What could be the possible reason?

Avast Free Antivirus / Premium Security
1

I am experiencing a strange problem from a week. Outpost Firewall Pro is blocking a particular IP Address and its subnet mask also. Is my PC infected using avast 6.0.1044 free.??
Anyone can throw light on this…? ???

2

I had a similar problem with Avast Internet Security last week. It blocked a network threat to a particilar IP and I kept getting the popup every 10-15minutes. What I was told to do was to download and install MBAM, update it and run a quick scan. Also run a full scan on your Avast program.

3

Well I did that but no results. In my case it does not block every 10-15 min but 2-4 hours or even more.
The action you specified helped you?? Or are you still facing the problem??

Its a incoming RPC(TCP) connection made by SVCHOST.EXE…

Any idea what this RPC connection could be for.? I have no much knowledge about networking…

Thanks
Ash

4

Have you tried a reverse IP look up to see who this is? Have you downloaded from the Calender of Updates the most recent blocklists?

5

inetnum: 180.151.0.0 - 180.151.255.255
netname: SPECTRA
descr: Spectra ISP Networks Private Limited
descr: 42, Okhla Industrial Estate
descr: Phase III
country: IN

6

Well as I told you I have no much knowledge of networking so everything you told me just bounced over my head. Can you plz explain it a bit as I little knowledge in networking field

7

With several paid firewalls, you can download for free from Calender of Updates (COU) a list of bad IP Providers that are automatically blocked. Here is the link for Outpost from COU http://www.calendarofupdates.com/updates/index.php?app=downloads&showfile=3. You will then have to unzip the file and upload it into your firewall program (there should be a place to upload the IP Blocklist). This file gets updated periodically, so you will want to keep it updated.

It appears that this IP address, if not on the IP COU, is one you may want to block. I do not use Outpost currently, but you can go to their forum or wait for someone here who uses Outpost and they can instruct you how to manually block this IP address permanently.

8

Yes in my case the computer was infected, Avast detected the file but couldnt remove, but MBAM did remove it, so everything is fine now! If you did scans on Avast + MBAM and no infections detected, the pc is probably clean.

The suspicious IP was traced by Zyndstoff and he posted the results. check that and see if you know the host of that IP. the IP is from your country so my guess is, it might have something to do with your ISP - and Outpost blocks suspicious IP addresses and it doesnt mean its dangerous, just suspicious, so that might be the reason why Outpost blocks it. In my case MBAM blocks certain IP addresses of Skype as they are in the suspicious IP list in their database.

Anyway do what safesurf said and see.

Cheers!

9

Thanks alot Zyndstoff
Now I got it its in a network of ISP under National Internet Exchange of India.Under NIXI my ISP also comes but I don’t know why the hell these people are scanning my ports for? Anyways thanks there is Outpost Firewall Pro which protecting me from these kinds of port scanning.
And thanks alot to all the forum users for such a marvelous support… Thanks alot avast rocks man… :smiley:

10

It’s not uncommon for ISP’s to try and scan, but that’s what firewalls are for. ;D

11

Get a hardware firewall to stop inbounds.

12

@ the OP: how do you connect to the Internet? ie what sort of hardware do you use, are you on broadband, dial-up… ? … seems you either are on dial-up or you got an improperly configured router’s firewall. Such inbound attacks usually don’t even have a chance to reach your software firewall (OutPost in your case)…

13

A router/hardware firewall should be blocking any and all inbounds.

14

close all the programs you can, go to cmd.exe and type this:
netstat -ano
tell me if there’s something with ESTABLISHED , if you do, take the proccess PID and goto task manager to check what it is, if you don’t, then it’s not from your os but from outside.

15

for me I got this

16

As I already told you that connection was made by SVCHOST.EXE. Well And I use USB 3G modem to connect to internet

17

okay so you’re not using a router, I can see your external and only IP in the log. On a side note don’t leave that pic online too long.

18

which explains how such attacks are made possible

19

You need to get a router with a hardware firewall ASAP. A hardware firewall is your first line of defense.

20

So you wanna say that I am more vulnerable than others>>>>?