My Avast keeps blocking attempts to connect with my computer and it blocks the attempt at LEAST once a minute. I was wondering if there was a way to make it so whatever keeps getting blocked by the Firewall can be permanently blocked or if there is a way I can change something so these connection attempts can stop. I’ve scanned my PC fully and it reports I have no infected files on my computer, nor have I downloaded anything to my hard drive. I apologize if I’m explaining this in a strange way. I’d appreciate it if someone can give me advice on how to stop the connection attempts. Thank you
does avast give a popup warning ?
if so can you attach a screen shot ? crop the picture as we dont need to see the hole desktop …
I don’t get a pop-up, but when I look at my firewall log I see that a connection has been blocked at a rate of 1 attempt per minute if not faster. I’m not home right now, but I can upload a photo tomorrow of my Firewall log.
but I can upload a photo tomorrow of my Firewall log.that would help...
I apologize for the late reply, but here is a photo of what I meant.
So, anything you can recommend to stop these attempts? I posted a photo
the picture is to blurred, cant see
if you want a check inside …follow this guide and attach the logs
http://forum.avast.com/index.php?topic=53253.0
then a removal specialist will check to see if you are infected
Hi artboy598,
Near as I can tell, you have an incoming packet coming from port 448, and attempting to connect to your port 43777.
Under normal operating circumstances, you should be in a ‘stealth’ situation where your computer is hidden from the internet, and no persistent incoming network traffic should be arriving. The only connections initiated should be those your computer starts if in stealth; these connections will be dropped when not needed anymore. As Pondus says, this may indicate something on your computer that should not be there, and it is attempting connections at ports that may not normally be used for such data transfer.
http://www.speedguide.net/port.php?port=448
Could you provide a larger .jpeg pf the screen capture, say 1080 x 720? Failing that, post the remote port number and the local port number. As it is, cannot see the image clearly.
If anything, this is demonstrative proof why all computer systems should have a two-way firewall, protecting both outbound and inbound traffic.
I will also add that every pc needs a hardware firewall and a software firewall active. A hardware firewall is found all routers and or gateways. A properly configured router with NAT will protect your pc from inbound attacks. A software firewall can alert the user of outbound attacks such as something calling home. The log shown could also be normal router chatter is the user is behind one. Artboy…Are you currently behind a router? Firewall logs always make people paranoid.
Here are logs from some of the recommended programs as well as a reupload of the firewall log
Adware Cleaner
AdwCleaner v2.001 - Logfile created 09/13/2012 at 08:26:51
Updated 09/09/2012 by Xplode
Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
User : Owner - GATEWAY
Boot Mode : Normal
Running from : C:\Users\Owner\Desktop\adwcleaner.exe
Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\ Mozilla Firefox v14.0.1 (en-US)
Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hu1d7wta.default\prefs.js
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hu1d7wta.default\user.js … Deleted !
[OK] File is clean.
AdwCleaner[S1].txt - [1138 octets] - [13/09/2012 08:26:51]
########## EOF - C:\AdwCleaner[S1].txt - [1198 octets] ##########
Malware Bytes log
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.07.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: GATEWAY [administrator]
Protection: Enabled
9/13/2012 8:37:52 AM
mbam-log-2012-09-13 (08-37-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194606
Time elapsed: 5 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
FSS
Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 13-09-2012 at 08:45:40
Running from “C:\Users\Owner\Desktop”
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
Internet Services:
Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
Firewall Disabled Policy:
System Restore:
System Restore Disabled Policy:
Action Center:
Windows Update:
Windows Autoupdate Disabled Policy:
Windows Defender:
Other Services:
File Check:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-12 08:00] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
the most important logs would be OTL and aswMBR
and OTL log must be attached …not copy and paste
Are you on a network as that IP range is for private addresses
It happens on any network I connect to. Anyway, right now I’m using my college’s internet which is secure and requires a password. I’m not sure if that’s what you were asking, but if not just let me know.
172.27.. may well be the college network querying users.
Here they are. Thank you again for the assistance.
These attempts happen even when I’m not at school using the internet also. Even when I’m on a different network.
I can see no signs of malware there, are you experiencing any problems at all ?
Possible normal router chatter.