Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Constant Router/Hard-Drive Activity

Reply  
Thread Tools
harrogate22's Avatar
Junior Member with 4 posts.
  
Join Date: Jan 2008
Experience: Intermediate
04-Jan-2008, 06:30 AM #1
Constant Router/Hard-Drive Activity
Hi There,

I'm rather worried that my laptop has been "got-at". The Belkin router has an LED which flashes constantly indicating traffic (I presume); it's the one associated with the channel to which the laptop is connected, and it flickers away all the time. I'm getting paranoid wondering to whom it may be chatting.

I've noticed that coincident with this activity is a file (PFIREWALL.LOG) which is constantly being updated, and its contents are of the following form:

2008-01-03 05:38:03 OPEN UDP 192.168.2.2 24.87.165.142 56168 60313 - - - - - - - - -
2008-01-03 05:38:03 OPEN UDP 192.168.2.2 84.211.9.251 56168 9213 - - - - - - - - -
2008-01-03 05:38:05 OPEN UDP 192.168.2.2 125.27.73.45 56168 8345 - - - - - - - - -
2008-01-03 05:38:08 OPEN UDP 192.168.2.2 121.23.89.192 56168 11381 - - - - - - - - -
2008-01-03 05:38:08 OPEN UDP 192.168.2.2 140.135.254.9 56168 15352 - - - - - - - - -
2008-01-03 05:38:08 OPEN UDP 192.168.2.2 71.123.210.223 56168 26749 - - - - - - - - -
2008-01-03 05:38:10 OPEN UDP 192.168.2.2 99.244.77.88 56168 24869 - - - - - - - - -
2008-01-03 05:38:11 OPEN UDP 192.168.2.2 58.209.158.39 56168 10849 - - - - - - - - -
2008-01-03 05:38:11 OPEN UDP 192.168.2.2 220.191.23.140 56168 25598 - - - - - - - - -
2008-01-03 05:38:12 OPEN UDP 192.168.2.2 222.20.224.107 56168 16001 - - - - - - - - -
2008-01-03 05:38:14 OPEN UDP 192.168.2.2 89.103.133.137 56168 13171 - - - - - - - - -

I have also noticed that the "used" level of my hard disk is also constantly increasing, rather more - I suspect - than the as might be expected by the above pfirewall.log entries might justify.

I would be most grateful for any ideas. Should I be concerned; what is it, and what is the solution?

Many thanks in advance,

Ken
Register for free to hide this ad!
lunarlander's Avatar
Computer Specs
Senior Member with 3,484 posts.
  
Join Date: Sep 2007
06-Jan-2008, 06:11 PM #2
Please download and run HijackThis, available here:
http://www.trendsecure.com/portal/en...ols/hijackthis

And copy and past the log produced here. Someone with a golden shield will have to help you out.

Do you run any peer to peer file sharing program ?
TOGG's Avatar
Distinguished Member with 5,362 posts.
  
Join Date: Apr 2002
Location: Birmingham, England
06-Jan-2008, 06:39 PM #3
According to the IANA Ports list, UDP port 192 is used by the Ohio State University Network Monitoring System; http://www.iana.org/assignments/port-numbers

I understand that there is, unfortunately, nothing to stop malware using any port it wants to, so, unless you have some connection with OSU, you may well have a problem that the HJT log could help to identify.
__________________
Nothing matters very much, and few things matter at all.

Lord Balfour 1848-1930
strouprob's Avatar
Computer Specs
Registered User with 112 posts.
  
Join Date: Jan 2008
Experience: Advanced
06-Jan-2008, 07:02 PM #4
192 is part of the IP address (192.168.2.2) on the LAN not a port number.
Have you ran a complete virus scan and malware scan?
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 05:12 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.