cannot find spy

[peter krom]

Hello all,

when running Netview I discovered that my Laptop sends a syn to a
certain ip-address, which looked up to - kelcos5.dynu.com -
at IP-address 81.215.160.197 every minute or so. AdAware from Lavasoft
cannot find any spyware on my laptop and the when running a portscan or
a traceroute the link seems to be dead. For the record I will include
the traceroute data in this message... Does anyone have an Idea if this
has anything to do with an up to now undetected spyware?

here is the tracert data:

2 10 ms 20 ms 20 ms 84-107-24-1.dsl.quicknet.nl
[84.107.24.1]
3 10 ms 20 ms 20 ms nl-ams2-rb-01-gi-2-1-2-
4007.multikabel.net [212.
127.254.193]
4 10 ms 20 ms 20 ms nl-ams1-rb-01-gi1-3-0.multikabel.net
[213.132.19
1.105]
5 10 ms 20 ms 20 ms if-4-2.core2.AD1-Amsterdam.teleglobe.net
[80.231
..81.17]
6 40 ms 30 ms 40 ms if-2-0.core1.FR1-Frankfurt.teleglobe.net
[80.231
..81.2]
7 40 ms 40 ms 40 ms if-1-1.core2.FR1-Frankfurt.teleglobe.net
[80.231
..64.10]
8 30 ms 40 ms 40 ms if-2-0.core2.PG1-Paris.teleglobe.net
[80.231.65.
6]
9 30 ms 40 ms 40 ms if-6-0.core1.PG1-Paris.teleglobe.net
[80.231.72.
33]
10 30 ms 40 ms 40 ms ix-7-0.core1.PG1-Paris.teleglobe.net
[80.231.72.
26]
11 71 ms 60 ms 60 ms pal5-pal7-racc1.pal.seabone.net
[195.22.218.225]

12 100 ms 101 ms 100 ms customer-side-turk-telekom-3-
pal5.pal.seabone.ne
t [195.22.197.10]
13 130 ms 141 ms 140 ms adaM160-aciM160.ttnet.net.tr
[195.175.7.26]
14 * * * Time-out
15 130 ms 131 ms 140 ms kelcos5.dynu.com [81.215.160.197]

I surfed to www.dynu.com and found out that it supplies Dynamic DNS
service which I haven't got anything to do with.... When surfing to
kelcos5.dynu.com I get an error403, forbidden.... Does anyone have an
idea what this is?


Thanks in advance,
Peter

[AvianFlux]

I don't know if you have any problems. However, I found a new online
resource this morning, DNS Stuff, that may assist you further.

http://www.dnsstuff.com/

The kelcos address appears to originate from Turkey:


IP: 81.215.160.197
Country: Turkey
City: Unknown

Country Code: TR
Merchant Note: Country may have high rate of fraud [6]
Currency: TRL [Turkey Liras]
Private IP? No
Known Proxy? No

[peter krom]

In article <1112965024.787416.194740@z14g2000cwz.googlegroups .com>,
neomoniker@hotmail.com says...
> I don't know if you have any problems. However, I found a new online
> resource this morning, DNS Stuff, that may assist you further.

I have done a check and get no further with it. A city does not seem to
be known however it is a DSL connection.... The only thing I can do at
this time is block all outgoing and incoming traffic from this IP...

Peter

[Woody]

You could turn off all startup items in msconfig to see if one of them is
generating the request...

"peter krom" <jonhy@rook.com> wrote in message
news:MPG.1cc0c8587c5502e9989682@news.quicknet.nl.. .
> In article <1112965024.787416.194740@z14g2000cwz.googlegroups .com>,
> neomoniker@hotmail.com says...
>> I don't know if you have any problems. However, I found a new online
>> resource this morning, DNS Stuff, that may assist you further.
>
> I have done a check and get no further with it. A city does not seem to
> be known however it is a DSL connection.... The only thing I can do at
> this time is block all outgoing and incoming traffic from this IP...
>
> Peter

[galt_57@hotmail.com]

peter krom wrote:
> [...] AdAware from Lavasoft cannot find any spyware on my laptop...
> [...]

You've only used Ad-Aware ? This is insufficient, as I recently
discovered myself. Install Spybot S&D also. Also install Zonealarm.

[peter krom]

In article <P5Q5e.16867$ZB6.8458@newssvr19.news.prodigy.com >,
TheDuck@pond.net says...
> You could turn off all startup items in msconfig to see if one of them is
> generating the request...

That is an idea I haven't done yet and is a great idea.... Thanx, will
do this right away..

Peter


---
avast! Antivirus: Uitgaande bericht is niet besmet.
Virus Gegevensbestand (VPS): 0514-2, 2005-04-08
Getest op: 10-4-2005 10:00:50
avast! auteursrecht (c) 1988-2004 ALWIL Software.
http://www.avast.com

[peter krom]

In article <1113065316.677756.254890@z14g2000cwz.googlegroups .com>,
galt_57@hotmail.com says...
> peter krom wrote:
> > [...] AdAware from Lavasoft cannot find any spyware on my laptop...
> > [...]
> You've only used Ad-Aware ? This is insufficient, as I recently
> discovered myself. Install Spybot S&D also. Also install Zonealarm.

Zonealarm does not say anything about an outgoing connection to dynu.com
However I will install Spybot as I haven't done this yet. Thanx for the
advice....

Peter


---
avast! Antivirus: Uitgaande bericht is niet besmet.
Virus Gegevensbestand (VPS): 0514-2, 2005-04-08
Getest op: 10-4-2005 10:04:01
avast! auteursrecht (c) 1988-2004 ALWIL Software.
http://www.avast.com

[galt_57@hotmail.com]

peter krom wrote:
> galt_57@hotmail.com wrote:
> > peter krom wrote:
> >> [...] AdAware from Lavasoft cannot find any spyware on
> >> my laptop... [...]
> >
> > You've only used Ad-Aware ? This is insufficient, as I
> > recently discovered myself. Install Spybot S&D also. Also
> > install Zonealarm.
>
> Zonealarm does not say anything about an outgoing connection
> to dynu.com However I will install Spybot as I haven't done
> this yet. Thanx for the advice....

To see Zonealarm's ignore list go to the Programs tab on the Program
Control page.

[galt_57@hotmail.com]

peter krom wrote:
>
> Zonealarm does not say anything about an outgoing connection
> to dynu.com [...]
>

You've examined Zonealarm's log viewer ?

[peter krom]

In article <1113141138.949476.9500@o13g2000cwo.googlegroups.c om>, galt_
57@hotmail.com says...
> You've examined Zonealarm's log viewer ?

yes i have... My antivirus and the nessecary networktraffic is in the
log-list but nothing else... this is a mistery to me.....

peter


---
avast! Antivirus: Uitgaande bericht is niet besmet.
Virus Gegevensbestand (VPS): 0514-3, 2005-04-10
Getest op: 10-4-2005 18:20:04
avast! auteursrecht (c) 1988-2004 ALWIL Software.
http://www.avast.com