Malware City/Blog/

Jan

Filed Under:

HOW TO....

About Win32.Worm.Downadup and its removal

09 January 2009

Win32.Worm.Downadup is, as its name suggests, a worm which spreads by exploiting a vulnerability in the Windows RPC Server Service. Having all Windows systems, except Windows 7 Beta, at its disposal, plus a highly optimized code the e-threat is spreading with incredible speed.

The estimated number of infected PCs is at 500.000 and rising. Considering the fact that it first appeared in late November 2008 and that Microsoft issued a patch for this vulnerability on the 23rd October 2008 several questions arise:

1. How come so many systems are still vulnerable to the worm?

2. Is this the beginning of a new botnet?

To answer the first question: it seems people fail to see the importance of system patches, especially the ones rated with a “Critical” status. Several Weeks or even Months can pass before they consider installing them. So how do you solve a security problem that's caused by users that refuse to update their machine? I would like you to ponder on this question and hit me with a reply whenever something comes to mind.

To answer the second question: yes. Upon execution, Win32.Worm.Downadup attempts to download a version of the well known “Antivirus XP” rogue. More information about rogue security software is available here. When we say rogue security software, we automatically imply illegally gotten money, so there is a very plausible reason for a botnet. If Downadup continues to rise at this rate, we could be seeing the birth of a rival to established botnets like Storm.

For a more technical description of Win32.Worm.Downadup please check out this week malware review .

To remove Win32.Worm.Downadup follow these steps:
1. disable System Restore
2. download and install MS08-067 vulnerability patch from here

3. unplug your network cable or disable your network device

4. run the removal tool developed by BitDefender Labs.

RELATED INFO:
HOW TO

Comments:

Todd said on Jan-11-2009 21:49

How do I disable System Restore and download and install MS08-067 vulnerability patch? and run removal tool?

Andrei Bereczki said on Jan-12-2009 04:27

Hi Todd,

in order to disable the System Restore feature please follow one of these links:
1. for Windows ME: http://support.microsoft.com/kb/264887
2. for Windows XP: http://support.microsoft.com/kb/310405
3. for Windows Vista: http://windowshelp.microsoft.com/Windows/en-us/help/f0688925-5abe-4caf-b49a-018f8cfcaf4d1033.mspx#E3

A link is already provided for the MS08-067 patch, just click it, then select your operating system, and click download on the page that shows. Just in case you didn't notice the link, here it is again: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

As for the removal tool, download the zip file provided in the article, extract the content anywhere on your computer and just run one of the files. They both do the same, just the appearance differs.

Best regards.

Raymond Fellers said on Jan-12-2009 10:11

Thanks for your post regarding this worm.

As for this link:http://support.microsoft.com/kb/310405, if your system is infected with the Win32.Worm.Downadup, then the download will be prevented. The worm stops access to any URL that contains any word that the worm checks for.

I have not been able to download the security patch because the worm stops access to any URL with the word microsoft in it.

Jeff said on Jan-12-2009 13:38

Bitdefender can't delete my infected shared folder. I can't even manually delete the files using administrator log in:(

Andrei Bereczki said on Jan-13-2009 09:59

Hello Raymond,

we ahve uploaded the removal to a public file sharing website in order to avoid the worms filters. You can find the archive here: http://drop.io/bd_cleaner

After removal restart your system and you should be clean. You can download and apply the Microsoft path as described before.

Raymond Fellers said on Jan-14-2009 05:21

Thanks for your giving me access to the BitDefender removal tool. I got a "clean" notice after I ran the tool, restarted my computer and saw that I still can't access the forbidden websites. Perhaps I am infected with a different, but similar, worm or virus.

Regards, Ray

Raymond Fellers said on Jan-14-2009 12:24

Thanks for your help. I got the anti-downadup and ran it. It reported "clean" It ran so fast that I doubt it really scanned anything.

David San Jose said on Jan-15-2009 10:49

In order to apply Microsoft's patches you can stop "DNS client" service and then you will have access to Microsoft website, at least it's working for me in my network

Andrei Bereczki said on Jan-16-2009 04:40

That's a good idea David, also if you're part of a network, make sure to disconnet ALL the computers from it and then apply our removal tool, or else after each reboot you will get infected again from the other computers.

Andrei Bereczki said on Jan-16-2009 07:41

Hi Jeff,

in order to successfully get rid of the worm download the removal tool provided by the BitDefender Labs from: http://drop.io/bd_cleaner

If you are part of a network, make sure to download the tool separately on every computer then disconnect them from the network.
Also remove all the removable devices from them and run the removal tool.

After each computer has rebooted your network should be clean.

Guest said on Jan-16-2009 10:29

I also got infected by such worm...I Also run OS patches Provided by Microsoft and run BD removing tools,,,I will give my suggetions soon

Daniel said on Jan-16-2009 14:18

Hello, how can I verify if the worm infected my computer without performing an antivirus scan?

Andrei Bereczki said on Jan-19-2009 07:29

Hello Daniel,

one of the most obvious symptoms of the worm is its blocking of certain websites. www.bitdefender.com should be blocked since it contains the string defender.

Try accessing the worms description at: http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
If you can't, it means you're infected with the worm, or something similar.

Guest said on Jan-21-2009 15:21

Hi! I was wondering if there was a way to scan a thumbdrive for the virus. Any help is appreciated.

redbean said on Jan-21-2009 19:06

Hi

my pc sound infected some trojan like this...

it stop internet explorer from start, make system restore malfunction, cant disk check, slowing internet connection,
cant visit some website, system unstable and all the symtoms above...

i using bitdefender antivirus 2008, it disappointing me this time..

the symtoms start after i installed this ->aquaplay setup

i try everthing still cant get rid of it..sad

TBolt said on Jan-21-2009 22:10

Thanks Andrei for the very informative blog. I will certainly use the tips found here to ensure my network is clean. That being said, am I correct in assuming that if BD's signature files are up to date, we are protected by this threat?

John said on Jan-22-2009 16:51

Hello,

The worm wont allow me to turn off the DNS service, and when I run the tool it says the system is clean, and I cant connect to the microsoft website, so can someone please put the MS patch on another site? or is that impossible?

John Bramfeld said on Jan-23-2009 13:19

How do you know you have this worm. I understand the symptoms may be subtle, but what are they?

Liam said on Jan-28-2009 13:06

I can access these websites fine,AVG finds nothing, the only instance i found was on my USB but i did not do autorun or anythnig iwth it. Simply clicked my computer then right clicked the USB and scanned with AVG of which this worm was found on. Am i safe?
I ran the bitDefender tool to be safe but after scannnig it jsut closes, how do i know if it found and removed anything?

Jil said on Jan-29-2009 13:44

Well, I think I've just about tried everything now! Can't get rid of this worm, every scan just comes up clean as they can't access the infected files, and I'm locked out of regedit etc so can't remove them manually.
I have downloaded and installed all the recommended patches

Andrei Bereczki said on Jan-30-2009 08:15

@ redbean: try this: http://forums.spybot.info/showthread.php?p=285279

@ TBolt: yes, our products detect this threat, if you are not already infected you are safe and sound

@ John: if you ran the tool and it tells you the system is clean it means you get REinfected from a network computer. As mentioned before, unplug all network computers from the networks, unplug all removable devices, scan all computers from the network. You should be clean now.
Disable autorun to avoid getting infected from already infected usb sticks

@ John Bramfeld: for instance the worm blocks access to certain websites. autorun.inf files appear in the root folder of every disk drive.

@ Liam: you probably got your USB stick infected on another computer. Just delete the autorun.inf file and the executable it is supposed to execute and you should be fine (you can open the autorun.inf file in a simple text editor and check the path for the executable)

@ Jil: if our tool comes clean, then you're not infected with Win32.Worm.Downadup.

John Clifton said on Jan-31-2009 02:01

Hi there, I don't know for sure that I have this, but my PC is exhibiting some very similar signs. However, having followed the instructions, I cannot get your remover to run.

On asking it to scan the following error comes up:

GVM Engine internal error (scan)

Is this downadup protecting itself? I have tried downloading the remover twice, and it does appear to work correctly on my other PC - which came up as clean after using it.

Any thoughts gratefully received.

kc said on Feb-5-2009 18:04

Does this virus disable your antivirus software updates? If it is, then I think I might have it.

Mark said on Feb-8-2009 05:21

I have this virus. I have used the bit defender removal tool and patched the system with Microsoft updates. Thje virus is detected and successfully removed. However, even though it removes the virus, it does not prevent reinfection if another computer on the network has it. Any suggestions? I did patch my systems for MS08-067 vulnerability. I even did a windows update and patched everything MS said was missing.

This happens on both Windows XP as well as Windows 2003 servers.

Andrei Bereczki said on Feb-9-2009 06:35

@Mark: the worm also spreads by bruteforcing weak administrator passwords or USB sticks.
The removal tool only disinfects the system, not the removable drives as well. In order to stop the spread via USB sticks disable autorun on your machine and delete the files manually.
Make sure your administrator passwords are hard to guess.

R Mottus said on Mar-2-2009 23:46

Hey i have this, AVG found it, its sitting in my virus vault and was wonder if it was safe to just delete the file, or if I need to follow your guys's steps to remove it (ie. restore it in my system and do it)?

IvÃ¡n said on Mar-8-2009 07:35

Hi. After having followed all the steps that the virus apparently is gone, now I can turn on "System Restore" again?

Andrei Bereczki said on Mar-9-2009 08:43

@R Mottus: your system should be safe, but since you use AVG, you should request their support. @IvÃƒÆ’Ã‚Â¡n: try "turn on system restore" on google and clock the first result. Should be a Knowledge Base article from Microsoft.

Fred Baines said on Mar-17-2009 20:14

How do I turn this program off. I cannot upload pics to ebay now ??? Fred

ary said on Mar-18-2009 04:20

@Fred Baines Did you try to reboot the computer? or at least...let us know which program are you talking about?

Randheer Singh said on Jun-23-2009 19:22

Hi,
I cant open the site http://drop.io/bd_cleaner.
Do you have any other site?

zong said on Jul-21-2009 02:12

Okay so I'm a little confused. I'm not really sure if I actually do have this worm or not. My updates for AVG and Spyware Doctor keeps failing and SOMETIMES my browser fails to load a page. But I will reload it and it'll work. Maybe it's just my internet connection i thought..but my updates NEVER works. And some of the sites that you guys posted saying that it WILL NOT WORK because of the worm, still works for me.. so just a thought.. do I have it? My main concern is the AVG and Spyware Doc updates not working.

san said on Aug-19-2009 13:03

can this tutorial also solve system32/x virus problem??

sam said on Dec-7-2009 23:05

i wouls like to anwer your first question why user dont update from microsoft website ,
the basic reason is that most of the patches which microsoft website releases tends to destabilize the system (through my own experience ) that's why they dont update windows through patches, rather prefers to update windows windows version,or install firewals antivirus suites,my own experience is like this :
previously my computer was working fine (more then year) but a windows security popup keeps on coming usually i ignore that warning (as i have disabled automatic updates updates)just then i decided to give it a try to apply some patches form microsoft windows after applying those patches when i rebooted my windows it become so slow that previously it takes only 2 minutes to come to starting windows screen now it takes almost an hour to come to starting screen only aprt from that other functinality also become so slow that i cant work on my pc anymore so i finally decided to switch back to the windows which was before (after reinstalling whole windows ofcourse) so i always recommend to everybody never to update from windows website rather upgrade ur xp

Muhammad ibrar said on Dec-23-2009 05:01

i have problem of c:windowssystem32x

janna said on Dec-28-2009 13:22

i have a worm but i cant even get online to down load anything it is not letting me on the internet i have a connection just wont let me in.

Cody said on Jan-28-2010 15:10

Has this fix worked for anyone?

dfghfdg said on Jun-10-2010 05:17

Thanks --------------------------------

antihacker101 said on Aug-20-2010 13:26

i feel the urge to repair the knowledge you have of the worm and tell you whats really going on that better explain problems. the first is refering to updates. there was a time that i refused to update for one main purpose. i couldnt tell if the updates were real or not. the reason being is cause the real worm is an undetectable backdoor that allows the hacker to come in through our graphics card. the hardrives that i couldnt not format without getting an access violation error is where the hacker stores his alterations.

if i was to get an update, and download it, you all may not know that the reroute infects the updates or uses the updates to trick you into download a part of the worm that may have been blocked.

the reason the patches screwed your system up is cause it has to be accepted by the worm and reroute first. its not the patch, its the other parts of the worm in an unbreakable circle. the real worm hasnt been touched yet.

the traffic from the worm originally was used to pass a law called rootlaw. after he finished, he realized that i knew to much. the conficters that helpd parts of the bigger worm were made detectable on purpose to take blame for lags while you think that its being investiaged.

the security teams and microsoft is using the worm and still building it. they have no intentions to remove it. they instead are still making it more undetectable.

nov 17 after my displays randomly went black for a sec while the programer of the worm made changes is the real cause of the reboot loop linked to a blackscreen. he made changes here first, then update to you all on port 445. all high ports of the 2000 ips per hour i get changed to port 445.

here is a sample of the worm as of now. dont pay attention to the dates due to having to reset my hubs.
[INFO] Fri Feb 06 11:31:15 2004 Allowed configuration authentication by IP address 192.168.0.196
[WARN] Fri Feb 06 11:31:10 2004 Failed configuration authentication attempt by IP address 192.168.0.196
[INFO] Fri Feb 06 11:31:06 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:73
[WARN] Fri Feb 06 11:31:03 2004 Failed configuration authentication attempt by IP address 192.168.0.196
[INFO] Fri Feb 06 11:31:01 2004 Blocked incoming TCP packet from 83.238.68.222:55879 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[WARN] Fri Feb 06 11:30:58 2004 Failed configuration authentication attempt by IP address 192.168.0.196
[INFO] Fri Feb 06 11:30:57 2004 Above message repeated 1 times
[INFO] Fri Feb 06 11:30:05 2004 Blocked incoming TCP packet from 86.58.21.177:58360 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:29:24 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 11:29:24 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9090
[INFO] Fri Feb 06 11:29:23 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9415
[INFO] Fri Feb 06 11:27:55 2004 Blocked incoming TCP packet from 76.173.167.64:63104 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:27:42 2004 Blocked incoming TCP packet from 98.220.99.27:27714 to 98.134.163.42:48141 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:27:00 2004 Blocked incoming TCP packet from 92.96.41.29:61632 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:26:57 2004 Blocked incoming TCP packet from 99.246.76.143:23982 to 98.134.163.42:40676 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:26:54 2004 Blocked incoming TCP packet from 84.92.181.168:62577 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:26:51 2004 Blocked incoming TCP packet from 60.240.200.55:60149 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:26:41 2004 Blocked incoming TCP packet from 86.61.8.210:63089 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:26:41 2004 Blocked incoming TCP packet from 115.132.209.171:19264 to 98.134.163.42:50655 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:26:39 2004 Blocked incoming ICMP error message (ICMP type 3) from 184.56.125.204 to 98.134.163.42 as there is no UDP session active between 98.134.163.42:45682 and 192.168.1.102:33379
[INFO] Fri Feb 06 11:26:09 2004 Blocked incoming ICMP error message (ICMP type 3) from 124.148.201.83 to 98.134.163.42 as there is no UDP session active between 98.134.163.42:45682 and 192.168.0.4:11312
[INFO] Fri Feb 06 11:26:04 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 11:25:35 2004 Blocked incoming TCP packet from 85.122.12.81:60448 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:24:56 2004 Blocked incoming TCP packet from 115.132.209.171:19264 to 98.134.163.42:46031 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:24:36 2004 Blocked incoming TCP packet from 98.239.35.22:4735 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:24:01 2004 Blocked incoming TCP packet from 78.131.76.208:29447 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:23:22 2004 Blocked incoming TCP packet from 62.16.231.249:2711 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:22:32 2004 Blocked incoming UDP packet from 187.90.218.207:31698 to 98.134.163.42:27893
[INFO] Fri Feb 06 11:21:53 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 11:21:46 2004 Blocked incoming TCP packet from 74.125.159.136:80 to 98.134.163.42:60884 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:20:55 2004 Blocked incoming TCP packet from 86.175.82.46:26523 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:20:47 2004 Blocked incoming TCP packet from 99.240.82.172:18170 to 98.134.163.42:24362 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:20:42 2004 Blocked incoming TCP packet from 123.211.228.229:34974 to 98.134.163.42:47861 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:20:34 2004 Blocked incoming TCP packet from 75.116.127.154:53 to 98.134.163.42:61800 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:19:54 2004 Blocked incoming TCP connection request from 96.13.55.132:64882 to 98.134.163.42:139
[INFO] Fri Feb 06 11:19:27 2004 Blocked incoming TCP packet from 112.207.167.97:46157 to 98.134.163.42:43664 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:19:25 2004 Blocked incoming TCP packet from 91.199.104.31:80 to 98.134.163.42:4217 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:19:19 2004 Blocked incoming TCP packet from 184.51.181.115:80 to 98.134.163.42:10717 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:18:44 2004 Blocked incoming TCP connection request from 96.13.55.132:59120 to 98.134.163.42:139
[INFO] Fri Feb 06 11:18:25 2004 Blocked incoming TCP packet from 98.115.214.92:1714 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:18:09 2004 Blocked incoming TCP packet from 41.110.234.6:49321 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:16:22 2004 Blocked incoming TCP packet from 91.149.30.162:52068 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:16:18 2004 Blocked incoming TCP packet from 194.109.207.30:80 to 98.134.163.42:56596 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:16:18 2004 Blocked incoming TCP packet from 194.109.207.30:80 to 98.134.163.42:56465 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:16:18 2004 Blocked incoming TCP packet from 194.109.207.30:80 to 98.134.163.42:29516 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:16:15 2004 Blocked incoming TCP packet from 194.109.207.30:80 to 98.134.163.42:63947 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:16:15 2004 Blocked incoming TCP packet from 194.109.207.30:80 to 98.134.163.42:39587 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:15:13 2004 Blocked incoming TCP packet from 94.98.30.135:44268 to 98.134.163.42:64519 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:15:03 2004 Blocked incoming TCP packet from 92.25.143.44:16331 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:14:52 2004 Blocked incoming TCP packet from 91.149.30.162:51915 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:14:23 2004 Blocked incoming TCP packet from 77.45.39.122:57427 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:14:12 2004 Blocked incoming TCP packet from 84.92.181.168:61564 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:13:39 2004 Blocked incoming UDP packet from 87.108.10.229:25427 to 98.134.163.42:45739
[INFO] Fri Feb 06 11:13:34 2004 Blocked incoming TCP packet from 98.239.35.22:3605 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:13:17 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 11:13:14 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:1080
[INFO] Fri Feb 06 11:13:13 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8090
[INFO] Fri Feb 06 11:13:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 11:12:52 2004 Blocked incoming TCP packet from 74.125.159.104:443 to 98.134.163.42:11775 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:12:06 2004 Blocked incoming TCP packet from 91.149.30.162:51822 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:11:37 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 11:11:37 2004 Blocked incoming ICMP error message (ICMP type 3) from 80.184.68.82 to 98.134.163.42 as there is no UDP session active between 98.134.163.42:45682 and 192.168.1.2:16299
[INFO] Fri Feb 06 11:10:18 2004 Blocked incoming TCP packet from 78.53.148.32:50202 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:10:15 2004 Blocked incoming TCP packet from 123.211.228.229:34974 to 98.134.163.42:59265 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:09:30 2004 Blocked incoming TCP packet from 78.131.76.208:15386 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:09:14 2004 Blocked incoming TCP packet from 74.125.19.102:80 to 98.134.163.42:49896 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:08:28 2004 Blocked incoming TCP packet from 123.211.228.229:34974 to 98.134.163.42:30649 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:08:14 2004 Blocked incoming TCP packet from 99.246.76.143:23982 to 98.134.163.42:19656 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:07:55 2004 Blocked incoming TCP packet from 62.75.216.60:80 to 98.134.163.42:23544 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:07:09 2004 Blocked incoming TCP packet from 142.162.72.92:61116 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:06:43 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:73
[INFO] Fri Feb 06 11:06:41 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9090
[INFO] Fri Feb 06 11:06:30 2004 Blocked incoming TCP packet from 83.109.102.159:12683 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:06:17 2004 Blocked incoming TCP packet from 109.255.161.176:17340 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:05:48 2004 Blocked incoming TCP packet from 217.144.192.242:61205 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:04:56 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:73
[INFO] Fri Feb 06 11:04:56 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 11:04:56 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9415
[INFO] Fri Feb 06 11:03:52 2004 Blocked incoming TCP packet from 81.104.155.163:22824 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:03:25 2004 Blocked incoming TCP packet from 92.26.133.50:12589 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:03:15 2004 Blocked incoming TCP packet from 98.184.165.6:3093 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:02:58 2004 Blocked incoming TCP packet from 109.75.199.147:60191 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:02:33 2004 Blocked incoming TCP connection request from 96.15.234.38:54569 to 98.134.163.42:139
[INFO] Fri Feb 06 11:02:10 2004 Blocked incoming TCP packet from 75.116.127.154:53 to 98.134.163.42:51093 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:02:00 2004 Blocked incoming TCP packet from 98.239.35.22:2487 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:01:36 2004 Blocked incoming TCP connection request from 98.134.138.241:47114 to 98.134.163.42:445
[INFO] Fri Feb 06 11:01:21 2004 Blocked incoming TCP packet from 88.195.215.150:25364 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:00:40 2004 Blocked incoming TCP packet from 88.195.215.150:23096 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:00:09 2004 Blocked incoming TCP packet from 193.238.92.169:47047 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 11:00:07 2004 Blocked incoming TCP connection request from 77.97.64.173:51066 to 98.134.163.42:29362
[INFO] Fri Feb 06 10:59:58 2004 Above message repeated 2 times
[INFO] Fri Feb 06 10:59:52 2004 Blocked incoming TCP packet from 207.134.218.229:53284 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:59:01 2004 Blocked incoming TCP packet from 75.116.127.154:53 to 98.134.163.42:50406 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:58:34 2004 Blocked incoming TCP packet from 74.125.7.39:80 to 98.134.163.42:14964 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:58:11 2004 Blocked incoming TCP packet from 64.94.107.24:80 to 98.134.163.42:41932 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:58:08 2004 Blocked incoming TCP packet from 68.35.171.136:62229 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:58:04 2004 Blocked incoming TCP packet from 74.125.159.144:80 to 98.134.163.42:63825 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:58:02 2004 Blocked incoming TCP packet from 86.58.21.177:51131 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:57:05 2004 Blocked incoming ICMP error message (ICMP type 3) from 84.26.48.239 to 98.134.163.42 as there is no UDP session active between 98.134.163.42:45682 and 192.168.1.105:25000
[INFO] Fri Feb 06 10:56:56 2004 Blocked incoming TCP packet from 112.202.0.210:25763 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:56:14 2004 Blocked incoming TCP packet from 98.239.35.22:1961 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:56:03 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:3246
[INFO] Fri Feb 06 10:56:02 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:9000
[INFO] Fri Feb 06 10:56:02 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 10:55:05 2004 Blocked incoming TCP packet from 209.73.26.186:80 to 98.134.163.42:28125 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:55:05 2004 Blocked incoming TCP connection request from 221.192.199.35:12200 to 98.134.163.42:8080
[INFO] Fri Feb 06 10:55:04 2004 Blocked incoming TCP packet from 204.14.16.178:80 to 98.134.163.42:35136 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:55:03 2004 Blocked incoming TCP packet from 195.242.42.134:80 to 98.134.163.42:13297 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:54:59 2004 Blocked incoming TCP packet from 96.7.46.90:80 to 98.134.163.42:58260 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:54:58 2004 Blocked incoming TCP packet from 69.31.49.17:80 to 98.134.163.42:37947 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:54:44 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:1080
[INFO] Fri Feb 06 10:52:57 2004 Blocked incoming TCP packet from 123.211.228.229:34974 to 98.134.163.42:4055 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:52:36 2004 Blocked incoming TCP connection request from 96.15.234.38:28676 to 98.134.163.42:139
[INFO] Fri Feb 06 10:51:56 2004 Blocked incoming TCP packet from 75.116.127.154:53 to 98.134.163.42:24046 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:51:29 2004 Blocked incoming TCP connection request from 114.69.10.169:6000 to 98.134.163.42:135
[INFO] Fri Feb 06 10:51:06 2004 Blocked incoming TCP connection request from 221.195.73.68:12200 to 98.134.163.42:8888
[INFO] Fri Feb 06 10:51:06 2004 Blocked incoming TCP connection request from 221.195.73.68:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 10:50:29 2004 Blocked incoming TCP packet from 80.230.127.33:49621 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:49:51 2004 Blocked incoming TCP packet from 207.134.218.229:53054 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:49:21 2004 Blocked incoming TCP packet from 142.162.72.92:60235 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:49:05 2004 Blocked incoming TCP packet from 83.238.68.222:55783 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:48:48 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:48:25 2004 Blocked incoming TCP packet from 92.24.150.47:2302 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:48:18 2004 Blocked incoming TCP packet from 77.97.36.133:58240 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:47:45 2004 Blocked incoming TCP packet from 83.109.102.159:12371 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:47:34 2004 Blocked incoming TCP packet from 111.92.138.123:9070 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:47:11 2004 Blocked incoming TCP packet from 72.231.10.81:37009 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:46:38 2004 Blocked incoming TCP packet from 125.238.242.218:38946 to 98.134.163.42:33660 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:46:38 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:46:25 2004 Blocked incoming TCP packet from 81.104.155.163:21614 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:44:44 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:44:00 2004 Blocked incoming TCP packet from 93.67.198.126:50977 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:43:38 2004 Blocked incoming TCP packet from 68.35.171.136:59826 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:43:12 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 10:43:10 2004 Blocked incoming TCP packet from 201.191.198.109:58718 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:43:02 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:73
[INFO] Fri Feb 06 10:43:01 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2301
[INFO] Fri Feb 06 10:43:01 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 10:43:00 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9090
[INFO] Fri Feb 06 10:43:00 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9415
[INFO] Fri Feb 06 10:42:39 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:42:39 2004 Blocked incoming TCP packet from 188.208.43.155:62385 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:42:07 2004 Blocked incoming TCP connection request from 221.226.17.14:33170 to 98.134.163.42:21
[INFO] Fri Feb 06 10:42:03 2004 Above message repeated 1 times
[INFO] Fri Feb 06 10:41:30 2004 Blocked incoming TCP packet from 98.239.35.22:4235 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:40:46 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:73
[INFO] Fri Feb 06 10:40:46 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2301
[INFO] Fri Feb 06 10:40:46 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 10:40:46 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:40:45 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9090
[INFO] Fri Feb 06 10:40:45 2004 Blocked incoming ICMP error message (ICMP type 3) from 124.150.62.27 to 98.134.163.42 as there is no UDP session active between 98.134.163.42:45682 and 192.168.0.4:55919
[INFO] Fri Feb 06 10:40:45 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9415
[INFO] Fri Feb 06 10:40:42 2004 Blocked incoming TCP packet from 112.202.0.210:24830 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:39:57 2004 Blocked incoming TCP packet from 70.112.118.150:1166 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:39:37 2004 Blocked incoming TCP packet from 92.129.174.48:59512 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:39:09 2004 Blocked incoming TCP packet from 89.243.107.92:25621 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:38:52 2004 Blocked incoming TCP packet from 121.149.230.74:21029 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:38:36 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:38:26 2004 Blocked incoming TCP packet from 85.183.95.152:55876 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:37:17 2004 Blocked incoming TCP packet from 70.112.118.150:1761 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:36:40 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:35:24 2004 Blocked incoming TCP packet from 123.211.228.229:34974 to 98.134.163.42:46621 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:35:13 2004 Blocked incoming TCP packet from 89.243.107.92:25299 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:35:06 2004 Blocked incoming TCP packet from 89.243.107.92:24975 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:35:04 2004 Blocked incoming TCP connection request from 221.192.199.46:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 10:34:49 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:1080
[INFO] Fri Feb 06 10:34:49 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8090
[INFO] Fri Feb 06 10:34:46 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:34:30 2004 Blocked incoming TCP connection request from 96.15.234.38:46008 to 98.134.163.42:139
[INFO] Fri Feb 06 10:34:08 2004 Blocked incoming TCP packet from 89.243.107.92:24621 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:34:02 2004 Blocked incoming TCP packet from 111.92.138.123:5045 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:33:59 2004 Blocked incoming TCP packet from 188.208.43.155:61592 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:33:58 2004 Blocked incoming TCP packet from 24.7.249.71:58452 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:33:27 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:1080
[INFO] Fri Feb 06 10:32:40 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:31:58 2004 Blocked incoming ICMP error message (ICMP type 11) from 217.66.22.180 to 98.134.163.42 as there is no TCP connection active between 98.134.163.42:45682 and 217.66.22.81:55058
[INFO] Fri Feb 06 10:31:58 2004 Blocked incoming TCP packet from 217.66.22.81:55058 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:31:54 2004 Blocked incoming TCP packet from 24.7.249.71:63940 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:31:51 2004 Blocked incoming TCP packet from 97.104.69.81:17340 to 98.134.163.42:63688 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:30:58 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 10:30:50 2004 Blocked incoming TCP packet from 60.53.59.226:4725 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:30:45 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:29:45 2004 Blocked incoming UDP packet from 201.27.15.123:1027 to 98.134.163.42:137
[INFO] Fri Feb 06 10:29:20 2004 Blocked incoming TCP connection request from 98.208.97.91:49945 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:28:38 2004 Blocked incoming UDP packet from 98.208.97.91:3615 to 98.134.163.42:27574
[INFO] Fri Feb 06 10:28:27 2004 Blocked incoming TCP packet from 193.238.92.169:39029 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:28:12 2004 Blocked incoming TCP packet from 86.88.2.93:63095 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:27:17 2004 Blocked incoming TCP packet from 75.116.127.154:53 to 98.134.163.42:22534 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:26:23 2004 Blocked incoming TCP connection request from 96.15.234.38:24933 to 98.134.163.42:139
[INFO] Fri Feb 06 10:25:23 2004 Blocked incoming TCP packet from 92.96.41.29:60925 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:25:19 2004 Blocked incoming TCP packet from 89.243.107.92:24291 to 98.134.163.42:45682 as FIN:PSH:ACK received but there is no active connection
[INFO] Fri Feb 06 10:25:11 2004 Blocked incoming TCP packet from 115.132.209.171:19264 to 98.134.163.42:20412 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:24:38 2004 Blocked incoming TCP packet from 178.235.21.173:53672 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:24:27 2004 Blocked incoming TCP packet from 188.52.106.217:65224 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:24:07 2004 Blocked incoming TCP packet from 123.211.228.229:34974 to 98.134.163.42:49643 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:23:04 2004 Blocked incoming TCP packet from 151.66.106.181:3917 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:22:11 2004 Blocked incoming TCP connection request from 96.13.55.132:38643 to 98.134.163.42:139
[INFO] Fri Feb 06 10:21:49 2004 Blocked incoming TCP packet from 97.104.69.81:17340 to 98.134.163.42:54895 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:21:45 2004 Blocked incoming TCP packet from 91.149.30.162:49277 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:21:06 2004 Blocked incoming TCP packet from 84.38.27.221:2417 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:19:56 2004 Blocked incoming TCP packet from 91.149.30.162:49189 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:19:08 2004 Blocked incoming TCP packet from 95.209.37.102:31217 to 98.134.163.42:42254 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:18:31 2004 Blocked incoming TCP connection request from 221.192.199.48:12200 to 98.134.163.42:8085
[INFO] Fri Feb 06 10:17:48 2004 Blocked incoming TCP packet from 117.254.139.15:2176 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:17:39 2004 Blocked incoming TCP packet from 112.202.0.210:23928 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:17:35 2004 Blocked incoming TCP packet from 91.149.30.162:65425 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:17:19 2004 Blocked incoming TCP connection request from 96.13.55.132:13772 to 98.134.163.42:139
[INFO] Fri Feb 06 10:17:08 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:73
[INFO] Fri Feb 06 10:17:07 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2301
[INFO] Fri Feb 06 10:17:06 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 10:17:05 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9090
[INFO] Fri Feb 06 10:17:05 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9415
[INFO] Fri Feb 06 10:16:44 2004 Blocked incoming TCP packet from 94.14.144.193:1383 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:16:41 2004 Blocked incoming TCP packet from 84.38.27.221:1989 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:16:35 2004 Blocked incoming TCP packet from 65.32.162.180:49946 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:16:18 2004 Blocked incoming TCP packet from 117.254.139.15:2220 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:16:13 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:1080
[INFO] Fri Feb 06 10:16:13 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8090
[INFO] Fri Feb 06 10:16:12 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:9000
[INFO] Fri Feb 06 10:15:54 2004 Blocked incoming TCP packet from 81.104.155.163:19661 to 98.134.163.42:45682 as RST:ACK received but there is no active connection
[INFO] Fri Feb 06 10:14:54 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2301
[INFO] Fri Feb 06 10:14:53 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:2479
[INFO] Fri Feb 06 10:14:53 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9090
[INFO] Fri Feb 06 10:14:52 2004 Blocked incoming TCP connection request from 202.102.234.71:12200 to 98.134.163.42:9415
[INFO] Fri Feb 06 10:14:36 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8090
[INFO] Fri Feb 06 10:14:36 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:9000
[INFO] Fri Feb 06 10:14:35 2004 Blocked incoming TCP connection request from 222.186.13.212:12200 to 98.134.163.42:8085

i am the mostly infected user of the main worm that affects you all. i was used to spread the worm, there is more than meets the eye. your phones and towers are part of the worm.

until recently, i could not format any drive and the operating system was always infected before a clean install was finished.
the altered bios allowed the worm an d hacker to connect to a portion of your drive from a pointer.

a strange event happened where i successfully low level formated(first time in 3 years) that removed the worm that revied the harware used to connect to a fake drive from the pointer.
i cannot install my operating system cause the worm cant finish. the good news is that i can boot a low level program from my cd that allows me to wipe drives without interuptions from the hacker cause he cant get in due to his well built worm.

im going to try out the downandup remover to see if it will work, i have a feeling it wont. im more infected than you all. all changes from the worm that You get, goes through me first. he updates changes of the worm using port 445.

all rootkit attempts to detect resulted in access violations.

chat said on Oct-26-2011 17:43

Congratulations on a truly wonderful has been the subject you would like to continue to monitor

Mo	Tu	We	Th	Fr	Sa	Su
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29
« Jan		Feb			Mar »