0 Replies Latest reply on Feb 23, 2010 4:31 PM by danr

    Has my security been compromised? How so? What can be done about it?

      Despite diligent use of McAfee Security Center resources, my computer had become infected with various trojans.  Eventually, using Mafee and tools from other anti-malware providers I was able to detect and remove these infections. However, since then my McAfee Security Center logs are showing some strange things apparently going on with my system, which I need some help to understand.

       

      First, the "Inbound Events" log (under Internet and Network) is overflowing with attempts to access various ports on my computer and with "invalid packets."  The attempts can occur very frequently (sometimes less than a minute apart), though they do stop after a while only to start up again after a while.  The "Source IPs" listed for all of these events are always one of my own IP addresses (the first seven digits are always the same, only the final one or two changes).  On the "Manage Network" page, the diagram includes several strange computers, which appear to be the same ones that are trying to access my ports (they are listed under "host name" in the Inbound Events log).  But to my knowledge I don't even have a "network," just a single computer that is connected to the internet via DSL.

       

      Even though I don't know what these readings signify, I suspect my computer has somehow been targeted by someone or something, to a purpose as yet unknown to me.  In reaction I have taken the following steps: When not online I keep McAfee firewall in "Lockdown" state; I have "banned" all Source IPs for these unsolicited attempts to access my ports (as I said these are all within the range of my own IP address, the only one I have not banned is that ending with ".1.1").  I have set the Network Manager not to trust the network it is apparently connected to.  None of this has prevented the symptoms described above.

       

      I would be most grateful for any help in trying to figure out exactly what is going on here, and what steps can be taken to remove my computer from this mysterious "network."  Thank you