Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ICMP Issues.


  • Please log in to reply

#1
manaman

manaman

    New Member

  • Member
  • Pip
  • 6 posts
I seem to be flooding ICMP packets. Enough that in a day I got a 2.5 GB log file. They all are going to various IP's most recently 193.138.205.25 and 193.138.221.213
The only thing I remeber doing before this all started was updating to SP3. So that is the first question I wonder if anyone has seen this before?

Me I installed a firewall, and tried to block all outgoing ICMP. Doesn't change a thing.

Anyway long story short I was seeing this in Peer Guardian 2, and I cannot confirm that this is actually happening. in no other place am I seeing my computer flooding. So that starts my other question, anyone familiar with this program? I can answer any question you might have. I know alot about somethings, but nothing about most things. Basically I am saying I am pretty much at a loss as to what kind of information you actually need. So please ask me as many questions as you need to get answers.

I have already done as scan of the computer, and checked out hijack this as far as I can tell the computer is clean. Not to say that it actually is. I am kinda at this point leaning to it just being PG2. Only problem is that I cannot find anyone else having the same problem. Oh and I did remove PG2 and try to reinstall it.
  • 0

Advertisements


#2
manaman

manaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
What do you know, looks like the lease on the IP expired, and this time I actually was issued a new one by my ISP. Have not had the problem since.
  • 0

#3
manaman

manaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I was wrong, still happening started about an hour after it stopped. Wish I knew more about what was happening. Seems that nobody does.
  • 0

#4
Artellos

Artellos

    Tech Secretary

  • Global Moderator
  • 3,888 posts
Do you have any protection software on your PC?
Mainly Anti-Spyware / Anti-Virus.

Regards,
Olrik
  • 0

#5
manaman

manaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the reply, I do, I kept AVG on here but I have downloaded just about every free scanner I could think of that I know is not a rip, and none of them find anything. I am also using Comodo Firewall.
  • 0

#6
Artellos

Artellos

    Tech Secretary

  • Global Moderator
  • 3,888 posts
I hope you do know running multiple scanners can actually cause problems on your computer?

Regards,
Olrik
  • 0

#7
manaman

manaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I know, I was just emphasizing that a scanner does not pick up the problem. I only have one AV program on the computer now, I only ran a scan with one program at a time, and never with another scanners active defense or whatever it calls it running.

Some notes: I allowed ICMP through the firewall to see if it would pick up outbound connections, and it did, they originate from svchost.exe, which is running from the system32 folder, so it is a good location. I checked all handles and dlls loaded to each instance of svchost.exe running and found nothing that should not be loaded. I did notice that index.dat was loaded and was oversized, I never use IE. Anyway I killed svchost and checked all temp folders, found several random named files in the content.ie5 folder, and that I had over 800MB of offline web pages (again I never use IE). After clearing everything and restarting I have not had the problem in over an hour. That has happened before so I do need to wait and see if it starts again. To bad I could not locate an obvious infecter file, would have been easy to submit to one of the AV companies so they can work out a real fix for this. The problem file appeared to be index.dat. Which I know is a good file name in a good location, its behavior was what tipped me off. Last there where 17 random named keys under software key in the local users hive. Each key had a value named with a random 8 character hex number and a GUID as the data, I noticed 5 different GUID's. :) oh well, at least it is not happening right now.

Edited by manaman, 21 May 2008 - 09:31 PM.

  • 0

#8
Artellos

Artellos

    Tech Secretary

  • Global Moderator
  • 3,888 posts
I Suggest you take your log to the malware doctors found in this forum.
Please make sure that you read this before posting anything in the malware forum.

You can let your log get checked to see if it was malware or not.

Regards,
Olrik
  • 0

#9
manaman

manaman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Over 12 hours now and the problem has not returned. I think it was safe to say it was malware and I broke it to the point of no return.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP