Where to report somebody trying to connect to my PC?

Discussion in 'Malware Help (A Specialist Will Reply)' started by stmas, Oct 12, 2008.

  1. stmas

    stmas Private E-2

    Was able to trace the IP trying to connect to my PC.
    Would it help to report it?
    If yes, then to where?

    TIA
     
    stmas, Oct 12, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You could report the IP address to your ISP to see it they can block it from their network and you could try reporting it to the CBL ( see http://cbl.abuseat.org/ ) to see if it is something they would list.

    Many attacks come from outside of the USA which means law enforcement agencies are relatively powerless to do anything about it.

    Have you research who the IP Address belongs to? What IP Address and what problems were you having with it? Are you running any P2P or torrent downloading programs?
     
    chaslang, Oct 12, 2008
    #2
  3. stmas

    stmas Private E-2

    thanks!
    The ip=209.170.118.16 and .10 looks like somewhere in Switherland SE
    I do not run on this PC any p2p.
     
    stmas, Oct 12, 2008
    #3
  4. stmas

    stmas Private E-2

    the only things I download on this PC is updates to the OS and other known software like antivirus...
     
    stmas, Oct 12, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Here is what I see. Both IP addresses give the same:
    Code:
    [B]209.170.118.16 - Whois Information[/B]
OrgName:    Telia Network Services 
OrgID:      TENS
Address:    Marbackagatan 11
City:       Farsta
StateProv:  
PostalCode: 123 86
Country:    SE
 
NetRange:   [URL="http://cqcounter.com/whois/index.php?query=209.170.64.0"][COLOR=#000099]209.170.64.0[/COLOR][/URL] - [URL="http://cqcounter.com/whois/index.php?query=209.170.127.255"][COLOR=#000099]209.170.127.255[/COLOR][/URL] 
CIDR:       209.170.64.0/18 
NetName:    TELIANET-2BLK
NetHandle:  NET-209-170-64-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS1.[URL="http://cqcounter.com/whois/index.php?query=TELIA.COM"][COLOR=#000099]TELIA.COM[/COLOR][/URL]
NameServer: DNS2.[URL="http://cqcounter.com/whois/index.php?query=TELIA.COM"][COLOR=#000099]TELIA.COM[/COLOR][/URL]
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    1999-03-30
Updated:    2001-06-27
 
RTechHandle: AA2292-ARIN
RTechName:   Andersson, Amar 
RTechPhone:  +46-8-456 89 68
RTechEmail:  amar@[URL="http://cqcounter.com/whois/index.php?query=telia.net"][COLOR=#000099]telia.net[/COLOR][/URL] 
 
[B]209.170.118.16 - Whois Information[/B] 
OrgTechHandle: TR-ORG-ARIN
OrgTechName:   Telia Registry 
OrgTechPhone:  +46 8 7135466
OrgTechEmail:  registry@[URL="http://cqcounter.com/whois/index.php?query=telia.net"][COLOR=#000099]telia.net[/COLOR][/URL]
OrgName:    Akamai Technologies 
OrgID:      AKAMAI
Address:    8 Cambridge Center
City:       Cambridge
StateProv:  MAPostalCode: 02142
Country:    US
 
NetRange:   [URL="http://cqcounter.com/whois/index.php?query=209.170.118.0"][COLOR=#000099]209.170.118.0[/COLOR][/URL] - [URL="http://cqcounter.com/whois/index.php?query=209.170.118.255"][COLOR=#000099]209.170.118.255[/COLOR][/URL] 
CIDR:       209.170.118.0/24 
NetName:    AKAMAI-ASH
NetHandle:  NET-209-170-118-0-1
Parent:     NET-209-170-64-0-1
NetType:    ReassignedNameServer: YA.[URL="http://cqcounter.com/whois/index.php?query=AKAMAI.COM"][COLOR=#000099]AKAMAI.COM[/COLOR][/URL]
NameServer: ACCESS.[URL="http://cqcounter.com/whois/index.php?query=AKAMAI.COM"][COLOR=#000099]AKAMAI.COM[/COLOR][/URL]
Comment:    
RegDate:    2007-10-24
Updated:    2007-10-24
 
RTechHandle: NF81-ARIN
RTechName:   Freedman, Noam 
RTechPhone:  +1-617-938-3130
RTechEmail:  noam+arin@[URL="http://cqcounter.com/whois/index.php?query=akamai.com"][COLOR=#000099]akamai.com[/COLOR][/URL] 
 
OrgTechHandle: NF81-ARIN
OrgTechName:   Freedman, Noam 
OrgTechPhone:  +1-617-938-3130
OrgTechEmail:  noam+arin@[URL="http://cqcounter.com/whois/index.php?query=akamai.com"][COLOR=#000099]akamai.com[/COLOR][/URL]
    Farsta is in Sweden. But there appear to be possibly overlaps in who is registered to use this IP address because it is also registered to Akamai Technologies in Cambridge, Mass. Either way, neither of these companies appear to be affiliated with malware.


    Perhaps your should work thru the below so we can determine if your PC has any malware.


    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    Last edited: Oct 13, 2008
    chaslang, Oct 13, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds