strange connection attempts detected..

Discussion in 'malware problems & news' started by pin, Nov 4, 2002.

Thread Status:
Not open for further replies.
  1. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    hihi..

    i posted this on the lavasoft bbs, but it seems they can't find out what's wrong.. i hope you can help.

    quite suddenly one day, tcpview showed me connecting out to www14.dixiesys.com, through very many connections, as if i was being flooded. it happened periodically, and was becoming annoying, so i make a Tiny firewall rule to block all connections to that site. and clicked on log when this rule is applied.

    when i looked in the log, it said that iexplore.exe was the program trying to connect out, but of course was blocked.

    it seems to happen from any port (and always to port 80), but there is a pattern that with each blocked attempt, iexplore tries to connect to dixiesys from a higher port until it eventually gives up... until the next time.

    i ran the cleaner and TDS, but found nothing. i posted a startuplist to the lavasoft bbs, and there was nothing suspicious there.

    i also run adsgone, which changes the HOSTS file, and so i thought maybe it was showing up as dixiesys because i had it blocked. but no, it wasn't there, so i added it. besides, when that happens, the IP listed is the localhost, not this other strange one.

    today i decided to make a web block rule in my router also for the word dixiesys.
    ...
    on a -possibly- unrelated issue, the log in the status window of my router often lists SYN floods and SMURF attacks. this seems to happen especially just after someone connects to the router from the LAN.

    sorry for long post... but, any advice?
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    pin,

    Let's go for the pragmatic route first. As it seems, connection attempts are made to a site hosted by dixies.com.

    Since you obviously do have log files, contacting the host from the site you mentioned, accompanied with an explanation and log files, asking the urgently to look into this, seems a logical first step:

    www.dixiesys.com/index.php?display=contact

    Keep us posted!

    As for the "unrelated issue": in order to keep threads as clean as possible, please open a new thread for that one ;)

    regards.

    paul
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    http://www14.dixiesys.com/

    IS...


    "This is the placeholder for domain www14.dixiesys.com. If you see this page after uploading site content you probably have not replaced the index.html file.

    This page has been automatically generated by Server Administrator. "
    _____________

    That means either something is coming or has left.

    Did you ever even go to dixe before? They are into webhosting....games and maybe IRC>
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi pin,

    I've just gone over your thread at the Adaware forum and I must say you did the best you could to try and protect yourself.
    I noticed you use Windows Washer, but have you tried cleaning out your temp files in safe mode?

    Regards,

    Pieter
     
  5. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    i have not gone into safemode yet, no! thx for the idea.

    there's no reason for me to go to dixiesys.

    i emailed them, (thx for the contact page), and they are going to look into it for me. i will try and stay optimistic =).

    apparently that router firewall rule i set up doesn't block it, which makes me think i don't know how to set up router firewall rules =P.

    anyway, we'll see what happens.
     
  6. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    problem solved. it had to do with http referrals of an avatar, or something like that. nothing dangerous!

    thx for the help though =) i feel as though i wasted the time of many ppl on this one!
     
  7. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    hey BTW isn't that avatar of yours from the first Final Fantasy game on Nintendo or something??
     
  8. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    it is from the sega genesis game, phantasy star II.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    No, you didn't: you are sure now nothing's wrong - and that's worth the effort!

    regards.

    paul
     
  10. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    thx again..

    at least i can say i'm slightly more knowledgeable about normal internet activity, and that can only be a good thing. =).
     
Loading...
Thread Status:
Not open for further replies.