If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
SYSTEM Connection Attempt
Windows ME 4.9.3000
IE 6.00.2800.1123 AVG Antivirus Plus Firewall 7.5.448 Periodically a Dialog Box with the information below pops up after I have connected to the Internet. This will happen two or three times in a row and then I won't see it for about a month. I am guessing that it is some kind of upgrade attempt by Windows. My antivirus is active and scans regularly, the firewall is in place and functioning, I run Adaware and Spybot regularly and do not find any indication of a virus or malware. What is causing this? ---------------------------------------------------------------------------- -------------------------------------------------- Application "SYSTEM" Is trying to establish connection with remote IP address 216.248.131.235. Do you want to allow this communication? Allow Deny This confirmation is related to a system communication and therefore a simple rule cannot be created in this case. If you wish to handle such communication, create a rule for system services and protocols using the System Service Rule Properties dialog. Application: SYSTEM Full path: SYSTEM Local address: localhost 1237 Remote Address: 216.248.131.235 : 80 Connection: TCP connection Direction: Out -- ~^~^~^~^~^~^~^~^~^~^~^~^~^~^ When in charge, ponder; when in trouble, delegate; when in doubt, mumble. Dave |
#2
|
|||
|
|||
SYSTEM Connection Attempt
It's not related to Windows nor Microsoft at all.
http://www.dnsstuff.com/tools/ipall....16.248.131.235 http://www.dnsstuff.com/tools/whois....16.248.131.235 Any of the above ring a bell ? MowGreen [MVP 2003-2007] =============== *-343-* FDNY Never Forgotten =============== Dave wrote: Windows ME 4.9.3000 IE 6.00.2800.1123 AVG Antivirus Plus Firewall 7.5.448 Periodically a Dialog Box with the information below pops up after I have connected to the Internet. This will happen two or three times in a row and then I won't see it for about a month. I am guessing that it is some kind of upgrade attempt by Windows. My antivirus is active and scans regularly, the firewall is in place and functioning, I run Adaware and Spybot regularly and do not find any indication of a virus or malware. What is causing this? ---------------------------------------------------------------------------- -------------------------------------------------- Application "SYSTEM" Is trying to establish connection with remote IP address 216.248.131.235. Do you want to allow this communication? Allow Deny This confirmation is related to a system communication and therefore a simple rule cannot be created in this case. If you wish to handle such communication, create a rule for system services and protocols using the System Service Rule Properties dialog. Application: SYSTEM Full path: SYSTEM Local address: localhost 1237 Remote Address: 216.248.131.235 : 80 Connection: TCP connection Direction: Out |
#3
|
|||
|
|||
SYSTEM Connection Attempt
I don't recognize anything in these two pages. And . . . I don't have any
connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . -- Dave "MowGreen [MVP]" wrote in message ... It's not related to Windows nor Microsoft at all. http://www.dnsstuff.com/tools/ipall....16.248.131.235 http://www.dnsstuff.com/tools/whois....16.248.131.235 Any of the above ring a bell ? MowGreen [MVP 2003-2007] =============== *-343-* FDNY Never Forgotten =============== Dave wrote: Windows ME 4.9.3000 IE 6.00.2800.1123 AVG Antivirus Plus Firewall 7.5.448 Periodically a Dialog Box with the information below pops up after I have connected to the Internet. This will happen two or three times in a row and then I won't see it for about a month. I am guessing that it is some kind of upgrade attempt by Windows. My antivirus is active and scans regularly, the firewall is in place and functioning, I run Adaware and Spybot regularly and do not find any indication of a virus or malware. What is causing this? -------------------------------------------------------------------------- -- -------------------------------------------------- Application "SYSTEM" Is trying to establish connection with remote IP address 216.248.131.235. Do you want to allow this communication? Allow Deny This confirmation is related to a system communication and therefore a simple rule cannot be created in this case. If you wish to handle such communication, create a rule for system services and protocols using the System Service Rule Properties dialog. Application: SYSTEM Full path: SYSTEM Local address: localhost 1237 Remote Address: 216.248.131.235 : 80 Connection: TCP connection Direction: Out |
#4
|
|||
|
|||
SYSTEM Connection Attempt
If you have no idea why the SYSTEM is attempting to connect to the DNS
listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
#5
|
|||
|
|||
SYSTEM Connection Attempt
You're right, of course, and that's what I do. I was just trying to figure
out who or what was trying to be connected to my computer. Thank you Dave "MowGreen [MVP]" wrote If you have no idea why the SYSTEM is attempting to connect to the DNS listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
#6
|
|||
|
|||
SYSTEM Connection Attempt
Do you have anything wireless?
Is that firewall part of the AVG? I would likely keep at it until I found an answer. Port 80 has a legitamate use. I think Winamp has an option to use it with proxy. Somewhere there is a list of what each port is used for, legitamately, which might give a hint. Does your firewall give any more details, such as files involved. ZA has a feature that will check for changed files trying to access and close the door when necessary. If running a hardware router/firewall, you might check the logs there as well, but if you have already been slipped a trojan, deny is best until you figure it out. Norman "Dave" wrote in message ... You're right, of course, and that's what I do. I was just trying to figure out who or what was trying to be connected to my computer. Thank you Dave "MowGreen [MVP]" wrote If you have no idea why the SYSTEM is attempting to connect to the DNS listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
#7
|
|||
|
|||
SYSTEM Connection Attempt
Is Deltacom your internet provider ?
http://www.deltacom.com/internet.asp MG Dave wrote: You're right, of course, and that's what I do. I was just trying to figure out who or what was trying to be connected to my computer. Thank you Dave "MowGreen [MVP]" wrote If you have no idea why the SYSTEM is attempting to connect to the DNS listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
#8
|
|||
|
|||
SYSTEM Connection Attempt
Deltacom is NOT my ISP and I have never heard of them.
On the chance they would have some insight I sent a message to my ISP Tech Support. Here is their answer: "I believe you are correct when you mention the situation being involved with web page transfers, seeing as how the activity is on port 80. This can usually arise from an HTTP daemon. The connection is also coming from your system itself, so it may be something entirely innocuous, such as a background messenger trying to load a banner in itself. I would personally advise to temporarily disable all startup programs (aside from the firewall, of course) temporarily to see if the issue persists. You may also consider running some spyware and virus scans, if have not already done so. I do not believe that this has much of anything to do with your ISP or hosting services, but I figured I could throw out some ideas for you." I'll post back when I learn more. -- Dave "MowGreen [MVP]" wrote Is Deltacom your internet provider ? http://www.deltacom.com/internet.asp MG Dave wrote: You're right, of course, and that's what I do. I was just trying to figure out who or what was trying to be connected to my computer. Dave "MowGreen [MVP]" wrote If you have no idea why the SYSTEM is attempting to connect to the DNS listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
#9
|
|||
|
|||
SYSTEM Connection Attempt
After your last message I decided to take a look in my Registry to see if
there were any references to Deltacom. Here is what I found: HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\TypedURLS Url1 http://www.deltacom.com/internet.asp Does it seem reasonable that it would be safe to delete this entry? Being a 79 year old novice user these kind of things scare me a little bit. -- Dave "MowGreen [MVP]" wrote in message ... Is Deltacom your internet provider ? http://www.deltacom.com/internet.asp MG Dave wrote: You're right, of course, and that's what I do. I was just trying to figure out who or what was trying to be connected to my computer. Thank you Dave "MowGreen [MVP]" wrote If you have no idea why the SYSTEM is attempting to connect to the DNS listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
#10
|
|||
|
|||
SYSTEM Connection Attempt
That only means that at some time the url was typed into the address bar of
IE. Not a problem. I checked port 80 and it used for HTTP server. But found that it was often used for an attack. http://www.cgisecurity.com/papers/fi...inting-2.shtml Maybe wading through this link will help, but if it is above you, then may I suggest that you go to dslreports.com and look for the forum on firewalls. They have some very knowledgeable people there and unless your firewall is some strange animal, they likely have experience with it. Or maybe the manufacturer has a forum. But I would not let my guard down. Yes the call is coming from your machine as you indicated by outbound. Looking within your firewall may indicate whether your machine is trying to just access or act as a server to the connection. Server would be a double red flag I suspect. Since you have not said which firewall, is it part of the AVG, and most importantly if I am not familiar with it, its capabilities. I just looked at their site and very little details are available for the firewall. Right now it sounds very much like something altered a file in such a way that it trys to make this connection. Have you installed any software about the time this started happening that might be trying force registration or autoupdate? How long, and hopefully in maximum security, did you install the firewall before this started happening. Norman "Dave" wrote in message ... After your last message I decided to take a look in my Registry to see if there were any references to Deltacom. Here is what I found: HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\TypedURLS Url1 http://www.deltacom.com/internet.asp Does it seem reasonable that it would be safe to delete this entry? Being a 79 year old novice user these kind of things scare me a little bit. -- Dave "MowGreen [MVP]" wrote in message ... Is Deltacom your internet provider ? http://www.deltacom.com/internet.asp MG Dave wrote: You're right, of course, and that's what I do. I was just trying to figure out who or what was trying to be connected to my computer. Thank you Dave "MowGreen [MVP]" wrote If you have no idea why the SYSTEM is attempting to connect to the DNS listed, then deny it. MG Dave wrote: I don't recognize anything in these two pages. And . . . I don't have any connection to the companies or the cities mentioned. It's still a mystery as to why my SYSTEM would try to connect . . . |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WIN98 Hangs Up in Attempt to Load | Donald Chick | General | 18 | May 27th 06 02:39 AM |
Attempt to install just results in constant reboot | jeffareid | Setup & Installation | 4 | April 2nd 06 09:34 PM |
PC locks up after boot and login attempt | Doug | General | 3 | June 8th 05 11:12 AM |
Network indicator in system tray with DSL connection | René | Networking | 6 | October 5th 04 07:55 AM |
isnt supposed to be a network connection icon in the system tray | flip | General | 0 | September 3rd 04 12:25 PM |