PE crashes when I perform PING/TRACE/WHOIS

Hi Guys,

Hope you can help. I am running PE Trial so I am new to this but also new to PC's in general. I am having a problem with IP 194.168.4.100 inasmuch that my PC is trying to access port 53 at another PC. The messeage I get from ZoneAlarm reads:-

"ZoneAlarm Pro prevented your computer from accessing port 53 on a DNS server"

This seems like a Trojan to me or maybe just a cookie. This is as USP Protocol and is via the Generic Host Process of WIN32. The destination DNS is cache1.ntl1.net which is my ISP and likewise the above IP, if I do a Hacker Search is given as the NTL HQ as the location. In PE however the location of the IP is given as the United States and is 9 hops away.

I have enclosed an attachment to see whats what. When I do a Ping/Trace/Whois PE crashes or just switches off not always but often. Can somebody help me with this and also in respect of this "Trojan."

I also keep getting inbound from the same IP also wanting to access Generic Host Process and the guidance from ZoneAlarm states:- "First, bear in mind that the program that caused this alert may or may not be the program indicated by the file name svchost.exe. Trojan horses and other malware sometimes masquerade as legitimate programs by using the same file name." The signals are automatically blocked by my firewall.

I have TrojanHunter, ZoneAlarm Pro, Norton Antivirus 2003, SpywareBlaster, SpywareGuard, Spybot S&D, Ad-Aware and Pest Patrol on my PC. I do not like the fact that my PC is sending out a signal trying to access another PC and would like some help on how to locate this problem in PE; why PE crashes; how I get rid of a Trojan.

Thank you,

Cyborg.

 

Cyborg,

My response has nothing to do with the "crash" resolution, but with DNS and Port 53.

I have Windows XP-xpsp2 Home addition and an always-on cable modem through Charter.net. I also have many of the same programs on my system as shown in your post, but I use Norton Internet Security 2004.

Using Services.msc, I have set DNS Client to MANUAL. This stops it from starting up automatically on reboot, but makes it available should a valid program need it. Thus far, I have never witnessed it being started up on my 24/7 system. And I have found/seen no ill affects on my system or Internet access. DNS/Port 53 no longer shows up in PE as active.

HTH

 

Hi Cyborg, I am also an ntl cable user,
194.168.4.100 & 194.168.8.100 are NTL's Domain Name servers. These should be allowed in your firewall. Nothing to worry about.

Here is a screenie taken from my router that shows the actual connection