I'm being scanned..

bigtrucks · Oct 28, 2009

:banghead

OK! I'm not sure where to post so I'll start here and go with it. Mind, I'm already in the malware forums with this as I am trying everything.

To start with several weeks back, the last week of September,my power went crazy off & on then finally off for 3 hrs. I would have unplugged/turned off my electronics if I was aware of it. But seeing how it happened at about 1:30 am, I was a sleep and my man told me this the next morning when I woke. After my coffee ritual I came back to the office only to find my D-Link off. No lights, nothing. Found that With the help of Rikky, the power supply was shot. Replaced it and all the lights lit up on the D-Link and I thought,Great I'm back into business. Not so fast there, the lights are on but no ones talking. I finally figured the link took a dump. So I connect the cable modem directly to the desktop and I have been getting nothing but warning pop ups from sygate firewall that someone is scanning my computer. Was told to do the malware place,which is in process right now,and I also renewed my IP address through my provider and have noticed a decrease in the pop ups BUT, they are still popping. I did my home work on trying to locate the party scanning through the IP address which was
Local Address : 68.203.85.181
and finally came up with this.

View attachment scan.txt

So why all of a sudden Java wants to scan my pc all the time,especially after my router takes a dive. Didn't happen before. My son mentioned something about the ports being opened now that the router isn't hooked up anymore. Could someone elaborate a little more on that and could that be the problem? Like I said at the start, I'm trying anything to solve this problem. It's very annoying to be in the middle of something and have a pop up every 10-20 minutes + -
plus I'm hoping the freak power problem didn't mess up my pc as well.
Any ideas or suggestions is welcomed. Remember I'm still learning so try and keep it kind of simple if at all possible.
Thanks so much in advance.

BT

TeeCee · Oct 28, 2009

Hi BT, I can't offer a lot, but I just went thru something similar... Power Co. was dong some maintanance, and shut down the power during the night, (I am on dial-up) I knew they were going to do this, so I unplugged before I went to bed...rolleyes

The next day, around lunchtime, it came back on, so I plugged in... Got connected just fine, BUT couldn't send ANY e-mail.. I could receive, but not send. Had to wait until Monday to call ISP.. The Tech told me someone came in during the weekend and CHANGED THE SMTP PORTS! I had to change them in my computer, so I could send and receive mail... so there may be something to that, that your son had mentioned...

As far as your attachment goes, will look at it more closely, as it looks to be really weird... Will have to check some of those entries, for sure... Very odd tho, maybe the lightening did more damage than just the router... :confused

thesmokingun · Oct 29, 2009

sounds like your firewall is doing it's job. are you blocking these? is it the same warning each time? sounds like you just need to allow it. if it is indeed java that is initiating it. if the ip points to an ip that is sun/java, then it's just calling home. did you recently install javafx? that's probably just checking for an update.

a quick glance at your malware scans and they are clean.

bigtrucks · Oct 29, 2009

Digitalocksmith said: ↑

If you were really being port scanned, sygate's pop ups would not be able to keep up!

Most likely misdirected packets and even something as simple as UDP answer packets that the router would normally drop or direct..... These are now being aimed directly at your software FW because you have bypassed NAT and the routers packet filter which no longer has a say in traffic.

If they are annoying you, turn them off!

I cant access the log but I dont think you need worry BT.
Click to expand...

Ok this sounds something like what my son was talking about.
I haven't a clue how to turn them off.( could you please tell me?

bigtrucks · Nov 13, 2009

Digitalocksmith said: ↑

Tools/Options/General tab.....check the box that says 'Hide notification messages' should do the trick although im not that familiar with Sygate.

Providing you have intrusion detection enabled under the security tab, any security threats will still be blocked however you just wont be notified.
This is something you could easily discover just by looking at the logs though.

My Outpost Pro has a rules Wizard and auto learn mode that i could run for an hour or so until the FW learnt about any new network setup topology.

I'm sure that there must be some way to teach Sygate the rules of your altered setup?

I think this is a great page to learn more about your Sygate FW!

Good Luck BT!
Click to expand...

Ok DLS
I went there to do the "hide message notification and checked to make sure that the intrusion was enabled and found that it was not. There are several blocks that are not enabled and are grayed out so I can not access them. I went to the site you posted( thanks learned some more )and it said nothing about why or how to access it. I emailed to the party and hopefully that person responds back. In the mean time when I just clicked on the firewall to access the options I noticed that the ntoskrnl.exe was blocked so I changed it to "ask" to see if that had anything to do with it. So far in the last 10 minutes there have been no reported pop ups(knock on wood LOL) I don't know a whole lot about the programs or such that help the pc to run (I can safely say I have knowledge of the electronics part of it) and that's why I came here ti begin with to learn more.
If you have any more input to any of this new info I would appreciate it a lot.
BT

Log in or Sign up

I'm being scanned..

bigtrucks MajorGeek

TeeCee MajorGeek

thesmokingun MajorGeek

bigtrucks MajorGeek

bigtrucks MajorGeek