There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
General Security
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > General Security >
Constant Router/Hard-Drive Activity


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
harrogate22's Avatar
Junior Member with 4 posts.
  
Join Date: Jan 2008
Experience: Intermediate
04-Jan-2008, 05:30 AM #1
Constant Router/Hard-Drive Activity
Hi There,

I'm rather worried that my laptop has been "got-at". The Belkin router has an LED which flashes constantly indicating traffic (I presume); it's the one associated with the channel to which the laptop is connected, and it flickers away all the time. I'm getting paranoid wondering to whom it may be chatting.

I've noticed that coincident with this activity is a file (PFIREWALL.LOG) which is constantly being updated, and its contents are of the following form:

2008-01-03 05:38:03 OPEN UDP 192.168.2.2 24.87.165.142 56168 60313 - - - - - - - - -
2008-01-03 05:38:03 OPEN UDP 192.168.2.2 84.211.9.251 56168 9213 - - - - - - - - -
2008-01-03 05:38:05 OPEN UDP 192.168.2.2 125.27.73.45 56168 8345 - - - - - - - - -
2008-01-03 05:38:08 OPEN UDP 192.168.2.2 121.23.89.192 56168 11381 - - - - - - - - -
2008-01-03 05:38:08 OPEN UDP 192.168.2.2 140.135.254.9 56168 15352 - - - - - - - - -
2008-01-03 05:38:08 OPEN UDP 192.168.2.2 71.123.210.223 56168 26749 - - - - - - - - -
2008-01-03 05:38:10 OPEN UDP 192.168.2.2 99.244.77.88 56168 24869 - - - - - - - - -
2008-01-03 05:38:11 OPEN UDP 192.168.2.2 58.209.158.39 56168 10849 - - - - - - - - -
2008-01-03 05:38:11 OPEN UDP 192.168.2.2 220.191.23.140 56168 25598 - - - - - - - - -
2008-01-03 05:38:12 OPEN UDP 192.168.2.2 222.20.224.107 56168 16001 - - - - - - - - -
2008-01-03 05:38:14 OPEN UDP 192.168.2.2 89.103.133.137 56168 13171 - - - - - - - - -

I have also noticed that the "used" level of my hard disk is also constantly increasing, rather more - I suspect - than the as might be expected by the above pfirewall.log entries might justify.

I would be most grateful for any ideas. Should I be concerned; what is it, and what is the solution?

Many thanks in advance,

Ken
wk2000's Avatar
Senior Member with 283 posts.
  
Join Date: Sep 2007
Experience: Intermediate
06-Jan-2008, 05:11 PM #2
Please download and run HijackThis, available here:
http://www.trendsecure.com/portal/en...ols/hijackthis

And copy and past the log produced here. Someone with a golden shield will have to help you out.

Do you run any peer to peer file sharing program ?
TOGG's Avatar
Distinguished Member with 4,164 posts.
  
Join Date: Apr 2002
Location: Birmingham, England
06-Jan-2008, 05:39 PM #3
According to the IANA Ports list, UDP port 192 is used by the Ohio State University Network Monitoring System; http://www.iana.org/assignments/port-numbers

I understand that there is, unfortunately, nothing to stop malware using any port it wants to, so, unless you have some connection with OSU, you may well have a problem that the HJT log could help to identify.
__________________
Nothing matters very much, and few things matter at all.

Lord Balfour 1848-1930
strouprob's Avatar
Computer Specs
Senior Member with 112 posts.
  
Join Date: Jan 2008
Experience: Advanced
06-Jan-2008, 06:02 PM #4
192 is part of the IP address (192.168.2.2) on the LAN not a port number.
Have you ran a complete virus scan and malware scan?
Reply

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 03:16 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.