Solved Possible infection server connection

Hewlett-packard / P6533w
August 5, 2012 at 16:43:52
Specs: Windows 7, 3.0 Ghz
This is a clean install on an HP Pavilion Desktop. I just used the factory recovery disk I got from HP I just wanted a clean install. Anyway I tried something after it all loaded and I connected my cat 5 cable to the ethernet. I did not run any software from my ISP not needed. All I did was connect the router to the ethernet the modem was already connected. So I go to cmd type netstat I get the following.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Chris>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 192.168.5.101:49172 install:https TIME_WAIT
TCP 192.168.5.101:49188 209:http ESTABLISHED
TCP 192.168.5.101:49245 69.31.132.42:http ESTABLISHED
TCP 192.168.5.101:49246 69.31.132.26:http ESTABLISHED
TCP 192.168.5.101:49247 69.31.132.26:http ESTABLISHED
TCP 192.168.5.101:49261 stats:https TIME_WAIT
TCP 192.168.5.101:49262 stats:https TIME_WAIT

C:\Users\Chris>

I just want to know what this is below.
TCP 192.168.5.101:49188 209:http ESTABLISHED
TCP 192.168.5.101:49245 69.31.132.42:http ESTABLISHED
TCP 192.168.5.101:49246 69.31.132.26:http ESTABLISHED
TCP 192.168.5.101:49247 69.31.132.26:http ESTABLISHED

Those IP addresses what am I connected to? I have tried an IP lookuop and got some server from Boston. Those are not my IP my IP is 74.167.5.138
I don't understand really what they could be unless it's the server my ISP at&t is connected to. A few weeks ago somehow my router got reset the ip got reset to the default. Noone was home at nmy house and noone in my family knows how to do this except me. I have had issues over the past also. Now I was told a hacker can hack a modem and router to make you connect to them. I just wonder if this is the case and my PC clean. Maybe I am just jumping and thinking crazy things.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


See More: Possible infection server connection

Report •


#1
August 5, 2012 at 16:53:31
✔ Best Answer
"Now I was told a hacker can hack a modem and router to make you connect to them"
Correct.

I would completely reset your router & put a very strong password in.

Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...


Report •

#2
August 5, 2012 at 18:44:21
OK I reset both the modem and router. I had to login to the internet again as always when I reset the modem. The funny thing this time is for some reason it reset me password and I got a new one. It was auto made it has never done that. But anyway I am logged in again and I try netstat again. Here is what I get.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Chris>netstat

Active Connections

Proto Local Address Foreign Address State

C:\Users\Chris

Looks good to me now. And BTW I do have the same IP address because I have a static IP that never changes. If the hacker already has my IP he may do this again. So should I contact my ISP about this?

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#3
August 5, 2012 at 18:50:29
"So should I contact my ISP about this?"
Won't hurt to make them aware of what happened.

Report •

Related Solutions

#4
August 5, 2012 at 19:02:05
Thanks for the help.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#5
August 5, 2012 at 19:02:59
Thanks for the help. If I have futher issues I will reply. I am going to keep a watch on this.

Just because the OP does not come back in 3 or 4 days to reply, does not mean he will not come back and reply.


Report •

#6
August 5, 2012 at 19:07:15
Here is some extra reading.

“Infected” routers threaten death by DNS
http://triplescomputers.com/blog/ca...
"Router infections are nasty little things. Technically, they aren’t infections, but rather, corrupted settings (thanks to malware) which lead to compromised PCs and information. They aren’t necessarily new; this has been a trend which actually started a couple of years ago and has become increasingly common among malware.
It’s actually pretty simple how they work: once a client computer has been infected, the malware takes advantage of the fact that no one ever changes their default router password. Equipped with this information, it accesses the router configuration and changes the DNS servers to malicious servers of its own, which can filter and steal traffic passing through them or even redirect users to altogether different sites when they request a page. This can be made entirely transparent to the user, as the displayed web address (the so-called FQDN) is still the same—only the resolved IP address has changed.
It isn’t uncommon for such router infections to reinfect clients even after they’re cleaned, presenting a seriously hazardous situation. The solution involves simultaneously performing a hard reset on the router (by holding down the reset button for 15 seconds or longer) and disinfecting the PC (and all affected PCs on the network) before connecting back to the router. Following that, the network must be reconfigured on the router, and a password needs to be set to prevent future infiltrations."


Report •


Ask Question