TechSpot

Is this a trojan?

By Mechakingkong
Feb 6, 2009
  1. hello staff: today i downloaded some firewalls that you guys link like Comodo BOClean, PC Tools Firwall plus and Zone Alarm from the download section, wich are all very usefull.im greatful to you guys for making my pc alot safer. I just finished installing Zone Alarm and it showed me a weird ip. address 91.124.231.54 (Port:2612)...i searched on google and the results showed a link to a site called Project Honey Pot wich it says it only tracks spam on your e-mail, i don't know if this is true.
    The other ip.address it showed was 190.51.13.86 (Port:48603) and this time the google results showed a link that said download "haha" followed by some sentences that i think were in portuguese language.(i never entered either links)
    Do you know anything about this kind of stuff? is it normal to have them check my spam?i am very ignorant in this matters. thx for your time.
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,351   +622

    Code:
    $ [B]whois -H -B 91.124.231.54[/B]
    % This is the RIPE Whois query server #3.
    % The objects are in RPSL format.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html
    
    % Information related to '91.124.231.0 - 91.124.231.255'
    
    inetnum:        [B]91.124.231.0 - 91.124.231.255[/B]
    netname:        UKRTELNET
    descr:          Ukrtelecom IP access network
    descr:          NCC#2007092897 Approved IP assignment
    country:        ua
    remarks:        E-mail for SPAM and abuse  postmaster@ukrtel.net
    admin-c:        ARM42-RIPE
    tech-c:         ARM42-RIPE
    status:         ASSIGNED PA
    mnt-by:         AS6849-MNT
    changed:        aremiga@ukrtel.net 20080408
    source:         RIPE
    
    person:         Remiga Alexander
    address:        JSC UKRTELECOM
    address:        18, Shevchenko blvd
    address:        [COLOR="Red"]Ukraine, Kiev[/COLOR]
    phone:          +380 (44) 230-9024
    nic-hdl:        ARM42-RIPE
    mnt-by:         AS6849-MNT
    changed:        aremiga@ukrtel.net 20080407
    source:         RIPE
    
    % Information related to '91.124.0.0/16AS6849'
    
    route:          91.124.0.0/16
    descr:          AGGREGATE BLOCK FOR UKRTELECOM
    origin:         AS6849
    mnt-by:         AS6849-MNT
    changed:        aremiga@ukrtel.net 20061006
    source:         RIPE
    
    Code:
    whois -H  [B]190.51.13.86[/B]
    
    % Joint Whois - whois.lacnic.net
    %  This server accepts single ASN, IPv4 or IPv6 queries
    
    % LACNIC resource: whois.lacnic.net
    
    
    % Copyright LACNIC lacnic.net
    %  The data below is provided for information purposes
    %  and to assist persons in obtaining information about or
    %  related to AS and IP numbers registrations
    %  By submitting a whois query, you agree to use this data
    %  only for lawful purposes.
    %  2009-02-06 18:01:38 (BRST -02:00)
    
    inetnum:     190.51/16
    status:      allocated
    owner:       Telefonica de Argentina
    ownerid:     AR-TEAR7-LACNIC
    responsible: Agustín Gomez Dhers
    address:     AV. ING. HUERGO - OBS. JUDICIALES, 723,
    address:     1065 - Buenos Aires - CF
    country:     AR
    phone:       +54 11 4332-2220 []
    owner-c:     TEA
    tech-c:      TEA
    abuse-c:     TEA
    inetrev:     190.51/16
    nserver:     DNS1.MRSE.COM.AR
    nsstat:      20090204 AA
    nslastaa:    20090204
    nserver:     DNS2.MRSE.COM.AR
    nsstat:      20090204 AA
    nslastaa:    20090204
    nserver:     DNS3.MRSE.COM.AR
    nsstat:      20090204 AA
    nslastaa:    20090204
    created:     20070130
    changed:     20070130
    
    nic-hdl:     TEA
    person:      TELEFONICA DE ARGENTINA
    e-mail:      tasamail@TELEFONICA.COM.AR
    address:     AV. ING. HUERGO, 723,
    address:     1065 - Capital Federal - BA
    country:     AR
    phone:       +54 11 4333-5000 []
    created:     20030618
    changed:     20081111
    
    % whois.lacnic.net accepts only direct match queries.
    % Types of queries are: POCs, ownerid, CIDR blocks, IP
    % and AS numbers.
     
  3. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    ok tyvm jobeard
    why are they doing this to my pc.whats the motive?
    also is it normal if i get norton scan logs even if i removed norton with the removal norton tool?ill post required steps in an hour

    i did'nt get a malwarebytes log because the scan was clean.
     
  4. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    this is an old malwarebytes log.i know old ones don't count but since kimsland always tells me to post the three of them without exeption here you go. it posted down here i don't know what happened.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks ;)

    But that's not exactly the Malwarebytes scan log :rolleyes:

    Anyway, do this:

    Uninstall your McAfee Antivirus
    Then run the McAfee Removal Tool

    Uninstall Spybot-S&D
    Uninstall PC Tools Firewall Plus
    Uninstall Comodo
    Uninstall ZoneAlarm
    Uninstall SUPERAntiSpyware

    Restart

    Run IE Reset: http://www.techspot.com/vb/post682762-2.html

    Install Avira free AntiVirus

    Startup Malwarebytes again. Update it, and then run a full scan

    Attach the logs ;)
    Actually, I can only read English, so I hope the above will fix everything up for you
     
  6. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    ok.done kim
    i followed all the steps
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    No, not done :(
    Please re-read the above post, don't worry about Malwarebytes though (ie you scanned already)
     
  8. Mechakingkong

    Mechakingkong TS Rookie Topic Starter Posts: 43

    i did everything i dont know what im missing.can you specify?
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Still installrd :(
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...