jurble Posted June 2, 2013 Share Posted June 2, 2013 So some weeks ago, my firewall started going crazy blocking attempted connections from my PC to China like this:2013/05/19 05:36:00 -0400 ASOUP-PC asoup IP-BLOCK 203.93.126.72 (Type: outgoing, Port: 60732, Process: svchost.exe)2013/05/19 05:36:56 -0400 ASOUP-PC asoup IP-BLOCK 218.7.28.189 (Type: outgoing, Port: 60732, Process: svchost.exe)2013/05/19 05:37:28 -0400 ASOUP-PC asoup IP-BLOCK 218.7.28.189 (Type: outgoing, Port: 60732, Process: svchost.exe)At the time, I thought of all the sites I had visited that day that I hadn't visited before since my last reformat, and the only one that stood out was AWoIaF. Afterwards, I ran as many anti-malware programs as possible, none could detect this thing, whatever it was. Until, finally, a program called Combofix appeared to have found it hiding in SysWoW64. It was also blocking incoming connections, so it seems to me this wasn't just a keylogger, but possibly either a botnet or a program that lets them use you as steps to route traffic to hide the original user.Anyway, so I was clean again until today when I start seeing things like this again:2013/06/02 05:29:58 -0400 ASOUP-PC asoup IP-BLOCK 213.226.197.102 (Type: outgoing, Port: 54023, Process: svchost.exe)2013/06/02 07:40:45 -0400 ASOUP-PC asoup IP-BLOCK 218.10.2.40 (Type: incoming, Port: 54023, Process: svchost.exe)2013/06/02 07:40:45 -0400 ASOUP-PC asoup IP-BLOCK 218.10.2.40 (Type: incoming, Port: 54023, Process: svchost.exe)And what site had I visited recently that I hadn't visited in weeks? The Wiki of Ice and Fire.Now this is just a sample-size of 2, and it's very possible it's just a coincidence. I just want to make people aware of the possibility. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.