help me fix this virus or sh*t or watever.i am exhausted

Status
Not open for further replies.

legolas

Padawan
hi,

i jus installed new copy of windows xp along with FC4. FC just works gr8! however, this windows started s*cking. i dont know the reason. its only 1 day since i isntalled. and th moment i connected to internet and tried a sped check i was getting only 20 KB out of my 256 kbps where i used to get arnd 29 KB. in linux i get this 29 KB speed thou! so i figured out definitely there is some sh*t over here and ran antivirus, trojan, spyware and watever is available and found some or many of them not necessarily in C drive whre i hav windows installed and fixed them.

but it doesnt seem to hav fixed this problem. the problem i feel is that, when i connect to internet and start any browser may it be opera or firefox or IE, actually more precisely when i am trying to open http 80 port, say i type "yahoo.com" then when i type in netstat -n it looks like this!!

Code:
C:\Documents and Settings\ichigo>netstat -n

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    61.247.249.164:1240    202.56.192.7:80        ESTABLISHED
  TCP    61.247.249.164:1242    202.56.192.7:80        ESTABLISHED
  TCP    61.247.249.164:1243    202.56.192.14:80       ESTABLISHED
  TCP    61.247.249.164:1244    202.56.192.7:80        ESTABLISHED
  TCP    61.247.249.164:1245    202.56.192.7:80        ESTABLISHED
  TCP    61.247.249.164:1246    202.56.192.14:80       ESTABLISHED
  TCP    61.247.249.164:1248    202.56.192.7:80        ESTABLISHED
  TCP    61.247.249.164:1249    202.56.192.7:80        ESTABLISHED
  TCP    61.247.249.164:1250    66.94.234.72:80        TIME_WAIT
  TCP    61.247.249.164:1258    64.233.189.104:80      ESTABLISHED

it opens this many ports and zonealarm doesnt seem to stop it. this 202.56.192.*(7 or 14 or 6 it takes any value) always opens along with when i open a page. as a result.. my download speed is veyr slow. i dont know what to do. pls help me. wat ip is this? i am really tired of running dozen times antivirus check, spyware and trojan.. even online checks! :( i dont find any prbs with my hijack this and if necesary i ll post that too.

Also, i wud like to know this, if i were to perform a repair of windows installation, then can i carry out in the usual manner? coz i hav FC4 installed, i doubt the grub loader might get changed? is it so? if so how to deal with it also. pls post in ur suggestions. thk u. gn.

/legolas
 

kalpik

In Pursuit of "Happyness"
ALL These IP's belong to Airtel. I don't think they are rouge. They belong to the DNS server's range of Airtel. The problem lies somewhere else i guess...
 
OP
L

legolas

Padawan
oops!!! i ll take the sh*t of this airtel ppl. coz when i told abt teh ip to this ppl, they said i am having a virus coz. when i open 1 site, there r supposed to be only 4 hhtp ports opened at the max and for me arnd 15 ports were opened and all were 202.56.192.etc...

/legolas
 

kalpik

In Pursuit of "Happyness"
See for yourself! Try entering these IP's at *www.dnsstuff.com under WHOIS. Also do you get the same connections under linux?
 

alib_i

Cyborg Agent
I think that list is quite normal ...
It's better to check what going on .. a little deeper

Go to command prompt and type :
Code:
netstat -n -o
This will give you the Process ID of process making that connection.
Now type the command:
Code:
tasklist
This will show a list of processes and their PIDs ..
compare and see who's trying to access the net !

-----
alibi
 
OP
L

legolas

Padawan
i cud not fix it as i really dont know what the prb is!! cud any1 answer the second part of my question.. reg. repairing or reinstalling windows again without disturbing linux?

/legolas
 
Status
Not open for further replies.
Top Bottom