I noticed that my pc is sending out network probes all day today to port 16465. Does anybody have any ideas why this is happening?? Here's what it's telling me. Thanks. -JK
2012-06-05 14:27:32 -0500 f_kernel a_nil_area t_netprobe p_minor
hostname: nocgate2.humdev.com event: UDP netprobe srcip: 10.128.104.182
srcport: 59180 srczone: internal dst_geo: TR dstip: 22.214.171.124
dstport: 16465 protocol: 17 interface: lagg1
reason: Received a UDP packet destined for a service that the current policy does not support.
I had this going on also. I checked my router and there were many udp out entries for this port for IPs all over the world; I rebooted the router serveral times and they always came back; I used tcpview and found many entries for port 16465 being sent as tcp and udp sends out from my pc; I went to turn off the port with Windows Advanced Firewall and the Firewall would not start getting an error; I went to Windows Defender but it would not start up also; I checked the services for these and they were missing from my services list; I check the registry and they were no entries in the registry for them (BPE service and Windows Defender service); double checked some other services and they were missing. Examined past backup registry entries (obtained by restoring system state from a backup to another drive) and BPE and Defender entries were in the registry (hkey_local_machine\system\currentcontrolset\services) ; ran mcafee stinger and rootkit ; found nothing; ran Spybot found nothing;
I did get it to stop by stopping the services associated with the port (given by TCPview utility) ; but I had to stop a svchost service which runs a bunch of services ; In the process of updating the registry for missing services and stopping others my computer lost some functionality although much of it worked; I decided to restore my pc from a backup; and found the entries in the registry and services restored; firewall and windows defender worked ; no multiple 16465 entries. Appears something hit my pc somehow; don't know what it was ; but I fortunately backup up my pc regularly to another harddrive and the restoral has me working fine now.
Be vigilant! do plenty of full backups - there's is stuff out there!
You have an trojan infection, Scan the machine with MS-Security Essentials.
Root Cause = Not patched browser and/or flash version and/or java version.
Please do not advise people to install another antivirus because having two installed can actually leave them open to infection.
Good advice, however, regarding keeping Java, Flash etc. etc. up to date, very important.
Online scans are fine (just Google online virus scanner) or use any of the 3rd party tools listed in the last link in my signature.Message was edited by: Ex_Brit on 08/09/12 9:22:31 EDT AM