Has my Internet Explorer been Compromised ?

Discussion in 'Computer Security' started by Steve, Sep 27, 2004.

  1. Steve

    Steve Guest

    I use a standard dial-up modem.. When I go online and start up Internet
    Explorer, I have recently noticed that just prior to my default home page
    loading that a certain IP address is contacted. Nothing appeares to be
    downloaded from this IP address and it only appears for a second in the
    status information panel at the bottom of the IE window.

    The IP address that appears is 80.168.69.200

    Does anyone have any idea to whom this IP address belongs ?

    --
    Steve B
    Steve, Sep 27, 2004
    #1
    1. Advertising

  2. Steve

    Doctor Guest

    On Mon, 27 Sep 2004 20:13:02 +0100, "Steve" <> wrote:

    >:I use a standard dial-up modem.. When I go online and start up Internet
    >:Explorer, I have recently noticed that just prior to my default home page
    >:loading that a certain IP address is contacted. Nothing appeares to be
    >:downloaded from this IP address and it only appears for a second in the
    >:status information panel at the bottom of the IE window.
    >:
    >:The IP address that appears is 80.168.69.200
    >:
    >:Does anyone have any idea to whom this IP address belongs ?


    80.168.69.200


    SSL Cert: No valid SSL on this Host, Get Secure
    Record Type: IP Address
    IP Location: United Kingdom United Kingdom - Claranet-nets-noc
    Reverse IP: No websites hosted using this IP address
    % This is the RIPE Whois secondary server.
    % The objects are in RPSL format.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html

    inetnum: 80.168.69.0 - 80.168.69.255
    netname: CLARANET-NETS-NOC
    descr: Claranet NOC
    remarks: INFRA-AW
    remarks: +---------------------------------------------------+
    remarks: |Please do NOT send abuse complaints to the contacts|
    remarks: |listed. Please email them to Whois Privacy and Spam Prevention by Whois Source
    |
    remarks: +---------------------------------------------------+
    country: GB
    admin-c: NL23-RIPE
    tech-c: CH309-RIPE
    status: ASSIGNED PA
    notify: Whois Privacy and Spam Prevention by Whois Source
    mnt-by: AS8426-MNT
    changed: Whois Privacy and Spam Prevention by Whois Source 20030422
    source: RIPE

    route: 80.168.0.0/16
    descr: CLARA-AGG4
    origin: AS8426
    mnt-by: AS8426-MNT
    changed: Whois Privacy and Spam Prevention by Whois Source 20030408
    source: RIPE

    role: Claranet Hostmaster
    address: Claranet Ltd
    address: 21 Southampton Row
    address: London WC1B 5HA
    address: United Kingdom
    phone: +44 (0) 20 7685 8000
    fax-no: +44 (0) 20 7685 8001
    e-mail: Whois Privacy and Spam Prevention by Whois Source
    trouble: ---------------------------------------------------
    trouble: Please do NOT send abuse complaints to the contacts
    trouble: listed here. Please email them to Whois Privacy and Spam Prevention by Whois
    Source
    trouble: or use http://www.abuse.net/lookup.phtml
    trouble: ---------------------------------------------------
    admin-c: MIVS-RIPE
    admin-c: NL23-RIPE
    admin-c: SR1060-RIPE
    admin-c: OLI9-RIPE
    admin-c: TM1030-RIPE
    admin-c: ROBH-RIPE
    tech-c: NL23-RIPE
    tech-c: MIVS-RIPE
    nic-hdl: CH309-RIPE
    notify: Whois Privacy and Spam Prevention by Whois Source
    mnt-by: AS8426-MNT
    changed: Whois Privacy and Spam Prevention by Whois Source 20021029
    changed: Whois Privacy and Spam Prevention by Whois Source 20030212
    changed: Whois Privacy and Spam Prevention by Whois Source 20030212
    changed: Whois Privacy and Spam Prevention by Whois Source 20040707
    changed: Whois Privacy and Spam Prevention by Whois Source 20040901
    changed: Whois Privacy and Spam Prevention by Whois Source 20040902
    changed: Whois Privacy and Spam Prevention by Whois Source 20040913
    source: RIPE

    person: Neil Levine
    address: Claranet Ltd
    address: Vinery Court
    address: 50 Banner Street
    address: London EC1Y 8TX
    phone: +44 20 7903 3012
    phone: +44 20 7903 3012
    e-mail: Whois Privacy and Spam Prevention by Whois Source
    nic-hdl: NL23-RIPE
    remarks: I DO NOT RESPOND TO ABUSE COMPLAINTS
    remarks: All ABUSE REPORTS SHOULD GO TO Whois Privacy and Spam Prevention by Whois Source
    notify: Whois Privacy and Spam Prevention by Whois Source
    changed: Whois Privacy and Spam Prevention by Whois Source 20010112
    source: RIPE



    answer section
    name type result
    200.69.168.80.IN-ADDR.ARPA.
    PTR
    customer.clara.net.
    authority section
    name type result
    69.168.80.IN-ADDR.ARPA.
    NS
    ns2.clara.net.
    69.168.80.IN-ADDR.ARPA.
    NS
    ns1.clara.net.
    69.168.80.IN-ADDR.ARPA.
    NS
    ns0.clara.net.
    additional section
    - no answer
    Doctor , Sep 27, 2004
    #2
    1. Advertising

  3. Steve

    donnie Guest

    On Mon, 27 Sep 2004 20:13:02 +0100, "Steve" <> wrote:

    >I use a standard dial-up modem.. When I go online and start up Internet
    >Explorer, I have recently noticed that just prior to my default home page
    >loading that a certain IP address is contacted. Nothing appeares to be
    >downloaded from this IP address and it only appears for a second in the
    >status information panel at the bottom of the IE window.
    >
    >The IP address that appears is 80.168.69.200
    >
    >Does anyone have any idea to whom this IP address belongs ?

    #####################
    Search your registry for that IP or clara.net Delete the value
    donnie, Sep 28, 2004
    #3
  4. Steve

    David Shaw Guest

    A simple whois seems to answer your question. In short you have
    adware/spyware. Download AdAware and Spybot Search & Destroy, and I
    think you'll be a much happier man (or woman).

    -ds

    ---
    inetnum: 80.168.69.0 - 80.168.69.255
    netname: CLARANET-NETS-NOC
    descr: Claranet NOC
    remarks: INFRA-AW
    country: GB
    notify:
    role: Claranet Hostmaster
    address: Claranet Ltd
    address: 21 Southampton Row
    address: London WC1B 5HA
    address: United Kingdom
    phone: +44 (0) 20 7685 8000
    fax-no: +44 (0) 20 7685 8001
    e-mail:
    (Note: abuse email is )
    David Shaw, Sep 28, 2004
    #4
  5. Steve

    Quaoar Guest

    David Shaw wrote:
    > A simple whois seems to answer your question. In short you have
    > adware/spyware. Download AdAware and Spybot Search & Destroy, and I
    > think you'll be a much happier man (or woman).
    >
    > -ds
    >
    > ---
    > inetnum: 80.168.69.0 - 80.168.69.255
    > netname: CLARANET-NETS-NOC
    > descr: Claranet NOC
    > remarks: INFRA-AW
    > country: GB
    > notify:
    > role: Claranet Hostmaster
    > address: Claranet Ltd
    > address: 21 Southampton Row
    > address: London WC1B 5HA
    > address: United Kingdom
    > phone: +44 (0) 20 7685 8000
    > fax-no: +44 (0) 20 7685 8001
    > e-mail:
    > (Note: abuse email is )


    DuH. The OP's ISP is Claranet. Of course there is outbound.

    Nevertheless, good third party firewall is mandatory on dial-up.
    Without a firewall you will be fighting all kinds of malware from
    whatever your routine browsing involves and from constant port attacks.
    I have clients on dial-up whose computers were constant reservoirs of
    malware, trojans until I installed free personal firewalls on their
    computers. It takes just seconds to for a clean dial-up computer to
    become infested.

    Q
    Quaoar, Sep 28, 2004
    #5
  6. "Steve" <> wrote in message
    news:...
    > I use a standard dial-up modem.. When I go online and start up Internet
    > Explorer, I have recently noticed that just prior to my default home page
    > loading that a certain IP address is contacted. Nothing appeares to

    be
    > downloaded from this IP address and it only appears for a second in the
    > status information panel at the bottom of the IE window.
    >
    > The IP address that appears is 80.168.69.200
    >
    > Does anyone have any idea to whom this IP address belongs ?


    Your ISP.

    Looks like it might be where you setup your services

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Sep 30, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wayne upson

    help my internet has been hijacked- wayne

    wayne upson, Nov 7, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    1,463
    Peter Trembath
    Nov 8, 2003
  2. Marc
    Replies:
    8
    Views:
    807
    Martik
    Jul 25, 2005
  3. Jene Keller
    Replies:
    4
    Views:
    528
  4. Kevin OClassen

    Has SecurStar been compromised?

    Kevin OClassen, Sep 29, 2006, in forum: Computer Security
    Replies:
    2
    Views:
    634
    Melic
    Oct 4, 2006
  5. dejola
    Replies:
    6
    Views:
    661
    jason43050
    Dec 30, 2005
Loading...

Share This Page