My computer has been showing some strange network activity and I ran Microsoft Network Monitor to see what it was.
Turns out my computer connects to a lot of IP-addresses endlessly.
I'm sure I'm infected, but nothing I found on this forum actually helped me.
I'm willing to go through steps, but as of now, nothing has found which executable or source this infection has.
All I can get is the following information, no matter what I do.
Note, all of them have different starting port, but the same destination port.
- All Traffic
- My Traffic
- <Unknown>
- IPv4 (122.18.52.194 - 192.168.50.100) ConvID = 1
UDP (58518 - 47816) ConvID = 2
- IPv4 (218.81.251.184 - 192.168.50.100) ConvID = 3
UDP (22935 - 47816) ConvID = 4
- IPv4 (78.236.12.145 - 192.168.50.100) ConvID = 5
UDP (56017 - 47816) ConvID = 6
- IPv4 (90.219.188.143 - 192.168.50.100) ConvID = 7
UDP (8400 - 47816) ConvID = 8
- IPv4 (114.42.232.135 - 192.168.50.100) ConvID = 9
UDP (23933 - 47816) ConvID = 10
- IPv4 (213.231.151.113 - 192.168.50.100) ConvID = 11
UDP (18566 - 47816) ConvID = 12
- IPv4 (188.123.245.143 - 192.168.50.100) ConvID = 13
UDP (25730 - 47816) ConvID = 14
- IPv4 (92.47.2.135 - 192.168.50.100) ConvID = 15
UDP (36987 - 47816) ConvID = 16
+ IPv4 (174.91.86.7 - 192.168.50.100) ConvID = 17
+ IPv4 (87.11.169.155 - 192.168.50.100) ConvID = 19
+ IPv4 (24.13.48.119 - 192.168.50.100) ConvID = 21
+ IPv4 (222.131.219.121 - 192.168.50.100) ConvID = 23
+ IPv4 (85.154.194.97 - 192.168.50.100) ConvID = 25
+ IPv4 (189.79.64.218 - 192.168.50.100) ConvID = 27
+ IPv4 (77.67.84.194 - 192.168.50.100) ConvID = 29
+ IPv4 (14.96.204.236 - 192.168.50.100) ConvID = 31
+ IPv4 (78.159.59.126 - 192.168.50.100) ConvID = 33
+ IPv4 (65.4.112.109 - 192.168.50.100) ConvID = 35
+ IPv4 (184.183.5.197 - 192.168.50.100) ConvID = 37
+ IPv4 (82.200.1.214 - 192.168.50.100) ConvID = 39
+ IPv4 (95.59.191.131 - 192.168.50.100) ConvID = 41
+ IPv4 (221.182.46.101 - 192.168.50.100) ConvID = 46
+ IPv4 (2.26.31.70 - 192.168.50.100) ConvID = 48
+ IPv4 (212.166.202.107 - 192.168.50.100) ConvID = 50
+ IPv4 (71.96.72.114 - 192.168.50.100) ConvID = 52
+ IPv4 (218.189.248.173 - 192.168.50.100) ConvID = 54
+ IPv4 (81.202.57.69 - 192.168.50.100) ConvID = 56
+ IPv4 (83.149.38.104 - 192.168.50.100) ConvID = 58
+ IPv4 (210.73.59.100 - 192.168.50.100) ConvID = 60
+ IPv4 (122.167.229.86 - 192.168.50.100) ConvID = 62
+ IPv4 (14.207.74.33 - 192.168.50.100) ConvID = 64
+ IPv4 (115.198.246.195 - 192.168.50.100) ConvID = 66
+ IPv4 (95.139.171.159 - 192.168.50.100) ConvID = 68
+ IPv4 (122.90.168.157 - 192.168.50.100) ConvID = 70
+ IPv4 (114.102.118.246 - 192.168.50.100) ConvID = 72
+ IPv4 (189.152.137.89 - 192.168.50.100) ConvID = 74
+ IPv4 (121.98.139.152 - 192.168.50.100) ConvID = 76
+ IPv4 (118.6.29.119 - 192.168.50.100) ConvID = 78
+ IPv4 (74.47.217.144 - 192.168.50.100) ConvID = 80
+ IPv4 (46.10.79.73 - 192.168.50.100) ConvID = 82
+ IPv4 (121.149.100.23 - 192.168.50.100) ConvID = 84
+ IPv4 (88.90.150.214 - 192.168.50.100) ConvID = 86
+ IPv4 (82.246.146.153 - 192.168.50.100) ConvID = 88
+ IPv4 (61.203.8.80 - 192.168.50.100) ConvID = 90
+ IPv4 (58.153.70.59 - 192.168.50.100) ConvID = 92
+ IPv4 (82.207.23.108 - 192.168.50.100) ConvID = 94
+ IPv4 (180.156.42.245 - 192.168.50.100) ConvID = 100
+ IPv4 (124.26.81.110 - 192.168.50.100) ConvID = 102
+ IPv4 (118.2.34.229 - 192.168.50.100) ConvID = 104
+ IPv4 (217.132.156.170 - 192.168.50.100) ConvID = 106
+ IPv4 (124.121.240.44 - 192.168.50.100) ConvID = 108
+ IPv4 (222.13.237.37 - 192.168.50.100) ConvID = 110
+ IPv4 (121.178.127.188 - 192.168.50.100) ConvID = 112
+ IPv4 (111.91.119.63 - 192.168.50.100) ConvID = 114
+ IPv4 (93.183.191.15 - 192.168.50.100) ConvID = 116
+ IPv4 (87.2.250.176 - 192.168.50.100) ConvID = 118
+ IPv4 (122.176.41.213 - 192.168.50.100) ConvID = 120
+ IPv4 (121.218.88.217 - 192.168.50.100) ConvID = 122
+ IPv4 (46.191.131.134 - 192.168.50.100) ConvID = 124
+ IPv4 (86.51.22.253 - 192.168.50.100) ConvID = 126
+ IPv4 (64.20.146.164 - 192.168.50.100) ConvID = 128
+ IPv4 (203.218.199.146 - 192.168.50.100) ConvID = 130
+ IPv4 (49.48.49.21 - 192.168.50.100) ConvID = 132
+ IPv4 (122.173.231.190 - 192.168.50.100) ConvID = 134
+ IPv4 (86.208.161.44 - 192.168.50.100) ConvID = 136
+ IPv4 (122.210.178.188 - 192.168.50.100) ConvID = 138
+ IPv4 (89.21.95.68 - 192.168.50.100) ConvID = 140
+ IPv4 (112.105.110.108 - 192.168.50.100) ConvID = 142
+ IPv4 (218.54.27.90 - 192.168.50.100) ConvID = 144
+ IPv4 (184.88.32.3 - 192.168.50.100) ConvID = 146
+ IPv4 (180.129.186.91 - 192.168.50.100) ConvID = 148
+ IPv4 (202.29.6.95 - 192.168.50.100) ConvID = 150
+ IPv4 (124.89.186.226 - 192.168.50.100) ConvID = 152
+ IPv4 (114.163.219.50 - 192.168.50.100) ConvID = 154
+ IPv4 (121.102.48.112 - 192.168.50.100) ConvID = 156
+ IPv4 (94.208.241.127 - 192.168.50.100) ConvID = 159
+ IPv6 (FE80:0:0:0:D943:6E9E:B4CA:B268 - FF02:0:0:0:0:0:1:2) ConvID = 161
+ IPv4 (89.216.165.40 - 192.168.50.100) ConvID = 163
+ IPv4 (94.10.19.2 - 192.168.50.100) ConvID = 165
+ IPv4 (219.164.45.172 - 192.168.50.100) ConvID = 167
+ IPv4 (59.44.138.133 - 192.168.50.100) ConvID = 169
+ IPv4 (108.125.28.99 - 192.168.50.100) ConvID = 171
+ IPv4 (76.234.77.130 - 192.168.50.100) ConvID = 173
+ IPv4 (194.44.127.214 - 192.168.50.100) ConvID = 175
+ IPv4 (116.53.253.229 - 192.168.50.100) ConvID = 177
+ IPv4 (79.182.192.213 - 192.168.50.100) ConvID = 179
+ IPv4 (220.131.153.224 - 192.168.50.100) ConvID = 181
+ IPv4 (125.24.185.5 - 192.168.50.100) ConvID = 183
+ IPv4 (115.165.205.187 - 192.168.50.100) ConvID = 185
+ IPv4 (27.97.220.231 - 192.168.50.100) ConvID = 187
+ IPv4 (92.85.206.212 - 192.168.50.100) ConvID = 189
+ IPv4 (112.230.250.19 - 192.168.50.100) ConvID = 192
+ IPv4 (125.24.39.196 - 192.168.50.100) ConvID = 194
+ IPv4 (223.167.118.248 - 192.168.50.100) ConvID = 196
+ IPv4 (87.126.245.246 - 192.168.50.100) ConvID = 198
+ IPv4 (2.61.112.89 - 192.168.50.100) ConvID = 200
+ IPv4 (27.124.29.172 - 192.168.50.100) ConvID = 202
+ IPv4 (90.165.148.218 - 192.168.50.100) ConvID = 204
+ IPv4 (46.63.48.60 - 192.168.50.100) ConvID = 206
+ IPv4 (198.82.8.195 - 192.168.50.100) ConvID = 208
+ IPv4 (125.163.250.195 - 192.168.50.100) ConvID = 210
+ IPv4 (216.123.247.10 - 192.168.50.100) ConvID = 212
+ IPv4 (118.172.15.21 - 192.168.50.100) ConvID = 214
+ IPv4 (222.161.66.193 - 192.168.50.100) ConvID = 216
+ IPv4 (210.254.70.250 - 192.168.50.100) ConvID = 218
+ IPv4 (178.49.158.60 - 192.168.50.100) ConvID = 220
+ IPv4 (81.175.224.209 - 192.168.50.100) ConvID = 222
+ IPv4 (117.82.107.21 - 192.168.50.100) ConvID = 224
+ IPv4 (192.168.50.100 - 8.8.8.8) ConvID = 226
+ IPv4 (201.50.26.91 - 192.168.50.100) ConvID = 233
+ IPv4 (188.29.36.34 - 192.168.50.100) ConvID = 273
+ IPv4 (46.147.154.1 - 192.168.50.100) ConvID = 277
+ IPv4 (192.168.50.100 - 74.125.77.100) ConvID = 269
+ IPv4 (188.36.131.244 - 192.168.50.100) ConvID = 286
+ IPv4 (173.35.212.39 - 192.168.50.100) ConvID = 347
+ IPv4 (82.34.193.66 - 192.168.50.100) ConvID = 349
+ IPv4 (79.116.62.188 - 192.168.50.100) ConvID = 351
+ IPv4 (87.139.89.60 - 192.168.50.100) ConvID = 353
+ IPv4 (24.138.134.57 - 192.168.50.100) ConvID = 355
+ IPv4 (221.133.27.59 - 192.168.50.100) ConvID = 357
+ IPv4 (59.177.40.233 - 192.168.50.100) ConvID = 359
+ IPv4 (202.62.109.67 - 192.168.50.100) ConvID = 384
+ IPv4 (88.131.66.182 - 192.168.50.100) ConvID = 398
+ IPv4 (94.240.167.139 - 192.168.50.100) ConvID = 409
+ IPv4 (50.54.199.0 - 192.168.50.100) ConvID = 411
+ IPv4 (60.247.43.169 - 192.168.50.100) ConvID = 413
+ IPv4 (85.186.126.153 - 192.168.50.100) ConvID = 415
+ IPv4 (218.35.151.176 - 192.168.50.100) ConvID = 417
+ IPv4 (95.24.36.61 - 192.168.50.100) ConvID = 419
+ IPv4 (64.246.64.71 - 192.168.50.100) ConvID = 425
+ IPv4 (78.8.41.179 - 192.168.50.100) ConvID = 459
+ IPv4 (183.89.199.144 - 192.168.50.100) ConvID = 466
+ IPv4 (108.77.144.165 - 192.168.50.100) ConvID = 483
+ IPv4 (78.30.201.87 - 192.168.50.100) ConvID = 485
+ IPv4 (49.48.114.103 - 192.168.50.100) ConvID = 497
+ IPv4 (74.209.46.46 - 192.168.50.100) ConvID = 499
+ IPv4 (59.115.129.181 - 192.168.50.100) ConvID = 501
+ IPv4 (210.128.78.143 - 192.168.50.100) ConvID = 503
+ IPv4 (180.180.221.104 - 192.168.50.100) ConvID = 505
+ IPv4 (89.190.222.174 - 192.168.50.100) ConvID = 507
+ IPv4 (193.91.149.100 - 192.168.50.100) ConvID = 509
+ IPv4 (124.169.100.147 - 192.168.50.100) ConvID = 511
+ IPv4 (124.26.232.186 - 192.168.50.100) ConvID = 513
+ IPv4 (111.249.47.50 - 192.168.50.100) ConvID = 515
+ IPv4 (14.207.205.47 - 192.168.50.100) ConvID = 517
+ IPv4 (72.12.163.164 - 192.168.50.100) ConvID = 519
+ IPv4 (180.25.17.37 - 192.168.50.100) ConvID = 521
+ IPv4 (194.44.216.102 - 192.168.50.100) ConvID = 523
+ IPv4 (83.49.191.175 - 192.168.50.100) ConvID = 525
+ IPv4 (121.1.11.171 - 192.168.50.100) ConvID = 527
+ IPv4 (114.36.176.132 - 192.168.50.100) ConvID = 529
+ IPv4 (94.59.57.195 - 192.168.50.100) ConvID = 531
+ IPv4 (82.12.88.118 - 192.168.50.100) ConvID = 533
+ IPv4 (77.127.222.47 - 192.168.50.100) ConvID = 535
+ IPv4 (190.134.20.204 - 192.168.50.100) ConvID = 537
+ IPv4 (119.92.253.106 - 192.168.50.100) ConvID = 539
+ IPv4 (119.153.17.112 - 192.168.50.100) ConvID = 561
+ IPv4 (189.27.64.217 - 192.168.50.100) ConvID = 563
+ IPv4 (123.240.126.194 - 192.168.50.100) ConvID = 565
+ IPv4 (88.168.205.43 - 192.168.50.100) ConvID = 587
+ IPv4 (189.26.121.39 - 192.168.50.100) ConvID = 589
+ IPv4 (61.24.81.184 - 192.168.50.100) ConvID = 593
+ IPv4 (142.162.201.20 - 192.168.50.100) ConvID = 595
+ IPv4 (219.78.160.129 - 192.168.50.100) ConvID = 615
+ IPv4 (58.64.51.203 - 192.168.50.100) ConvID = 617
+ IPv4 (94.59.22.61 - 192.168.50.100) ConvID = 619
+ IPv4 (125.82.183.93 - 192.168.50.100) ConvID = 621
+ IPv4 (124.6.181.111 - 192.168.50.100) ConvID = 623
+ IPv4 (93.159.246.155 - 192.168.50.100) ConvID = 625
+ IPv4 (80.109.100.225 - 192.168.50.100) ConvID = 627
+ IPv4 (64.183.196.193 - 192.168.50.100) ConvID = 629
+ IPv4 (180.159.101.191 - 192.168.50.100) ConvID = 631
I traced some of them and I noticed they come from all over the world, Haiti, Japan, Bulgaria, etcetera.
Whosis Lookup resulted in the same outcome.
I also posted something about this several months ago, but it has since been resolved temporarily, after I reinstalled my OS.
It has then been suggested that it might be programs trying to update. Which is obviously bogus.
I tried several deep scanners, but nothing can decypher the packages that were sent.
Thnx in advance, I hope somebody has some hints and tips on this superhidden infection.
Edited by IO-error, 04 May 2011 - 10:27 PM.