, pretty happening

Discussion in 'malware problems & news' started by 1 2 3, Feb 2, 2009.

Thread Status:
Not open for further replies.
  1. 1 2 3

    1 2 3 Registered Member

    Dec 12, 2008
    a zonealarm pop-up said-
    win32pad tried to access the internet, destination ip -
    i asked the question at the win32pad forum, and it's definitely not meant to do this.
    shortly after this, taskeng.exe did the same thing,same ip destination

    something in my computer is disguising itself by using legitimate names of programs, and is trying to access the internet?
  2. Meriadoc

    Meriadoc Registered Member

    Mar 28, 2006
    Well starting from is Multicasting and usually if you have one machine you can block these packets...IGMP.

    To set your mind at rest scan with an antimalware or look at your computer with autoruns, process explorer and tcpview if your confident to do that.
    Last edited: Feb 2, 2009
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Jan 2, 2008
    I have a similar issue, different IP range. What programs are doing it depend on what I have installed. Thought it might be related to the conficker worm but unsure.
    I have a different security setup than 4 months ago and the behavior continued with new programs.
    In my situation I found out that something was taking over any windows component that can inject into any process, attaching to this component and injecting into winlogon, servicehost and so on.

    Possible it creates a hidden device to run from.

    I had been using SIW but that started reporting bogus results, not working.
    Even Netstat wouldn't report properly.

    Start your browser opening multiple different addresses, 10 or so.
    You should see them with netstat.

    This confirmed for me that something fishy was going on but I never did pin it down. If it can subvert netstat and SIW then I think tcpview wouldn't be much help.
Thread Status:
Not open for further replies.