Help! computer under attack :(

I am getting massive access attempts which begin the moment I boot up. After anywhere from 5 to 30 minutes they disable my DSL connection, and yet the attempts keep coming in.

Most of the access attempts are TCP or UDP attempts, on a different port every time. Every 20th attemp or so is an attempted "NetBIOS session".

Most of the originating IPs are within my own ISP's network, but each attempt seems to come from a different IP.

A few IP's from outside the ISP's network stand out. Among them are addresses originating in Mexico, the Netherlands, Romania, and Southeast Asia.

I hesitate to post the most suspicious IPs which I have recorded, just because I don't know the legality of that, although ATM I am not inclined to care very much. If anyone thinks they can help I have a few days worth of Zonealarm logs which detail the access attempts.

HELP! What can I do? I thought that a firewall would protect me from this, but my connection keeps getting disabled, and if a 3d game is running in the front when this happens, the computer stops responding and I must force a pwoeroff by holding down the power button for 5 seconds.

For reference I am running Win XP home; Norton AV pro; Zonealarm free edition; AdAwareSE; SpybotSD; Javacool Spyware Blaster.

 

your computer appears pretty well protected, with Norton being the weakest link. It sounds to me like you may have some trojans.

you might try some online antivirus scans like Trend Micro's House Call

if those fail to solve your problem, I'd recoomend Avast antivirus free home edition, available in the MG download section.

 

Not familiar with ZA, I use Kerio. Do the messages you get from your firewall say incoming and outgoing attempts?

 

arg it's still happening and causing my DSL connection to die every 20 min or so. or rather I lose access to a DNS server and have to reboot for that reason.

75% of these blocked intrustions are originating from 200.78.49.48 which is in Mexico. They appear to originate from all kinds of ports on his machine but they all seem to go to Port 1699 on my machine which seems to be used for Sendmail(?) although I am not running a mail server or client.

An example of the firewall messages is as follows: "The firewall has blocked internet access to your computer (TCP port 1699) from dsl-200-78-49-48.prod.infinitum.com.mx (200.78.49.48) (TCP Port 4049) [TCP Flags: S]."

The first intrusion attempt from this IP comes within seconds of every reboot.

Trend Micro and F-Secure's online virus scans, as well as my updated NAV 2004 professional, come up with nothing; same with Spybot and AdAware. Yet my DSL connection becomes disabled within half an hour of booting up. For example I had to save this post to a text file and reboot before posting it because the connection was disabled again while I was typing it up.

Edit: Also FWIW the firewall program does not appear to be reporting any "outgoing" attempts.