Here is Microsoft's explanation and suggestion for Event 4226 from source TCPIP (from this
link):
Explanation The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.
Establishing connection–rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.
User ActionThis event is a warning that a malicious program or a virus might be running on the system. To troubleshoot the issue, find the program that is responsible for the failing connection attempts and, if the program might be malicious, close the program as follows.
To close the program
At the command prompt, type
Netstat –no
Find the process with a large number of open connections that are not yet established.
These connections are indicated by the TCP state SYN_SENT in the State column of the Active Connections information.
Note the process identification number (PID) of the process in the PID column.
Press CTRL+ALT+DELETE and then click Task Manager.
On the Processes tab, select the processes with the matching PID, and then click End Process.
If you need to select the option to view the PID for processes, on the View menu, click Select Columns, select the PID (Process Identifier) check box, and then click OK.
Do you have antivirus software installed? If so, is it up-to-date and have you run a full scan lately? If not, do so as quickly as possible.It might be a good idea to visit the
malware forum and follow the instructions at the top....Especially the
CLICK HERE.That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) then post a hijackthis log in
THE MALWARE FORUM forum.
(Posting HiJack This logs in any other forum other than the malware forum is forbidden. If you post an HJT log in any other forum, it will be removed and it will take you longer to get help, so please make sure you only post HJT logs in the malware forum)If you are still having problems after getting a clean bill of health from the malware expert, please return to
this thread.
Sign In
Create Account
