"Dick Hazeleger" <Dick@post_it_in_the_newsgroup.com> wrote in message
news:vj7q83kachq68@corp.supernews.com...
> mto wrote:
>
> >
> > "mto" <nobody@dontsendmeanyspam.com> wrote in message
> > news:C3CdnaCAs_06pa-iXTWJgA@seg.net...
> > <SNIP>
> > >>>Been wondering why on earth
> > > > > Windows Explorer would be trying to connect to 62.211.180.7:80
> > > > > and 62.211.180.14:80 and why Messenger tries every 2 minutes or
> > > > > so to connect to my own IP#, port 1900, even though it is shut
> > > > > off every which way to Sunday.
> > > > >
> > > <SNIP>
> > > > >
> > > > > address digger says -
> > > > > <quote>
> > > > > dns 63.211.180.7
> > > > >
> > > > >
> > > > > 63.211.180.7 has dubious reverse DNS of unknown.Level3.net -
> > > > > which is a valid hostname, but not one that resolves to
> > > > > 63.211.180.7
> > > > >
> > > > >
> > > > >
> > > > > whois -h magic 63.211.180.7
> > > > > Trying whois -h whois.arin.net 63.211.180.7
> > > > >
> > > > > OrgName: Level 3 Communications, Inc.
> > > > > OrgID: LVLT
> > > > > Address: 1025 Eldorado Blvd.
> > > > > City: Broomfield
> > > > > StateProv: CO
> > > > > PostalCode: 80021
> > > > > Country: US
> > > <SNIP>
> > > > Have a search in Google>>Newsgroups>>NANAE on Level3... you will
> > > > have a nice surprise!
> > > >
> > > > Dick
> > >
> > > OK! So Level 3 is a known spam-haven. Wonderful- and the next
> > > question is why is Windows Explorer trying to phone home to them
> > > every couple of minutes -
> > >
> > > AdAware, SpyBot & antivirus updated an hour ago all read clean.
> > > Checked
> > all
> > > of the email accounts for html email or undeleted trash. Clean
> > everywhere.
> > > Found a spider.sav file in My Documents & investigated/deleted that.
> > After
> > > each of the above the warning reappeared, so it isn't any of those.
> > >
> > > Cleared all the files from Temp Internet and reduced cache size to
> > > 100 MB. About to go get a dedicated trojan detector.
> > >
> > > Further ideas?
> >
> > In playing around I have found that the Windows Explorer outgoing
> > connection attempts seem to all be connected to page loading at
> > MSNBC.com.
>
> In addition, it seems that people in the USA who use a FW get
> "hammered" by IP's that trace back to L3... wonder what they are up
> to... trojan install?
Don't seem to be being hammered by an IP from outside in - this is all
outgoing traffic.
> OK, back to your problem... MTO, did you install some kind of "handy
> dandy" search bar, newsfeature, weather program, etc (you know what
> type I mean)?
Not on your life! Installed nothing new whatever.
> Did you search the registry for this page? What kind of page is loaded?
> Ads, news, MS stuff... this could give a hint in the right direction...
Haven't searched the registry - guess I've got to download Hijack This since
everything comes up clean EXCEPT for the salient fact that within the last 2
hours Zone Alarm got literally wiped except for the alert logs. Every
single thing turned off, all the blocked sites, privacy settings gone. Went
to a very limited # of webpages so set all the security even yet higher,
turned off everything possible to turn off and will see if I can track it
down.
> See ya later guys and gals, I'm almost "done" in this temperature.
>
> Dick
Yeah, I hear that you are baking
to get cold in the summer, just jump in the water. It's the winter cold
that costs you.
MTO, writing from cold showers are us (though not as bad as last year here.)
Reply With Quote