My computer is contiously sending out packes to a million different ip's. I can't seem to find the source of this. I'm using McAfee vs and fw and yes all files are updated. Seems like this virus or whatever is on some type of time schedule or something cause it comes and goes.........but when it does it ties up my router (No Firewall :( ) and I'm unable to connect to the internet unless I unplug the thing and it starts all over again.

I've run vs twice and can't find a thing.......checked task manager and the only thing that seems to use up cpu time is cpd.exe which is suppose to be mc's firewall exe

Any suggestions are greatly apreciated


Help!!!!!!!


BalliN

get a copy of SpyBot and check for AD-ware

Oops..........forgot to say that I already have spybot and tried that as well :(

also I'm running on this pc windows 2000 Professional, McAfee 7

sounds like you have this,,,,,,,,,,,,,,,

http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html

Well even though I hate Zone Alarm that would be the first program I would install.

I would hit the machine with everything I could find. Ad-Aware 6, pc-cillin online, Panda Online scanner. You already have spybot.

Then go through the add remove programs and search for anything out of the ordinary. I would also run Code Stuff Starter. Look for any apps that are starting up in the back ground and dissable them.

If all else failed, grab the blank CD's burn your important files, like your PST file and any other needed stuff and reformate the bugger.

with out seeing anymore information i would guess you have welchia. Patch it! goto securityresponse.symantec.com and download the virus fix....then WINDOWS UPDATE! :D

jajman and wedge........I ran that tool and it didn't find the welchia worm I also looked into the registry and couldn't find any of the services it is suppose to create

Capt.......I dl Zone Alarm......I'm able to stop the request seems like one at a time........but what I've noticed is that I always seem to get a request to the internet by 219.106.253.106 which is not my ip.

wedge......please let me know what other info you are looking for and where to find it........and I'll try to get it for you cause right now I'm juss thinkin of takin capts advise and format the mofo.......but I'd really hate to do that

Oh......and I have all the windows updates already......I check for those atleast once a week

Thanks,

BalliN

Well that number http://219.106.253.106/IndexJsp.jsp points to a web site that is in some forign (sp) language that I cant understand. I ran the number through google to see if it was a common reference to any type of virus and came up blanko. Have you tried just for laughing sake msconfig to see what is in there.

If you have tried all the apps suggested. Then you got me stumped.

you can go to www.symantec.com and get an online virus scan,
there is a chance that you might have a new virus and i don't know if McAfee vs has any type of updater. but if that program dosn't have the virus deff. for a virus you might have it will not find it.
why don't you have norton

Capt.........yeah I saw that site too........can't make anything out of it.....windows 2000 doesn't have msconfig.........but I checked the registery and didn't really see anything that I believed to be out of place. I'm pretty stumped as well

simpleman..........McAfee does have update the virus def but currently as we speak I'm checking it online via there site......if it finds nothing next step is your suggestion. And yes........I'm trashing the McAfee and goin with Nortons as soon as I can get to the computer store tomarrow :D

The McAfee was free..........guess I got what I paid for :rolleyes:

Firstly, I'd trash the windows and start over. You probably could have already done it in the time it's taken to try to diagnose this.

Secondly, while I'd try it if I had it, there certainly is no guarantee that Norton is any better than Mcafee. I hated Mcafee and always used norton until a few months back when a couple of PCs I maintain got a virus that although existed in Norton's information pages, it would not detect nor clean. It was hanater or something like that. It would disable Norton, not allow liveupdates, prevent re-installing the program, etc. Mcafee 7 cleaned it without drama. So while I tend to think of Mcafee as junk, sometimes it would appear that it is junk you need.

I agree with you larva about the vs software............nortons does seem to have a better rep........but at times either can miss the latest virus out. The reason I'm gonna buy the nortons tomarrow is juss as you stated........to see if it can catch what mcafee cant.

You are also right in saying that I could have reinstalled along time ago to fix the problem. The problem with that is that I'm hard headed.........and I'd rather destroy this os first to find the problem then to let it beat me :D

Good news is think I've got it blocked with the mcafee fw......there are two programs running (with no names on them) that are tring to send something outbound to that address I posted about before via port 110 email and so far it hasn't triggered the mass flood of outbound ip's via port 445.

Maybe its a new virus........maybe I juss don't know what the hell I'm doin :eek: but a learning experiance all the same.

I'm sure a new install will be inorder after I'm done with the thing anyways

I've been lookin at getting a new router anyways (maybe a linksys wireless) to replace this crappy cayman one sbc gave me cause if this is a hack job I don't wanna go through the hassal of changing my ip's juss yet.


LMAO,

BalliN

It's looks like whatever you have is viri related. It is trying to email something (port 110, pop3 ) from your machine, as well as using port 445 (dcom exploit) to infect other pc's.
A symantec search on 445 resulted it over 700 hits, I read only a few.

http://housecall.trendmicro.com/

try running that too, another free online virus scan.

To be honest that sounds like the mimail virus, have you opened anything from Paypal lately?

Well.........this one has stumped me neither Mcafee nor Nortons found this bug. The only thing I could find out about it other then the info stated above is that there was always some program running in the background (with no name) that I couldn't find to stop.

Thanks for everyones help who responded.......I went ahead (even though it killed me :mad: ) and did a reinstall. I seemed like some sort of variation of the W32.HLLW.Deborms.D some of the files mentioned on symantec's site seemed to be present here as well.

Lanman........thanks for the link added to my fav wish I could have tried that as well :(


Anyways.....Thanks again,

BalliN