Help unwated connections, possible spyware?

shamirman · #1 04-29-12, 11:57

I have checked netstat -n
I have too many connections just came yesterday.

Code:

 TCP    192.168.1.10:51280     81.218.31.184:80       ESTABLISHED
 TCP    192.168.1.10:51937     176.9.89.134:443       ESTABLISHED
 TCP    192.168.1.10:53168     84.53.141.51:443       ESTABLISHED
 TCP    192.168.1.10:53195     193.120.199.16:12350   ESTABLISHED
 TCP    192.168.1.10:54440     64.4.23.162:40026      ESTABLISHED
 TCP    192.168.1.10:54895     157.55.56.148:40009    ESTABLISHED
 TCP    192.168.1.10:54922     192.168.1.13:48953     ESTABLISHED
 TCP    192.168.1.10:54986     173.194.78.101:80      ESTABLISHED
 TCP    192.168.1.10:55049     173.194.35.144:80      ESTABLISHED
 TCP    192.168.1.10:55080     173.194.35.144:443     ESTABLISHED
 TCP    192.168.1.10:55091     194.126.24.106:8080    CLOSE_WAIT
 TCP    192.168.1.10:55157     2.16.45.55:80          ESTABLISHED
 TCP    192.168.1.10:55244     81.218.31.147:80       TIME_WAIT
 TCP    192.168.1.10:55245     81.218.31.147:80       TIME_WAIT
 TCP    192.168.1.10:55263     81.218.31.162:80       ESTABLISHED
 TCP    192.168.1.10:55421     173.194.78.113:80      ESTABLISHED
 TCP    192.168.1.10:55476     193.120.199.14:12350   ESTABLISHED
 TCP    192.168.1.10:55483     173.194.35.159:80      ESTABLISHED
 TCP    192.168.1.10:55491     81.218.31.185:80       ESTABLISHED
 TCP    192.168.1.10:55492     216.104.20.189:80      TIME_WAIT
 TCP    192.168.1.10:55493     81.218.31.168:80       ESTABLISHED
 TCP    192.168.1.10:55494     81.218.31.168:80       TIME_WAIT
 TCP    192.168.1.10:55495     2.16.44.102:80         ESTABLISHED
 TCP    192.168.1.10:55496     92.122.57.83:80        TIME_WAIT
 TCP    192.168.1.10:55497     92.122.57.83:80        TIME_WAIT
 TCP    192.168.1.10:55498     92.122.57.83:80        TIME_WAIT
 TCP    192.168.1.10:55499     92.122.57.83:80        TIME_WAIT
 TCP    192.168.1.10:55503     95.101.61.214:80       ESTABLISHED
 TCP    192.168.1.10:55504     95.101.61.214:80       ESTABLISHED
 TCP    192.168.1.10:55505     93.185.240.190:62996   ESTABLISHED
 TCP    192.168.1.10:55535     173.194.70.154:80      ESTABLISHED
 TCP    192.168.1.10:55541     69.63.190.74:80        ESTABLISHED
 TCP    192.168.1.10:55543     205.251.205.248:80     ESTABLISHED
 TCP    192.168.1.10:55562     128.73.187.222:6164    ESTABLISHED
 TCP    192.168.1.10:55563     85.250.152.93:36191    ESTABLISHED
 TCP    192.168.1.10:55564     209.167.231.15:80      ESTABLISHED
 TCP    192.168.1.10:55568     95.101.61.214:80       ESTABLISHED
 TCP    192.168.1.10:55569     204.77.30.19:80        ESTABLISHED
 TCP    192.168.1.10:55570     66.151.153.10:80       ESTABLISHED
 TCP    192.168.1.10:55573     204.77.31.254:80       ESTABLISHED
 TCP    192.168.1.10:55576     208.71.123.129:80      ESTABLISHED
 TCP    192.168.1.10:55578     208.89.13.133:80       ESTABLISHED
 TCP    192.168.1.10:55619     193.120.199.12:12350   ESTABLISHED
 TCP    192.168.1.10:55622     84.53.141.172:80       ESTABLISHED
 TCP    192.168.1.10:55623     84.53.141.172:80       ESTABLISHED
 TCP    192.168.1.10:55625     84.53.141.172:80       ESTABLISHED
 TCP    192.168.1.10:55626     209.85.148.149:80      ESTABLISHED
 TCP    192.168.1.10:55629     84.53.141.172:80       ESTABLISHED
 TCP    192.168.1.10:55630     84.53.141.172:80       ESTABLISHED
 TCP    192.168.1.10:55632     72.21.214.143:80       ESTABLISHED
 TCP    192.168.1.10:55670     173.194.78.99:80       ESTABLISHED
 TCP    192.168.1.10:55673     173.194.70.17:443      ESTABLISHED
 TCP    192.168.1.10:55679     209.85.148.120:443     ESTABLISHED
 TCP    192.168.1.10:55680     173.194.67.132:443     ESTABLISHED
 TCP    192.168.1.10:55681     209.85.148.84:443      ESTABLISHED
 TCP    192.168.1.10:55682     173.194.35.161:443     ESTABLISHED
 TCP    192.168.1.10:55683     173.194.67.97:443      ESTABLISHED
 TCP    192.168.1.10:55695     173.194.78.105:80      ESTABLISHED
 TCP    192.168.1.10:55696     173.194.78.104:80      ESTABLISHED
 TCP    192.168.1.10:55698     173.194.70.94:443      ESTABLISHED
 TCP    192.168.1.10:55700     173.194.66.132:443     ESTABLISHED
 TCP    192.168.1.10:55701     209.85.148.139:443     ESTABLISHED
 TCP    192.168.1.10:55702     173.194.70.154:443     ESTABLISHED
 TCP    192.168.1.10:55703     209.85.148.189:443     ESTABLISHED
 TCP    192.168.1.10:55704     173.194.35.44:443      ESTABLISHED
 TCP    192.168.1.10:55706     209.85.148.155:80      ESTABLISHED
 TCP    192.168.1.10:55728     84.108.10.125:12804    ESTABLISHED
 TCP    192.168.1.10:55729     87.69.31.20:17160      ESTABLISHED
 TCP    192.168.1.10:55734     173.194.35.131:80      ESTABLISHED
 TCP    192.168.1.10:55738     173.194.69.94:80       ESTABLISHED
 TCP    192.168.1.10:55741     173.194.35.184:443     ESTABLISHED
 TCP    192.168.1.10:55742     173.194.69.94:443      ESTABLISHED
 TCP    192.168.1.10:55745     209.85.148.17:443      ESTABLISHED
 TCP    192.168.1.10:55746     209.85.148.139:443     ESTABLISHED
 TCP    192.168.1.10:55748     89.138.120.75:16737    ESTABLISHED
 TCP    192.168.1.10:55749     84.108.92.125:14667    ESTABLISHED
 TCP    192.168.1.10:55775     205.209.52.100:80      TIME_WAIT
 TCP    192.168.1.10:55784     68.232.35.169:80       TIME_WAIT
 TCP    192.168.1.10:55785     68.232.35.169:80       TIME_WAIT
 TCP    192.168.1.10:55788     199.16.172.14:80       TIME_WAIT
 TCP    192.168.1.10:55792     46.51.185.196:80       ESTABLISHED
 TCP    192.168.1.10:55793     46.51.185.196:80       TIME_WAIT
 TCP    192.168.1.10:55794     81.218.31.163:80       TIME_WAIT
 TCP    192.168.1.10:55795     81.218.31.163:80       TIME_WAIT
 TCP    192.168.1.10:55796     81.218.31.179:80       TIME_WAIT
 TCP    192.168.1.10:55797     81.218.31.179:80       TIME_WAIT
 TCP    192.168.1.10:55798     81.218.31.179:80       TIME_WAIT
 TCP    192.168.1.10:55799     81.218.31.179:80       TIME_WAIT
 TCP    192.168.1.10:55802     66.220.153.70:80       TIME_WAIT
 TCP    192.168.1.10:55803     46.51.185.196:80       TIME_WAIT
 TCP    192.168.1.10:55804     199.16.172.14:80       TIME_WAIT
 TCP    192.168.1.10:55807     81.218.31.163:80       TIME_WAIT
 TCP    192.168.1.10:55809     173.194.78.102:80      TIME_WAIT
 TCP    192.168.1.10:55810     81.218.31.162:80       TIME_WAIT
 TCP    192.168.1.10:55811     81.218.31.162:80       TIME_WAIT
 TCP    192.168.1.10:55816     209.85.148.154:80      TIME_WAIT
 TCP    192.168.1.10:55817     209.85.148.154:80      TIME_WAIT
 TCP    192.168.1.10:55819     66.220.153.70:80       TIME_WAIT
 TCP    192.168.1.10:55820     205.251.205.190:80     TIME_WAIT
 TCP    192.168.1.10:55821     205.251.205.190:80     TIME_WAIT
 TCP    192.168.1.10:55834     173.194.35.167:443     ESTABLISHED
 TCP    192.168.1.10:55882     82.166.101.195:32787   TIME_WAIT
 TCP    192.168.1.10:55889     46.51.185.196:80       TIME_WAIT
 TCP    192.168.1.10:55890     46.51.185.196:80       TIME_WAIT
 TCP    192.168.1.10:55891     205.251.205.190:80     TIME_WAIT
 TCP    192.168.1.10:55892     205.251.205.190:80     TIME_WAIT
 TCP    192.168.1.10:55903     66.220.153.70:80       TIME_WAIT
 TCP    192.168.1.10:55904     66.220.153.70:80       TIME_WAIT
 TCP    192.168.1.10:55905     173.194.78.102:80      TIME_WAIT
 TCP    192.168.1.10:55906     209.85.148.156:80      TIME_WAIT
 TCP    192.168.1.10:55907     209.85.148.156:80      TIME_WAIT
 TCP    192.168.1.10:55908     81.218.31.139:80       TIME_WAIT
 TCP    192.168.1.10:55909     81.218.31.139:80       TIME_WAIT
 TCP    192.168.1.10:55910     81.218.31.139:80       TIME_WAIT
 TCP    192.168.1.10:55911     81.218.31.185:80       TIME_WAIT
 TCP    192.168.1.10:55912     81.218.31.185:80       TIME_WAIT
 TCP    192.168.1.10:55913     81.218.31.185:80       TIME_WAIT
 TCP    192.168.1.10:55933     84.108.92.125:14667    TIME_WAIT
 TCP    192.168.1.10:55934     109.186.247.211:23557  TIME_WAIT
 TCP    192.168.1.10:55936     81.218.31.163:80       TIME_WAIT
 TCP    192.168.1.10:55937     81.218.31.163:80       TIME_WAIT
 TCP    192.168.1.10:55942     81.218.31.161:80       TIME_WAIT
 TCP    192.168.1.10:55943     81.218.31.161:80       TIME_WAIT
 TCP    192.168.1.10:55945     74.50.120.11:80        TIME_WAIT
 TCP    192.168.1.10:55946     74.50.120.11:80        TIME_WAIT
 TCP    192.168.1.10:55947     74.50.120.11:80        TIME_WAIT
 TCP    192.168.1.10:55948     74.50.120.11:80        TIME_WAIT
 TCP    192.168.1.10:55949     74.50.120.11:80        TIME_WAIT
 TCP    192.168.1.10:55950     109.67.142.31:14576    ESTABLISHED
 TCP    192.168.1.10:55953     95.101.63.240:443      ESTABLISHED
 TCP    192.168.1.10:55954     94.245.117.47:443      ESTABLISHED
 TCP    192.168.1.10:55955     192.168.1.13:48953     ESTABLISHED
 TCP    192.168.1.10:55956     192.168.1.10:61230     ESTABLISHED
 TCP    192.168.1.10:55957     96.25.153.192:29389    ESTABLISHED
 TCP    192.168.1.10:55958     82.81.185.80:1118      ESTABLISHED
 TCP    192.168.1.10:55959     37.110.57.237:35285    ESTABLISHED
 TCP    192.168.1.10:55960     50.27.211.40:38402     ESTABLISHED
 TCP    192.168.1.10:55961     76.126.144.89:33697    ESTABLISHED
 TCP    192.168.1.10:55962     93.156.20.217:54569    ESTABLISHED
 TCP    192.168.1.10:55963     82.81.169.247:58389    ESTABLISHED
 TCP    192.168.1.10:55964     84.52.40.83:9214       ESTABLISHED
 TCP    192.168.1.10:55965     207.229.136.98:24310   ESTABLISHED
 TCP    192.168.1.10:55966     24.128.240.68:28458    TIME_WAIT
 TCP    192.168.1.10:55967     193.11.5.232:1701      TIME_WAIT
 TCP    192.168.1.10:55968     82.166.252.3:45654     ESTABLISHED
 TCP    192.168.1.10:55969     158.58.205.103:14478   ESTABLISHED
 TCP    192.168.1.10:61230     192.168.1.10:55956     ESTABLISHED

im really afraid im being spied, i do not know how remove these,
plus last night i was being attacked by all of these ip's it wasnt on TIME_WAIT or ESTABLISHED.
yesterday they were on SYN_SENT and SYN_ATK something like that.

what can I do?

Kestrel13! · #2 04-30-12, 06:31

I don't think you have anything to worry about, all seems normal to me, please follow these procedures which once completed, and you have attached logs, I will be able to see if any malware exists.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions. **** If something does not run, write down the info to explain to us later but keep on going. ****

Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
- Starting your computer in Safe mode
If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
- Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

shamirman · #3 05-01-12, 10:04

here are my logs

anything ? :S

Kestrel13! · #4 05-02-12, 10:58

Delete this unless you know what it is for

C:\Users\Shamir\AppData\Roaming\mBot.ini

Not seeing any malware... run the below.

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run

Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
- Done! Press ENTER to exit...
Or you will see more information like below if a problem is found:
- Found non-standard or infected MBR.
- Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
help with connections?	canalguyopen	Hardware	1	12-03-10 17:09
no connections	enriqkike	Networking	1	10-30-09 21:21
Hub Connections	Denise_M	Hardware	0	12-14-06 16:55
LCD TV, connections	MutD	Hardware	14	03-22-06 17:14
XP Pro max connections	craven	Software	5	02-23-04 14:14