Suspicious IP sent at Startup

Discussion in 'Computer Information' started by dontb, Jul 10, 2004.

  1. dontb

    dontb Guest

    I get a unknown IP message sent each time I start my computer.
    Is there an application or some way that will allow me to associate the
    program on my computer with the momentary IP message sent from my computer
    at startup?

    Background/configuration:
    XP, Linksys Router
    Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys
    router.
    Kerio Firewall: I also use Kerio firewall to block this IP each time, but
    at every startup a new IP message is sent from my computer.
    Each time I add the new IP address to the Firewall block, a new one is sent
    at the next startup.
    I have used Spybot to cleanse and also Norton scan every day.

    TCP View/Process Explore: I have used TCP View and Process Explore but I
    dont see how those help me track this momentary message.

    Is there an application or some way that will allow me to associate the
    program on my computer with the momentary IP message sent from my computer
    at startup?

    Any thoughts appreciated.
    dontb, Jul 10, 2004
    #1
    1. Advertising

  2. dontb

    dontb Guest

    Now this is getting strange....

    I figured out how to put a address range block in the firewall and I blocked
    the range of addressess assigned to the Amsterdam server. 80.0.0.0 -
    80.255.255.255.

    The firewall is set to flag-announce attempts in this address range. Now
    here is the interesting part..........

    When I open a received email in Outlook, I get IP sends (that are now
    blocked) to addresses in that range. Not all the emails...just some.

    I just have the email open. Im not even composing. the IP data is:
    Outlook, 80.67.66.70. port 80, TCP, local port 1970.

    What do you make of that? Sounds very weird to me.

    thanks for any inputs
    "dontb" <> wrote in message
    news:CtVHc.65064$rh.2384@okepread02...
    > I get a unknown IP message sent each time I start my computer.
    > Is there an application or some way that will allow me to associate the
    > program on my computer with the momentary IP message sent from my computer
    > at startup?
    >
    > Background/configuration:
    > XP, Linksys Router
    > Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys
    > router.
    > Kerio Firewall: I also use Kerio firewall to block this IP each time, but
    > at every startup a new IP message is sent from my computer.
    > Each time I add the new IP address to the Firewall block, a new one is

    sent
    > at the next startup.
    > I have used Spybot to cleanse and also Norton scan every day.
    >
    > TCP View/Process Explore: I have used TCP View and Process Explore but I
    > dont see how those help me track this momentary message.
    >
    > Is there an application or some way that will allow me to associate the
    > program on my computer with the momentary IP message sent from my computer
    > at startup?
    >
    > Any thoughts appreciated.
    >
    >
    dontb, Jul 11, 2004
    #2
    1. Advertising

  3. dontb

    George Guest

    I'd run some good antivirus software and some antispyware software...maybe
    your PC has been compromised and is being used for spamming...

    "dontb" <> wrote in message
    news:rz%Hc.66202$rh.51553@okepread02...
    > Now this is getting strange....
    >
    > I figured out how to put a address range block in the firewall and I

    blocked
    > the range of addressess assigned to the Amsterdam server. 80.0.0.0 -
    > 80.255.255.255.
    >
    > The firewall is set to flag-announce attempts in this address range. Now
    > here is the interesting part..........
    >
    > When I open a received email in Outlook, I get IP sends (that are now
    > blocked) to addresses in that range. Not all the emails...just some.
    >
    > I just have the email open. Im not even composing. the IP data is:
    > Outlook, 80.67.66.70. port 80, TCP, local port 1970.
    >
    > What do you make of that? Sounds very weird to me.
    >
    > thanks for any inputs
    > "dontb" <> wrote in message
    > news:CtVHc.65064$rh.2384@okepread02...
    > > I get a unknown IP message sent each time I start my computer.
    > > Is there an application or some way that will allow me to associate the
    > > program on my computer with the momentary IP message sent from my

    computer
    > > at startup?
    > >
    > > Background/configuration:
    > > XP, Linksys Router
    > > Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys
    > > router.
    > > Kerio Firewall: I also use Kerio firewall to block this IP each time,

    but
    > > at every startup a new IP message is sent from my computer.
    > > Each time I add the new IP address to the Firewall block, a new one is

    > sent
    > > at the next startup.
    > > I have used Spybot to cleanse and also Norton scan every day.
    > >
    > > TCP View/Process Explore: I have used TCP View and Process Explore but

    I
    > > dont see how those help me track this momentary message.
    > >
    > > Is there an application or some way that will allow me to associate the
    > > program on my computer with the momentary IP message sent from my

    computer
    > > at startup?
    > >
    > > Any thoughts appreciated.
    > >
    > >

    >
    >
    George, Jul 11, 2004
    #3
  4. dontb

    derek / nul Guest

    Easy to explain,

    Within an email is a call to a picture that sits on a web site.

    Common spammer trick as well, when spam is opened the email address is sent back
    to home to say that it has been verified.

    Derek

    On Sat, 10 Jul 2004 17:15:02 -0700, "dontb" <> wrote:

    >Now this is getting strange....
    >
    >I figured out how to put a address range block in the firewall and I blocked
    >the range of addressess assigned to the Amsterdam server. 80.0.0.0 -
    >80.255.255.255.
    >
    >The firewall is set to flag-announce attempts in this address range. Now
    >here is the interesting part..........
    >
    >When I open a received email in Outlook, I get IP sends (that are now
    >blocked) to addresses in that range. Not all the emails...just some.
    >
    >I just have the email open. Im not even composing. the IP data is:
    >Outlook, 80.67.66.70. port 80, TCP, local port 1970.
    >
    >What do you make of that? Sounds very weird to me.
    >
    >thanks for any inputs
    derek / nul, Jul 11, 2004
    #4
  5. dontb

    Stuart Guest

    dontb wrote:

    > I get a unknown IP message sent each time I start my computer.
    > Is there an application or some way that will allow me to associate the
    > program on my computer with the momentary IP message sent from my computer
    > at startup?
    >
    > Background/configuration:
    > XP, Linksys Router
    > Wallwatcher: I use Wallwatcher to monitor all IP activity at my Linksys
    > router.
    > Kerio Firewall: I also use Kerio firewall to block this IP each time, but
    > at every startup a new IP message is sent from my computer.
    > Each time I add the new IP address to the Firewall block, a new one is sent
    > at the next startup.
    > I have used Spybot to cleanse and also Norton scan every day.
    >
    > TCP View/Process Explore: I have used TCP View and Process Explore but I
    > dont see how those help me track this momentary message.
    >
    > Is there an application or some way that will allow me to associate the
    > program on my computer with the momentary IP message sent from my computer
    > at startup?
    >
    > Any thoughts appreciated.


    Are you sure it's not just communication with the router.

    If you know what the IP address is then use WHOIS to find out where it
    is from.

    Check your startup files for anything unusual running, at what point in
    the startup procedure is the IP message being sent and do you know what
    the message contains.

    Use administrative tools in the control panel to view services that the
    system starts up while loading, anything unusual there?

    Try using spyware blaster and also bazooka as well, spyware blaster is a
    blocker program while bazooka found things that spybot didn't.

    Stuart
    Stuart, Jul 14, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. boris
    Replies:
    16
    Views:
    757
    Andrew Clover
    Oct 18, 2004
  2. Joe

    Suspicious script

    Joe, Sep 9, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    579
  3. wgreene
    Replies:
    5
    Views:
    607
    Plato
    Jul 31, 2004
  4. John Black

    suspicious application in task manager?

    John Black, Jun 29, 2005, in forum: Computer Security
    Replies:
    3
    Views:
    528
    Winged
    Jul 1, 2005
  5. Sam

    Suspicious Icons on Desktop

    Sam, Apr 30, 2006, in forum: Computer Security
    Replies:
    36
    Views:
    3,049
Loading...

Share This Page