1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unknown IP address acessing Email

Discussion in 'General Security' started by katyz, Aug 1, 2012.

Thread Status:
Not open for further replies.
  1. katyz

    katyz Thread Starter

    Aug 1, 2012
    I hope you can help me. I got an alert from Yahoo saying that there was suspicious login activity detected on my account & directing me to check my Recent Login Activity. Everything looked OK except that times seemed to be consistently off by 2 hours and IP location said CO, US instead of WV, US. IP address was listed as (I had never checked my Login Activity before so I have no idea if this has changed recently) It shows the same IP address whether I access it from my laptop or my desktop.

    This is what my computer shows for my IP Configuration on my laptop which is what I use mostly:

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Kathryn>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Kate
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Ad
    Physical Address. . . . . . . . . : 00-16-E3-6B-B3-89
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . :
    Subnet Mask . . . . . . . . . . . :
    Default Gateway . . . . . . . . . :
    DHCP Server . . . . . . . . . . . :
    DNS Servers . . . . . . . . . . . :
    Lease Obtained. . . . . . . . . . : Wednesday, August 01, 2012 3:22:53 A
    Lease Expires . . . . . . . . . . : Thursday, August 02, 2012 3:22:53 AM

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
    ernet NIC
    Physical Address. . . . . . . . . : 00-A0-D1-4C-1B-A4

    Since the IP address that is accessing my Email doesn't match anything that is showing up here I am wondering if this is a sign that someone else has taken over my machine. I do have my firewall turned on but in the past my virus protection has been spotty because I was on dial-up and updates just would not download on such a narrow bandwidth. Also a few of my friends have received Emails which appeared to be from me but which I didn't send that had nothing in the subject line and just some link.

    I recently (1 month ago) switched from dial-up internet to Satellite based internet - Wildblue which is a ViaSat company. This includes anti-virus protection in the package. I ran an online virus scanning program (Microsoft) and it did find 1 malware which it removed and said it had affected 10 files. It occured to me that maybe my Email access was being routed through a Wildblue server and that was the strange IP address but when I called tech support at Wildblue the guy assured me that it didn't have anything to do with them and suggested that it might be my wireless router's IP. When I looked online to find out how to look up my router's IP I found out that is the default IP for Linksys routers which is my Default Gateway.

    So now I'm just confused! I still have no idea where this strange IP is coming from. I'm afraid to use my computer for any financial activity until I can be sure it is safe. I had to deactivate my Webaccess to my financial institutions until I can get this sorted out.

    Can you tell me what is going on here? What should I do next? I am a real neophyte when it comes to this technical stuff but if you speak slowly and use small words I can usually follow directions. Thanks for your help and patience.
  2. Sponsor

  3. 1002richards

    1002richards Retired Trusted Advisor

    Jan 29, 2006
    Hi and Welcome,
    Some basics 'til someone more knowledgeable chips in -

    I had a similar warning on my Google Mail account some months ago. I changed by Google Mail password and security question and answer - that was reassuring 'cos I was able to & no one had messed with those.
    I then changed my banking passwords & security questions & answers.

    I then kept an eye on my recent login activity and saw nothing untoward - and still haven't.

    As I said, some basics to have a think about.
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    Every time you visit a web site your IP address is logged. It doesn't mean it's being routed through that IP address. The IP address indeed belongs to WildBlue and if you enter that into the box at this link you will see that it resolves to WildBlue in Englewood, Colorado, which is probably where they are routing from:


    The same applies for the IP addresses in your IP config log where it shows:

    DNS Servers . . . . . . . . . . . : -

    If you enter those into the SmartWhoIs tool you will see that they are WildBlue ranges as well.

    Having said that, IP addresses can be spoofed. It would be important to know what malware was detected. Please check the logs and report back what the findings were.
  5. lunarlander


    Sep 21, 2007
    First, I think you need to understand routers. Your router's IP address is on the inside. And PCs in your network PCs gets assigned IP addresses beginning probably with However, on the Outside, your ISP has a router too, and hands out IP addresses to customers' routers. To find out what ip address your ISP handed out to your router, visit http://www.whatsmyip.org/ . the difference between Inside IP addresses and Outside IP addresses, you just have to know that the IP that the ISP gave your router can be routed through the internet. While the inside IP address which your router hands out, isn't recognized on the internet. When any of your PCs send traffic out to the internet,and passes thru your router,, your router modifies the 'sender address' with the Outside IP.. And when the internet responds to your PC's queries, it sends it back to your router, ( your Outside address ) and the router figures out which of your PC's sent the request. It keeps a table of who sent what to where.
  6. katyz

    katyz Thread Starter

    Aug 1, 2012
    CookieGal - Thank you for your help. So it sounds like I don't really have anything to worry about since the IP address resolves back to my internet provider... right? I don't really know how to check the logs to find out what malware was detected. It was an online virus scanner from Microsoft and all I remember is that it said it had detected 1 malware and had removed it.

    lunarlander - Thank you for your explanation - I think I understand - at least a little more than I did before.

  7. Elvandil


    Aug 1, 2003
    Unless you have a static IP, your own IP address can change from one login to another, too. You may have had a different IP address at some previous time when you went to Yahoo.

    It doesn't look like anything is wrong or that anyone else is involved.
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Aug 27, 2003
    I agree that it looks like everything is fine but without knowing what "malware" was found and deleted, it's difficult to say all is comletely well. If you want to, we can run a few scans to check to see if anything shows up. Let me know if you would like to do that.
  9. aka Brett

    aka Brett Banned

    Nov 25, 2008
    Something to add here as well...With wildblue your ip can change quite often if you are using their optimizer which essentially sends you through their proxy.
    Personally I dont use it much as it can cause an occasional issue with sites.
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063407