Virus or Malware?
Thread Starter
Virus or Malware?
On the last two occasions that I have started my computer Zonealarm firewall has reported that Proytecto1 is trying to access the internet. It seems the application involved is winpvr.exe and the destination IP is 192.168.2.1.53
A GOOGLE search seems to show that it is a worm of some sort but AVG shows nothing. Can anybody shed any light on this please.
CC
A GOOGLE search seems to show that it is a worm of some sort but AVG shows nothing. Can anybody shed any light on this please.
CC
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
Try downloading SuperAntiSpyware (free edition) and running that: SUPERAntiSpyware.com - Downloads
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,443
Likes: 0
Received 1 Like
on
1 Post
the destination IP is 192.168.2.1.53
Location, Location, Location
Join Date: Oct 2003
Location: If it moves, watch it like a hawk: If it doesn't, hit it with a hammer until it does...
Age: 60
Posts: 142
Likes: 0
Received 0 Likes
on
0 Posts
maybe the OP meant:
the destination IP is 192.168.2.1:53
port 53/tcp Domain Name Server
port 53/udp Domain Name Server
That might make sense if the software is trying to resolve a hostname for communication with the outside world and your PC is on a network where the local DNS server has the IP address 192.168.2.1
As others said, malware and/or viruses (as well as legitimate programs) are not immune to programming errors so maybe it was coded to look for a specific IP address to find a DNS server rather than querying the properties of the network connection to ascertain who it should talk to for hostname-IP resolution.
Although, IIRC all Belkin routers and cable/ISDN modems default to 192.168.2.1 on the private/internal network interface if not re-configured by the enduser.
the destination IP is 192.168.2.1:53
port 53/tcp Domain Name Server
port 53/udp Domain Name Server
That might make sense if the software is trying to resolve a hostname for communication with the outside world and your PC is on a network where the local DNS server has the IP address 192.168.2.1
As others said, malware and/or viruses (as well as legitimate programs) are not immune to programming errors so maybe it was coded to look for a specific IP address to find a DNS server rather than querying the properties of the network connection to ascertain who it should talk to for hostname-IP resolution.
Although, IIRC all Belkin routers and cable/ISDN modems default to 192.168.2.1 on the private/internal network interface if not re-configured by the enduser.
Last edited by mocoman; 27th Oct 2009 at 22:45.
Is the process "Proytecto 1", or "Proyecto 1" ?
Superantispyware has a good reputation.
So has MBAM.
I'd definitely try a scan with either (or both.)
MBAM is the smaller download.
Superantispyware has a good reputation.
So has MBAM.
I'd definitely try a scan with either (or both.)
MBAM is the smaller download.
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,443
Likes: 0
Received 1 Like
on
1 Post
Good suggestion about the : instead of the ..
My Linksys router talks to a cable modem and the default gateway address is 192.168.1.1, so they aren't all .2.1. Neither the Linksys router nor the cable modem has a DNS server in it so a DNS query appears (I've just checked with Wireshark) as an access to the correct external address of the ISP's DNS server.
If the OP is indeed running their own private DNS server on 192.168.2.1 one might expect them to know about it, no? - it doesn't sound like the sort of thing you set up by accident?
Although, IIRC all Belkin routers and cable/ISDN modems default to 192.168.2.1 on the private/internal network interface if not re-configured by the enduser.
If the OP is indeed running their own private DNS server on 192.168.2.1 one might expect them to know about it, no? - it doesn't sound like the sort of thing you set up by accident?
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
The IP address 192.168.2.1 is the default for certain models of home broadband routers principally SMC and Belkin brands. This address is set by the manufacturer at the factory, but you can change it at any time using the network router's administrative console.