PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Virus or Malware? (https://www.pprune.org/computer-internet-issues-troubleshooting/393820-virus-malware.html)

Compass Call 27th Oct 2009 19:49
Virus or Malware?
 
On the last two occasions that I have started my computer Zonealarm firewall has reported that Proytecto1 is trying to access the internet. It seems the application involved is winpvr.exe and the destination IP is 192.168.2.1.53

A GOOGLE search seems to show that it is a worm of some sort but AVG shows nothing. Can anybody shed any light on this please.

CC

green granite 27th Oct 2009 20:27
Try downloading SuperAntiSpyware (free edition) and running that: SUPERAntiSpyware.com - Downloads

Gertrude the Wombat 27th Oct 2009 22:14
the destination IP is 192.168.2.1.53
Unlikely, both because IP addresses aren't written like that - they can have one or two or three dots in them but not four - and because 192.168.something is a non-routable address anyway (although there's no saying that the malware isn't crap software that uselessly tries to access a non-routable address, I've seen similar daft and useless behaviour).

mocoman 27th Oct 2009 22:34
maybe the OP meant:

the destination IP is 192.168.2.1:53

port 53/tcp Domain Name Server
port 53/udp Domain Name Server

That might make sense if the software is trying to resolve a hostname for communication with the outside world and your PC is on a network where the local DNS server has the IP address 192.168.2.1

As others said, malware and/or viruses (as well as legitimate programs) are not immune to programming errors so maybe it was coded to look for a specific IP address to find a DNS server rather than querying the properties of the network connection to ascertain who it should talk to for hostname-IP resolution.

Although, IIRC all Belkin routers and cable/ISDN modems default to 192.168.2.1 on the private/internal network interface if not re-configured by the enduser.

Tarq57 27th Oct 2009 22:47
Is the process "Proytecto 1", or "Proyecto 1" ?
Superantispyware has a good reputation.
So has MBAM.
I'd definitely try a scan with either (or both.)
MBAM is the smaller download.

Gertrude the Wombat 27th Oct 2009 23:44
Good suggestion about the : instead of the ..

Although, IIRC all Belkin routers and cable/ISDN modems default to 192.168.2.1 on the private/internal network interface if not re-configured by the enduser.
My Linksys router talks to a cable modem and the default gateway address is 192.168.1.1, so they aren't all .2.1. Neither the Linksys router nor the cable modem has a DNS server in it so a DNS query appears (I've just checked with Wireshark) as an access to the correct external address of the ISP's DNS server.

If the OP is indeed running their own private DNS server on 192.168.2.1 one might expect them to know about it, no? - it doesn't sound like the sort of thing you set up by accident?

green granite 28th Oct 2009 07:32
The IP address 192.168.2.1 is the default for certain models of home broadband routers principally SMC and Belkin brands. This address is set by the manufacturer at the factory, but you can change it at any time using the network router's administrative console.


All times are GMT. The time now is 11:23.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.