Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

This seems suspicious to me...AVG and firewall shutdown


  • Please log in to reply

#1
Termie

Termie

    Member

  • Member
  • PipPip
  • 66 posts
Hey all...hope somebody can give me some leads to look into. I've been having a problem with my connection to DSL on bootup...not sure whether to suspect a virus or not.

Whenever I turn on or reboot my system, my AVG is automatically on...Windows Firewall is too. I do not show a connection icon at this time, and as far as I know, I'm not connected, because if I try to pull up a web page during this time, I get the "no connection to internet" page. This lasts for maybe 10-15 seconds. Then I'll get a Windows warning that AVG is turned off, followed shortly by another warning that my firewall has been turned off. Next, shortly after that, maybe 10-15 seconds later, I will see my connection icon come on, immediately followed by AVG coming on and then the firewall. This started happening about 3 days ago. I cannot figure out what is going on with it, except that it might have something to do with an event that happened 3 days ago as well.

Everything was fine up until late afternoon when my hub had tried to connect the laptop, and said that he couldn't get a connection. Our router, a Linsys wireless G, had it's connection light flashing white, not the normal steady orange glow. No idea what caused that, but okay, I turned off the modem, disconnected the power from the router, turned the modem back on, and once DSL was established, powered the router back up. Everything worked fine.

The next morning, not only do I notice the above bizarre behavior with the firewall and AVG, I'm also being told by Windows Defender as well as AVG that a change has been made in my hosts file. No idea what a hosts file is-but I Google that, read up on it, and hunt it down. The change was made about an hour and a half after the event above occurred. I look at this file, and nothing seems out of the ordinary when I compare it to the hosts file on my other CPU, except that the bottom number is 101, not 100...but in the scheme of things, both numbers are in range of the addresses set by the modem. Nothing else added.

I have no idea what is going on here, but it just seems very suspicious to me. I've done numerous scans with AVG, Defender, trying to find some sort of virus or something, but nothing comes up aside from the fact that both note my hosts file was changed. I've considered rewriting the hosts file to the same information given on my other computer, but not sure if I should do that-not sure of what kind of change was made in the first place. I've considered a system restore to the checkpoint for a day before this happened, but I'm not sure that would fix anything either, really, aside from one other problem that occurred at the same time as the hosts file changed, that being my WIA service hung on starting, has been "terminating unexpectedly" and I've been having a problem with that ever since, too-can't get it to run (posting this problem in another post here.) I'm just not sure what to do about this, but it leaves me with a very uncomfortable feeling every time I boot up and see this happening with my firewall and AVG. Any ideas?

Sorry for rambling. I'm just lost as to what to do. Thanks.
  • 0

Advertisements


#2
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Could you post your host file please? Edit out any sensitive information you don't want on the Internet. :)

Edited by Gravity Gripp, 05 January 2008 - 10:04 AM.

  • 0

#3
Termie

Termie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Sure, I can do that, but what is sensitive information? My hosts file says basically the same thing as what I've seen on the net, which I've copied here...

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
(This next line gives the IP address and MAC for my printer.)



When I look at the hosts file on my other computer, it says exactly the same thing with the exception of the last line having a similar address except for the last three digits, this address is also in my network, but the MAC is something I don't recognize, it's certainly not the MAC of the printer. However, this file has not been changed at all. I have both of these CPUs wired directly into my wireless G.

Interestingly though, when I pulled up my Event Viewer and searched for an event relating to the time this event (when the router was flashing the white light and we couldn't connect) occurred, it tells me this:

The IP address lease XXX (giving the same address as the one listed in the hosts file for the printer) for the Network Card with network address (listing the network address of my CPU with the problem) has been denied by the DHCP server XXX (The DHCP Server sent a DHCPNACK message).

Does this tell you anything meaningful? Thanks for your help, I appreciate it a LOT! :)

Edited by Termie, 05 January 2008 - 10:51 AM.

  • 0

#4
Termie

Termie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Am I freaking out over nothing?

I set my Windows firewall to not allow exceptions, and it now stays on throughout the connection, but AVG still gets disconnected. Is it possible that one of the programs I have as an exception could be causing the firewall to go down?

Still trying to figure out what is going on here....
  • 0

#5
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
If it only happens when you first bootup, then I wouldn't really worry about it. When I boot up my computer, there is a brief moment where my firewall (Comodo) says that it's turned off and then it will come up. What it's doing is just initializing itself. Unless you start to have some other symptoms, just put it in the back of your mind :)
  • 0

#6
Termie

Termie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thanks Gravity. I tend to be rather paranoid about stuff like this, when things change from out of the blue with no obvious reason.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP