Author Topic: What could be the possible reason?  (Read 19826 times)

0 Members and 1 Guest are viewing this topic.

Offline Ashish Singh

  • Poster
  • *
  • Posts: 437
  • Proud to be an Indian
    • Quick Heal
What could be the possible reason?
« on: April 01, 2011, 05:52:23 AM »
I am experiencing a strange problem from a week. Outpost Firewall Pro is blocking a particular IP Address and its subnet mask also. Is my PC infected using avast 6.0.1044 free.??
    Anyone can throw light on this....? ???
Windows 7 Ultimate(32 bit), avast! free (always latest released or beta), Intel Core2Duo, 2GB RAM, Outpost Firewall Pro 7.5,IE 9,TuneUp Utilities 2011,Diskeeper 2011

http://www.incredibleindia.org 

Caution! Online world is full of man made Aliens

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: What could be the possible reason?
« Reply #1 on: April 01, 2011, 06:52:25 AM »
I had a similar problem with Avast Internet Security last week. It blocked a network threat to a particilar IP and I kept getting the popup every 10-15minutes. What I was told to do was to download and install MBAM, update it and run a quick scan. Also run a full scan on your Avast program.
ASRock Extreme 6 - Intel Corei7-3820 3.60GHz | RAM 16.00GB 2400FSB | 2TB HDD +128SSD | NVIDIA GeForce GTX 660 2GB
Windows 7 Ultimate 64bit |Avast! Internet Security V8 | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline Ashish Singh

  • Poster
  • *
  • Posts: 437
  • Proud to be an Indian
    • Quick Heal
Re: What could be the possible reason?
« Reply #2 on: April 01, 2011, 07:20:13 AM »
Well I did that but no results. In my case it does not block every 10-15 min but 2-4 hours or even more.
The action you specified helped you?? Or are you still facing the problem??

Its a incoming RPC(TCP) connection made by SVCHOST.EXE...

Any idea what this RPC connection could  be for.? I have no much knowledge about networking...

Thanks
Ash
« Last Edit: April 01, 2011, 07:22:40 AM by Ashish Singh »
Windows 7 Ultimate(32 bit), avast! free (always latest released or beta), Intel Core2Duo, 2GB RAM, Outpost Firewall Pro 7.5,IE 9,TuneUp Utilities 2011,Diskeeper 2011

http://www.incredibleindia.org 

Caution! Online world is full of man made Aliens

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: What could be the possible reason?
« Reply #3 on: April 01, 2011, 07:36:33 AM »
Have you tried a reverse IP look up to see who this is?  Have you downloaded from the Calender of Updates the most recent blocklists?
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2613
  • I can resist anything except temptation.
    • tex62
Re: What could be the possible reason?
« Reply #4 on: April 01, 2011, 07:44:30 AM »
inetnum:        180.151.0.0 - 180.151.255.255
netname:        SPECTRA
descr:          Spectra ISP Networks Private Limited
descr:          42, Okhla Industrial Estate
descr:          Phase III
country:        IN
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Ashish Singh

  • Poster
  • *
  • Posts: 437
  • Proud to be an Indian
    • Quick Heal
Re: What could be the possible reason?
« Reply #5 on: April 01, 2011, 07:47:34 AM »
Have you tried a reverse IP look up to see who this is?  Have you downloaded from the Calender of Updates the most recent blocklists?

Well as I told you I have no much knowledge of networking so everything you told me just bounced over my head. Can you plz explain it a bit as I little knowledge in networking field
Windows 7 Ultimate(32 bit), avast! free (always latest released or beta), Intel Core2Duo, 2GB RAM, Outpost Firewall Pro 7.5,IE 9,TuneUp Utilities 2011,Diskeeper 2011

http://www.incredibleindia.org 

Caution! Online world is full of man made Aliens

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: What could be the possible reason?
« Reply #6 on: April 01, 2011, 07:56:54 AM »
With several paid firewalls, you can download for free from Calender of Updates (COU) a list of bad IP Providers that are automatically blocked.  Here is the link for Outpost from COU http://www.calendarofupdates.com/updates/index.php?app=downloads&showfile=3.  You will then have to unzip the file and upload it into your firewall program (there should be a place to upload the IP Blocklist).  This file gets updated periodically, so you will want to keep it updated.

It appears that this IP address, if not on the IP COU, is one you may want to block.  I do not use Outpost currently, but you can go to their forum or wait for someone here who uses Outpost and they can instruct you how to manually block this IP address permanently.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Re: What could be the possible reason?
« Reply #7 on: April 01, 2011, 08:00:01 AM »
Well I did that but no results. In my case it does not block every 10-15 min but 2-4 hours or even more.
The action you specified helped you?? Or are you still facing the problem??

Its a incoming RPC(TCP) connection made by SVCHOST.EXE...

Any idea what this RPC connection could  be for.? I have no much knowledge about networking...

Thanks
Ash


Yes in my case the computer was infected, Avast detected the file but couldnt remove, but MBAM did remove it, so everything is fine now!  If you did scans on Avast + MBAM and no infections detected, the pc is probably clean.

The suspicious IP was traced by Zyndstoff and he posted the results. check that and see if you know the host of that IP. the IP is from your country so my guess is, it might have something to do with your ISP  - and Outpost blocks suspicious IP addresses and it doesnt mean its dangerous, just suspicious, so that might be the reason why Outpost blocks it. In my case MBAM blocks certain IP addresses of Skype as they are in the suspicious IP list in their database.

Anyway do what safesurf said and see.

Cheers!
ASRock Extreme 6 - Intel Corei7-3820 3.60GHz | RAM 16.00GB 2400FSB | 2TB HDD +128SSD | NVIDIA GeForce GTX 660 2GB
Windows 7 Ultimate 64bit |Avast! Internet Security V8 | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline Ashish Singh

  • Poster
  • *
  • Posts: 437
  • Proud to be an Indian
    • Quick Heal
Re: What could be the possible reason?
« Reply #8 on: April 01, 2011, 08:00:36 AM »
inetnum:        180.151.0.0 - 180.151.255.255
netname:        SPECTRA
descr:          Spectra ISP Networks Private Limited
descr:          42, Okhla Industrial Estate
descr:          Phase III
country:        IN

Thanks alot Zyndstoff
  Now I got it its in a network of ISP under National Internet Exchange of India.Under NIXI my ISP also comes but I don't know why the hell these people are scanning my ports for? Anyways thanks there is Outpost Firewall Pro which protecting me from these kinds of port scanning.
    And thanks alot to all the forum users for such a marvelous support... Thanks alot avast rocks man.... :D
Windows 7 Ultimate(32 bit), avast! free (always latest released or beta), Intel Core2Duo, 2GB RAM, Outpost Firewall Pro 7.5,IE 9,TuneUp Utilities 2011,Diskeeper 2011

http://www.incredibleindia.org 

Caution! Online world is full of man made Aliens

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5202
Re: What could be the possible reason?
« Reply #9 on: April 01, 2011, 08:04:37 AM »
It's not uncommon for ISP's to try and scan, but that's what firewalls are for.  ;D
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline Dieselman

  • Poster
  • *
  • Posts: 621
Re: What could be the possible reason?
« Reply #10 on: April 01, 2011, 11:59:09 AM »
Get a hardware firewall to stop inbounds.

Offline logos

  • Avast √úberevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: What could be the possible reason?
« Reply #11 on: April 01, 2011, 01:01:28 PM »
@ the OP: how do you connect to the Internet? ie what sort of hardware do you use, are you on broadband, dial-up... ? ... seems you either are on dial-up or you got an improperly configured router's firewall. Such inbound attacks usually don't even have a chance to reach your software firewall (OutPost in your case)...
w7 - ais7

Offline Dieselman

  • Poster
  • *
  • Posts: 621
Re: What could be the possible reason?
« Reply #12 on: April 01, 2011, 01:49:01 PM »
A router/hardware firewall should be blocking any and all inbounds.

area51

  • Guest
Re: What could be the possible reason?
« Reply #13 on: April 01, 2011, 01:56:11 PM »
close all the programs you can, go to cmd.exe and type this:
netstat -ano
tell me if there's something with ESTABLISHED , if you do, take the proccess PID and goto task manager to check what it is, if you don't, then it's not from your os but from outside.

Offline Ashish Singh

  • Poster
  • *
  • Posts: 437
  • Proud to be an Indian
    • Quick Heal
Re: What could be the possible reason?
« Reply #14 on: April 01, 2011, 05:08:44 PM »
for me I got this
Windows 7 Ultimate(32 bit), avast! free (always latest released or beta), Intel Core2Duo, 2GB RAM, Outpost Firewall Pro 7.5,IE 9,TuneUp Utilities 2011,Diskeeper 2011

http://www.incredibleindia.org 

Caution! Online world is full of man made Aliens