004 13:40:04 N/A Microsoft File and Printer Sharing ->
Out E1H3E0:nbs 200.46.57.218:nbname UDP denied.

Thanks

GreenMonkey

Some worms disable anti-virus and firewall software thus making them
ineffective when you think they are working. Have you thought about
reinstalling everything after a complete wipe?

--

************************************************

g-w


"GreenMonkey" <> wrote in message
news: om...
> I've recently noticed in my Kerio 4.0 Network log messages indicating
> MS File and Printer Sharing is attempting to send UDP traffic outbound
> every 20 seconds or so from my Win98 PC DSL connection to various IP
> addresses. A whois lookup on a sample of the various IP addresses in
> the log turns up telco's and communication companies (presumably ISPs)
> worldwide, e.g. US, Brazil, Turkey etc.
>
> I've run a virus scan (AVG) with an up to date deffinition file and
> Spybot and ad-aware as well. The virus scan turned up nothing. Spybot
> and ad-aware both had some hits on the usual type of spyware which I
> deleted and then restarted the PC. This had no effect. I have been
> running for some time now with MS file and print sharing NOT bound to
> the NIC or to PPPOE. I did download Kazaa some time ago but haven't
> used it in ages and it is not configured to start at bootup. When I
> check the task list for running programs, I don't see anything unusual
> in the task list that shouldn't be there.
>
> I have only one network connection which is the connection to my DSL
> modem.
>
> For the time being, I'm stopping the messages getting out with the
> firewall. However if anyone has any idea what might be causing this
> and suggestions for getting it to stop, I'd be very appreciative.
>
> Here's a sample line from the Firewall log og.
>
> 1841 1 22/Jan2004 13:40:04 N/A Microsoft File and Printer Sharing ->
> Out E1H3E0:nbs 200.46.57.218:nbname UDP denied.
>
> Thanks

It looks like the problem has been resolved by rerunning Ad-aware 6.0.
with the latest deffinition file. I ran it a few minutes ago and this
time it picked up 5 tracking cookies. After they were removed the
messages in the log stopped. Thanks for taking the time to offer your
sugestions. Fortunately it looks like a reinstall won't be necessary
this time.

***********************************************

>Some worms disable anti-virus and firewall software thus making them
>ineffective when you think they are working. Have you thought about
>reinstalling everything after a complete wipe?

--

************************************************

g-w


"GreenMonkey" <> wrote in message
news: om...
> I've recently noticed in my Kerio 4.0 Network log messages indicating
> MS File and Printer Sharing is attempting to send UDP traffic outbound
> every 20 seconds or so from my Win98 PC DSL connection to various IP
> addresses. A whois lookup on a sample of the various IP addresses in
> the log turns up telco's and communication companies (presumably ISPs)
> worldwide, e.g. US, Brazil, Turkey etc.
>
> I've run a virus scan (AVG) with an up to date deffinition file and
> Spybot and ad-aware as well. The virus scan turned up nothing. Spybot
> and ad-aware both had some hits on the usual type of spyware which I
> deleted and then restarted the PC. This had no effect. I have been
> running for some time now with MS file and print sharing NOT bound to
> the NIC or to PPPOE. I did download Kazaa some time ago but haven't
> used it in ages and it is not configured to start at bootup. When I
> check the task list for running programs, I don't see anything unusual
> in the task list that shouldn't be there.
>
> I have only one network connection which is the connection to my DSL
> modem.
>
> For the time being, I'm stopping the messages getting out with the
> firewall. However if anyone has any idea what might be causing this
> and suggestions for getting it to stop, I'd be very appreciative.
>
> Here's a sample line from the Firewall log og.
>
> 1841 1 22/Jan2004 13:40:04 N/A Microsoft File and Printer Sharing ->
> Out E1H3E0:nbs 200.46.57.218:nbname UDP denied.
>
> Thanks
Post a follow-up to this message