224.0.0.22
9 Nov 2005 1:58:18 UTC
Topic 190135
(moderation:
When I enable my hardware firewall, my software firewall reports einy or climate (depends on what is running)is trying to connect to 224.0.0.22. Have I been taken over by malware?
If I have it, what do I do to get rid of it?
Thanks
Magoo's Bro.
224.0.0.22
)
Sounds like maybe your HW firewall is using it as a pseudo-IP address. You might check its manual to see if that's the case. Do any of your other internet enabled programs trigger a similar message?
RE: When I enable my
)
Using a well known search engine :) I found this.
So this seems harmless.
Michael
Team Linux Users Everywhere
RE: RE: When I enable my
)
Thanks for the link. I have hardware and software firewalls. I use Spybot, Ad-ware and System Suite 6.0 (antiv) all report relativly clean. I still get einy trying to connect to 224. Also have explorer.exe trying to connect to sa.microsoft.com (a bogus site). Going to try PCTools, the scan indicated I have problems the other have not detected. Also I have deleted freecell.exe and it keeps coming back, really weird.
Magoo's Bro.
FYI: I had looked the address
)
FYI: I had looked the address up on http://www.arin.net/whois/ and saw this comment: "This block is reserved for special purposes." - hence my "pseudo-IP address" comment.
RE: RE: RE: When I
)
Hello
Personally I would never let explore.exe out on the internet. iexplore.exe is the browser not the other one. Every time I format XP, and re-install Zonealarm (my firewall) I block explore.exe totally. I HAVE to use iexplore.exe to do windows updates, but for everything else, get Firefox from Mozilla.org. BTW after getting the updates, I block iexplore.exe too.
Best wishes
Gray
RE: RE: RE: RE: When
)
Thanks again.
I did find a nasty in my HKey Current User registry. zgrunts.biz. You might want to check your reg for any zgrunts.biz entries. Also had to clean up some residual folders from a know offender, started with CD writer software wanting to contact a bogus site. System Suite 6.0,Spyboy 1.4 and ad-adware 1.06 did has still not found the 224 pest. Pest Patrol found the . biz trojan, but did not find the 224 bug. I had to delete the . biz trojan manually, because Pest Control only scans.
Have used the other browsers, have had probs with all, and not happy with the windows world. I like Zonealarm, but software fires do not take long to get around.
224.0.0.22 keeps poping up only while I am running Boinc. I can reboot, do not load Boinc on start, run around the net now with our anything trying to connect. I shut down internet connect, both hard and soft wall, open boinc and let it run for a while. Open firewalls and first thing that pops is einy trying for 224. Also found Freecell.exe back in the system32 folder.
One Down a couple more to go. Thanks again for your help, will try to keep crunching, but if boinc is an open door something has to be done. Boinc (did upgrade to newest vers) in an of it self probably is not melious, but it my be vunerable to nasties.
Thanks again,
Magoo's Bro.
Magoo's Bro, So, as I
)
Magoo's Bro,
So, as I understand it, no scan has brought up any virus or malware threats?
Try this - Download and run a program named HiJackThis, from merjin.org. You can google it or just get it from c/net download site. Check out the tutorial, if there is one in the program or from merjin. Run HiJackThis (HJT) (no need to install, just run the executable) and save the scan log somewhere you can easily find it. DO NOT AT THIS TIME REMOVE OR DELETE ANYTHING...
There are several forums (I suggest techsupportforum, search to see if there is a thread addressing your problem, if not, start a thread and post your HJT logfile. An expert will analyse the logfile, advise you which unfamiliar entries are and which are not threats, and tell you exactly how to remove threat(s).
Regards,
Michael
microcraft
"The arc of history is long, but it bends toward justice" - MLK
RE: RE: RE: RE: Quote
)
Hello
Hmmm, if I was in your situation - being as paranoid as I am I would have reformatted by now !
Don't give up on Windows just yet - The Linux games have a looooong way to go. I tried Linux, liked it quite a bit, but I have spent money getting my coding app (Topstyle Pro) and I like my games so Bill Gates will have my money for a year or two yet.
Going back to your problem - personally I don't think BOINC has created your problem, but I guess it is possible that some idiot has taken advantage of the way BOINC works.
I would imagine you have had your system up for a while now and probably used Internet Explorer for a while during that time ? Removing BOINC will not remove the problem - it'll be sitting there until one of the clever blokes tells you how to remove it. Let me put this another way: in all the time I have used BOINC - close to a year now - I have never had any issues reguarding potential safety loopholes. I DO format the drive around every month to 2 months (and sometimes go through a formatting frenzy...weekly), but the reasons are more related to me fiddling rather than to any security probs.
If I was you I would back up what you NEED to keep, format the drive, reinstall Windows, turn off the XP firewall (both in the services and from the internet connection icon in control panel), install Zonealarm, immediately block explore.exe using ZoneAlarm (explore.exe in the windows folder - NOT iexplore.exe in program files), go directly to windows update (don't check e-mail or go to any other site) using Internet Explorer, install all updates, and then after a reboot install Mozilla Firefox and block Internet Explorer in ZoneAlarm. If you need to use Internet Explorer in the future unblock it, go do what you need to do, then close it down and close firewall again to IE.
I use Mozilla's Thunderbird as my e-mail client as well.
Once you have secured your box, download BOINC again, if you wish and re-attach to your projects - I would suggest not backing up anything in BOINC that you possess at present.
Hope the above is of some use - Gray