[Fidel Castro]

Hello,

I'm not sure if I selected the right forum but since it has to do with my network I guess this would be the place. If not, please, move it to the right one.


Last night while I was sleeping, my speakers were still on and the sound of Kaspersky blocker woke me up(around 4am LT). It wouldn't if it was only one-time sound but the sound was repeating over and over again. I just got out of my bed, turned off the speakers and I continued sleeping.


Then I got out of my bad around 11am and I saw that I was being DoS attacked or at least that's what Kaspesrky Network Blocker was saying. To be exact, more than 500 DoS attacks from 4am to 11am. I traced some of the IP addresses but I don't think they are telling me much since some IP addresses are from USA, others from India, Pakistan, Philippines etc.

The only 'useful' information that I saw was the port through the attacks were coming in. It was the same port on every 'attack' - 16982 . I looked up on Google and I found the following on many websites: TCP 16982 AcidShiver.100.

I was thinking about closing that port but I guess that would be too easy and I don't even know how to close that port and neither does Google.


I must say that this is the FIRST time that I experience something like this and I'm wondering if this is virus-related issue or not. Can I do something about it or not?


Finally, I'm leaving here the screenshot from Kaspersky. (click on the image for bigger size).





Any further and help would be much appreciated.

Thanks in advance,

Fidel

[Troy]

I would be tempted to contact Kaspersky support and see what one of their experts has to say about it.

[mbond65]

Block all incoming connections on that port? First check application/service dependancies on that port though

[Fidel Castro]

Troy, on 03 April 2012 - 11:45 PM, said:

I would be tempted to contact Kaspersky support and see what one of their experts has to say about it.

I'm not sure if they would have anything to say and I'm tired of generic robotic replies TBH.

mbond65, on 07 April 2012 - 11:29 AM, said:

Block all incoming connections on that port? First check application/service dependancies on that port though

I already said that I was thinking about doing that but I don't know how can I close that port or block any incoming connection using that specific port. Also I don't know the way to check what applications are using which ports..

[Ztruker]

What OS? In Win 7, you can setup a new Inbound rule in Windows Firewall (from Control Panel) to block that port.

For XP it's a bit more complicated: How to block specific network protocols and ports by using IPSec

[Fidel Castro]

Ztruker, on 07 April 2012 - 01:55 PM, said:

What OS? In Win 7, you can setup a new Inbound rule in Windows Firewall (from Control Panel) to block that port.

For XP it's a bit more complicated: How to block specific network protocols and ports by using IPSec

I'm using Win7.

And thanks for the help, I found that in my CP.

I also found out that the program that was using 16982 port was actually my program for torrents: BitComet.

[rshaffer61]

Quote

I also found out that the program that was using 16982 port was actually my program for torrents: BitComet.

I would also suspect maybe a hidden backdoor infection. I suggest you read the 'Start Here' topic found HERE. With these self-help tools you have a high chance of fixing the problems on your own. If you are still having problems after following Step 3 of the guide, continue with Step 4 and 5 and post in the Malware Forum. If you are unable to run any programs, Please create a topic stating what you have tried so far and that you are unable to run any programs. Also, Please do NOT post the logs in this thread.

If you are still having issues after the malware expert gives you a clean bill of health, Please return to THIS thread and we will pursue other options to help you solve your current problem(s).
Add a link to this topic so that malware tech can see what steps have been taken here

[mbond65]

Depends what firewall you have, you should be able to block a port router side which will obviously prevent all your computer on the network communicating over that port. Alternatively , as mentioned above just set up a new inbound rule in windows firewall

[Ztruker]

Disable all BitComet entries in Startup and Services under msconfig. There is no need to have any of it running unless you are actively downloading something.