El_Mono Posted February 21, 2004 Share Posted February 21, 2004 I've had this computer running XP for over a year now. By doing something (who knows what) I cause some corruption somewhere and it was no longer stable. I attempted to Autopatcher XP over the current install to see if it would "clear it up". Unfortunately during the install process the program would hang. So I formatted the computer put a fresh install of XP sp1, then Autopatched. Now I'm getting numerous emails a day from my router saying this computer is trying to port scan it. # Time Packet Information Reason Action 1|Feb 21 04 |From:192.168.0.2 To:216.177.56.40 |attack |block | 08:42:55 |TCP src port:02768 dest port:00080 |ports scan | End of Security Log It happens frequent enough that I called netgear trying to determine if the router was messed up. The funny thing is that I have 4 other computers on the router and NONE of them give me this error. I am assuming that something that is installed with Autopatcher is causing this. Now I know that I should review everything before installing on my computer, but I took a blind leap of faith with Autopatcher. The internet works fine, so the router is not blocking the request. But its quite annoying to get 10-20 emails a day from the web pages I go to. If you look its just something that is sending a funky request to the router for port 80. Any ideas/information that can be given would be greatly appreciated. Link to comment Share on other sites More sharing options...
akaladis Veteran Posted February 21, 2004 Veteran Share Posted February 21, 2004 hmmm... thats wheird... im not sure what could do this... the security log is kinda weird though... im refering to the "From:192.168.0.2 To:216.177.56.40" part... Link to comment Share on other sites More sharing options...
El_Mono Posted February 21, 2004 Author Share Posted February 21, 2004 The security log shows that my computer "192.168.0.2" is port scanning the router (via port 80) with destination web address. What I don't understand is that this computer NEVER did it before the format and it does it almost constantly now. The router .. even though it says blocks the scan .. passes through the information. I have full internet access. When I first installed I clicked on the spyad . which added a butt load of hosts to the not authorized zone of IE. I'm just wondering if any other add-on might be doing it? Link to comment Share on other sites More sharing options...
akaladis Veteran Posted February 21, 2004 Veteran Share Posted February 21, 2004 maybe any of those hotfixes dealing with security & the built-in xp firewall? /Raptor Link to comment Share on other sites More sharing options...
El_Mono Posted February 21, 2004 Author Share Posted February 21, 2004 I was completely up to date on fixes prior to the format. I used the Autopatcher so I didn't have to spend the afternoon upgrading. Oh well, Netgear is supposed to be calling me back as I stumped the first person I talked to. Maybe they will know something. In the mean time I guess I could turn of the email notification. Link to comment Share on other sites More sharing options...
neuro Posted February 26, 2004 Share Posted February 26, 2004 I would make sure you do not have any virus or spyware on the system. Do a full scan of every file. I had a client who's machine did the same thing. Found out the the system was infected with a virus. This happened during the install, before they were able to install their antivirus program. When McAfee was installed, it did not see it before the virus disabled it. But you could not tell it was disabled. It was still in the system tray, looking normal. So, as a rule of thumb, always install the system while not attached to the internet, use AutoPatcher :) to get you up to speed, then install your favorite antivirus before connecting to the local network/router. Neuro Link to comment Share on other sites More sharing options...
akaladis Veteran Posted February 26, 2004 Veteran Share Posted February 26, 2004 i like that rule... i only log on to Internet once i got everything up and running... And as far as local network is concerned, i *do* connect to the network, but of course, i am 1000% sure none of the network files are infected with any kind of virus... Also, thanks to Symantec's Corporate AV, when a network client logs on the network for the first time, i can set it to automatically deplay the AV client!! :woot: Link to comment Share on other sites More sharing options...
Recommended Posts